-
Notifications
You must be signed in to change notification settings - Fork 421
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add clearer instructions for making a simple HTTPS server for testing #2269
Conversation
This includes clear instructions on how to generate a self-signed TLS certificate, and where to store it.
Codecov ReportPatch and project coverage have no change.
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. Additional details and impacted files@@ Coverage Diff @@
## main #2269 +/- ##
=======================================
Coverage 64.77% 64.77%
=======================================
Files 143 143
Lines 6754 6754
Branches 1227 1227
=======================================
Hits 4375 4375
Misses 2379 2379 ☔ View full report in Codecov by Sentry. |
This looks like the same technique I put in the issue itself. When I used this technique and then tried to invoke the ZIO HTTP app via HTTPS using I was only able to avoid the hang by testing with a command like |
@gnp the output that you had posted in the issue #2221 shows that the certificate had a bad format or was not loaded. If you carefully follow the updated instructions, everything should work fine. Just make sure to have the This is the output from my machine: $ curl https://localhost:8090/text -v
* Trying 127.0.0.1:8090...
* Connected to localhost (127.0.0.1) port 8090 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self-signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above. $ curl https://localhost:8090/text -v --insecure
* Trying 127.0.0.1:8090...
* Connected to localhost (127.0.0.1) port 8090 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=example.com; OU=?; O=?; L=?; ST=?; C=??
* start date: Jun 17 10:13:10 2023 GMT
* expire date: Jun 16 10:13:10 2024 GMT
* issuer: CN=example.com; OU=?; O=?; L=?; ST=?; C=??
* SSL certificate verify result: self-signed certificate (18), continuing anyway.
* using HTTP/1.1
> GET /text HTTP/1.1
> Host: localhost:8090
> User-Agent: curl/8.0.1
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 OK
< content-type: text/plain
< content-length: 12
<
* Connection #0 to host localhost left intact
Hello World! |
Can you also add documentation to the microsite that covers similar content? It's great to have it inside the source code and even better to have it on the website. @gnp Can you confirm the instructions work correctly? |
@jdegoes this file itself is actually part of the microsite https://zio.dev/zio-http/examples/basic/https-server. Or do you have a specific suggestion? |
Hi. Thanks @abcpro1. I have used your proposed Concern: This recommends running the
@jdegoes -- The suggested |
…zio#2269) This includes clear instructions on how to generate a self-signed TLS certificate, and where to store it.
closes #2221
Add clear instructions on how to generate a self-signed TLS certificate, and how to use it to make a simple HTTPS server.
/claim #2221