www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - Vibe.d error

reply JG <JG somewhere.com> writes:
Hi,

We are intermittently getting the following error:
Accept TLS connection: server
OpenSSL error at ../ssl/record/rec_layer_s3.c:1543: 
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert 
certificate unknown (SSL alert number 46)
HTTP connection handler has thrown: Accepting SSL tunnel: 
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert 
certificate unknown (336151574)
Full error: 
object.Exception /home/jg/.dub/packages/vibe-d-0.9.3/vibe-d/tls/vibe/st
eam/openssl.d(578): Accepting SSL tunnel: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown (336151574)
----------------

Anyone have any idea what might cause this?
Aug 18 2021
parent reply WebFreak001 <d.forum webfreak.org> writes:
On Wednesday, 18 August 2021 at 19:51:00 UTC, JG wrote:
 Hi,

 We are intermittently getting the following error:
 Accept TLS connection: server
 OpenSSL error at ../ssl/record/rec_layer_s3.c:1543: 
 error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert 
 certificate unknown (SSL alert number 46)
 HTTP connection handler has thrown: Accepting SSL tunnel: 
 error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert 
 certificate unknown (336151574)
 Full error: 
 object.Exception /home/jg/.dub/packages/vibe-d-0.9.3/vibe-d/tls/vibe/st
eam/openssl.d(578): Accepting SSL tunnel: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown (336151574)
 ----------------

 Anyone have any idea what might cause this?
There might be incompatibilities with how openssl is used and the installed openssl version or config. If you are getting this from having https enabled on the server, I would recommend instead switching to HTTP-only and using a reverse proxy such as with nginx or caddy to serve it with HTTPS.
Aug 20 2021
parent reply JG <someone somewhere.com> writes:
On Friday, 20 August 2021 at 10:50:12 UTC, WebFreak001 wrote:
 On Wednesday, 18 August 2021 at 19:51:00 UTC, JG wrote:
 [...]
There might be incompatibilities with how openssl is used and the installed openssl version or config. If you are getting this from having https enabled on the server, I would recommend instead switching to HTTP-only and using a reverse proxy such as with nginx or caddy to serve it with HTTPS.
Thank you very much for your reply. Yes, we are getting this with HTTPS enabled. May I ask why you suggest not to use HTTPS?
Aug 20 2021
parent WebFreak001 <d.forum webfreak.org> writes:
On Friday, 20 August 2021 at 17:39:29 UTC, JG wrote:
 On Friday, 20 August 2021 at 10:50:12 UTC, WebFreak001 wrote:
 On Wednesday, 18 August 2021 at 19:51:00 UTC, JG wrote:
 [...]
There might be incompatibilities with how openssl is used and the installed openssl version or config. If you are getting this from having https enabled on the server, I would recommend instead switching to HTTP-only and using a reverse proxy such as with nginx or caddy to serve it with HTTPS.
Thank you very much for your reply. Yes, we are getting this with HTTPS enabled. May I ask why you suggest not to use HTTPS?
I think you might need to restart the server whenever you update the SSL certificates + in every app you need to pass in your SSL certificate location somehow or hardcode it, which if you make all your apps yourself you can do consistently, but otherwise creates inconsistencies which can be hard to maintain. On the other hand if you use a single reverse proxy like with nginx or caddy for all the HTTPS services it can reload them all at once and use the same config for everything. Additionally the are better supported by ACME services like LetsEncrypt or ZeroSSL through built-in plugins, etc. But most importantly: these services have undergone much more testing for security than vibe.d, so you can generally expect it to be less likely to have critical bugs in API usage.
Aug 23 2021