failed to run ./server or ./server-warp about quant HOT 24 CLOSED

This works, too, and turns of cert validation completely:

bin/client -c false https://127.0.0.1/1000

from quant.

You are not specifying a TLS certificate or a TLS key. The builtin defaults only work for when you execute from within the build directory.

from quant.

Hi, thank you very much. I've sucesfully set up the connection. But now it seems that, there is no data transport between client and server. The following is the trace log:

[removed by Lars]

from quant.

enc_close_frame frame.c:1726 CONNECTION_CLOSE 0x1c=quic err=0x130 frame=0x06 rlen=26 reason=PTLS error 48 (UNKNOWN_CA)

The client can't verify your server cert. You need to turn off cert verification if your very is not properly signed by a CA.

(Also, please look at the error messages yourself first? Just search the log?)

from quant.

Really appreciate for your kind reply, sorry for the bothering. I did look at the log myself, but I didn't think it was result of the cert verification since I didn't specify a certificate in the client command, and it shows the default for -c is false.

The command I run the client is this ./bin/client -b 50000 -i ens3f0 http://192.168.0.1:4433/50000000, without specifying the certficate. I searched in the repo to see is there a way to turn off the verification, but I failed to find it.

from quant.

Make sure you are on the latest version.

Also run with a much shorter request size while debugging (like 2048) so your log is not full of irrelevant things.

I assume you have made no modifications to the source?

And I assume you are running the quant server, built out of the same repo?

You don't specify the cert for the client, you specify it when you run the server. Do you use the dummy one that is created during the build process, or another one?

Can you post the command lines when you run the client and server, and are they running on the same machine?

from quant.

Yes, I'm on the latest version, I just cloned and built it recently.
I just add some lines of codes for bps printout, nothing else.
Yes, I'm running both quant server and client, running in Debug directory.
I saw the server -c default is default test/dummy.crt, so I didn't specify any certificate on both server and client. I'll rebuild the repo and check if the dummy one is created during the process
The command line I run is server is : sudo ip netns exec blue ./bin/server -b 50000 -i ens3f1 -p 4433,
run client is :sudo ip netns exec red ./bin/client -c -b 50000 -i ens3f0 http://192.168.0.1:4433/50000000

from quant.

Well you are telling the client with -c to verify the server cert, which will fail with the dummy cert you are having the server use. Omit the -c or use a proper signed cert from a CA.

You also need to specify a https URL for the client to retrieve and not a http one.

from quant.

Hi, sorry for the mistake. I've now omited all -c,
the server command is: sudo ip netns exec blue ./bin/server -b 50000 -i ens3f1 -p 4434
client command is : sudo ip netns exec red ./bin/client -b 50000 -r 20 -i ens3f0 https://192.168.0.1:4434/

But still getting Uknown_CA error, very strange. May I ask is there a way to turn off the verfication, didn't find any option in the code.

from quant.

If you use the dummy cert, you need to tell if use use the dummy CA cert for verification, i.e., give the client it -c test/dummy.ca.crt. (Sorry, I misremembered how -c works.)

from quant.

This time it doesn't report Unknown_CA, but reporting: reason=PTLS error 42 (BAD_CERTIFICATE)...really strange.

from quant.

The dummy cert only works for localhost.

Can you see if -c /dev/null works?

Or you need to make your own cert for the IP address your server is using, sign it with a dummy CA, and pass the CA cert to -c.

from quant.

Hi, sorry for late response. I've been too busy with other deadlines. I tried -c dev/null, it's also not working, reporting Unknow_CA. Now I'm looking at how to generate a cert and sign it. Havne't done this before. Sorry for the bothering.

from quant.

You don't need to generate one. If you are using the dummy cert and key for the server, you also need to tell the client to use the dummy CA cert for validating. See what bin/test.sh is doing.

from quant.

hi, thanks for the help, really appreciate! Yes, I also did that, but kept getting Bad Certificate, reason=PTLS error 42 (BAD_CERTIFICATE). I followed the commands in test.sh, but still not working.

from quant.

How do you run client and server now?

from quant.

This is how I run client: sudo ip netns exec red ./bin/client -c test/dummy.ca.crt -b 50000 -r 20 -i ens3f0 https://192.168.0.1:4434/

server: sudo ip netns exec blue ./bin/server -c test/dummy.crt -k test/dummy.key -b 50000 -i ens3f1 -p 4434

from quant.

That should work. I just ran the client and server like this:

bin/server -c test/dummy.crt -k test/dummy.key

bin/client -c test/dummy.ca.crt https://127.0.0.1/1000

and it worked fine over loopback.

When you run the above, does it work for you?

from quant.

Yes, they work, and no error reported. I'm guessing it is probably due to network namespaces? Since I'm running server from one namespace, and send traffic to another server then traverse back to the other namespace which client runs.

from quant.

Well, I hope you are running the client and server out of the same build directory, i.e., with the same dummy cert/key and CA cert? Because if you build the client in one directory and the server in another, obviously the certs will be different and then fail validation.

from quant.

Hi, I'm running client and server in the same directory,both in the Debug direcotory. But only under differnet network namespaces, I created 2 network namespaces, 1 is called red, one is blue, as shown in the commands. They are all using the same certs.

from quant.

The namespaces should not matter when it comes to reading files. What happens if you run the client and server with namespaces over loopback?

from quant.

Also, what happens if you run the client with -c false in your setup? (As I wrote above, the dummy cert only works for localhost.)

from quant.

Yes!!!!!!They are working now, working with -c false, thank you very much!!! I sincerely appreciate! Thanks a lot!

from quant.