search

projectodd / stilts

Stomp Integration Layer and Transaction Server
http://stilts.projectodd.org/
Apache License 2.0
38 stars 30 forks source link

Stilts.js Unable to connect to websocket server with secure true #20

Closed ggrillone closed 10 years ago

ggrillone commented 10 years ago

I am having issues with subscribing to my websocket server when I turn the secure option to true. I ran an SSL validator to make sure it was set up properly and everything passed. Also to be safe, I also checked with my hosting provider so I dont believe that is the issue. And also, everything does work when secure is set to false.

The WSS is running on port 8676, and I did make sure that port is open.

I am using the Stomp Javascript library. I downloaded the latest version from this github master branch.

I keep getting this error inside the _transmit() function: can't call transmit on undefined

It seems to not be setting the _transport property inside of _buildConnector() function. I added some console.logs and it always goes to the else statement in this function.

Any ideas on a fix? Or am I just missing something?

I also want to note that the web app server and the websocket server are on 2 different machines. Not sure if that is part of the problem.

This is how I am initializing my connection:

client = new Stomp.Client('my.ip.address', 8676, true);

Here is where I am logging some of the functions:

Stomp.Client = function(host, port, secure) { console.log('host param: ' + host); console.log('port param: ' + port); console.log('secure param: ' + secure); this._host = host || Stomp.DEFAULT_HOST; this._port = port || Stomp.DEFAULT_PORT || 8675; this._secure = secure || Stomp.DEFAULT_SECURE_FLAG || false; console.log('this._host: ' + this._host); console.log('this._port: ' + this._port); console.log('this._secure: ' + this._secure); }

Output:

host param: my.ip.address port param: 8676 secure param: true this._host: my.ip.address this._port: 8676 this._secure: true

_buildConnector: function(transports, i) { console.log('INSIDE _buildConnector()'); var callback = this._connectCallback; var client = this; if ( i < transports.length ) { console.log('IF!!!'); return function() { var fallback = client._buildConnector( transports, i+1, callback ); try { console.log('_buildConnector::IF::TRY'); transports[i].connect( function() { client._transport = transports[i]; callback(); }, fallback ); } catch (err) { console.log('_buildConnector::IF::CATCH'); fallback(); } }; } else { console.log('_buildConnector::ELSE'); return client.connectionFailed.bind(this); } }

Output:

INSIDE _buildConnector() IF!!! INSIDE _buildConnector() IF!!! _buildConnector::IF::TRY INSIDE _buildConnector() _buildConnector::ELSE _buildConnector::IF::TRY

connectionFailed: function() { console.log('INSIDE connectionFailed()'); if (this._errorCallback) { console.log('connectionFailed::IF'); console.log('this._errorCallback'); console.log(this._errorCallback); console.log('arguments'); console.log(arguments); this._errorCallback.apply(this._errorCallback, arguments); } else { console.log('connectionFailed::ELSE'); console.log('unable to connect :('); Stomp.logger.log( "unable to connect" ); } }

Output: No output..

ggrillone commented 10 years ago

I tried moving the websocket server to the same machine as the web app server, still no luck

bobmcwhirter commented 10 years ago

Can you try printing out the various transports it's attempting? and logging the actual error?

console.debug( transports[i] ) or whatnot?

ggrillone commented 10 years ago

It doesn't look there are any errors from what I can tell. If there is anything else I can log let me know. Also if you need more info from with the Stomp.Transport objects I can post that too, just wasn't sure if it was necessary.

Thanks

Output:

INSIDE _connectTransport()
_connectTransport()::FOR
_connectTransport()::t: (new Stomp.Transports[i] )
Stomp.Transport.WebSocket {_host: "my.ip.address", _port: 8676, _secure: true, _ws: undefined, _state: "unconnected"…}
_connectCallback: function (){n._transport=t[e],i()}
_host: "my.ip.address"
_port: 8676
_secure: true
_ws: WebSocket
client: Stomp.Client
__proto__: Object

_connectTransport()::FOR
_connectTransport()::t: (new Stomp.Transports[i])
Stomp.Transport.HTTP {_host: "my.ip.address", _port: 8676, _secure: true, _receiverRequest: undefined, _disconnectReceiver: false…}
_host: "my.ip.address"
_port: 8676
_secure: true
client: Stomp.Client
__proto__: Object

INSIDE _buildConnector()
INSIDE _buildConnector()
_buildConnector()::IF::transports[i]
Stomp.Transport.WebSocket {_host: "my.ip.address", _port: 8676, _secure: true, client: Stomp.Client, _ws: undefined…}
_connectCallback: function (){n._transport=t[e],i()}
_host: "my.ip.address"
_port: 8676
_secure: true
_ws: WebSocket
client: Stomp.Client
__proto__: Object

_buildConnector()::ELSE IF::transports[i]
Stomp.Transport.HTTP {_host: "my.ip.address", _port: 8676, _secure: true, client: Stomp.Client, _receiverRequest: undefined…}
_host: "my.ip.address"
_port: 8676
_secure: true
client: Stomp.Client
__proto__: Object
bobmcwhirter commented 10 years ago

The server side is configured for SSL? If you telnet to port 8676 something answers ?

Sent from my iPhone

On Mar 6, 2014, at 12:55 PM, Greg Grillone notifications@github.com wrote:

It doesn't look there are any errors from what I can tell. If there is anything else I can log let me know.

Thanks

Output:

INSIDE _connectTransport() _connectTransport()::FOR _connectTransport()::t: (new Stomp.Transports[i] ) Stomp.Transport.WebSocket {_host: "my.ip.address", _port: 8676, _secure: true, _ws: undefined, _state: "unconnected"…} _connectCallback: function (){n._transport=t[e],i()} _host: "my.ip.address" _port: 8676 _secure: true _ws: WebSocket client: Stomp.Client proto: Object

_connectTransport()::FOR _connectTransport()::t: (new Stomp.Transports[i]) Stomp.Transport.HTTP {_host: "my.ip.address", _port: 8676, _secure: true, _receiverRequest: undefined, _disconnectReceiver: false…} _host: "my.ip.address" _port: 8676 _secure: true client: Stomp.Client proto: Object

INSIDE _buildConnector() INSIDE _buildConnector() _buildConnector()::IF::transports[i] Stomp.Transport.WebSocket {_host: "my.ip.address", _port: 8676, _secure: true, client: Stomp.Client, _ws: undefined…} _connectCallback: function (){n._transport=t[e],i()} _host: "my.ip.address" _port: 8676 _secure: true _ws: WebSocket client: Stomp.Client proto: Object

_buildConnector()::ELSE IF::transports[i] Stomp.Transport.HTTP {_host: "my.ip.address", _port: 8676, _secure: true, client: Stomp.Client, _receiverRequest: undefined…} _host: "my.ip.address" _port: 8676 _secure: true client: Stomp.Client proto: Object — Reply to this email directly or view it on GitHub.

ggrillone commented 10 years ago

Yes it is configured properly. I am able to access the site through HTTPS successfully. And yes I can telnet to the address/port of the secure websocket server:

telnet my.ip.address 8676

Output:

Trying my.ip.address... Connected to my.ip.address. Escape character is '^]'.

bobmcwhirter commented 10 years ago

I'm sorta stumped. Maybe try another browser or if on unix fire up wireshark and see where the SSL is going wrong. Or if the chrome console has any errors around the websockets or http connections that are failing for some reason.

Sent from my iPhone

On Mar 6, 2014, at 2:02 PM, Greg Grillone notifications@github.com wrote:

Yes it is configured properly. I am able to access the site through HTTPS successfully. And yes I can telnet to the address/port of the secure websocket server:

telnet my.ip.address 8676

Output:

Trying my.ip.address... Connected to my.ip.address. Escape character is '^]'.

— Reply to this email directly or view it on GitHub.

ggrillone commented 10 years ago

Typically in Chrome I see a web console message like 'success' or 'unable to connect' or 'Connection Refused' but in this case I am seeing none of that output.

However, I tried another browser like you suggested (Firefox) and I am now seeing this output in the Firebug console:

Firefox can't establish a connection to the server at wss://my.ip.address:8676/ unable to connect

ggrillone commented 10 years ago

This makes me believe it's an SSL config issue. But I can't figure out what is wrong. I used both of these SSL validators to check: https://www.geocerts.com/ssl_checker and http://www.sslshopper.com/ssl-checker.html. Neither say anything is wrong. Also contacted my hosting provider to verify and they said everything checked out.

Our setup is using Torquebox 3.0.0. According to their documentation we just needed to configure the JBoss server for HTTPS (which I validated it works in the browser) and then the secure websockets 'piggy-back' off of this (http://torquebox.org/news/2013/03/04/websockets-secure/)

bobmcwhirter commented 10 years ago

Yes, I'm familiar with TorqueBox. :)

So you can access the web portion of the app over SSL on port 8443 or whatnot?

The guys in #torquebox on freenode may be able to help.

Sent from my iPhone

On Mar 6, 2014, at 2:22 PM, Greg Grillone notifications@github.com wrote:

This makes me believe it's an SSL config issue. But I can't figure out what is wrong. I used both of these SSL validators to check: https://www.geocerts.com/ssl_checker and http://www.sslshopper.com/ssl-checker.html. Neither say anything is wrong. Also contacted my hosting provider to verify and they said everything checked out.

Our setup is using Torquebox 3.0.0 (not sure if you're familiar with it?). It according to their documentation we just needed to configure the JBoss server for HTTPS (which I validated it works in the browser) and then the secure websockets 'piggy-back' off of this (http://torquebox.org/news/2013/03/04/websockets-secure/)

— Reply to this email directly or view it on GitHub.

ggrillone commented 10 years ago

Sorry for my ignorance, didn't know at first you were part of the TB team!

Yes, tried there first actually before coming here and had no luck

ggrillone commented 10 years ago

Testing in Safari:

WebSocket network error: The operation couldn’t be completed. (OSStatus error -9843.)

ggrillone commented 10 years ago

I tried checking that error using the macerror -9843 command but that didn't return anything useful:

Unknown error (-9843) at /usr/bin/macerror5.12 line 39, <DATA> line 1.

ggrillone commented 10 years ago

I discovered this node.js tool called wscat which can be used to send messages to a websocket server.

When entering the command using the external address: wscat -c wss://my.ip.address:8676

I kept getting the following error: error: Error: Hostname/IP doesn't match certificate's altnames

But when I changed it to my domain name: wscat -c wss://mydomain.com:8676

I was given this message: connected (press CTRL+C to quit)

Which led me to:

I am setting the host value in Javascript as the external ip address of the server where STOMP lives. But the SSL cert is configured for a domain name. This led me to think that I should use mydomain.com instead of my.ip.address for the host parameter in new Stomp.Client. But this is resulting in the following error in the Torquebox log file:

NoSuchHostException: No such host: mydomain.com

Is there some additional configuration needed to connect to the websocket server host using the domain name instead of the ip address?

Thanks.

bobmcwhirter commented 10 years ago

That hostname should match the host in your torquebox.rb in the stomp (and/or web) configuration.

Sent from my iPhone

On Mar 6, 2014, at 4:33 PM, Greg Grillone notifications@github.com wrote:

I discovered this node.js tool called wscat which can be used to send messages to a websocket server.

When entering the command using the external address: wscat -c wss://my.ip.address:8676

I kept getting the following error: error: Error: Hostname/IP doesn't match certificate's altnames

But when I changed it to my domain name: wscat -c wss://mydomain.com:8676

I was given this message: connected (press CTRL+C to quit)

Which led me to:

I am setting the host value in Javascript as the external ip address of the server where STOMP lives. But the SSL cert is configured for a domain name. This led me to think that I should use mydomain.com instead of my.ip.address for the host parameter in new Stomp.Client. But this is resulting in the following error in the Torquebox log file:

NoSuchHostException: No such host: mydomain.com

Is there some additional configuration needed to connect to the websocket server host using the domain name instead of the ip address?

Thanks.

— Reply to this email directly or view it on GitHub.

ggrillone commented 10 years ago

huzaah! Thank you @bobmcwhirter for reminding me of the host attribute in the torquebox.yml file.

So yes, by changing the host in that file from the external ip to the domain name that was configured for the SSL cert, we were able to connect from the browser to the secure websocket server.

Conclusion: Use the domain name from the SSL cert, not the external address.