Problem with wss connection

413 views
Skip to first unread message

Andrea Rocco Lotronto

unread,
Jul 8, 2015, 10:28:28 AM7/8/15
to autob...@googlegroups.com
I have configured a crossbar WAMP Router to run WebSocket over TLS. The configuration options are the follow:

.....
"transports": [
           
{
               
"type": "websocket",
               
"endpoint": {
                 
"type": "tcp",
                 
"port": 8181,
                 
"tls":{
                       
"key":"server_key.pem",
                       
"certificate":"server_cert.pem"
                 
}
               
},
               
"debug":true,
               
"options":{
                       
"enable_webstatus":false,
                       
"fail_by_drop": true,
                       
"open_handshake_timeout": 2500,
                       
"close_handshake_timeout": 1000,
                       
"auto_ping_interval": 10000,
                       
"auto_ping_timeout": 5000,
                       
"auto_ping_size": 4
               
}
           
}
         
]
......

To verify the configuration I have created a little node.js application :

var autobahn = require('autobahn');

var connection = new autobahn.Connection({
        url
: "wss://myserverIP:8181",
        realm
: "realm"
});

connection
.onopen = function (session, details) {
        console
.log("OK");
}


connection
.onclose = function (reason, details) {
        console
.log(reason);
        console
.log(details);
}


When I try to connect to the crossbar WAMP router I get:

unreachable
{ reason: null,
  message
: null,
  retry_delay
: 2.1547574170790997,
  retry_count
: 2,
  will_retry
: true }


Anybody can help me to solve this problem ??

Thanks

Tobias Oberstein

unread,
Jul 9, 2015, 7:29:01 AM7/9/15
to autob...@googlegroups.com, andreal...@gmail.com
To track down your issue, you can enable_webstatus = true and open https://myserverIP:8181 in your browser.

This should render a status page.

My best guest: your certificate isn't accepted by the browser.

Andrea Rocco Lotronto

unread,
Jul 9, 2015, 9:14:41 AM7/9/15
to autob...@googlegroups.com, andreal...@gmail.com
Hi Tobias,
thank for the answer, I have I have followed your suggestion and now when I open the browser with the URL https://ipserve:8080, the crossbar WAMP router send me a info web page, the only issue is that the browser (Chrome) doesn't verify the Certification Authority of the certificate.

But if I try to connect to the crossbar WAMP router using a node.js application the problem persist.

Can you suggest me how I can solve this problem.

Tobias Oberstein

unread,
Jul 9, 2015, 10:23:29 AM7/9/15
to autob...@googlegroups.com, andreal...@gmail.com
Am 09.07.2015 um 15:14 schrieb Andrea Rocco Lotronto:
> Hi Tobias,
> thank for the answer, I have I have followed your suggestion and now
> when I open the browser with the URL https://ipserve:8080, the crossbar
> WAMP router send me a info web page, the only issue is that the browser
> (Chrome) doesn't verify the Certification Authority of the certificate.
>
> But if I try to connect to the crossbar WAMP router using a node.js
> application the problem persist.

Yes. That's how browsers work. If opening a Web page with an invalid
cert, the browser will render a user dialog.

However, WebSocket connections are so-called "subresources", and
browsers never render dialogs for these, and the secure connection will
just silently fail.

>
> Can you suggest me how I can solve this problem.

Use a valid cert, import the CA cert into your browser, or first open
the status Web page and accept the cert permanently (this only works in
FF I think ..).
> --
> You received this message because you are subscribed to the Google
> Groups "Autobahn" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to autobahnws+...@googlegroups.com
> <mailto:autobahnws+...@googlegroups.com>.
> To post to this group, send email to autob...@googlegroups.com
> <mailto:autob...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/autobahnws/4b21a286-7552-4200-8306-ca0df4e36ed3%40googlegroups.com
> <https://groups.google.com/d/msgid/autobahnws/4b21a286-7552-4200-8306-ca0df4e36ed3%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.

Andrea Rocco Lotronto

unread,
Jul 9, 2015, 10:55:45 AM7/9/15
to autob...@googlegroups.com, andreal...@gmail.com
Sorry, I guess I wasn't clear enough. In particular, I'm using a simple, standalone Node.js script, i.e., out of the browser. Is there a way to specify (perhaps in autobahn.Connection() ?) to accept self-signed or otherwise invalid server certificates?

Best Regards!

Tobias Oberstein

unread,
Jul 9, 2015, 11:03:06 AM7/9/15
to autob...@googlegroups.com, andreal...@gmail.com
Hi Andrea,

Am 09.07.2015 um 16:55 schrieb Andrea Rocco Lotronto:
> Sorry, I guess I wasn't clear enough. In particular, I'm using a simple,
> standalone Node.js script, i.e., out of the browser. Is there a way to
> specify (perhaps in autobahn.Connection() ?) to accept self-signed or
> otherwise invalid server certificates?

Not in AutobahnJS itself.

AutobahnJS is using https://github.com/websockets/ws for WebSocket on Node.

Either it's possible there, or via a Node general solution. I don't know.

If you find out, would be nice if you could report back here!

Cheers,
/Tobias
> > an email to autobahnws+...@googlegroups.com <javascript:>
> > <mailto:autobahnws+...@googlegroups.com <javascript:>>.
> > To post to this group, send email to autob...@googlegroups.com
> <javascript:>
> > <mailto:autob...@googlegroups.com <javascript:>>.
> > To view this discussion on the web visit
> >
> https://groups.google.com/d/msgid/autobahnws/4b21a286-7552-4200-8306-ca0df4e36ed3%40googlegroups.com
>
> >
> <https://groups.google.com/d/msgid/autobahnws/4b21a286-7552-4200-8306-ca0df4e36ed3%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> > For more options, visit https://groups.google.com/d/optout.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Autobahn" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to autobahnws+...@googlegroups.com
> <mailto:autobahnws+...@googlegroups.com>.
> To post to this group, send email to autob...@googlegroups.com
> <mailto:autob...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/autobahnws/f8d34dc9-f9aa-4263-9a8b-0d33673364a6%40googlegroups.com
> <https://groups.google.com/d/msgid/autobahnws/f8d34dc9-f9aa-4263-9a8b-0d33673364a6%40googlegroups.com?utm_medium=email&utm_source=footer>.
Reply all
Reply to author
Forward
0 new messages