Comments (24)
This works, too, and turns of cert validation completely:
bin/client -c false https://127.0.0.1/1000
from quant.
You are not specifying a TLS certificate or a TLS key. The builtin defaults only work for when you execute from within the build directory.
from quant.
Hi, thank you very much. I've sucesfully set up the connection. But now it seems that, there is no data transport between client and server. The following is the trace log:
[removed by Lars]
from quant.
enc_close_frame frame.c:1726 CONNECTION_CLOSE 0x1c=quic err=0x130 frame=0x06 rlen=26 reason=PTLS error 48 (UNKNOWN_CA)
The client can't verify your server cert. You need to turn off cert verification if your very is not properly signed by a CA.
(Also, please look at the error messages yourself first? Just search the log?)
from quant.
Really appreciate for your kind reply, sorry for the bothering. I did look at the log myself, but I didn't think it was result of the cert verification since I didn't specify a certificate in the client command, and it shows the default for -c is false.
The command I run the client is this ./bin/client -b 50000 -i ens3f0 http://192.168.0.1:4433/50000000, without specifying the certficate. I searched in the repo to see is there a way to turn off the verification, but I failed to find it.
from quant.
Make sure you are on the latest version.
Also run with a much shorter request size while debugging (like 2048) so your log is not full of irrelevant things.
I assume you have made no modifications to the source?
And I assume you are running the quant server, built out of the same repo?
You don't specify the cert for the client, you specify it when you run the server. Do you use the dummy one that is created during the build process, or another one?
Can you post the command lines when you run the client and server, and are they running on the same machine?
from quant.
Yes, I'm on the latest version, I just cloned and built it recently.
I just add some lines of codes for bps printout, nothing else.
Yes, I'm running both quant server and client, running in Debug directory.
I saw the server -c default is default test/dummy.crt, so I didn't specify any certificate on both server and client. I'll rebuild the repo and check if the dummy one is created during the process
The command line I run is server is : sudo ip netns exec blue ./bin/server -b 50000 -i ens3f1 -p 4433,
run client is :sudo ip netns exec red ./bin/client -c -b 50000 -i ens3f0 http://192.168.0.1:4433/50000000
from quant.
Well you are telling the client with -c
to verify the server cert, which will fail with the dummy cert you are having the server use. Omit the -c
or use a proper signed cert from a CA.
You also need to specify a https
URL for the client to retrieve and not a http
one.
from quant.
Hi, sorry for the mistake. I've now omited all -c,
the server command is: sudo ip netns exec blue ./bin/server -b 50000 -i ens3f1 -p 4434
client command is : sudo ip netns exec red ./bin/client -b 50000 -r 20 -i ens3f0 https://192.168.0.1:4434/
But still getting Uknown_CA error, very strange. May I ask is there a way to turn off the verfication, didn't find any option in the code.
from quant.
If you use the dummy cert, you need to tell if use use the dummy CA cert for verification, i.e., give the client it -c test/dummy.ca.crt
. (Sorry, I misremembered how -c
works.)
from quant.
This time it doesn't report Unknown_CA, but reporting: reason=PTLS error 42 (BAD_CERTIFICATE)...really strange.
from quant.
The dummy cert only works for localhost
.
Can you see if -c /dev/null
works?
Or you need to make your own cert for the IP address your server is using, sign it with a dummy CA, and pass the CA cert to -c
.
from quant.
Hi, sorry for late response. I've been too busy with other deadlines. I tried -c dev/null, it's also not working, reporting Unknow_CA. Now I'm looking at how to generate a cert and sign it. Havne't done this before. Sorry for the bothering.
from quant.
You don't need to generate one. If you are using the dummy cert and key for the server, you also need to tell the client to use the dummy CA cert for validating. See what bin/test.sh
is doing.
from quant.
hi, thanks for the help, really appreciate! Yes, I also did that, but kept getting Bad Certificate, reason=PTLS error 42 (BAD_CERTIFICATE). I followed the commands in test.sh, but still not working.
from quant.
How do you run client and server now?
from quant.
This is how I run client: sudo ip netns exec red ./bin/client -c test/dummy.ca.crt -b 50000 -r 20 -i ens3f0 https://192.168.0.1:4434/
server: sudo ip netns exec blue ./bin/server -c test/dummy.crt -k test/dummy.key -b 50000 -i ens3f1 -p 4434
from quant.
That should work. I just ran the client and server like this:
bin/server -c test/dummy.crt -k test/dummy.key
bin/client -c test/dummy.ca.crt https://127.0.0.1/1000
and it worked fine over loopback.
When you run the above, does it work for you?
from quant.
Yes, they work, and no error reported. I'm guessing it is probably due to network namespaces? Since I'm running server from one namespace, and send traffic to another server then traverse back to the other namespace which client runs.
from quant.
Well, I hope you are running the client and server out of the same build directory, i.e., with the same dummy cert/key and CA cert? Because if you build the client in one directory and the server in another, obviously the certs will be different and then fail validation.
from quant.
Hi, I'm running client and server in the same directory,both in the Debug direcotory. But only under differnet network namespaces, I created 2 network namespaces, 1 is called red, one is blue, as shown in the commands. They are all using the same certs.
from quant.
The namespaces should not matter when it comes to reading files. What happens if you run the client and server with namespaces over loopback?
from quant.
Also, what happens if you run the client with -c false
in your setup? (As I wrote above, the dummy cert only works for localhost
.)
from quant.
Yes!!!!!!They are working now, working with -c false, thank you very much!!! I sincerely appreciate! Thanks a lot!
from quant.
Related Issues (20)
- DoS Attack: Server crashes when processing new connections ids that have the same cid HOT 7
- TLS ticket read error HOT 4
- Failed to build on Ubuntu HOT 19
- Support for QUIC datagrams HOT 2
- Decryption of QUIC packets using secret keys with wireshark HOT 1
- Basic setup of server and client configuration HOT 4
- Some installation issues on Ubuntu 16, 20 and MacOSX HOT 1
- krng.h runtime error on mac osx HOT 2
- Retiring the initial connection ID HOT 9
- fc window exceeded HOT 2
- Release/server HOT 2
- reference paper HOT 1
- Problems with Ninja and server.c in /bin HOT 12
- Quant server misbehaves when a ping is sent as the first Initial packet. HOT 1
- Fail to build on m1 osx HOT 2
- Failed to compile bench_conn and bench HOT 4
- bench_conn core dump HOT 2
- Protocol Violation in Quant HOT 1
- Quant server process Handshake packet with an unmatched Destination Connection ID. HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from quant.