wslay icon indicating copy to clipboard operation
wslay copied to clipboard

Published 20 hours ago verified publisher icon tatsuhiro-t

Wslay and OpenSSL

Open jirihnidek opened this issue 12 years ago • 4 comments

Hi, I have server that works with unsecured WebSocket using Wslay. I wanted modify this server to use secured variant of WebSocket. I try to use OpenSSL for this purpose. I'm able to do HTTP handshake with Google Chrome, but I'm not able to do almost any further communication with web browser (I'm able to receive messages from web browser) ... It is strange: until first message from web client is received, then non existing write events are detected on socket. After message is received, my WebSocket server tries to echo this message back to web browser, then no more write event is detected at socket. Simplified code with main loop can be found at Gist:

https://gist.github.com/jirihnidek/5996105

Does anybody have any experience with Wslay and OpenSSL? Does anybody know, where can be bug (my code or Wslay)?

jirihnidek avatar Jul 14 '13 21:07 jirihnidek

Chrome refuses to connect wss if the server uses self-signed certificate. To workaround this, before connecting the server, open the tab with URI with wss replaced with https. Chrome shows red screen (security warning) and if you accept that (after read that carefully), it fails to connect (this is OK because the server is websocket not web server). After this procedure, javascript can connect the server in wss. This procedure must be done each time you invoke chrome.. so if you don't want that, convince Chrome the cert is valid (by importing it as root cert) or use firefox, which has nice UI to add exception for invalid certificates.

tatsuhiro-t avatar Jul 16 '13 15:07 tatsuhiro-t

Hi, I don't have problem with certificates at all. BTW: Google Chrome can be executed with this parameter: google-chrome --ignore-certificate-errors and then it will accept all certificates. My Google Chrome is able to connect to my secured WebSocket server and do http handshake. I have problems with further communication over TLS. Probably OpenSSL layer wants to sends something, but wslay_event_send() doesn't call send callback, because there is nothing in queue. On the other side, when I add something to sending queue, then send callback is not called.

Do you have any working example using OpenSSL, GnutTLS, Nettle, etc.?

jirihnidek avatar Jul 16 '13 19:07 jirihnidek

We use wslay as WebSocket backend since last summer. It works great. Here is the relevant piece of code: https://github.com/tatsuhiro-t/aria2/blob/master/src/WebSocketSession.cc Note that the SSL/TLS library backend is abstracted under SocketCore.

tatsuhiro-t avatar Jul 19 '13 17:07 tatsuhiro-t

Hi,

I'm sorry but I come a bit late into the party but I'm also trying to understand how do we mix OpenSSL with wslay especially since a call to SSL_write can request some read condition (because it may ask to read data). So even if you want to write you may need to poll until the socket is available for reading.

However in the aria2 code it looks like there are no distinction between the condition, in the sendCallback call we check if SSL requires either read or write conditions and mark the wslay context as would block. Then, the WebSocketSession::wantRead may return true while SSL may need a write condition in that place.

Or maybe I miss something?

markand avatar Nov 09 '21 14:11 markand