[noPoll] pelase help, about tls
sumin en trus.co.id
sumin en trus.co.id
Mar Jun 16 15:05:39 CEST 2015
Hello Francis,
the 22,3,1 i get from read, is from code 3
code 1: current code, working with ws
code 2: i try to put wss support in code 1, fail
code 3: i try to accept from standard socket, fail and nopoll_conn_read
get handshaking message
here's working code with regular WS
-----------START 1 --------------------
ctx = nopoll_ctx_new();
listener = nopoll_listener_new(ctx, "0.0.0.0", "8000");
NOPOLL_SOCKET listener_sock = nopoll_conn_socket(listener);
nopoll_conn_set_sock_block(listener_sock,nopoll_true);
while(running)
{
conn = nopoll_conn_accept(ctx,listener);
fork();
//in child process, create several service thread, one of them is
blocking read nopoll_conn_read(conn, buff, length-needed-to-read,
nopoll_true, 0);
}
-----------END of 1 -------------------
i try to make it support WSS
------------START 2 -------------------
ctx = nopoll_ctx_new();
listener = nopoll_listener_tls_new(ctx, "0.0.0.0", "8000");
//also tried this
//nopoll_conn_opts_set_ssl_certs(opts, KEYDIR"/server.pem",
KEYDIR"/server.key", NULL, NULL )
//listener = nopoll_listener_tls_new_opts (ctx, opts, "0.0.0.0",
"8000");
NOPOLL_SOCKET listener_sock = nopoll_conn_socket(listener);
nopoll_conn_set_sock_block(listener_sock,nopoll_true);
while(running)
{
conn = nopoll_conn_accept(ctx,listener);
fork();
}
-------------END of 2 ---------------
i also try to accept from standard socket
-------------START 3--------------
socket.accept();
//use MSG_PEEK like tutorial in aspl.es, make sure it is ws or wss
(actually no regular ws will be used, all is wss)
//if ws or wss, fork()... then in child code:
ctx = nopoll_ctx_new();
//tried this
//nopoll_ctx_set_certificate(ctx, "domain.test", KEYDIR"/server.pem",
KEYDIR"/server.key", NULL)
listener = nopoll_listener_from_socket(ctx, ListenerFd);
conn = nopoll_listener_from_socket(ctx, AcceptedFd);
nopoll_conn_set_sock_block(AcceptedFd, nopoll_true);
nopoll_listener_set_certificate(conn, "server.pem", "server.key", NULL);
nopoll_conn_accept_complete(ctx, nopoll_listener, conn, AcceptedFd,
isTls);
//then create thread, which one of them is blocking read
nopoll_conn_read(conn, buff, length-needed-to-read, nopoll_true, 0);
-----------END of 3 --------------------
Regards,
Su Min
On 2015-06-16 17:48, Francis Brosnan Blázquez wrote:
> Hello Su Min,
>
> I don't know why you are getting that. Could you post a working
> example
> that reproduces the error you are facing?
>
> Best Regards,
>
> Hello Francis
>
> thanks for your information
>
> why do i get wss "client hello" packet (3 first bytes are 22, 3, 1)
> from nopoll_conn_read? (blocking socket)
> do i miss accept/handshake?
>
> note : on previous mail, i said wireshark didn't capture client hello,
>
> it turns out client hello was sent but wireshark didnt label/recognize
>
> it as client hello
>
> Regards
>
> Su Min
>
> On 2015-06-13 00:29, Francis Brosnan Blázquez wrote:
>> El vie, 12-06-2015 a las 22:23 +0700, sumin en trus.co.id escribió:
>>
>> Hello,
>>
>> Hello Su Min,
>>
>> im learning nopoll for my application, i plan to use websocket in
>> android/ios using ionic framework (html5/js), so i use nopoll for
>> websocket server only. if im not using TLS, the server run well, but
>> if
>> i try use TLS, the connection wont established.
>>
>> Ok,
>>
>> i hope this info have some clue:
>> 1. i compare packet between my application and websocket.org using
>> wireshark. i think the difference begins at "client hello",
> wireshark
>> didnt capture any "client hello" from my application
>> 2. im using blocking socket
> nopoll_conn_set_sock_block(listener_sock,
>> nopoll_true), and later i accept with nopoll_conn_accept(ctx,
>> listener).
>>
>> Ok, I think the problem, with 99% of probability is that you are
>> using a certificate
>> that is not valid (signed by a trusted party like Twathe, Geotrust
>> and so forth...). That
>> can explain why you are getting a failure with your server noPoll
> app
>> and the server
>> provided by websocket.org
>>
>> If this is the case, the only solution is to a) review your client
>> TLS code to disable
>> certificate verification before connecting... or b) have a signed
>> certificate that is recognized
>> by your mobile app
>>
>> Going a) would work for your dev test, but you'll need b) for
>> production
>>
>> 1. can i have some sample code about server with TLS?
>>
>> Sure, see full working examples at the regression test code:
>>
>>
>>
> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-client.c
> [1]
>> [2]
>>
>>
> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-listener.c
> [2]
>> [3]
>>
>> 2. how to show some log/error code from nopoll, i read everyone show
>> nopoll log/error, but i cant find one?
>>
>> See http://www.aspl.es/nopoll/html/group__nopoll__log.html [3] [4]
>>
>> Alternatively, assuming you are running a noPoll listener app in a
>> linux or similar
>> you can use:
>>
>> >> NOPOLL_DEBUG=1 NOPOLL_DEBUG_COLOR=1 ./your-app
>>
>> Best Regards,
>>
>> thanks in advance
>>
>> Regards,
>>
>> Su Min
>> _______________________________________________
>> noPoll mailing list
>> noPoll en lists.aspl.es
>> http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll [4] [1]
>>
>> --
>> Francis Brosnan Blázquez <francis en aspl.es>
>> ASPL
>> 91 134 14 22 - 91 134 14 45 - 91 116 07 57
>>
>> AVISO LEGAL
>>
>> En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
>> diciembre, de Protección de Datos de Carácter Personal, le
>> informamos de
>> que sus datos de carácter personal, recogidos de fuentes accesibles
>> al
>> público o datos que usted nos ha facilitado previamente, proceden
> de
>> bases de datos propiedad de Advanced Software Production Line, S.L.
>> (ASPL).
>>
>> ASPL garantiza que los datos serán tratados con la finalidad de
>> mantener
>> las oportunas relaciones comerciales o promocionales con usted o la
>> entidad que usted representa. No obstante, usted puede ejercitar sus
>> derechos de acceso, rectificación, cancelación y oposición
>> dispuestos en
>> la mencionada Ley Orgánica, notificándolo por escrito a ASPL -
>> Protección Datos, C/Antonio Suárez 10 A-102, 28802, Alcalá de
>> Henares
>> (Madrid).
>>
>>
>>
>> Links:
>> ------
>> [1] http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll [4]
>> [2]
>>
> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-client.c
> [1]
>> [3]
>>
> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-listener.c
> [2]
>> [4] http://www.aspl.es/nopoll/html/group__nopoll__log.html [3]
>
> --
> Francis Brosnan Blázquez <francis.brosnan en aspl.es>
> ASPL
> 91 134 14 22 - 91 134 14 45 - 91 116 07 57
>
> AVISO LEGAL
>
> Este mensaje se dirige exclusivamente a su destinatario. Los datos
> incluidos en el presente correo son confidenciales y sometidos a
> secreto
> profesional, se prohíbe divulgarlos, en virtud de las leyes vigentes.
> Si
> usted no lo es y lo ha recibido por error o tiene conocimiento del
> mismo
> por cualquier motivo, le rogamos que nos lo comunique por este medio y
> proceda a destruirlo o borrarlo.
>
> En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
> diciembre, de Protección de Datos de Carácter Personal, le
> informamos de
> que sus datos de carácter personal, recogidos de fuentes accesibles
> al
> público o datos que usted nos ha facilitado previamente, proceden de
> bases de datos propiedad de Advanced Software Production Line, S.L.
> (ASPL). No obstante, usted puede ejercitar sus derechos de acceso,
> rectificación, cancelación y oposición dispuestos en la mencionada
> Ley
> Orgánica, notificándolo por escrito a:
> ASPL - Protección Datos, C/Antonio Suárez 10 A-102, 28802, Alcalá
> de
> Henares (Madrid).
>
>
>
> Links:
> ------
> [1]
> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-client.c
> [2]
> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-listener.c
> [3] http://www.aspl.es/nopoll/html/group__nopoll__log.html
> [4] http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll
Más información sobre la lista de distribución noPoll