Basic setup of HTTP server with MbedTLS

Could anyone please point me to an example where HTTP.jl and MbedTLS.jl are used to create a server with an https connection? Currently I’m trying to merge the docs of the two packages like this:

function live(req)
    return 200, "OK"
end

HTTP.@register(ROUTER, "/live", live)

function requestHandler(req)
    status, obj = HTTP.handle(ROUTER, req)
    return HTTP.Response(status, obj)
end

function run()
    entropy = MbedTLS.Entropy()
    rng = MbedTLS.CtrDrbg()
    MbedTLS.seed!(rng, entropy)
    ctx = MbedTLS.SSLContext()
    conf = MbedTLS.SSLConfig()
    MbedTLS.config_defaults!(conf)
    MbedTLS.authmode!(conf, MbedTLS.MBEDTLS_SSL_VERIFY_REQUIRED)
    MbedTLS.rng!(conf, rng)
    HTTP.serve(requestHandler, "0.0.0.0", 8082, sslconfig=MbedTLS.SSLConfig(false))
end

But when I try to access the /live endpoint I get:

ERROR: MbedTLS error code -31104: SSL - Processing of the ServerHello handshake message failed (edited) 

I’m pretty new to TLS/SSL stuff so could well be missing something basic here. Thanks

Bit more digging and the following steps work.

Install mkcert and generate certificate

Configure server

replace run() in the post above with

function run()
    tlsconfig = MbedTLS.SSLConfig("cert.pem", "cert_key.pem")
    HTTP.serve(requestHandler, "0.0.0.0", parse(Int, APP_PORT), sslconfig=tlsconfig)
end

The https endpoint can then be accessed.

1 Like

Did this actually end up working for you? I get exceptions from MbedTLS.jl when browsers see the self-signed certificate and in general MbedTLS seems very happy to just blow up and crash the whole server.

Yes I got it working in the end. If you can post your error and code maybe I or someone else here can help?

Thanks for the offer, but I can’t reproduce the errors now :confused:

Here’s a complete working example, including certificate generation, that works for me, hopefully it will help others.

using HTTP
using MbedTLS

# Generate a new self-signed certificate (I can't be bothered working out how to do this with MbedTLS!)
# `yes XX` just fills all the answers that openssl asks for interactively.
run(pipeline(`yes XX`, `openssl req -x509 -nodes -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.cert`))

tlsconfig = MbedTLS.SSLConfig("selfsigned.cert", "selfsigned.key")

HTTP.serve(sslconfig=tlsconfig) do req
    return HTTP.Response("Hello World!")
end
1 Like

Glad you got it working :grinning:

1 Like