WSS and HTTPS: how configure certificate?

[GonzalezAtWork]

hey guys,

I am trying to host the web wasm version into a HTTPS server, but with that, I can only connect on servers using WSS.

If i try to connect, I get the error message:

AcceptSecurityContext failed: 80090327

Documentation says: If using wss:// then your server MUST be using a certificate that the user's browser will accept. The browser does not inform about why the connection failed if its wrong. You may want to proxy ws(s)->ws via nginx/apache or whatever, but note that until X-Forwarded-For is supported this will mean you have to apply any IP-based bans in your wss proxy instead of in the game server.

But do not explain how to apply the certificate to the FTEQWSV.

Some directions, please?

Thanks!

[eukara]

AcceptSecurityContext failed: 80090327 == SEC_E_CERT_UNKNOWN

Can be triggered by the peer (aka: web browser) sending codes like TLS1_ALERT_BAD_CERTIFICATE, TLS1_ALERT_UNSUPPORTED_CERT or TLS1_ALERT_CERTIFICATE_UNKNOWN at the server.

Caused exclusively by Microsoft's sspi-based implementation of TLS and DTLS, which is not that compatible because it's poorly documented. Browsers generally reject those self-signed certificates.

A Linux based server will not have this problem, but if you're on Windows only you can pass -DLINK_OPENSSL (or edit config_fteqw.h to uncomment that line) and build a fte server binary that links against OpenSSL 3 instead. That's the only real solution besides putting a reverse-proxy inbetween.

[GonzalezAtWork]

where that -DLINK_OPENSSL should go? On the wasm's fmf? or on the creation of the windows's server?

[Xylemon]

You pass -DLINK_OPENSSL when building the Windows server with CMake.