lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, 1 May 2019 at 06:46, Russell Haley <russ.haley@gmail.com> wrote:
>
> Hi,
>
> I'm trying to create a little http(s) client using lua-http. I've never run into these issues before so I think they are related to Ubuntu, but I'm (clearly) no expert. My current platform is Ubuntu 18 LTS. I was initially receiving what I'll describe as a missing cipher error when I was using openssl 1.1.0 so I upgraded to 1.1.1a based on the directions here:
>
> https://askubuntu.com/questions/1102803/how-to-upgrade-openssl-1-1-0-to-1-1-1-in-ubuntu-18-04
>
> I removed and reinstalled lua-http/cqueues/luaossl after the upgrade and now I am getting the following errors:
>
> russellh@sfm-dev:~/lua/client$ ./lua test.lua "https://www.starfishmedical.com";
> starttls: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
> russellh@sfm-dev:~/lua/client$ ./lua test.lua "https://google.com";
> starttls: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:unable to get local issuer certificate
> russellh@sfm-dev:~/lua/client$ ./lua test.lua "https://verisign.com";
> starttls: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:self signed certificate in certificate chain
>
> I checked luaossl to ensure it's pointing at the correct version of openssl and everything seems copacetic. I've used luarocks to create a "package" repository, so the init.lua file simply sets the package.path and package.cpath to point to the correct lua_modules directory (same as the lua code at the bottom of this message).
>
> russellh@sfm-dev:~/lua/sfiot_client$ ./lua -i init.lua
> Lua 5.3.5  Copyright (C) 1994-2018 Lua.org, PUC-Rio
> > ssl = require 'openssl'
> > for i,v in pairs(ssl) do print(i,v) end
> SSLEAY_BUILT_ON 2
> NO_MD2 true
> SSLEAY_PLATFORM 3
> NO_SCTP true
> SSLEAY_VERSION_NUMBER 269488175
> SSLEAY_VERSION 0
> NO_RC5 true
> SSLEAY_CFLAGS 1
> SHLIB_VERSION_NUMBER 1.1
> NO_STATIC_ENGINE true
> extensionSupported function: 0x7fb87ff08840
> SSLEAY_DIR 4
> version function: 0x7fb87ff15750
> NO_UNIT_TEST true
> SHLIB_VERSION_HISTORY
> VERSION_TEXT OpenSSL 1.1.1b  26 Feb 2019
> VERSION_NUMBER 269488175
>
> I recognize that all three errors are different, but I'm wondering if I'm missing a root CA package? I also recognize that this could be asked on the askubuntu site, or even an openssl support site, or even the lua-http github site, but I thought I'd start here for future searchability. Finally, here is my source code:
>
>
> package.cpath = './lua_modules/lib/lua/5.3/?.so;./?.so'
> package.path = './lua_modules/share/lua/5.3/?.lua;./lua_modules/share/lua/5.3/?/init.lua;./lua_modules/share/lua/5.3/?.lua;./lua_modules/share/lua/5.3/?/init.lua;./?.lua;./?/init.lua'
>
> local request = require 'http.request'
> local rolling_logger = require "logging.rolling_file"
> local conf = require('config')
>
> local logger = rolling_logger(conf.base_path .. "/" .. conf.debug_file_name, conf.file_roll_size or 1024*1024*10, conf.max_log_files or 31)
> if not logger then
> print("logger failed")
> os.exit(-1)
> end
>
> local uri = arg[1]
> local req_timeout = 10
>
> local req = request.new_from_uri(uri)
>
> local headers, stream = req:go(req_timeout)
> if headers == nil then
> logger:error("failed. no headers")
> --return nil, "request failed"
> --io.stderr:write(tostring(stream), "\n")
> --os.exit(1)
> end
>
> if not stream then
> print('no stream')
> else
> print(stream)
> --~ for i,v in pairs(stream) do
> --~ print (i,v)
> --~ end
> os.exit(-1)
> local body, err = stream:get_body_as_string()
> if not body and err then
> logger:error("failed. no body.")
> --return nil, "request failed."
> else
> print(body)
> end
> end
>
> Thanks,
> Russ

My guess is that your system is missing the root CAs.

luaossl/lua-http uses OpenSSL's X509_STORE_set_default_paths function
to load your system's trust roots.