I've written a WebSocket Server which currently works only with ws:// connections.
Tested with http://www.websocket.org/echo.html (on Chrome) and http://websocket4net.codeplex.com/ .
Now I want to also support wss://
connections (TLS).
I've got it to work with WebSocket4Net but when using the echo test,
javascript immediately throws an exception after SslStream.AuthenticateAsServer();
is executed in C# code.
It does its TLS negotiation, but Chrome rejects the connection.
SslStream Reads and writes (ServerSide done by AuthenticateAsServer):
Read(5, 0, 5) == 5
Read(517, 5, 512) == 512
Write(887, 0, 887)
Read(887, 0, 5) == 5
Read(887, 5, 262) == 262
Read(5, 0, 5) == 5
Read(6, 5, 1) == 1
Read(5, 0, 5) == 5
Read(53, 5, 48) == 48
Write(59, 0, 59)
I used the following steps to add the certificate:
makecert -sv CA.pvk -r -n "CN=Dev" -a sha256 -len 2048 -sky signature -cy authority CA.cer
makecert -ic CA.cer -iv CA.pvk -n "CN=localhost, CN=127.0.0.1" -a sha256 -len 2048 -sky exchange -sv CA_localhost.pvk -pe CA_localhost.cer
cert2spc CA_localhost.cer CA_localhost.spc
pvkimprt -pfx CA_localhost.spc CA_localhost.pvk //Select export
//Import CA.cer into your Computer store's Trusted Root Certification Authorities (certmgr.msc)
//Import the private key that the server is going to use into the server machine's Personal store.
//This is achieved by importing the .pfx file that you generated earlier.
SslStream created by new SslStream(new NetworkStream(clientSocket), true)
For AuthenticateAsServer I'm using the "CA_localhost.cer" certificate.
After making sure the certificates are displayed in certmgr.msc I opened http://www.websocket.org/echo.html in Chrome and used wss://localhost:12345
as the address (for which my server is listening) and also checking the checkbox.
After clicking Connect
I only get:
ERROR: undefined
DISCONNECTED
The javascript console displaying:
WebSocket connection to 'wss://127.0.0.1:12345/?encoding=text' failed: Connection closed before receiving a handshake response
On the serverside after AuthenticateAsServer
the properties IsAuthenticated
and IsEncrypted
are set to true, but immediately after that I receive data of zero length, closing the connection.
I'm assuming I made an error during the certificate creation and/or installation but I don't know what I may have done wrong.
Any ideas?
After some hours of testing and giving up, I gave it another go:
It turns out (or for me at least it looks like it) that only the last common name is taken to validate against the ws-uri.
Using wss://127.0.0.1:12345 worked.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.