Basic setup of HTTP server with MbedTLS

Could anyone please point me to an example where HTTP.jl and MbedTLS.jl are used to create a server with an https connection? Currently I’m trying to merge the docs of the two packages like this:

function live(req)
    return 200, "OK"
end

HTTP.@register(ROUTER, "/live", live)

function requestHandler(req)
    status, obj = HTTP.handle(ROUTER, req)
    return HTTP.Response(status, obj)
end

function run()
    entropy = MbedTLS.Entropy()
    rng = MbedTLS.CtrDrbg()
    MbedTLS.seed!(rng, entropy)
    ctx = MbedTLS.SSLContext()
    conf = MbedTLS.SSLConfig()
    MbedTLS.config_defaults!(conf)
    MbedTLS.authmode!(conf, MbedTLS.MBEDTLS_SSL_VERIFY_REQUIRED)
    MbedTLS.rng!(conf, rng)
    HTTP.serve(requestHandler, "0.0.0.0", 8082, sslconfig=MbedTLS.SSLConfig(false))
end

But when I try to access the /live endpoint I get:

ERROR: MbedTLS error code -31104: SSL - Processing of the ServerHello handshake message failed (edited) 

I’m pretty new to TLS/SSL stuff so could well be missing something basic here. Thanks

1 Like

Bit more digging and the following steps work.

Install mkcert and generate certificate

https://github.com/FiloSottile/mkcert

Configure server

replace run() in the post above with

function run()
    tlsconfig = MbedTLS.SSLConfig("cert.pem", "cert_key.pem")
    HTTP.serve(requestHandler, "0.0.0.0", parse(Int, APP_PORT), sslconfig=tlsconfig)
end

The https endpoint can then be accessed.

1 Like

Did this actually end up working for you? I get exceptions from MbedTLS.jl when browsers see the self-signed certificate and in general MbedTLS seems very happy to just blow up and crash the whole server.

Yes I got it working in the end. If you can post your error and code maybe I or someone else here can help?

Thanks for the offer, but I can’t reproduce the errors now :confused:

Here’s a complete working example, including certificate generation, that works for me, hopefully it will help others.

using HTTP
using MbedTLS

# Generate a new self-signed certificate (I can't be bothered working out how to do this with MbedTLS!)
# `yes XX` just fills all the answers that openssl asks for interactively.
run(pipeline(`yes XX`, `openssl req -x509 -nodes -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.cert`))

tlsconfig = MbedTLS.SSLConfig("selfsigned.cert", "selfsigned.key")

HTTP.serve(sslconfig=tlsconfig) do req
    return HTTP.Response("Hello World!")
end
2 Likes

Glad you got it working :grinning:

1 Like