Open kaihendry opened 11 months ago
vi
commented
11 months ago Does some workaround with websocat spawning subprocess instead of doing TLS work?
server moans like so: ...
Can you connect to server instance of Websocat from a browser (after temporarily whilelisting the domain for invalid cert)?
kaihendry
commented
11 months ago I get a websocat: error:0A00009C:SSL routines:ssl3_get_record:http request:ssl/record/ssl3_record.c:345: when I try point Chrome to http://localhost:4321/
wss is surprisingly a ERR_UNKNOWN_URL_SCHEME
vi
commented
11 months ago ERR_UNKNOWN_URL_SCHEME
You should try https://localhost:4321/ and accept the certificate in browser. Websocat should reply something like Only WebSocket connections are welcome here if TLS connections works.
After that wss:// connections (from the code, not from address line) would also work for this session.
kaihendry
commented
11 months ago Yes it works, Chrome does complain about NET::ERR_CERT_AUTHORITY_INVALID, though I didn't expect websocat server to mediate the CA, unless I misunderstood.
I noticed https://github.com/vi/websocat/issues/122 though I don't understand why a self signed certificate with mtls should fail?
-k is documented as "Accept invalid certificates and hostnames while connecting to TLS". There is nothing invalid here?
server moans like so:
websocat: error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1586:SSL alert number 48❯ openssl version OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
https://gist.github.com/kaihendry/990027a7c9a54efcdf138d45f720088e
Thank you!