arduinoWebSockets
arduinoWebSockets copied to clipboard
Links2004
SSL based secure socket.io client is not working
Hii,
I am trying to connect socket.io client to an nginx server running on port 3000. I am able to connect to the server without SSL. But when I connect to the server using SSL, I am not able to connect. In the debug prints, I am getting following message:
BSSL:_wait_for_handshake: failed BSSL:Couldn't connect. Error = 'Incoming protocol or record version is unsupported.'
Now when I try to connect to port 443, it is able to get the handshake and but fails in upgrading connection to websocket, printing the following message in debug print:
BSSL:Connected! [WS-Client] connected to socket-bisquare-iot.innov.co.in:443. [WS-Client][sendHeader] sending header... [WS-Client][sendHeader] handshake GET HTTP/1.1 Host: socket-bisquare-iot.innov.co.in:443 Connection: Upgrade Upgrade: websocket Sec-WebSocket-Version: 13 Sec-WebSocket-Key: dtFBQuGXa9jGiSKHhfhnVg== Sec-WebSocket-Protocol: arduino Origin: file:// User-Agent: arduino-WebSocket-Client
[write] n: 261 t: 157138 [WS-Client][sendHeader] sending header... Done (367523us). [WS][0][sendFrame] not in WSC_CONNECTED state!? [WS-Client][handleHeader] RX: HTTP/1.1 400 Bad Request [WS][0][sendFrame] not in WSC_CONNECTED state!? [WS-Client][handleHeader] RX: Server: nginx [WS][0][sendFrame] not in WSC_CONNECTED state!? [WS-Client][handleHeader] RX: Date: Mon, 28 Mar 2022 05:29:35 GMT [WS][0][sendFrame] not in WSC_CONNECTED state!? [WS-Client][handleHeader] RX: Content-Type: text/html [WS][0][sendFrame] not in WSC_CONNECTED state!? [WS-Client][handleHeader] RX: Content-Length: 150 [WS][0][sendFrame] not in WSC_CONNECTED state!? [WS-Client][handleHeader] RX: Connection: close
I guess it is a server it is a problem in nginx server configuration, which is not my area of expertise. I am pasting the nginx config below, can anyone suggest me how to get it working.
server { listen 80; server_name myservername.in;
location / { #proxy_ssl_server_name on; proxy_pass http://localhost:3000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; autoindex off; }
}
server { listen 443 ssl; ssl on; ssl_certificate /etc/ssl/private/certificate.crt; #ssl_trusted_certificate /etc/ssl/private/intermediate.crt; ssl_certificate_key /etc/ssl/private/privatekey.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
server_name myservername.in www.myservername.in;
location / { #proxy_ssl_server_name on; proxy_pass http://localhost:3000/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_hide_header 'Access-Control-Allow-Origin'; autoindex off; }
}
How did you add a ca for the connection? I have tried several methods but i can't even compile my sketch.
void serverCommSys::initWithSSL() {
char ca[10000];
hsh_fileSystem.readFile(SERVER_CA_PATH,ca);
Serial.printf("Connecting to HsH server on URL %s...\n",hsh_fileSystem.config.serverBaseURL);
socketIO.beginSslWithCA(hsh_fileSystem.config.serverBaseIP, 443, "/socket.io/?EIO=4",ca,"HsH");
socketIO.onEvent(socketIOEvent);
firstConnectionHappened = true;
}
I got compile errors such as:
error: 'void WebSocketsClient::beginSslWithCA(const char*, uint16_t, const char*, const char*, const char*)' is inaccessible within this context
I used function overload with fingerprint instead of CA. Is 443 of type const char*? check your parameters