Open kaihendry opened 11 months ago
Does some workaround with websocat
spawning subprocess instead of doing TLS work?
server moans like so: ...
Can you connect to server instance of Websocat from a browser (after temporarily whilelisting the domain for invalid cert)?
I get a websocat: error:0A00009C:SSL routines:ssl3_get_record:http request:ssl/record/ssl3_record.c:345:
when I try point Chrome to http://localhost:4321/
wss is surprisingly a ERR_UNKNOWN_URL_SCHEME
ERR_UNKNOWN_URL_SCHEME
You should try https://localhost:4321/
and accept the certificate in browser. Websocat should reply something like Only WebSocket connections are welcome here
if TLS connections works.
After that wss://
connections (from the code, not from address line) would also work for this session.
Yes it works, Chrome does complain about NET::ERR_CERT_AUTHORITY_INVALID
, though I didn't expect websocat server to mediate the CA, unless I misunderstood.
I noticed https://github.com/vi/websocat/issues/122 though I don't understand why a self signed certificate with mtls should fail?
-k is documented as "Accept invalid certificates and hostnames while connecting to TLS". There is nothing invalid here?
server moans like so:
websocat: error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1586:SSL alert number 48
❯ openssl version OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
https://gist.github.com/kaihendry/990027a7c9a54efcdf138d45f720088e
Thank you!