Warp .tls() error

Hello,

I have an issue with the .tls() of the warp crate.

I generate a cert and key with:

sudo openssl req -newkey rsa:4096 -nodes -sha512 -x509 -days 3650 -nodes -out cert.pem -keyout key.pem

The server code is:

warp::serve(routes)
                .tls()
                .cert_path("cert.pem")
                .key_path("key.pem")
                .run(server)
                .await;

And the client code contains:

let client = reqwest::Client::builder()
            .danger_accept_invalid_certs(true)
            .danger_accept_invalid_hostnames(true)
            .use_native_tls()
            .build()?;

let res = client.post(&url)
            .body("body")
            .send()
            .await;

And I get the following error:

error: reqwest::Error {
    kind: Request,
    url: "https://192.168.0.40:8080/",
    source: hyper::Error(
        Connect,
        Ssl(
            Error {
                code: ErrorCode(
                    1,
                ),
                cause: Some(
                    Ssl(
                        ErrorStack(
                            [
                                Error {
                                    code: 336151578,
                                    library: "SSL routines",
                                    function: "ssl3_read_bytes",
                                    reason: "tlsv1 alert decode error",
                                    file: "../ssl/record/rec_layer_s3.c",
                                    line: 1543,
                                    data: "SSL alert number 50",
                                },
                            ],
                        ),
                    ),
                ),
            },
            X509VerifyResult {
                code: 0,
                error: "ok",
            },
        ),
    ),
}

However if i make the request with curl and the -k option, it works well. So my certificate generation seems ok.

Any idea regarding this error?

Thanks

Struggling with this issue as well. Does anybody have some pointers for further investigation? We are using rusttls backend. Curiously enough, we get exactly the same error, down to the .c file.

Just an update: when using Rustls with reqwest, don't use default features! (We live an learn)

If I map the IP (testing with a vagrant box) to a hostname, then we no longer get a decode error, but the usual self-signed certificate error.

So, if we use ReqwestClient::danger_accept_invalid_certs(true) then self-signed certs are fine, as expected.

But, there's something odd about explicit IP addresses.

Still getting an issue even using danger_accept_invalid_certs(true) ...

Nobody has a working example using HTTPS with reqwest??