Warp .tls() error

ginko · October 4, 2020, 9:38am

Hello,

I have an issue with the .tls() of the warp crate.

I generate a cert and key with:

sudo openssl req -newkey rsa:4096 -nodes -sha512 -x509 -days 3650 -nodes -out cert.pem -keyout key.pem

The server code is:

warp::serve(routes)
                .tls()
                .cert_path("cert.pem")
                .key_path("key.pem")
                .run(server)
                .await;

And the client code contains:

let client = reqwest::Client::builder()
            .danger_accept_invalid_certs(true)
            .danger_accept_invalid_hostnames(true)
            .use_native_tls()
            .build()?;

let res = client.post(&url)
            .body("body")
            .send()
            .await;

And I get the following error:

error: reqwest::Error {
    kind: Request,
    url: "https://192.168.0.40:8080/",
    source: hyper::Error(
        Connect,
        Ssl(
            Error {
                code: ErrorCode(
                    1,
                ),
                cause: Some(
                    Ssl(
                        ErrorStack(
                            [
                                Error {
                                    code: 336151578,
                                    library: "SSL routines",
                                    function: "ssl3_read_bytes",
                                    reason: "tlsv1 alert decode error",
                                    file: "../ssl/record/rec_layer_s3.c",
                                    line: 1543,
                                    data: "SSL alert number 50",
                                },
                            ],
                        ),
                    ),
                ),
            },
            X509VerifyResult {
                code: 0,
                error: "ok",
            },
        ),
    ),
}

However if i make the request with curl and the -k option, it works well. So my certificate generation seems ok.

Any idea regarding this error?

Thanks

stevedonovan · October 16, 2020, 1:46pm

Struggling with this issue as well. Does anybody have some pointers for further investigation? We are using rusttls backend. Curiously enough, we get exactly the same error, down to the .c file.

stevedonovan · October 16, 2020, 2:32pm

Just an update: when using Rustls with reqwest, don't use default features! (We live an learn)

If I map the IP (testing with a vagrant box) to a hostname, then we no longer get a decode error, but the usual self-signed certificate error.

stevedonovan · October 18, 2020, 12:16pm

So, if we use ReqwestClient::danger_accept_invalid_certs(true) then self-signed certs are fine, as expected.

But, there's something odd about explicit IP addresses.

ginko · October 22, 2020, 6:43am

Still getting an issue even using danger_accept_invalid_certs(true) ...

Nobody has a working example using HTTPS with reqwest??

system · January 20, 2021, 6:43am

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Reqwest client rustls-tls cannot establish https connection	2	1046	December 1, 2023
Reqwest throws an SSL error help	17	5108	January 12, 2023
Reqwest tls error with use_native_tls help	3	1618	January 1, 2021
Calling an API With Client Certificate help	4	978	April 30, 2021
Support for SSLKEYLOGFILE in HTTPS client from Reqwest help	3	1605	November 21, 2020

Warp .tls() error

Related Topics