search

warmcat / libwebsockets

canonical libwebsockets.org networking library
https://libwebsockets.org
Other
4.78k stars 1.49k forks source link

use libwebsockets 2.2.0 to connect wss:// server err #840

Closed mrshan closed 7 years ago

mrshan commented 7 years ago

Hi

I am built libwebsockets-test-client.exe and running it like follow: cmd>> libwebsockets-test-client.exe wss://test.xxx.com/xxx

but can not connect server, and client print some message : [2017/03/19 19:00:41:5614] NOTICE: libwebsockets test client - license LGPL2.1+SLE [2017/03/19 19:00:41:5614] NOTICE: (C) Copyright 2010-2016 Andy Green andy@warmcat.com [2017/03/19 19:00:41:5614] NOTICE: Using SSL [2017/03/19 19:00:41:5614] NOTICE: Selfsigned certs allowed [2017/03/19 19:00:41:5624] NOTICE: Skipping peer cert hostname check [2017/03/19 19:00:41:5624] NOTICE: Initial logging level 7 [2017/03/19 19:00:41:5624] NOTICE: Libwebsockets version: 2.2.0 pc-20140419uevl\administrator@PC-20140419UEVL- [2017/03/19 19:00:41:5624] NOTICE: IPV6 not compiled in [2017/03/19 19:00:41:5624] NOTICE: libev support not compiled in [2017/03/19 19:00:41:5624] NOTICE: libuv support not compiled in [2017/03/19 19:00:41:5644] NOTICE: Threads: 1 each 30000 fds [2017/03/19 19:00:41:5664] NOTICE: Compiled with OpenSSL support [2017/03/19 19:00:41:5664] NOTICE: Doing SSL library init [2017/03/19 19:00:41:5674] NOTICE: Creating Vhost 'default' port -1, 3 protocols, IPv6 off [2017/03/19 19:00:41:5744] NOTICE: mem: per-conn: 456 bytes + protocol rx buf [2017/03/19 19:00:41:5794] NOTICE: canonical_hostname = PC-20140419UEVL [2017/03/19 19:00:41:5794] NOTICE: using wss mode (ws) [2017/03/19 19:00:41:5794] NOTICE: dumb: connecting [2017/03/19 19:00:41:5794] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:41:5864] NOTICE: mirror: connecting [2017/03/19 19:00:41:5864] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:41:5874] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:41:5884] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:41:6754] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:41:6764] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:42:1374] NOTICE: lws_ssl_client_connect2: SSL_connect says -1 [2017/03/19 19:00:42:1374] NOTICE: lws_ssl_client_connect2: SSL_connect says -1 [2017/03/19 19:00:42:1384] ERR: SSL error: unable to get local issuer certificate (preverify_ok=0;err=20;depth=2) [2017/03/19 19:00:42:1394] NOTICE: lws_ssl_client_connect2: SSL_connect says -1 [2017/03/19 19:00:42:1394] ERR: SSL connect error 337047686: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [2017/03/19 19:00:42:1394] ERR: CLIENT_CONNECTION_ERROR: dumb: lws_ssl_client_connect2 failed [2017/03/19 19:00:42:1394] NOTICE: lws_ssl_client_connect2: SSL_connect says -1 [2017/03/19 19:00:42:1404] NOTICE: lws_ssl_client_connect2: SSL_connect says -1 [2017/03/19 19:00:42:1404] NOTICE: lws_ssl_client_connect2: SSL_connect says -1 [2017/03/19 19:00:42:1414] ERR: SSL error: unable to get local issuer certificate (preverify_ok=0;err=20;depth=2) [2017/03/19 19:00:42:1414] NOTICE: lws_ssl_client_connect2: SSL_connect says -1 [2017/03/19 19:00:42:1414] ERR: SSL connect error 337047686: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [2017/03/19 19:00:42:1424] ERR: CLIENT_CONNECTION_ERROR: mirror: lws_ssl_client_connect2 failed [2017/03/19 19:00:43:1425] NOTICE: dumb: connecting [2017/03/19 19:00:43:1425] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:43:1435] NOTICE: mirror: connecting [2017/03/19 19:00:43:1435] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:43:1445] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:43:1455] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:43:2335] NOTICE: lws_client_connect_2: address wss://test.xxx.com/xxx [2017/03/19 19:00:43:2345] ERR: Exiting [2017/03/19 19:00:43:2345] NOTICE: lws_context_destroy: ctx 014C1A90

i use another python code could connect server python code not use cert, key ,ca

in client C++ code ,i try to modify it

if (!strcmp(prot, "http") || !strcmp(prot, "ws"))
    use_ssl = 0;
if (!strcmp(prot, "https") || !strcmp(prot, "wss"))
    if (!use_ssl)
    {
        use_ssl = LCCSCF_USE_SSL;
        use_ssl |= LCCSCF_ALLOW_EXPIRED;
        use_ssl |= LCCSCF_ALLOW_SELFSIGNED;
        use_ssl |= LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
    }

But it also could not connect server,and print the same tips How can i close certificate verify, thanks.

lws-team commented 7 years ago

Googling around it seems a fairly popular problem

https://www.google.com/search?q=unable+to+get+local+issuer+certificate+windows

I guess the problem is your site needs an intermediate cert that it doesn't deliver and isn't in your system bundle, notwithstanding something else is supposed to like it.

Since you don't tell me the site or the certs there's nothing I can do about it.

See what this says about it.

https://sslanalyzer.comodoca.com/

mrshan commented 7 years ago

Thanks very much And sorry, I'm afraid of advertising, so hide url the wss url is : wss://testnet.bitmex.com/realtime

This is the python program they provide: https://github.com/websocket-client/websocket-client in folder bin, you can run : python wsdump.py wss://testnet.bitmex.com/realtime after you install this websocket-client

lws-team commented 7 years ago

I tried this on my Fedora box, it worked fine first time.

 libwebsockets-test-client  wss://testnet.bitmex.com/realtime
[2017/03/21 11:38:19:6969] NOTICE: libwebsockets test client - license LGPL2.1+SLE
[2017/03/21 11:38:19:6970] NOTICE: (C) Copyright 2010-2016 Andy Green <andy@warmcat.com>
[2017/03/21 11:38:19:6970] NOTICE:  Using SSL
[2017/03/21 11:38:19:6970] NOTICE:  Cert must validate correctly (use -s to allow selfsigned)
[2017/03/21 11:38:19:6970] NOTICE:  Requiring peer cert hostname matches
[2017/03/21 11:38:19:6970] NOTICE: Initial logging level 7
[2017/03/21 11:38:19:6970] NOTICE: Libwebsockets version: 2.2.0 agreen@build-v2.0.0-326-gf0c800a
[2017/03/21 11:38:19:6970] NOTICE: IPV6 not compiled in
[2017/03/21 11:38:19:6970] NOTICE: libev support not compiled in
[2017/03/21 11:38:19:6970] NOTICE: libuv support compiled in but disabled
[2017/03/21 11:38:19:6970] NOTICE:  Threads: 1 each 1024 fds
[2017/03/21 11:38:19:6970] NOTICE:  mem: platform fd map:  8192 bytes
[2017/03/21 11:38:19:6971] NOTICE:  Compiled with OpenSSL support
[2017/03/21 11:38:19:6971] NOTICE: Doing SSL library init
[2017/03/21 11:38:19:6984] NOTICE: Creating Vhost 'default' port -1, 3 protocols, IPv6 off
[2017/03/21 11:38:19:7046] NOTICE:  mem: per-conn:          784 bytes + protocol rx buf
[2017/03/21 11:38:19:7046] NOTICE:  canonical_hostname = build
[2017/03/21 11:38:19:7046] NOTICE: using wss mode (ws)
[2017/03/21 11:38:19:7046] NOTICE: dumb: connecting
[2017/03/21 11:38:19:7046] NOTICE: lws_client_connect_2: address testnet.bitmex.com
[2017/03/21 11:38:19:7705] NOTICE: mirror: connecting
[2017/03/21 11:38:19:7705] NOTICE: lws_client_connect_2: address testnet.bitmex.com
[2017/03/21 11:38:20:0838] NOTICE: lws_client_connect_2: address testnet.bitmex.com
[2017/03/21 11:38:20:0954] NOTICE: lws_client_connect_2: address testnet.bitmex.com
[2017/03/21 11:38:20:4008] NOTICE: lws_ssl_client_connect2: SSL_connect says -1
[2017/03/21 11:38:20:4016] NOTICE: lws_ssl_client_connect2: SSL_connect says -1
[2017/03/21 11:38:20:4034] NOTICE: lws_ssl_client_connect2: SSL_connect says -1
[2017/03/21 11:38:20:4220] NOTICE: lws_ssl_client_connect2: SSL_connect says -1
[2017/03/21 11:38:20:4222] NOTICE: lws_ssl_client_connect2: SSL_connect says -1
[2017/03/21 11:38:20:4234] NOTICE: lws_ssl_client_connect2: SSL_connect says -1
[2017/03/21 11:38:20:7168] NOTICE: lws_ssl_client_connect2: SSL_connect says 1
[2017/03/21 11:38:20:7472] NOTICE: lws_ssl_client_connect2: SSL_connect says 1
[2017/03/21 11:38:21:0322] NOTICE: checking client ext permessage-deflate
[2017/03/21 11:38:21:0322] NOTICE: instantiating client ext permessage-deflate
[2017/03/21 11:38:21:0322] ERR:  permessage-deflate requires the protocol (dumb-increment-protocol) to have an RX buffer >= 128
[2017/03/21 11:38:21:0322] NOTICE:  ext permessage-deflate failed construction
[2017/03/21 11:38:21:0733] NOTICE: checking client ext permessage-deflate
[2017/03/21 11:38:21:0734] NOTICE: instantiating client ext permessage-deflate
[2017/03/21 11:38:21:0734] ERR:  permessage-deflate requires the protocol (dumb-increment-protocol) to have an RX buffer >= 128
[2017/03/21 11:38:21:0734] NOTICE:  ext permessage-deflate failed construction

The stuff about permessage-deflate is just that dump-increment protocol has a rx buffer size that's too small for it to work, so it is disabling it.

The connection is up and staying up.

tcp        0      0 192.168.2.229:58209     52.48.38.246:443        ESTABLISHED 19768/libwebsockets 
tcp        0      0 192.168.2.229:36623     52.48.38.246:443        ESTABLISHED 19768/libwebsockets

I dunno what your windows ssl problem is about but it doesn't seem related to lws.

mrshan commented 7 years ago

Tanks, it works I set ca path for libwebsockets-test-client.exe, it works

NomanSu commented 6 years ago

@mrshan where is the ca and how to set ca path ? I met this problem with c++ either