1# lws minimal http client JIT Trust 2 3This example turns off any existing trusted CAs and then tries to connect to a server, by default, warmcat.com. 4 5It validates the remote certificates using trusted CAs from a JIT Trust blob compiled into the code. 6 7## build 8 9``` 10 $ cmake . && make 11``` 12 13## usage 14 15Commandline option|Meaning 16---|--- 17-d <loglevel>|Debug verbosity in decimal, eg, -d15 18-l| Connect to https://localhost:7681 and accept selfsigned cert 19--h1|Specify http/1.1 only using ALPN, rejects h2 even if server supports it 20--server <name>|set server name to connect to 21-k|Apply tls option LCCSCF_ALLOW_INSECURE 22-j|Apply tls option LCCSCF_ALLOW_SELFSIGNED 23-m|Apply tls option LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK 24-e|Apply tls option LCCSCF_ALLOW_EXPIRED 25-v|Connection validity use 3s / 10s instead of default 5m / 5m10s 26--nossl| disable ssl connection 27--user <username>| Set Basic Auth username 28--password <password> | Set Basic Auth password 29 30``` 31 $ ./bin/lws-minimal-http-client-jit-trust --h1 --server ebay.com --path / 32==1302866== 33[2021/06/17 14:33:54:7500] U: LWS minimal http client JIT Trust [-d<verbosity>] [-l] [--h1] 34[2021/06/17 14:33:54:7956] N: LWS: 4.2.99-v4.2.0-70-g80e7e39bae, loglevel 1031 35[2021/06/17 14:33:54:7960] N: NET CLI SRV H1 H2 WS MbedTLS ConMon IPv6-absent 36[2021/06/17 14:33:54:8165] N: ++ [wsi|0|pipe] (1) 37[2021/06/17 14:33:54:8227] N: ++ [vh|0|netlink] (1) 38[2021/06/17 14:33:54:8319] N: ++ [vh|1|default||-1] (2) 39[2021/06/17 14:33:55:0107] N: ++ [wsicli|0|GET/h1/ebay.com] (1) 40[2021/06/17 14:33:56:0291] N: ++ [vh|2|jitt-7F69A044||-1] (3) 41[2021/06/17 14:33:56:0355] E: CLIENT_CONNECTION_ERROR: server's cert didn't look good, invalidca (use_ssl 0x20000061) X509_V_ERR = 24: CA is not trusted 42 43[2021/06/17 14:33:56:0376] N: ++ [wsicli|1|GET/h1/ebay.com] (2) 44[2021/06/17 14:33:56:0746] N: -- [wsicli|0|GET/h1/ebay.com] (1) 1.061s 45[2021/06/17 14:33:56:7555] N: lws_client_reset: REDIRECT www.ebay.com:443, path='/', ssl = 1, alpn='http/1.1' 46[2021/06/17 14:33:57:0205] N: ++ [vh|3|jitt-DFF2B5B4||-1] (4) 47[2021/06/17 14:33:57:0208] E: CLIENT_CONNECTION_ERROR: server's cert didn't look good, invalidca (use_ssl 0x1) X509_V_ERR = 24: CA is not trusted 48 49[2021/06/17 14:33:57:0210] N: ++ [wsicli|2|GET/h1/ebay.com] (2) 50[2021/06/17 14:33:57:0288] N: -- [wsicli|1|GET/h1/ebay.com] (1) 991.119ms 51[2021/06/17 14:33:57:7528] N: lws_client_reset: REDIRECT www.ebay.com:443, path='/', ssl = 1, alpn='http/1.1' 52[2021/06/17 14:33:58:1564] U: Connected to 195.95.193.127, http response: 200 53[2021/06/17 14:33:58:1637] U: RECEIVE_CLIENT_HTTP_READ: read 209 54[2021/06/17 14:33:58:1796] U: RECEIVE_CLIENT_HTTP_READ: read 197 55[2021/06/17 14:33:58:1822] U: RECEIVE_CLIENT_HTTP_READ: read 1014 56[2021/06/17 14:33:58:1847] U: RECEIVE_CLIENT_HTTP_READ: read 1024 57[2021/06/17 14:33:58:1851] U: RECEIVE_CLIENT_HTTP_READ: read 1022 58[2021/06/17 14:33:58:2748] U: RECEIVE_CLIENT_HTTP_READ: read 242 59[2021/06/17 14:33:58:2782] U: RECEIVE_CLIENT_HTTP_READ: read 1014 60[2021/06/17 14:33:58:2784] U: RECEIVE_CLIENT_HTTP_READ: read 1024 61[2021/06/17 14:33:58:2785] U: RECEIVE_CLIENT_HTTP_READ: read 1024 62... 63[2021/06/17 14:33:58:4661] U: RECEIVE_CLIENT_HTTP_READ: read 1024 64[2021/06/17 14:33:58:4662] U: RECEIVE_CLIENT_HTTP_READ: read 1024 65[2021/06/17 14:33:58:4663] U: RECEIVE_CLIENT_HTTP_READ: read 1024 66[2021/06/17 14:33:58:4664] U: RECEIVE_CLIENT_HTTP_READ: read 1024 67[2021/06/17 14:33:58:4665] U: RECEIVE_CLIENT_HTTP_READ: read 1024 68[2021/06/17 14:33:58:4666] U: RECEIVE_CLIENT_HTTP_READ: read 1024 69[2021/06/17 14:33:58:4667] U: RECEIVE_CLIENT_HTTP_READ: read 1024 70[2021/06/17 14:33:58:4668] U: RECEIVE_CLIENT_HTTP_READ: read 1024 71[2021/06/17 14:33:58:4669] U: RECEIVE_CLIENT_HTTP_READ: read 1024 72[2021/06/17 14:33:58:4670] U: RECEIVE_CLIENT_HTTP_READ: read 1024 73[2021/06/17 14:33:58:4671] U: RECEIVE_CLIENT_HTTP_READ: read 1024 74[2021/06/17 14:33:58:4672] U: RECEIVE_CLIENT_HTTP_READ: read 1024 75[2021/06/17 14:33:58:4673] U: RECEIVE_CLIENT_HTTP_READ: read 286 76[2021/06/17 14:33:58:4690] U: LWS_CALLBACK_COMPLETED_CLIENT_HTTP 77[2021/06/17 14:33:58:4712] E: main: destroying context, interrupted = 1 78[2021/06/17 14:33:58:4774] N: -- [wsi|0|pipe] (0) 3.661s 79[2021/06/17 14:33:58:4780] N: callback_http: LWS_CALLBACK_CLOSED_CLIENT_HTTP 80[2021/06/17 14:33:58:4829] N: -- [vh|3|jitt-DFF2B5B4||-1] (3) 1.462s 81[2021/06/17 14:33:58:4833] N: -- [wsicli|2|GET/h1/ebay.com] (0) 1.462s 82[2021/06/17 14:33:58:4834] N: -- [vh|0|netlink] (2) 3.660s 83[2021/06/17 14:33:58:4858] N: -- [vh|1|default||-1] (1) 3.654s 84[2021/06/17 14:33:58:4860] N: -- [vh|2|jitt-7F69A044||-1] (0) 2.456s 85[2021/06/17 14:33:58:4974] U: Completed: OK (seen expected 0) 86``` 87 88You can also test the client Basic Auth support against the http-server/minimal-http-server-basicauth 89example. In one console window run the server and in the other 90 91``` 92$ lws-minimal-http-client -l --nossl --path /secret/index.html --user user --password password 93``` 94 95The Basic Auth credentials for the test server are literally username "user" and password "password". 96 97