SSL. no OPENSSL_Applink - qt

There are openssl server and Qt client using QSslSocket.
When client connected to server server shows no OPENSSL_Applink and shuts down. But with OpenSSL client server works correct. What can be a reason?

#include <openssl/applink.c>
Including applink.c will solve the problem. Please check OpenSSL FAQ
Basically we get this error only if we use any file handling APIs like d2i_X509. I was getting assert failure in applink.c while using this API in windows VC8.0. Later I have done fopen separately and called d2i_X509_fp API.

Related

What are the causes for os_error: message too long

We have a client and server communicating each other with grpc. Previously the server was running on Windows Server, and the client running on Linux or MacOS. Everything works perfectly until we migrate the server from Windows Server to a docker container.
Then we observed some weird tcp broken when we send a large amount of request from client to server.
Then we dig into the grpc arena and run our client and server with GRPC_VERBOSITY=info and GRPC_TRACE=tcp. Then we found that the disconnection was caused from the server side, with error message below:
tcp_custom.cc:218] write complete on 029FCC20: error={"created":"#1594210168.896000000","description":"TCP Write failed","file":"d:\a\grpc-node\grpc-node\packages\grpc-native-core\deps\grpc\src\core\lib\iomgr\tcp_uv.cc","file_line":72,"grpc_status":14,"os_error":"message too long"}
So my question is what does the os_error: message too long really means? What is the next step for me to investigate?
Linked issue
The string "message too long" is the error message for the error code UV_EMSGSIZE, which corresponds to the Linux error code EMSGSIZE. That appears to generally mean that gRPC is trying to write a buffer that is too large to the socket, but I'm not sure what exactly could trigger that.

Scraping: SSL_ERROR_SYSCALL with cURL. Works in Chrome/Firefox

Motivation
I'm currently an exchange student at Taiwan Tech in Taipei, but the course overview/search engine is not very comfortable to use - so I'm trying to scrape it, which unexpectedly leads to a lot of difficulties.
Problem
Opening https://qcourse.ntust.edu.tw works just fine when using Chrome/Firefox, however, I run in to trouble when trying to use command line interfaces:
# Trying to use curl:
$ curl https://qcourse.ntust.edu.tw
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to qcourse.ntust.edu.tw:443
# Trying to use wget:
$ wget https://qcourse.ntust.edu.tw
--2019-02-25 12:13:55-- https://qcourse.ntust.edu.tw/
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving qcourse.ntust.edu.tw (qcourse.ntust.edu.tw)... 140.118.242.168
Connecting to qcourse.ntust.edu.tw (qcourse.ntust.edu.tw)|140.118.242.168|:443... connected.
GnuTLS: The TLS connection was non-properly terminated.
Unable to establish SSL connection.
I also run into trouble when trying to use the browser Pale Moon
What I've considered
Maybe there is a problem with the certificate itself?
Seemingly not:
# This uses the same wildcard certificate (*.ntust.edu.tw) as qcourse.ntust.edu.tw
# (I double checked, and the SHA256 fingerprint is identical)
$ curl https://www.ntust.edu.tw
<html><head><meta http-equiv='refresh' content='0; url=bin/home.php'><title>title</title></head></html>%
Maybe I need specific headers that only Chrome/Firefox sends by default?
It seems like this doesn't solve anything either. By opening the request (Network tab) in Chrome, right clicking, and choosing "Copy" > "Copy as cURL", I get the same error message as earlier.
Additional information
The course overview site is written in ASP.NET, and seems to be running on Microsoft IIS httpd 6.0.
I find this quite mysterious and intriguing. I hope someone might be able to offer an explanation of this behaviour, and if possible: a workaround.
As you can see from the SSLLabs report this is a server with a terrible setup. It is getting a rating of F since it supports the totally broken SSLv2, mostly broken SSLv3 and many many totally broken ciphers. The only kind of secure way to access this server is using TLS 1.0 with TLS_RSA_WITH_3DES_EDE_CBC_SHA (3DES), a cipher which is not considered insecure as the others but only weak.
Only, since 3DES is considered weak (albeit not insecure) it is disabled by default in most modern TLS stacks. One need to specifically enable the support for it. For curl with OpenSSL backend this would look like this, provided that the OpenSSL library you use still supports 3DES in the first place (not the case with default build of OpenSSL 1.1.1):
$ curl -v --cipher '3DES' https://qcourse.ntust.edu.tw

Microsoft FTP Service 451 The parameter is incorrect

I'm trying to write a ftp client.
I have two ftp servers. The first server is a standard FTP server from Microsoft. The second server was written in the organization where I work.
My program with the second server works well.
But my program is the first server receives the error: "451 The parameter is incorrect".
What can be wrong?
I use Qt 4.8.4, Windows 7.
...
switch(cod) {
case 220:
user=sett.value("userFTP",QString("anonymous")).toString();
logMessage(codec1->toUnicode("Авторизация пользователя ")+user);
buf = QByteArray::fromRawData("USER ",5) + "\n";
sock->write(buf);
logMessage(buf);
break;
...
I have found the bug. I used ASCII. but I had to use the Latin 1.

Meteor and socket io

I am a bit confused about how to use socket.io with Meteor. There is a package called socket-io-client. Is that the only package that I should use or socket-io is required for the client side?
Have anyone implemented a connection? I have managed to print out on the terminal a message that indicates that there is a connection on the server but I cannot print any output on the browser console. Instead I get a message about encoding Uncaught TypeError: response.setEncoding is not a function.
Does the connection is on the same port as my meteor server or must be running on different port?
Thanks very much.

How to use secure websocket (wss) in Tornado

I'm new to Tornado and web services in general. In my application, I've Qt/c++ client and python Tornado on server side. The Qt client sends commands in the form of text messages(e.g. "ws://192.121.1.213:8080?function=myfunction?args=params..").Now, I want to use secure web socket i.e. wss in stead of ws. What changes are required on server and client side? Pointer to any online example would be also helpful. Thanks.
Pass the ssl_options argument when constructing your HTTPServer:
ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_ctx.load_cert_chain(os.path.join(data_dir, "mydomain.crt"),
os.path.join(data_dir, "mydomain.key"))
HTTPServer(applicaton, ssl_options=ssl_ctx)
http://www.tornadoweb.org/en/stable/httpserver.html#http-server

Resources