Help in connecting.

[VandJ]

Hi. Please tell me how to connect to such a server "wss://testnet-dex.binance.org/api/ws/$all@allMiniTickers"? If it is possible of course.

[seryal]

i will try to solve this problem.

[seryal]

I create new branch 'urlconnect'. I added new constructor for client. constructor Create(AUrl: string); But websocket server after Handshake return error 400 (Bad Request). Apparently I'm not taking into account something. Trying to understand that.

[seryal]

it's SSL problem. I added SSL support, but when working with your server, an error is returned.

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

[VandJ]

Thanks Yuri. I didn't think it could be that difficult. Could it be due to the deprecated ssleay32.dll and libeay32.dll?

[seryal]

Not sure, but it seems to me that the problem from the synapse not supporting the used SSL version. I am trying to find a solution. It works with another Websocket server using wss://.

[VandJ]

Hi. Maybe the problem is still in the dll. I came across a similar problem in some projects. Try with these dll from the archive. openssl-1.0.2q-i386-win32.zip

[seryal]

did not help :(

[seryal]

I get this error. I have no experience work with SSL. I don't understand what is the reason.

HTTP/1.1 400 Bad Request
Server: CloudFront
Date: Mon, 15 Nov 2021 17:50:52 GMT
Content-Type: text/html
Content-Length: 915
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 bc362383b5c95fa821ce42f151e2a4aa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN54-C1
X-Amz-Cf-Id: jybWze1Mlh2YkUqS8zZJvkSkP1-vKlrLCOtAfuP1uJB4IykiIU50bw==

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>400 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Bad request.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: jybWze1Mlh2YkUqS8zZJvkSkP1-vKlrLCOtAfuP1uJB4IykiIU50bw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

Maybe try to ask on the forum https://forum.lazarus.freepascal.org/?

[VandJ]

Thank you, I will also try to figure it out.

[seryal]

@VandJ I tried using openssl client and it returned an error

C:\Temp>openssl s_client -connect testnet-dex.binance.org:443 -showcerts
WARNING: can't open config file: ../data/certs/openssl.cnf
CONNECTED(0000026C)
23472:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s23_clnt.c:827:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1637006474
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

[seryal]

@VandJ Log form another server.

C:\Temp>openssl s_client -connect demo.piesocket.com:443 -showcerts
WARNING: can't open config file: ../data/certs/openssl.cnf
CONNECTED(00000274)
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 O = Acme Co, CN = Kubernetes Ingress Controller Fake Certificate
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
   i:/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
-----BEGIN CERTIFICATE-----
MIIDbzCCAlegAwIBAgIQcEKja3fisj4DBYTmtVzKTTANBgkqhkiG9w0BAQsFADBL
MRAwDgYDVQQKEwdBY21lIENvMTcwNQYDVQQDEy5LdWJlcm5ldGVzIEluZ3Jlc3Mg
Q29udHJvbGxlciBGYWtlIENlcnRpZmljYXRlMB4XDTIxMTEwNTA1MDQ0NVoXDTIy
MTEwNTA1MDQ0NVowSzEQMA4GA1UEChMHQWNtZSBDbzE3MDUGA1UEAxMuS3ViZXJu
ZXRlcyBJbmdyZXNzIENvbnRyb2xsZXIgRmFrZSBDZXJ0aWZpY2F0ZTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBANYR/sbGGebJKKamtBvXOxP8hLFCZGlo
ViYOZ/PzPQ/YP225+NJd8+iCJ4BLJG844uPqp/iF8mbl6L8cgkOssrl9HJFmogQ1
quyjsQiX2ChsWHtXWuxrMa/w1Z4NS9YtvJZYqgXMIRIDMyz1xghwMor63zbF28OF
AAxYJCLYq73qefbEzcW50FjyLHkRH936v1kd3TMDrmRe6I/kzDmlxVPUuPgUvp/I
jqJKbaEnjYQfZbhP0VmjUnMrOkcV6lTqyWceNOh9AhXHZo2FMdpdVaAe/psFuBlq
UdK3UbrO8cLfjI/TipfVlDN3Bnj9kU5DVUWeTwAsmONPR1LVuZGglUcCAwEAAaNP
ME0wDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB
/wQCMAAwGAYDVR0RBBEwD4INaW5ncmVzcy5sb2NhbDANBgkqhkiG9w0BAQsFAAOC
AQEAE9zeVWrMWld6LdftoLy1cAfmlkfC7YkR/E+yT8V1XekvVi9qfnOmz1qzcBgX
sN6Pel+1XnuqN9+mBiXE/y4+mTQDj90BHr3I3/uohKZJutYSQmonzc+Mrcuo44tG
5EKDcQ7xBTqV2Idy8UJnyTqeukxQuoJZRN43Q9StCyqbXfp03kDFaVjGJ37JEQOA
qAcN/Cdn1AiJXSoQxC661VRnq4LGQ1kk2TtFqfbRBB7D0Bs4Va8wso7DEslWdm4d
aaOMqyMN/JpEQjyNpjNw4goTvD9OgQiWAMPQww0n4cUWvLtuDGQOUwLkSfniLQrr
Aux24+q0GFVbbymy133O/bGDXA==
-----END CERTIFICATE-----
---
Server certificate
subject=/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
issuer=/O=Acme Co/CN=Kubernetes Ingress Controller Fake Certificate
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1390 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 4BFAC1586595037B9E9BBFF3C84AF63017271DC42898F61FF5C397227071E5FC
    Session-ID-ctx:
    Master-Key: B7CC033E36D25A1CEAC1D3E6EA3FCC3F1DD977F5232A19C165FB2D0669B6874A47A000009D5EB39ACC60C2F4414A6D54
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1637006626
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

[seryal]

@VandJ How do you think, OpenSSL error? :)

[VandJ]

I have much less knowledge in all this :)) In my opinion "piesocket.com" does not use SSl "ws://demo.piesocket.com/v3/channel_1?api_key=oCdCMcMPQpbvNjUIzqtvF1d2X2okWpDQj4AwARJuAgtjhzKxVEjQU6IdCjwm&notify_self"

[seryal]

Uses. wss:// - secure (port: 443) ws:// - unsecure (port: 80)

[VandJ]

I found one of the possible reasons. In the header, we need to send the host along with the port, and where you send the url, we need to pass the request parameters:

GET /api/ws/$all@allMiniTickers HTTP/1.1 Host: testnet-dex.binance.org:443 Connection: Upgrade Upgrade: websocket Sec-WebSocket-Key: -----Key----- Sec-WebSocket-Version: 13

[seryal]

i tried various options. Did not help.

It's right: GET /api/ws/$all@allMiniTickers HTTP/1.1