How to use WebTransport?
149 views
Skip to first unread message
Vlad Krot
Feb 24, 2025, 10:55:48 AMFeb 24
to net...@chromium.org
Hi.
I am trying to use WebTransport, but I always get Handshake error, which is weird because I use trusted certs (100%, checked with https server), I get certs via mkcert.
It looks like not only me having the same problem, but other people on the internet also. Please check this article out, the author gets the same exact error https://socket.io/get-started/webtransport#webtransport (search "If someone has any clue about this, please ping us" on the webpage).
I am trying to use WebTransport, but I always get Handshake error, which is weird because I use trusted certs (100%, checked with https server), I get certs via mkcert.
It looks like not only me having the same problem, but other people on the internet also. Please check this article out, the author gets the same exact error https://socket.io/get-started/webtransport#webtransport (search "If someone has any clue about this, please ping us" on the webpage).
Nick Harper
Feb 24, 2025, 1:19:27 PMFeb 24
to Vlad Krot, net...@chromium.org
Does adding the --allow_unknown_root_cert flag (as mentioned on https://www.chromium.org/quic/playing-with-quic/#run-the-quic-server-and-client-with-cached-data) work?
--
You received this message because you are subscribed to the Google Groups "net-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to net-dev+u...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/net-dev/CACrnVjHAe%3DVX2esHzRhe5oq5vX1S953dnukVBfgku%3D0T-z_eug%40mail.gmail.com.
Victor Vasiliev
Feb 24, 2025, 1:41:34 PMFeb 24
to Nick Harper, Vlad Krot, net...@chromium.org
You can also try enabling "WebTransport developer mode" in chrome://flags.
Vlad Krot
Feb 25, 2025, 9:27:11 AMFeb 25
to Victor Vasiliev, Nick Harper, net...@chromium.org
No it doesn't work with those flags as well. And it shouldn't change anything because the cert is trusted anyway already.
Nick Harper
Feb 25, 2025, 1:08:39 PMFeb 25
to Vlad Krot, Victor Vasiliev, net...@chromium.org
QUIC in Chrome (at least when used for H3 requests) requires that the cert be issued from a "known root" in addition to the certificate being trusted. Even though you used mkcert to make a cert for localhost (and added mkcert's root to your local trust store), that won't be trusted _for QUIC_ unless --allow_unknown_root_cert is specified or some other override is used. I'm assuming, perhaps incorrectly, that the same socket/connection pools are used for H3 and WebTransport - if that's not the case then my comments about certs might not be applicable.
The only other advice I can offer is general debugging advice - are you able to make H3 requests to localhost? If not, I'd debug that first. (You may need to use --origin-to-force-quic-on.) H3 will silently fall back to H2, but you can see which protocol is used on the network tab of devtools in the "protocol" column. You might also be able to look at a netlog (https://www.chromium.org/for-testers/providing-network-details/) to see why the handshake fails.
Reply all
Reply to author
Forward
0 new messages