I am using Mongoose 6.13 embedded server.
When trying to connect from a Chrome browser with self signed certificate I see the following SSL operations:
mg_if_accept_tcp_cb() → mg_ssl_if_handshake() → SSL_accept() → error 2 (SSL_ERROR_WANT_READ)
mg_recv_tcp() → mg_ssl_if_handshake() → SSL_accept() → error 1 (SSL_ERROR_SSL)
mg_destroy_conn() → mg_ssl_if_conn_free() → SSL_free()
After that, the browser shows the following message:
After adding the exception for the self-signed certificate, everything moves perfectly as expected.
If I try to execute exactly the same steps with Firefox, I see the following SSL operations:
mg_if_accept_tcp_cb() → mg_ssl_if_handshake() → SSL_accept() → error 2 (SSL_ERROR_WANT_READ)
mg_recv_tcp() → mg_ssl_if_handshake() → SSL_accept() → SUCCESS
mg_recv_tcp() → mg_ssl_if_read() → SSL_read() → 0
After that, the browser shows the following message:
After adding the exception for the self-signed certificate, the whole Mongoose web server stops working with any self-signed certificates for any browser.
If I keep trying FireFox, I get the following:
mg_if_accept_tcp_cb() → mg_ssl_if_handshake() → SSL_accept() → error 2 (SSL_ERROR_WANT_READ)
mg_recv_tcp() → mg_ssl_if_handshake() → SSL_accept() → SUCCESS
mg_recv_tcp() → mg_ssl_if_read() → SSL_read() → SUCCESS
“GET / HTTP/1.1\r\nHost: centos6x64:8443\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0”…
mg_recv_tcp() → mg_ssl_if_read() → SSL_read() → error 1 (SSL_ERROR_SSL)
As the exception has already been added to the browser, this error doesn’t show the “untrusted site”, it simply fails.
From this point on, also any other browser, even the ones that has already the self-signed certificate added we are getting the following SSL errors:
mg_if_accept_tcp_cb() → mg_ssl_if_handshake() → SSL_accept() → error 2 (SSL_ERROR_WANT_READ)
mg_recv_tcp() → mg_ssl_if_handshake() → SSL_accept() → error 1 (SSL_ERROR_SSL)
As the exception has already been added to the browser, this error doesn’t show the “untrusted site”, it simply fails.
If I simply restart the Mongoose instance, everything is working perfect, because the exceptions are already added to the browser.
Looks like Mongoose doesn’t know how to deal with Firefox ERR_CERT_AUTHORITY_INVALID process of adding an exception for self-signed certificate?