[noPoll] pelase help, about tls
sumin en trus.co.id
sumin en trus.co.id
Jue Jun 18 10:50:17 CEST 2015
Hello Francis,
i want to tell you, that my problem is solved. you're right in the
beginning, the problem is with certificate. i just know that the html
should be in the server (not using file:// and the server should be in
https, so the browser will ask to continue, rather than automatically
reject it).
thanks for your help
Regards
Su Min
On 2015-06-16 20:05, sumin en trus.co.id wrote:
> Hello Francis,
>
> the 22,3,1 i get from read, is from code 3
> code 1: current code, working with ws
> code 2: i try to put wss support in code 1, fail
> code 3: i try to accept from standard socket, fail and
> nopoll_conn_read get handshaking message
>
> here's working code with regular WS
> -----------START 1 --------------------
> ctx = nopoll_ctx_new();
> listener = nopoll_listener_new(ctx, "0.0.0.0", "8000");
> NOPOLL_SOCKET listener_sock = nopoll_conn_socket(listener);
> nopoll_conn_set_sock_block(listener_sock,nopoll_true);
> while(running)
> {
> conn = nopoll_conn_accept(ctx,listener);
> fork();
> //in child process, create several service thread, one of them is
> blocking read nopoll_conn_read(conn, buff, length-needed-to-read,
> nopoll_true, 0);
> }
> -----------END of 1 -------------------
>
> i try to make it support WSS
> ------------START 2 -------------------
> ctx = nopoll_ctx_new();
> listener = nopoll_listener_tls_new(ctx, "0.0.0.0", "8000");
> //also tried this
> //nopoll_conn_opts_set_ssl_certs(opts, KEYDIR"/server.pem",
> KEYDIR"/server.key", NULL, NULL )
> //listener = nopoll_listener_tls_new_opts (ctx, opts, "0.0.0.0",
> "8000");
>
> NOPOLL_SOCKET listener_sock = nopoll_conn_socket(listener);
> nopoll_conn_set_sock_block(listener_sock,nopoll_true);
> while(running)
> {
> conn = nopoll_conn_accept(ctx,listener);
> fork();
> }
> -------------END of 2 ---------------
>
> i also try to accept from standard socket
> -------------START 3--------------
>
> socket.accept();
> //use MSG_PEEK like tutorial in aspl.es, make sure it is ws or wss
> (actually no regular ws will be used, all is wss)
> //if ws or wss, fork()... then in child code:
>
> ctx = nopoll_ctx_new();
> //tried this
> //nopoll_ctx_set_certificate(ctx, "domain.test", KEYDIR"/server.pem",
> KEYDIR"/server.key", NULL)
>
> listener = nopoll_listener_from_socket(ctx, ListenerFd);
> conn = nopoll_listener_from_socket(ctx, AcceptedFd);
> nopoll_conn_set_sock_block(AcceptedFd, nopoll_true);
> nopoll_listener_set_certificate(conn, "server.pem", "server.key",
> NULL);
>
> nopoll_conn_accept_complete(ctx, nopoll_listener, conn, AcceptedFd,
> isTls);
> //then create thread, which one of them is blocking read
> nopoll_conn_read(conn, buff, length-needed-to-read, nopoll_true, 0);
> -----------END of 3 --------------------
>
>
>
> Regards,
>
> Su Min
>
>
> On 2015-06-16 17:48, Francis Brosnan Blázquez wrote:
>> Hello Su Min,
>>
>> I don't know why you are getting that. Could you post a working
>> example
>> that reproduces the error you are facing?
>>
>> Best Regards,
>>
>> Hello Francis
>>
>> thanks for your information
>>
>> why do i get wss "client hello" packet (3 first bytes are 22, 3, 1)
>> from nopoll_conn_read? (blocking socket)
>> do i miss accept/handshake?
>>
>> note : on previous mail, i said wireshark didn't capture client hello,
>>
>> it turns out client hello was sent but wireshark didnt label/recognize
>>
>> it as client hello
>>
>> Regards
>>
>> Su Min
>>
>> On 2015-06-13 00:29, Francis Brosnan Blázquez wrote:
>>> El vie, 12-06-2015 a las 22:23 +0700, sumin en trus.co.id escribió:
>>>
>>> Hello,
>>>
>>> Hello Su Min,
>>>
>>> im learning nopoll for my application, i plan to use websocket in
>>> android/ios using ionic framework (html5/js), so i use nopoll for
>>> websocket server only. if im not using TLS, the server run well, but
>>> if
>>> i try use TLS, the connection wont established.
>>>
>>> Ok,
>>>
>>> i hope this info have some clue:
>>> 1. i compare packet between my application and websocket.org using
>>> wireshark. i think the difference begins at "client hello",
>> wireshark
>>> didnt capture any "client hello" from my application
>>> 2. im using blocking socket
>> nopoll_conn_set_sock_block(listener_sock,
>>> nopoll_true), and later i accept with nopoll_conn_accept(ctx,
>>> listener).
>>>
>>> Ok, I think the problem, with 99% of probability is that you are
>>> using a certificate
>>> that is not valid (signed by a trusted party like Twathe, Geotrust
>>> and so forth...). That
>>> can explain why you are getting a failure with your server noPoll
>> app
>>> and the server
>>> provided by websocket.org
>>>
>>> If this is the case, the only solution is to a) review your client
>>> TLS code to disable
>>> certificate verification before connecting... or b) have a signed
>>> certificate that is recognized
>>> by your mobile app
>>>
>>> Going a) would work for your dev test, but you'll need b) for
>>> production
>>>
>>> 1. can i have some sample code about server with TLS?
>>>
>>> Sure, see full working examples at the regression test code:
>>>
>>>
>>>
>> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-client.c
>> [1]
>>> [2]
>>>
>>>
>> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-listener.c
>> [2]
>>> [3]
>>>
>>> 2. how to show some log/error code from nopoll, i read everyone show
>>> nopoll log/error, but i cant find one?
>>>
>>> See http://www.aspl.es/nopoll/html/group__nopoll__log.html [3] [4]
>>>
>>> Alternatively, assuming you are running a noPoll listener app in a
>>> linux or similar
>>> you can use:
>>>
>>> >> NOPOLL_DEBUG=1 NOPOLL_DEBUG_COLOR=1 ./your-app
>>>
>>> Best Regards,
>>>
>>> thanks in advance
>>>
>>> Regards,
>>>
>>> Su Min
>>> _______________________________________________
>>> noPoll mailing list
>>> noPoll en lists.aspl.es
>>> http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll [4] [1]
>>>
>>> --
>>> Francis Brosnan Blázquez <francis en aspl.es>
>>> ASPL
>>> 91 134 14 22 - 91 134 14 45 - 91 116 07 57
>>>
>>> AVISO LEGAL
>>>
>>> En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
>>> diciembre, de Protección de Datos de Carácter Personal, le
>>> informamos de
>>> que sus datos de carácter personal, recogidos de fuentes accesibles
>>> al
>>> público o datos que usted nos ha facilitado previamente, proceden
>> de
>>> bases de datos propiedad de Advanced Software Production Line, S.L.
>>> (ASPL).
>>>
>>> ASPL garantiza que los datos serán tratados con la finalidad de
>>> mantener
>>> las oportunas relaciones comerciales o promocionales con usted o la
>>> entidad que usted representa. No obstante, usted puede ejercitar sus
>>> derechos de acceso, rectificación, cancelación y oposición
>>> dispuestos en
>>> la mencionada Ley Orgánica, notificándolo por escrito a ASPL -
>>> Protección Datos, C/Antonio Suárez 10 A-102, 28802, Alcalá de
>>> Henares
>>> (Madrid).
>>>
>>>
>>>
>>> Links:
>>> ------
>>> [1] http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll [4]
>>> [2]
>>>
>> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-client.c
>> [1]
>>> [3]
>>>
>> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-listener.c
>> [2]
>>> [4] http://www.aspl.es/nopoll/html/group__nopoll__log.html [3]
>>
>> --
>> Francis Brosnan Blázquez <francis.brosnan en aspl.es>
>> ASPL
>> 91 134 14 22 - 91 134 14 45 - 91 116 07 57
>>
>> AVISO LEGAL
>>
>> Este mensaje se dirige exclusivamente a su destinatario. Los datos
>> incluidos en el presente correo son confidenciales y sometidos a
>> secreto
>> profesional, se prohíbe divulgarlos, en virtud de las leyes vigentes.
>> Si
>> usted no lo es y lo ha recibido por error o tiene conocimiento del
>> mismo
>> por cualquier motivo, le rogamos que nos lo comunique por este medio y
>> proceda a destruirlo o borrarlo.
>>
>> En virtud de lo dispuesto en la Ley Orgánica 15/1999, de 13 de
>> diciembre, de Protección de Datos de Carácter Personal, le
>> informamos de
>> que sus datos de carácter personal, recogidos de fuentes accesibles
>> al
>> público o datos que usted nos ha facilitado previamente, proceden de
>> bases de datos propiedad de Advanced Software Production Line, S.L.
>> (ASPL). No obstante, usted puede ejercitar sus derechos de acceso,
>> rectificación, cancelación y oposición dispuestos en la mencionada
>> Ley
>> Orgánica, notificándolo por escrito a:
>> ASPL - Protección Datos, C/Antonio Suárez 10 A-102, 28802, Alcalá
>> de
>> Henares (Madrid).
>>
>>
>>
>> Links:
>> ------
>> [1]
>> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-client.c
>> [2]
>> https://dolphin.aspl.es/svn/publico/nopoll/trunk/test/nopoll-regression-listener.c
>> [3] http://www.aspl.es/nopoll/html/group__nopoll__log.html
>> [4] http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll
>
> _______________________________________________
> noPoll mailing list
> noPoll en lists.aspl.es
> http://lists.aspl.es/cgi-bin/mailman/listinfo/nopoll
Más información sobre la lista de distribución noPoll