search

codypiersall / pynng

Python bindings for Nanomsg Next Generation.
https://pynng.readthedocs.io
MIT License
267 stars 58 forks source link

WSS #83

Closed PHLF closed 3 years ago

PHLF commented 3 years ago

I have a server exposing a NNG publisher over WSS (self signed cert), I am able to dial and receive published messages using nngcat:

nngcat --sub --dial wss://<URL>/<PATH> --raw -k

But using pynng I keep getting the following error:

Traceback (most recent call last): [...] pynng.exceptions.AuthenticationError: Peer could not be authenticated

Process finished with exit code 1

 c_client = TLSConfig(TLSConfig.MODE_CLIENT,
                        #  ca_files=[args.ca],
                         auth_mode=TLSConfig.AUTH_MODE_NONE) # Looking at nngcat's sources, this should be equivalent to nngcat "-k"

    data_sub = Sub0()
    data_sub.tls_config = c_client
    data_sub.dial('wss://{}/{}'.format(url,path), block=True)

Any clue?

PHLF commented 3 years ago

Ok it looks like this works using the following piece of code:

 c_client = TLSConfig(TLSConfig.MODE_CLIENT,
                        ca_files=[args.ca]) # Not specifying AUTH_MODE and specifying self-signed ca_files

    data_sub = Sub0(topics="")       # Required for receiving messages using pub/sub with no topics...
    data_sub.tls_config = c_client
    data_sub.dial('wss://{}/{}'.format(url,path), block=True)

This is different from nngcat behavior: with nngcat using insecure mode is sufficient and even necessary when using self-signed certs...

Any feedback regarding this would be great.

Thank you for your time and for your great work with pynng ;)

codypiersall commented 3 years ago

Thanks for opening the issue, and glad you got it sorted out!