machinezone / IXWebSocket

websocket and http client and server library, with TLS support and very few dependencies
BSD 3-Clause "New" or "Revised" License
551 stars 177 forks source link

No close event in crypted mode (TLS) #430

Open Igi54 opened 1 year ago

Igi54 commented 1 year ago

Hello, I use IXWebSocket 11.4.3. for both - clients and a server. When I use unsecured connection (ws:) everything works perfectly- when I turn off the server, a clients notice it and say "unable to connect.." when I turn on the server the clients connect again automaticaly. But if I use TLS (wss:) with all needed certificates, I can connect clients to server, I can send messages, but the detection if the server is connected fails. It means when I turn off the server clients say nothing and when ping message should be sent from a client, the client crashes. I use Linux for both - clients and server. Thank you in advance for any help.

peterphonic commented 1 year ago

@Igi54 Sorry to hijack your question, but I do have a question regarding your wss setup.

From the client to connect to the server are you using wss://localhost/ or wss://an_ip_adress/ ?

On my side, it works only with wss://localhost/, soon as I try to use an IP address, I have a certificate error. I am asking because I am really banging my head since a couple of days to this problem. For my certificate, I used x509 with the extension config containing the ip address that should be accessible.

subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
IP.1 = 192.168.230.138

Regarding your question, I won't help that much, but on my side on windows, my IXWebSocket client returns Connection error : Unable to connect to localhost on port 8080, error : Connect error : No error when I close my javascript websocket server.

flagarde commented 1 year ago

@Igi54 could you provide how you create key etc and the code you are using ?

Igi54 commented 1 year ago

@flagarde , @peterphonic : I use an IP address. I generated the certificates by the script attached to this library, then I used the trusted certificates. I used the same files on server and on clients. Settings on the server:

        tlsOptions.tls = true;
        tlsOptions.certFile = "/var/wsCerts/cert.pem";
        tlsOptions.keyFile = "/var/wsCerts/key.pem";
        tlsOptions.caFile = "/var/wsCerts/ca.pem";

        server.setTLSOptions(tlsOptions);

and on the client:

        ix::SocketTLSOptions tlsOptions;
        tlsOptions.tls = true;
        tlsOptions.certFile = "/var/wsCerts/cert.pem";
        tlsOptions.keyFile = "/var/wsCerts/key.pem";
        tlsOptions.caFile = "NONE";

        webSocket.setTLSOptions(tlsOptions);

In my case I use both(clients and server) as inner Linux services without in touch with user, so I do not need any "certification authority". I need only to have safe transfer between clients and server.