[WebTransport] Struggling to run example - WebTransport example out of date?

[juj]

Hi,

I am trying to follow the steps at https://github.com/GoogleChrome/samples/blob/gh-pages/webtransport/webtransport_server.py to run the WebTransport demo on Windows 10.

Have OpenSSL and Python 3 installed.

1. Generated .pem and .key via:

https://github.com/GoogleChrome/samples/blob/7380e933887c1c3f03dac62eeb042b6d6e7d297d/webtransport/webtransport_server.py#L53-L56

Btw, there is an error with the above line: executing it from Windows command line gives

One cannot use single quotes, e.g. '/CN=Test Certificate', but must use double quotes, e.g. "/CN=Test Certificate". Recommend changing the example to double quotes (like it already does on -addext directive) so it will work on each Windows, Linux and macOS the same.

With that fixed, I get a certificate and a key.

2. Generated fingerprint via

https://github.com/GoogleChrome/samples/blob/7380e933887c1c3f03dac62eeb042b6d6e7d297d/webtransport/webtransport_server.py#L58-L63

Though that gives an error on Windows with

OpenSSL can do base64 encoding by itself, so recommend changing the last | base64 to | openssl enc -base64 instead, so the example will work without needing to install other tools than OpenSSL.

Then got

3. Ran Chrome with the requested flags:

https://github.com/GoogleChrome/samples/blob/7380e933887c1c3f03dac62eeb042b6d6e7d297d/webtransport/webtransport_server.py#L65-L72

with

however that is where I get stuck, because Chrome Canary complains that the command line flag --ignore-certificate-errors-spki-list= option is not supported. I am running on current latest Chrome Canary 99.0.4837.0:

So this suggests that the example is somehow out of date/not current any more with Chrome Canary 99?

Thinking that maybe that specific flag requires Chromium specifically and not Chrome Canary, I downloaded Chromium r960313 from https://download-chromium.appspot.com/ , but that gives the same error "You are using an unsupported command line flag":

Has the command line flag name changed? Has the flag been removed?

Then, as a last effort attempt, I tried to just ignore that message, and proceed to run the webtransport_server.py with certificate.pem and .key.

After a pip3 install aioquic, it no longer throws, but I am not sure if it launches correctly - when I run it, it does not print anything and I wonder if it has gotten stuck - no positive confirmation is printed:

As a detour way to diagnose if it's actually doing anything, looking at netstat -a -b, something has bound itself to port 4433:

 [svchost.exe]
  UDP    [::1]:4433             *:*                    

Assuming it would be working as intended, I proceed to run a test.html off of localhost, which contains the code snippet

https://github.com/GoogleChrome/samples/blob/7380e933887c1c3f03dac62eeb042b6d6e7d297d/webtransport/webtransport_server.py#L22-L31

wrapped inside a <html><body><script>...</script></body></html> block, but I run into an error

and that is where I am unsure how to proceed.

Is there something I missed with the example? Should it be working, or any known bugs?

Thanks!

[juj]

I see there is a line

https://github.com/GoogleChrome/samples/blob/7380e933887c1c3f03dac62eeb042b6d6e7d297d/webtransport/webtransport_server.py#L246-L247

that is supposed to print when the server starts. For some reason, that line is not getting printed.

Tried changing it to logger.info(...) (since there is an instance of a logger object created at the top of the file), though that didn't work either. Changing it to logger.debug() or logging.debug() did not work either, neither did setting logger.setLevel(logging.DEBUG).

Changing the print to a regular print(..) does however work, and then I get

However connecting to it from browser via new WebTransport("https://localhost:4433/counter") does not seem to work any different.

[juj]

To attempt to sidestep the issue that Chrome/Chromium does not support --ignore-certificate-errors-spki-list= - maybe that would be the issue here(?), I tried to use my live web server certificates (for the purposes of this report, foo.com) for the WebTransport server.

I run with

python webtransport_server.py C:/nginx-1.18.0/foo.com/cert5.pem C:/nginx-1.18.0/foo.com/privkey5.pem

to load in my live site keys, after which I again get the log

Listening on https://::1:4433

I move test.html over to my live HTTPS web site, as https://foo.com/webtransport/test.html. Trying to connect to the WebTransport server from that page via

  let transport = new WebTransport("https://localhost:4433/counter");

or

  let transport = new WebTransport("https://foo.com:4433/counter");

but neither of these works, and fail on opening handshake.

It seems to me that I should change

https://github.com/GoogleChrome/samples/blob/7380e933887c1c3f03dac62eeb042b6d6e7d297d/webtransport/webtransport_server.py#L90

to my web server's address, so that the server would print "Listening on https://foo.com:4433", so I try that:

BIND_ADDRESS = 'foo.com'

but that runs to an error

Traceback (most recent call last):
  File "webtransport_server.py", line 245, in <module>
    loop.run_until_complete(
  File "C:\Python38-32\lib\asyncio\base_events.py", line 612, in run_until_complete
    return future.result()
  File "C:\Python38-32\lib\site-packages\aioquic\asyncio\server.py", line 204, in serve
    _, protocol = await loop.create_datagram_endpoint(
  File "C:\Python38-32\lib\asyncio\base_events.py", line 1328, in create_datagram_endpoint
    raise exceptions[0]
  File "C:\Python38-32\lib\asyncio\base_events.py", line 1312, in create_datagram_endpoint
    sock.bind(local_address)
OSError: [WinError 10049] The requested address is not valid in its context

so the server clearly does not want to use a domain name, even though it prints a domain name in its startup log.

As a fallback, I make the server bind to my adapter's LAN address:

BIND_ADDRESS = '192.168.50.141'

but that unfortunately does not make a difference either, and I am unable to connect to the WebTransport server.

Any tips would be appreciated!

[yutakahirano]

The latest webtransport_server.py works with Chrome Canary in my environment. Here are my settings:

• I'm using web-transport-server certificates (wpt/tools/certs/web-platform.test.pem and wpt/tools/certs/web-platform.test.key).
• I changed the "BIND_ADDRESS" in webtransport_server.py to "web-platform.test".
• I ran https://web-platform-tests.org/running-tests/from-local-system.html#hosts-file-setup.
• Additional command line flags for Chrome are --ignore-certificate-errors-spki-list=<HASH> --origin-to-force-quic-on=web-platform.test:0 (I use here to see the hash value).
• The WebTransport URL is "https://web-platform.test:4433/counter".

[aboba]

Here is a working example site: https://webrtc.internaut.com/wt/

[vasilvv]

You are using an unsupported command line flag

Note that this actually means that the flag works, it's mostly there to discourage people from using ignore-certifiate-errors and related flags. I believe you could install the test certificate into the browser in question locally, though you'd still need the --origin-to-force-quic-on in order for it to work.

[juj]

Thanks all for the help! I was able to get the test server going on a MacBook - not sure what's off on my Windows setup.