uNetworking
ca_file_name is a confusing and misleading option
Using "uWebSockets.js": "github:uNetworking/uWebSockets.js#v18.14.0" on node.js v15.8.0
When i set ca_file_name: './chain1.pem' i can connect to uWS and everything is ok, but if i refresh the page i get this error, if i refresh again it works again... and so on...,
If i remove ca_file_name: './chain1.pem' it works ok and it connects on every page refresh.
without it i get this
TLS Certificate is not trusted
The certificate is not signed by a trusted authority (checking against Mozilla's root store). If you bought the certificate from a trusted authority, you probably just need to install one or more Intermediate certificates. Contact your certificate provider for assistance doing this for your server platform.
and if i set it i get TLS Certificate is correctly installed but i have this refresh problem...
The weird thing is that on the server close event is triggered and i can see the console.log("Connection Closed"); when i get this error.
The error I get:
socket.js?170a:22 WebSocket connection to 'wss://my_domain.com/' failed: Error in connection establishment: net::ERR_SSL_PROTOCOL_ERROR
I have this setup on server:
const app = uWS
.SSLApp({ key_file_name: './privkey1.pem', cert_file_name: './cert1.pem', ca_file_name: './chain1.pem' })
.ws('/*', {
compression: uWS.SHARED_COMPRESSOR,
maxBackpressure: 1 * 1024 * 1024,
maxPayloadLength: 16 * 1024,
idleTimeout: 16,
open: (ws, req) => {
ws.subscribe(MESSAGE_ENUM.CLIENT_CONNECTED);
ws.subscribe(MESSAGE_ENUM.CLIENT_DISCONNECTED);
ws.subscribe(MESSAGE_ENUM.CLIENT_MESSAGE);
SOCKETS.push(ws);
},
message: (ws, message, isBinary) => {
let clientMsg = JSON.parse(decoder.decode(message));
let serverMsg = {};
switch (clientMsg.type) {
case MESSAGE_ENUM.CLIENT_MESSAGE:
serverMsg = { type: MESSAGE_ENUM.CLIENT_MESSAGE, sender: ws.username, body: clientMsg.body };
app.publish(MESSAGE_ENUM.CLIENT_MESSAGE, JSON.stringify(serverMsg));
break;
default:
console.log('Unknown message type.');
}
},
close: (ws, code, message) => {
SOCKETS.find((socket, index) => {
if (socket && socket.id === ws.id) SOCKETS.splice(index, 1);
});
let pubMsg = { type: MESSAGE_ENUM.CLIENT_DISCONNECTED, body: { id: ws.id, name: ws.name } };
app.publish(MESSAGE_ENUM.CLIENT_DISCONNECTED, JSON.stringify(pubMsg));
console.log("Connection Closed");
},
})
.post('/*', require('./post'))
.any('/*', require('./get'))
.listen(443, (token) => {
if (token) {
console.log('Listening to port 443');
} else {
console.log('Failed to listen to port 443');
}
});
and browser:
this.socket_ = new WebSocket('wss://' + window.location.host);
this.socket_.onopen = (evt) => {
console.log('connect');
this.wsTimeout_ = setTimeout(this.ping_.bind(this), 8000);
};
Am i doing something wrong or is this a bug? Thanks
I did not know ca_file_name was an option because its not in the docs https://unetworking.github.io/uWebSockets.js/generated/interfaces/appoptions.html but I do see it in the source code so I dont know about that, but looks like you are doing it differently than me which works correctly, I do:
{
key_file_name: './privkey.pem',
cert_file_name: './fullchain.pem',
}
where the cert_file_name needs the full chain, maybe try that
Thanks, it works like that, i will let this issue open, maybe it's a bug and can be fixed.
Maybe it's better to just remove the ca_file_name option and better highlight cert_file_name as fullchain
Oh wow. I see. Ca_file_name is really only for clients, which makes the naming really off