I'm trying to create a small REST-like API that should be secured with HTTPS. I want to use the nickel crate for the server and hyper_rustls and hyper for the client.
The server is running great as long as I use a browser, curl or a REST client to access it, but when I start to use hyper_rustls I always get a handshake error:
TLS error: AlertReceived(HandshakeFailure)
Connection closed
To localize the error, I set up a minimal server:
#[macro_use]
extern crate nickel;
extern crate hyper;
use hyper::net::Openssl;
use nickel::Nickel;
fn main() {
let mut server = Nickel::new();
server.utilize(router! {
get "**" => |_req, _res| {
"Hello world!"
}
});
// FIXME: Add Match Error and OK instead of unwreap and add a propper error handling
let ssl = Openssl::with_cert_and_key("/etc/letsencrypt/live/www.example.de/fullchain.\
pem",
"/etc/letsencrypt/live/www.example.de/privkey.pem")
.unwrap();
server.listen_https("0.0.0.0:6767", ssl).expect("Failed to launch server");
}
The valid certificate in Chrome:
- The complete output of tlsclient when accessing the nickel server
- The complete output of tlsclient when accessing badssl.com
To avoid errors in hyper_rustls, I used the rustls tlsclient example but the error still appears.
The Let's Encrypt certificate isn't the problem as I can connect to an Apache2 server with these certs using tlsclient.
Have I made a mistake with my thinking how this works?
