Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Collisions on SSL_connect (openssl.nim) #464

Open
alexisad opened this issue Feb 1, 2021 · 2 comments
Open

Collisions on SSL_connect (openssl.nim) #464

alexisad opened this issue Feb 1, 2021 · 2 comments

Comments

@alexisad
Copy link

alexisad commented Feb 1, 2021

Simple code:

import httpclient
import nimx/window

var client = newHttpClient()
discard client.get("https://account.api.here.com/oauth2/token")

Getting error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure [SslError]
because ret == 0 after: ret = SSL_connect(socket.sslHandle) but should be ret == 1

But this error happens only in case (3 conditions together):

  1. on MacOS "Big Sur 11.0.1" (it cause the error on another MacOS too: https://forum.nim-lang.org/t/7018#44069)
  2. For URL "https://account.api.here.com/oauth2/token"
  3. if "import nimx" in the code (if you comment it like #import nimx/window then works SSL_connect )

Please, any suggestions/workaround...
@alexisad
Copy link
Author

Changed code - nimx/image instead of nimx/window:

import httpclient
import nimx/image

var client = newHttpClient()
discard client.get("https://account.api.here.com/oauth2/token")

Getting the same error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure [SslError]

I used Wireshark to recognize what happens on hand shake: with nimx/image Client Hello sends only 3 cipher suites but on server (account.api.here.com) don't exist these suites therefore the server doesn't send Hello Client.

But
When I changed little bit code in image.nim file on line

nimx/nimx/image.nim

Line 633 in 4034e61

when asyncResourceLoad:

to:

when not asyncResourceLoad:

then after compiling Client Hello sends 9 (!) cipher suites and in this case the server sends Hello Client successful.
The bellow code nothing does in run time but why it causes issues to use count of ciphers?:

            var ctx: ImageLoadingCtx
            ctx.new()
            ctx.url = url
            ctx.completionCallback = handler
            when not loadAsyncTextureInMainThread:
                let curWnd = glGetCurrentWindow()
                if threadCtx.isNil:
                    let curCtx = glGetCurrentContext()
                    threadCtx = glCreateContext(curWnd)
                    discard glMakeCurrent(curWnd, curCtx)

                ctx.glCtx = threadCtx
                doAssert(not ctx.glCtx.isNil)
                ctx.wnd = curWnd
            GC_ref(ctx)

            if loadingQueue.isNil:
                loadingQueue = newWorkerQueue(1)

            loadingQueue.addTask(loadResourceThreaded, cast[pointer](ctx))

@yglukhov
Copy link
Owner

That's a mysterious one, and thanks for looking into that. Unfortunately I can't reproduce it neither on Linux, nor Big Sur 11.1. Moreover I don't have any clue why that could happen. Nimx images use https://github.com/yglukhov/async_http_request to load images over https, but inspecting that module I see no reason for it to interfere with the default httpclient's one. So you might want to look that way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yglukhov @alexisad