SSL HTTP Server Sample

jasdev · January 8, 2013, 11:06pm

I’m experimenting with the Microsoft HTTP server sample in release 4.2 on a Cobra 1 board. I’ve created my own self-signed certificate using openSSL, installed it as a resource, but can’t get to work.

The problem is that the application throws an exception, displays the exception in the Debug window, and then locks up. I have a try-catch around the offending method, but it never gets caught, so it’s hard to determine what is wrong.

The code is almost straight from the sample project:


while (true)
{
	try
	{
		if (!listener.IsListening)
		{
			listener.Start();
		}
		HttpListenerContext context = listener.GetContext();
		lock (m_responseQueue)
		{
			m_responseQueue.Enqueue(context);
		}
		Thread th = new Thread(new ThreadStart(HandleRequestThread));
		th.Start();
	}
	catch (InvalidOperationException)
	{
		listener.Stop();
		Thread.Sleep(1000);
	}
	catch (ObjectDisposedException)
	{
		listener.Start();
	}
	catch
	{
		Thread.Sleep(1000);
	}
}


IP address is set
Running Web Server
Type this IP address to access the webpage: 192.168.1.7
The thread '<No Name>' (0x1) has exited with code 0 (0x0).
    #### Exception System.Net.Sockets.SocketException - CLR_E_FAIL (5) ####
    #### Message: 
    #### Microsoft.SPOT.Net.Security.SslNative::SecureServerInit [IP: 0000] ####
    #### Microsoft.SPOT.Net.Security.SslStream::Authenticate [IP: 0037] ####
    #### Microsoft.SPOT.Net.Security.SslStream::AuthenticateAsServer [IP: 000d] ####
    #### Microsoft.SPOT.Net.Security.SslStream::AuthenticateAsServer [IP: 0008] ####
    #### System.Net.HttpListener::AcceptThreadFunc [IP: 0072] ####
    #### SocketException ErrorCode = -1
    #### SocketException ErrorCode = -1
A first chance exception of type 'System.Net.Sockets.SocketException' occurred in Microsoft.SPOT.Net.Security.dll
    #### SocketException ErrorCode = -1
    #### SocketException ErrorCode = -1
    #### SocketException ErrorCode = -1
    #### SocketException ErrorCode = -1
A first chance exception of type 'System.Net.Sockets.SocketException' occurred in System.Net.Security.dll
    #### SocketException ErrorCode = -1
    #### SocketException ErrorCode = -1
The program '[2] Micro Framework application: Managed' has exited with code 0 (0x0).

Any ideas why the exception is not being caught, and what may be causing it?
Thanks.

jasdev · January 9, 2013, 10:25am

Thanks @ Andre. There was a problem with my certificate… I forgot to add a private key. The code works now, but I would like to know why the exception was not propagated to my try-catch. If the exception was caught in the HttpListener, then why did it hang aftwerwards? It seems like a bug.

jasdev · January 9, 2013, 10:49am

But I have a general “catch” at the end, which should capture any exception.

Some more information… I set a breakpoint at this line:

    HttpListenerContext context = listener.GetContext();

and within every catch block.

The debugger never gets past the listener.GetContext() line, so the exception is occuring within this method.

jasdev · January 9, 2013, 11:47am

Thanks @ Andre. I’ll try adding the (Exception e) when I get home tonight.

jasdev · January 10, 2013, 1:27am

@ Andre

I modified the code as shown below to include references to exception classes in the catch statements.
I set break points at the lock (m_responseQueue) statement, and within each catch block.
I loaded the “bad” certificate into the listener, and accessed the device from my browser.
I got the same exception messages as before, but none of the breakpoints were hit.

This tells me that the exception being thrown by the SslStream.AuthenticateAsServer method is being caught and handled within the GetContext method, and as a result the method never returns to my program.

Wouldn’t it better better practice to either:
[ul]catch the exception, and return a null HttpListenerContext, or
allow the exception to bubble up to my code[/ul]


while (true)
	{
		try
		{
			if (!listener.IsListening)
			{
				listener.Start();
			}

			HttpListenerContext context = listener.GetContext();
			lock (m_responseQueue)
			{
				m_responseQueue.Enqueue(context);
			}

			Thread th = new Thread(new ThreadStart(HandleRequestThread));
			th.Start();
		}
		catch (InvalidOperationException e1)
		{
			listener.Stop();
			Thread.Sleep(1000);
		}
		catch (ObjectDisposedException e2)
		{
			listener.Start();
		}
		catch (Exception e3)
		{
			Thread.Sleep(1000);
		}
	}
}

jasdev · January 10, 2013, 11:30am

Yes, the listener keeps running, but as long as the browser continues to request a secure page, nothing is returned. My code doesn’t know anything is wrong, and the user never sees a page or error message or anything!

In my opinion, if something occurs that causes an exception, and it can’t be fixed, then GetContext should allow the exception to bubble up to the calling code.

jasdev · January 10, 2013, 12:00pm

When I load a bad certificate. I know this is a contrived scenario, but the principle is the same.

I’ve also seen those other -1, 1, etc socket error codes. It would be nice to know what is causing them, and how they are being handled.