[Chilli] Coova 1.3.0 ssl

Xabier Oneca -- xOneca xoneca at gmail.com
Wed Oct 9 14:33:43 UTC 2013


Don't worry. They are the same. The configuration is good.

You cannot redirect a HTTPS request before establishing a secure
connection, and this can't be done before accepting the certificate.

If you continue reading the linked thread, David Bird explains the
following:

> There is no elegant way to deal with https traffic... essentially,
> chilli is a man-in-the-middle and it breaks SSL security.
> Having users notified of this lack of security is a GOOD thing. > My
advice is to keep SSL blocked.

El 09/10/2013 15:55, "Alexandre Rubert" <alexandre.rubert at gmail.com>
escribió:
>
> I have ever used these parameters.
> I have in my chilli.conf :
> redissl
> sslcertfile "/etc/nginx/mycert.crt"
> sslkeyfile "/etc/nginx/mycert.key"
> When I go to https page it shows me a warning message about auto-signed
but but I would like to redirect to my uamhomepage without accept the cert.
> Le 09/10/2013 15:02, Xabier Oneca -- xOneca a écrit :
>
>> See this related thread:
>> http://lists.coova.org/pipermail/chilli/2013-March/002202.html
>>
>> Basically:
>>>
>>> you can use --redirssl with its --ssl* config options to allow
>>> CoovaChilli to listen to HTTPS requests.
>>
>> --
>> Xabier Oneca_,,_
>>
>>
>> 2013/10/9 Alexandre Rubert <alexandre.rubert at gmail.com>:
>>>
>>> Thank you, now it works but when I try too go to
https://www.facebook.com it
>>> shows a warning message about cert. I understand the problem but is it
>>> possible to redirect to my uamhomepage when it happens ?
>>> Le 09/10/2013 10:59, Xabier Oneca -- xOneca a écrit :
>>>
>>>> Hello, Alexandre!
>>>>
>>>> I think you have to choose between MatrixSSL
>>>> (https://en.wikipedia.org/wiki/MatrixSSL) and OpenSSL
>>>> (https://en.wikipedia.org/wiki/OpenSSL) implementations of SSL/TLS
>>>> protocols.
>>>>
>>>> The most common implementation is OpenSSL but you can go with any
>>>> *one*, but not both.
>>>>
>>>> HTH
>>>>
>>>> --
>>>> xOneca_,,_
>>>>
>>>>
>>>> 2013/10/7 Alexandre Rubert <alexandre.rubert at gmail.com>:
>>>>>
>>>>> Hello,
>>>>> I'm trying to compile coova with options :
>>>>> enable-layer3
>>>>> enable-largelimits
>>>>> enable-miniportal
>>>>> with-openssl
>>>>> with-matrixssl
>>>>>
>>>>> ./configure works well but when I try to make I've error with ssl :
>>>>>
>>>>> In file included from /usr/include/openssl/buffer.h:62:0,
>>>>>                    from ssl.h:37,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ossl_typ.h:172:23: error: conflicting types for
>>>>> 'SSL'
>>>>>    typedef struct ssl_st SSL;
>>>>>                          ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:52:3: note: previous declaration of 'SSL' was here
>>>>>    } SSL;
>>>>>      ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1687:5: error: conflicting types for
>>>>> 'SSL_pending'
>>>>>    int SSL_pending(const SSL *s);
>>>>>        ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:61:5: note: previous declaration of 'SSL_pending' was here
>>>>>    int SSL_pending(SSL *ssl);
>>>>>        ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1689:5: error: conflicting types for
>>>>> 'SSL_set_fd'
>>>>>    int SSL_set_fd(SSL *s, int fd);
>>>>>        ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:55:6: note: previous declaration of 'SSL_set_fd' was here
>>>>>    void SSL_set_fd(SSL *ssl, int fd);
>>>>>         ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1803:7: error: conflicting types for
'SSL_new'
>>>>>    SSL * SSL_new(SSL_CTX *ctx);
>>>>>          ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:54:6: note: previous declaration of 'SSL_new' was here
>>>>>    SSL* SSL_new(sslKeys_t *keys, int flags);
>>>>>         ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1839:6: error: conflicting types for
>>>>> 'SSL_free'
>>>>>    void SSL_free(SSL *ssl);
>>>>>         ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:62:6: note: previous declaration of 'SSL_free' was here
>>>>>    void SSL_free(SSL *ssl);
>>>>>         ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1840:6: error: conflicting types for
>>>>> 'SSL_accept'
>>>>>    int  SSL_accept(SSL *ssl);
>>>>>         ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:56:5: note: previous declaration of 'SSL_accept' was here
>>>>>    int SSL_accept(SSL *ssl);
>>>>>        ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1841:6: error: conflicting types for
>>>>> 'SSL_connect'
>>>>>    int  SSL_connect(SSL *ssl);
>>>>>         ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:63:5: note: previous declaration of 'SSL_connect' was here
>>>>>    int SSL_connect(SSL *ssl, int (*certValidator)(sslCertInfo_t *t,
void
>>>>> *arg), void *certValidatorArgs);
>>>>>        ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1842:6: error: conflicting types for
>>>>> 'SSL_read'
>>>>>    int  SSL_read(SSL *ssl,void *buf,int num);
>>>>>         ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:58:5: note: previous declaration of 'SSL_read' was here
>>>>>    int SSL_read(SSL *ssl, char *b, int len);
>>>>>        ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1843:6: error: conflicting types for
>>>>> 'SSL_peek'
>>>>>    int  SSL_peek(SSL *ssl,void *buf,int num);
>>>>>         ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:60:5: note: previous declaration of 'SSL_peek' was here
>>>>>    int SSL_peek(SSL *ssl, char *buf, int len);
>>>>>        ^
>>>>> In file included from ssl.h:41:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> /usr/include/openssl/ssl.h:1844:6: error: conflicting types for
>>>>> 'SSL_write'
>>>>>    int  SSL_write(SSL *ssl,const void *buf,int num);
>>>>>         ^
>>>>> In file included from ssl.h:27:0,
>>>>>                    from conn.h:26,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> mssl.h:59:5: note: previous declaration of 'SSL_write' was here
>>>>>    int SSL_write(SSL *ssl, char *buf, int len);
>>>>>        ^
>>>>> In file included from conn.h:26:0,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> ssl.h:81:3: error: conflicting types for 'openssl_env'
>>>>>    } openssl_env;
>>>>>      ^
>>>>> In file included from conn.h:26:0,
>>>>>                    from redir.h:27,
>>>>>                    from chilli.h:29,
>>>>>                    from chilli.c:21:
>>>>> ssl.h:31:3: note: previous declaration of 'openssl_env' was here
>>>>>    } openssl_env;
>>>>>
>>>>> I don't know how to do.
>>>>> Thanks
>>>>> _______________________________________________
>>>>> Chilli mailing list
>>>>> Chilli at coova.org
>>>>> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>>>
>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20131009/846a4d1e/attachment-0001.html>


More information about the Chilli mailing list