SSL not working from iOS mobile device

[npawelek]

Bug report, debug log and your config file (FULL LOGS ARE MANDATORY)

I'm in the process of configuring HyperHDR and testing it for my use-case. I have it deployed with an SSL cert and when attempting to access the url from iOS, I'm getting an odd error. The site attempts to load the login page, then displays a generic, Errors during message parsing, please consult the HyperHDR Log. Unfortunately, the log doesn't provide much insight:

2021-11-30T23:44:02.863Z [WEBSOCKET] (WebSocketClient.cpp:30) New connection from 192.168.30.101
2021-11-30T23:44:02.864Z [WEBSOCKET] (JsonAPI.cpp:89) Client '192.168.30.101' switch to HyperHDR instance 0
2021-11-30T23:44:02.873Z [WEBSOCKET] Failed to parse json data from JsonRpc@192.168.30.101: Error: illegal value at Line: 1, Column: 1

My setup is incomplete as I'm still waiting for some HDMI cables, though it shouldn't affect what I'm attempting to do.

As requested, here's a full copy of the logs: https://pastebin.com/14ZG3rtR

Steps to reproduce

1. Add a certificate to hyperhdr.
2. Restart service.
3. Access URL from iOS mobile device.
4. Error message returned.

What is expected?

Login page is returned.

What is actually happening?

Error message is returned. Errors during message parsing, please consult the HyperHDR Log.

System

HyperHDR Server: 
- Build:           (HEAD detached at dec81c0) (Awawa-2a2ed8d/dec81c0-1631541363)
- Build time:      Sep 15 2021 16:23:59
- Git Remote:      https://github.com/awawa-dev/HyperHDR
- Version:         17.0.0.0
- UI Lang:         auto (BrowserLang: en-US)
- UI Access:       expert
- Avail Capt:      Linux (V4L2)
- Database:        read/write

HyperHDR Server OS: 
- Distribution:   Raspbian GNU/Linux 11 (bullseye)
- Architecture:   arm
- CPU Model:      ARMv7 Processor rev 3 (v7l)
- CPU Type:       Raspberry Pi 4 Model B Rev 1.1
- CPU Revision:   c03111
- CPU Hardware:   BCM2711
- Kernel:         linux (5.10.63-v7l+ (WS: 32))
- Qt Version:     5.11.3
- Browser:        Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 

[awawa-dev]

Hi If the certificate is not used, is the https instance at 8092 port working correctly? it's using default builtin self-signed HyperHDR certificate, you should receive notification from the webbrowser also. Verify in the browser if it is https protocol for sure and in the logs (search for 'Started on port 8092 name 'HyperHDR Webserver'') because if something is wrong (for example missing openssl dependencies) then it will fallback to http even at 8092. In your logs https instance refuses to initialize at all and that message in the log is also missing.

[awawa-dev]

OK, I see that you changed port for 443 also.

[awawa-dev]

Not sure about possible conflict with some other applications/firewalls. Change it back to 8092 and test again. I know that the browser will be screaming with warnings about that port but want to verify if it's certificate handling problem or something else in the system.

[npawelek]

Hi @awawa-dev, thanks for the response. There is no change in behavior with moving SSL back to port 8092, the same error is returned on the mobile device and it continues to function from the desktop webapp. It may be worthwhile to mention that I'm not using the default self-signed certificate, rather one generated from Let's Encrypt.

[awawa-dev]

Thanks but have some more questions ;)

• did you try to use default built-in certificate with the same result on your mobile device?
• does the mobile browser work using HTTP port?
• Just to confirm: your desktop browser is working correctly with custom SSL certificate enabled (on HyperHDR HTTPS port)?
• Could you provide more info about your mobile webbrowser (safari or 3rd party browser?)

[npawelek]

I appreciate the help!

• I did not try the default built-in certificate.
• HTTP is fully functional on the mobile device.
• The LE certificate is fully functional on the desktop side.

$ curl -vvI https://hyp-samsung55.REDACTED.com 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }'
* Server certificate:
*  subject: CN=*.REDACTED.com
*  start date: Nov 11 19:37:31 2021 GMT
*  expire date: Feb  9 19:37:30 2022 GMT
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Connection #0 to host hyp-samsung55.REDACTED.com left intact
* Closing connection 0

• Browsers attempted: Safari, Chrome, and Brave (I believe all iOS browsers utilize Safari to an extent)

[awawa-dev]

That test was conducted with HyperHDR with loaded certificate or some other test server? Testing default HyperHDR certificate could tell us more and help further diagnostic. Unfortunately, I am somewhat limited in solving such problems remotely but I suspect that something wrong is happening on the phone side... it's even enough that time is different on both devices or certificate issuers chain fails on it, that's why please test the default https settings. The next step would probably require connecting from the desktop to the mobile browser to check out if there are some obvious javascript or communication errors in the browser log (for example https://general.support.brightcove.com/developer/debugging-mobile-devices.html).