search

LiveOrDevTrying / WebsocketsSimple

WebsocketsSimple provides an easy-to-use and customizable Websocket Server and Websocket Client. The server is created using a TcpListener and upgrades a successful connection to a WebSocket. The server and client can be used for non-SSL or SSL connections and authentication (including client and server SSL certification validation) is provided for identifying the clients connected to your server. Both client and server are created in .NET Standard and use async await functionality.
Apache License 2.0
21 stars 2 forks source link

Support wildcard ssl certs #12

Open Nakano37 opened 1 month ago

Nakano37 commented 1 month ago

Trying to connect to one of Amazon's AWS Gamelift servers (which is also running WebsocketSimple Server) using their certs, which openssl is telling me are valid, I'm getting the following error trying to connect using WebsocketSimple Client:

Error during ConnectAsync() - The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch: 
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch
   at System.Net.Security.SslStream.SendAuthResetSignal(ReadOnlySpan`1 alert, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions)
   at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](Boolean receiveFirst, Byte[] reAuthenticationData, CancellationToken cancellationToken)
   at WebsocketsSimple.Client.Models.WebsocketClientHandlerBase`5.CreateSSLConnectionAsync(CancellationToken cancellationToken)
   at WebsocketsSimple.Client.Models.WebsocketClientHandlerBase`5.ConnectAsync(CancellationToken cancellationToken)

openssl is showing this valid certificate chain being returned by the server:

% openssl s_client -connect 5j4d59jnjp266srkr61d9xpf85347tnvp4or4kym4lea0my2go.6jxfe2l66hkd7eue0ktgiuq0og84idcf.us-west-2.amazongamelift.com:38258
Connecting to 18.246.27.227
CONNECTED(00000005)
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M03
verify return:1
depth=0 CN=*.6jxfe2l66hkd7eue0ktgiuq0og84idcf.us-west-2.amazongamelift.com
verify return:1
---
Certificate chain
 0 s:CN=*.6jxfe2l66hkd7eue0ktgiuq0og84idcf.us-west-2.amazongamelift.com
   i:C=US, O=Amazon, CN=Amazon RSA 2048 M03
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Oct 23 00:00:00 2024 GMT; NotAfter: Nov 21 23:59:59 2025 GMT
 1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M03
   i:C=US, O=Amazon, CN=Amazon Root CA 1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Aug 23 22:26:04 2022 GMT; NotAfter: Aug 23 22:26:04 2030 GMT
---

so I assume it's the wildcard cert that is causing it to fail.