Open clounixeood opened 8 years ago
Hello @clounixeood,
I am assigning @Pierozi, he would probably provide you interesting inputs about your questions!
Thank you very much @Hywan for your prompt answer. I will be glad to hear any input form your colleague @Pierozi
Hi Guys, some news about it?
Hello @clounixeood, sorry i planned to do a Snippet for you but have no time until Sunday.
If you want TLS on your socket, you need add your certificate in the context of Server.
@clounixeood look at https://github.com/hoaproject/Socket/blob/master/Connection/Connection.php#L475
This MVE is bit old, but i think it could help you
https://github.com/Pierozi/Socket/blob/mwe/mwe/EasyServer.php#L66-L78
Hello @Pierozi ,
thank you very much for your hints, i follow your guide and something changed. Now, when i run the server i have :
[ MODE_CRYPTED ]
[Connection WAIT]
and its good. But then the browser write :
WebSocket connection to 'wss://xxxxxx:1738/' failed: Error during WebSocket handshake: net::ERR_CONNECTION_RESET
Meantime the server write :
Connection from [79.7.42.245:54961|]
< G
I have put the certificate in .pem format that contains request, key and certificate all together in the style
-----BEGIN CERTIFICATE REQUEST-----
obfuscated
-----END CERTIFICATE REQUEST-----
-----BEGIN PRIVATE KEY-----
obfuscated
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
obfuscated
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
obfuscated
-----END CERTIFICATE-----
and set the path into the array variable
'local_cert' => '/websocket/keys/cert.pem',
'passphrase' => '',
'allow_self_signed' => true,
'verify_peer' => false
If you have any other hints (of course when you have time) i will appreciate very much. Have a nice evening.
I can confirm we have a bug of enable TLS with WebSocket.
https://github.com/Pierozi/Websocket/pull/1/files#diff-5a72b4fa5efc1217f53f085c8580c79eR94
@Hywan I've setup MWE for debug, It's around Server handshake, first guess it is the missing call of enableEncryption
in doHandshake
method. Verified with openssl tools cannot detect secure TLS connection.
But then the result of read is empty. I need look it more deeply.
@Pierozi Can you open an issue please?
@clounixeood Please, look in my fork for up to date demo : https://github.com/Pierozi/Websocket/tree/snippet/tls/snippet
If you try on your side you need install this patch https://github.com/hoaproject/Websocket/pull/78
@clounixeood any news ? I would like really make it work encryption with your client usecase.
Hello @Pierozi , i tried it yesterday evening. As you suggested, i installed patch #78 and then i downloaded you examples changing you certificate path with mine. I have original certificates, not self-signed.
Unfortunately the error on the console of Chrome and Firefox is "Connection closed before handshake".
For now, i solved installing the extension proxy_wstunnel on my apache that take inputs on port 443 using my certificates (configured on apache) and redirect all the traffic on your hoawebserver on port 8889 without encryption.
It is working great. When you have some other news, i can try again.
Thank you very much for what you are doing.
Hello @clounixeood
Thanks for feedback, you confirm me it's not working even with trust certificate. I will look with others WebSocket clients, I think issue is all related to decode correctly HTTPS trame.
@clounixeood Thanks alot buddy! you might didn't know when you wrote this last comment about setting up a proxy_wstunnel and do internal ws:// connection but your comment really made my day and helped me to set up wss:// connection without messing up with HoaWebsocket code. Works like a charm.
Glad to hear your success!! Have a nice day.
Hello,
i would be thankful for the service that is really great but in your documentation about wss:// i see only to set the url wss:// on server side and client side but it is not enough, cause chrome does not connect to hoa websocket.
I think it is needed to have SSL certificates on server but it is not explained how to configure Hoa to choose the path for that certificate.
Thank you. Andrea Bernardi