search

godotengine / godot

Godot Engine – Multi-platform 2D and 3D game engine
https://godotengine.org
MIT License
91.06k stars 21.18k forks source link

Clarify that secure websocket connections need valid certiifcates on Web #97322

Open Swarkin opened 1 month ago

Swarkin commented 1 month ago

Tested versions

4.3 4.3.dev2 4.3.custom_build.nothreads

System information

Any OS, wasm32

Issue description

When there are SSL issues while connecting a websocket, Godot doesn't provide any useful output to the user. The current output is WebSocket connection to <url> failed:.

Solution: There should be a note of this in the documentation, and/or a friendlier error message.

Old Description (Resolved) Trying to use websockets always results in the error `WebSocket connection to failed:`. It works perfectly fine on any other platform's native builds. Surprisingly, the **server is accepting a connection**, but the client never connects, resulting in an error on the server side as soon as the connection drops. ### Steps to reproduce - Open Devtools - ~~Go to swarkin.github.io/wsclicker/~~ Not available anymore, the issue has been identified in this discussion. - Notice error in console `WebSocket connection to 'wss://srv.kackadu.de:25569/' failed:` with no information Line where the connection is started: https://github.com/Swarkin/wsclicker/blob/main/client/client.gd#L35 ### Minimal reproduction project (MRP) I do not have the time to make a MRP but this is the project that has the issue: https://github.com/Swarkin/wsclicker It is split into server and client folders and has an export configuration that is used for exporting. (Note: Exporting in release mode for web does not work and instead falls back to a debug build.)
Swarkin commented 1 month ago

Someone suggested that to use SSL on web, I need to create custom certificates. The docs make no mention of this and I do not understand this process at all...

Swarkin commented 1 month ago

Tried connecting to a https domain, same error but the connection fails immediately and nothing appears on the server.

fuwaneko commented 1 month ago

@Swarkin if your WebSocket server does not use TLS, you should connect using ws:// protocol instead of wss://

Swarkin commented 1 month ago

@Swarkin if your WebSocket server does not use TLS, you should connect using ws:// protocol instead of wss://

The website that the Godot game is on uses https (secure context) so I am forced to use wss. I believe the error is from some misconfigured TLS thing but I have no idea.

Even if me not passing in any TLSOptions is the issue, i wouldn't understand why it does connect successfully for the server but not for the client. Furthermore, an useful error message would be more convenient than a generic "the connection failed" message.

fuwaneko commented 1 month ago

The website that the Godot game is on uses https (secure context) so I am forced to use wss. I believe the error is from some misconfigured TLS thing but I have no idea.

This is indeed a correct web browser behavior, only secure connections are allowed from secure environment. You, as a server owner, are obliged to properly set up TLS termination if you want to use TLS. This is neither Godot responsibility nor a bug. You can, for example, obtain a Let's Encrypt certificate and use it directly in your server code, there's a good example provided by Godot on how to do that.

Even if me not passing in any TLSOptions is the issue, i wouldn't understand why it does connect successfully for the server but not for the client.

The TCP connection is successful, but subsequently, a TLS handshake is expected by the client, which never happens.

Furthermore, an useful error message would be more convenient than a generic "the connection failed" message.

The error comes from a web browser, Godot has little control over it. Again, normal web browser behavior.

Swarkin commented 1 month ago

My suggestion is to give out a warning when using a wss:/ url and not passing in any TLSOptions then. As you can see this behaviour is really confusing so I'd appreciate a short mention of it in the docs too.

Swarkin commented 1 month ago

@fuwaneko I've been asking around in the Godot discord for days and no one is able to help, would you be willing to assist me to get this running? I have bought a domain and am tunneling it trough cloudflare for https and also have cloudflare as my dns. Please message me on discord as swark1n

Swarkin commented 1 month ago

I have updated the issue description to better clarify what this issue is about.

Faless commented 1 month ago

My suggestion is to give out a warning when using a wss:/ url and not passing in any TLSOptions then.

TLSOptions are not supported on the Web due to browser limitations (we should add a note about that in the docs).

The only solution is to use a valid certificate with a valid FQDN.

Calinou commented 3 days ago

TLSOptions are not supported on the Web due to browser limitations (we should add a note about that in the docs).

The TLSOptions class already notes that several methods don't have an effect on the web platform. Does this apply to the entirety of the TLSOptions class, or just those specific methods?

Faless commented 3 days ago

Does this apply to the entirety of the TLSOptions class, or just those specific methods?

TLSOption is just a configuration, it's the classes that uses it that have the actual limitations.

In practice, TLSOption have no effect in any of the internal classes that use it (HTTPClient, HTTPRequest, WebSocket).