hoaproject / Websocket

The Hoa\Websocket library.
https://hoa-project.net/
423 stars 75 forks source link

Documentation wss #76

Open clounixeood opened 8 years ago

clounixeood commented 8 years ago

Hello,

i would be thankful for the service that is really great but in your documentation about wss:// i see only to set the url wss:// on server side and client side but it is not enough, cause chrome does not connect to hoa websocket.

I think it is needed to have SSL certificates on server but it is not explained how to configure Hoa to choose the path for that certificate.

Thank you. Andrea Bernardi

Hywan commented 8 years ago

Hello @clounixeood,

I am assigning @Pierozi, he would probably provide you interesting inputs about your questions!

clounixeood commented 8 years ago

Thank you very much @Hywan for your prompt answer. I will be glad to hear any input form your colleague @Pierozi

clounixeood commented 8 years ago

Hi Guys, some news about it?

Pierozi commented 8 years ago

Hello @clounixeood, sorry i planned to do a Snippet for you but have no time until Sunday.

If you want TLS on your socket, you need add your certificate in the context of Server.

Pierozi commented 8 years ago

@clounixeood look at https://github.com/hoaproject/Socket/blob/master/Connection/Connection.php#L475

This MVE is bit old, but i think it could help you

https://github.com/Pierozi/Socket/blob/mwe/mwe/EasyServer.php#L66-L78

clounixeood commented 8 years ago

Hello @Pierozi ,

thank you very much for your hints, i follow your guide and something changed. Now, when i run the server i have :

[ MODE_CRYPTED ]
[Connection WAIT]

and its good. But then the browser write :

WebSocket connection to 'wss://xxxxxx:1738/' failed: Error during WebSocket handshake: net::ERR_CONNECTION_RESET

Meantime the server write :

Connection from [79.7.42.245:54961|]
 < G

I have put the certificate in .pem format that contains request, key and certificate all together in the style

-----BEGIN CERTIFICATE REQUEST-----
obfuscated
-----END CERTIFICATE REQUEST-----

-----BEGIN PRIVATE KEY-----
obfuscated
-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
obfuscated
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
obfuscated
-----END CERTIFICATE-----

and set the path into the array variable

                'local_cert' => '/websocket/keys/cert.pem',
                'passphrase' => '',
                'allow_self_signed' => true,
                'verify_peer' => false

If you have any other hints (of course when you have time) i will appreciate very much. Have a nice evening.

Pierozi commented 8 years ago

I can confirm we have a bug of enable TLS with WebSocket.

https://github.com/Pierozi/Websocket/pull/1/files#diff-5a72b4fa5efc1217f53f085c8580c79eR94

@Hywan I've setup MWE for debug, It's around Server handshake, first guess it is the missing call of enableEncryption in doHandshake method. Verified with openssl tools cannot detect secure TLS connection.

But then the result of read is empty. I need look it more deeply.

Hywan commented 8 years ago

@Pierozi Can you open an issue please?

Pierozi commented 8 years ago

@clounixeood Please, look in my fork for up to date demo : https://github.com/Pierozi/Websocket/tree/snippet/tls/snippet

If you try on your side you need install this patch https://github.com/hoaproject/Websocket/pull/78

Pierozi commented 8 years ago

@clounixeood any news ? I would like really make it work encryption with your client usecase.

clounixeood commented 8 years ago

Hello @Pierozi , i tried it yesterday evening. As you suggested, i installed patch #78 and then i downloaded you examples changing you certificate path with mine. I have original certificates, not self-signed.

Unfortunately the error on the console of Chrome and Firefox is "Connection closed before handshake".

For now, i solved installing the extension proxy_wstunnel on my apache that take inputs on port 443 using my certificates (configured on apache) and redirect all the traffic on your hoawebserver on port 8889 without encryption.

It is working great. When you have some other news, i can try again.

Thank you very much for what you are doing.

Pierozi commented 8 years ago

Hello @clounixeood

Thanks for feedback, you confirm me it's not working even with trust certificate. I will look with others WebSocket clients, I think issue is all related to decode correctly HTTPS trame.

humayunghani commented 7 years ago

@clounixeood Thanks alot buddy! you might didn't know when you wrote this last comment about setting up a proxy_wstunnel and do internal ws:// connection but your comment really made my day and helped me to set up wss:// connection without messing up with HoaWebsocket code. Works like a charm.

clounixeood commented 7 years ago

Glad to hear your success!! Have a nice day.