CA signed cert with websockify and noVNC
772 views
Skip to first unread message
Jeffrey Forbes
Jun 5, 2014, 3:45:36 PM6/5/14
to no...@googlegroups.com
Hi All,
We have code with implements the feature in vnc_auto.html to generate a popup window with the VNC window in it. When there is no encryption everything works as expected. Why websockify is started with the cert, it fails when making the wss://connection in the popup with the "Server disconnected (code: 1006)", but not when a browser accesses the mini webserver at the same port. With firefox, websockify reports the following:
WebSocket server settings:
- Listen on :30000
- Flash security policy server
- Web server. Web root: /home/sysadmin/noVNC-master
- SSL/TLS support
- proxying from :30000 to 10.0.0.102:5900
192.168.1.229: new handler Process
handler exception: (1, '_ssl.c:1361: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate')
exception
Traceback (most recent call last):
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 874, in top_new_client
client = self.do_handshake(startsock, address)
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 809, in do_handshake
self.RequestHandlerClass(retsock, address, self)
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 112, in __init__
SimpleHTTPRequestHandler.__init__(self, req, addr, server)
File "/usr/lib64/python2.4/SocketServer.py", line 521, in __init__
self.handle()
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 540, in handle
SimpleHTTPRequestHandler.handle(self)
File "/usr/lib64/python2.4/BaseHTTPServer.py", line 316, in handle
self.handle_one_request()
File "/usr/lib64/python2.4/BaseHTTPServer.py", line 299, in handle_one_request
self.raw_requestline = self.rfile.readline()
File "/usr/lib64/python2.4/socket.py", line 340, in readline
data = self._sock.recv(self._rbufsize)
File "/usr/lib64/python2.4/site-packages/ssl/__init__.py", line 97, in <lambda>
self.recv = lambda x, flags=0: SSLSocket.recv(self, x, flags)
File "/usr/lib64/python2.4/site-packages/ssl/__init__.py", line 221, in recv
raise x
SSLError: (1, '_ssl.c:1361: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate')
Reaing zombies, active child count is 0
Ignoring interrupted syscall
However, when the ssl cert chain is check with open ssl at the same host and port, it is OK.
With chrome, no error is reported by websockify, but the "Server disconnected (code: 1006)" is given for the conenction in the popup.
In IE 11 the error "Server disconnected (code: 1015)" is given, with no errors reported by websockify.
Any suggestions where to look next?
We have code with implements the feature in vnc_auto.html to generate a popup window with the VNC window in it. When there is no encryption everything works as expected. Why websockify is started with the cert, it fails when making the wss://connection in the popup with the "Server disconnected (code: 1006)", but not when a browser accesses the mini webserver at the same port. With firefox, websockify reports the following:
WebSocket server settings:
- Listen on :30000
- Flash security policy server
- Web server. Web root: /home/sysadmin/noVNC-master
- SSL/TLS support
- proxying from :30000 to 10.0.0.102:5900
192.168.1.229: new handler Process
handler exception: (1, '_ssl.c:1361: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate')
exception
Traceback (most recent call last):
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 874, in top_new_client
client = self.do_handshake(startsock, address)
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 809, in do_handshake
self.RequestHandlerClass(retsock, address, self)
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 112, in __init__
SimpleHTTPRequestHandler.__init__(self, req, addr, server)
File "/usr/lib64/python2.4/SocketServer.py", line 521, in __init__
self.handle()
File "/home/sysadmin/noVNC-master/utils/websocket.py", line 540, in handle
SimpleHTTPRequestHandler.handle(self)
File "/usr/lib64/python2.4/BaseHTTPServer.py", line 316, in handle
self.handle_one_request()
File "/usr/lib64/python2.4/BaseHTTPServer.py", line 299, in handle_one_request
self.raw_requestline = self.rfile.readline()
File "/usr/lib64/python2.4/socket.py", line 340, in readline
data = self._sock.recv(self._rbufsize)
File "/usr/lib64/python2.4/site-packages/ssl/__init__.py", line 97, in <lambda>
self.recv = lambda x, flags=0: SSLSocket.recv(self, x, flags)
File "/usr/lib64/python2.4/site-packages/ssl/__init__.py", line 221, in recv
raise x
SSLError: (1, '_ssl.c:1361: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate')
Reaing zombies, active child count is 0
Ignoring interrupted syscall
However, when the ssl cert chain is check with open ssl at the same host and port, it is OK.
With chrome, no error is reported by websockify, but the "Server disconnected (code: 1006)" is given for the conenction in the popup.
In IE 11 the error "Server disconnected (code: 1015)" is given, with no errors reported by websockify.
Any suggestions where to look next?
Reply all
Reply to author
Forward
0 new messages