Https requests - getting error "socket result: -29"

Hello there,

I’m trying to make an https request, and always getting this error: failed (http result: -1 socket result: -29)

Outside Defold, everything looks fine:

$ http get https://raftwars.io/user
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 4
Content-Type: application/json; charset=utf-8
Date: Thu, 02 Aug 2018 00:55:08 GMT
ETag: W/"4-K+iMpCQsduglOsYkdIUQZQMtaDM"
Server: nginx/1.10.3 (Ubuntu)
X-Powered-By: Express

null

It’s funny that I do can make https requests for other websites (Google, GitHub, etc), so I’m guessing it might be related to some particular SSL configuration I have to do in my server?

I’m using letsencrypt.org as SSL certificate provider.

Does this happen with http.request() or are we talking TCP socket communication?

Hi @britzl, it’s through http.request().

You can check that the second one gets an error:

-- works
http.request("https://google.com", "GET", function(self, id, response)
	print("GOOGLE REQUEST")
	print(response.response)
end)

-- HTTP request to 'https://raftwars.io/user' failed (http result: -1  socket result: -29)
http.request("https://raftwars.io/user", "GET", function(self, id, response)
	print("RAFTWARS REQUEST")
	print(response.response)
end)

I’m not getting a -29. Instead I get this on OSX:

HTTP request to 'https://raftwars.io/user' failed (http result: -1  socket result: -15)

-15 is a native to Defold translation of ENETUNREACH and -29 is a native to Defold translation of ECONNREFUSED.

I’m guessing this is an axTLS issue (I’m no expert though!). I’ll poke around a bit more and see what I find.

One difference that I noticed when checking the SSL cert (using online SSL site check tools) is that for raftwars.io the intermediate certificate (Let’s Encrypt Authority X1) is not included in the certificate and needs to be downloaded as a separate step when validating the cert. This download is not done by axTLS. Can you change so that you use and return the full certificate chain?

Thanks for taking your time to inspect, @britzl.

I’m not an expert too, but apparently the intermediate certificate is configured properly (the server includes fullchain.pem as the certificate (which has the intermediate attached)

I’ve used this website for checking the certs, and apparently the intermediate cert shouldn’t be an issue, check out the screenshot:

26741×317 70.5 KB

I’d appreciate if you can give me any direction on server configuration or whatnot I could be trying instead.

You’ve made a change haven’t you? I get the http.request() working now!

The tools I used (https://ssltools.digicert.com/checker/ and http://ssl-checker.online-domain-tools.com/) both show that the intermediate certificate is included now.

Hm, that worries me , I haven’t made any change in the server, and I’m still getting the same error as before:

HTTP request to 'https://raftwars.io/user' failed (http result: -1  socket result: -29)

@britzl are you using the same Defold version as me? Defold Engine 1.2.134 (b2ef3a1)

Cheers

Yes. Very strange indeed. I am testing from home, but that doesn’t explain why the online tools shows the intermediate certificate as included.

271362×954 73.2 KB

Created an empty project, and here’s what I see in my logs.

05806×415 32.7 KB

This one looks important, do you know what might be the cause of it?

ERROR:DLIB: Unable to bind ssdp socket to listening listen_address '0.0.0.0' (-30)
WARNING:ENGINE: Unable to create ssdp service (-1)

This is unrelated. You can safely ignore it as it is the service with which the editor detects running dmengine instances. I tried again and it is still working for me. Tried two different networks. Do you have more than one server running and perhaps only the correct cert on one of them?

And it works from the office network now as well. Something must have changed.

Hey @britzl yes, all fine now, just something going wrong from Brazil location… thanks for your help!