WSS use from HTTPS sourced web page

Jul 27, 2012 at 5:39 PM
Edited Jul 27, 2012 at 5:55 PM

Hi, we have embedded JavaScript for WebSocket support running in Firefox 14 where the html is retrieved from IIS over https. Using WebSocket4Net 0.8 as a local workstation server we are attempting to connect to it from the JavaScript on the workstation (IIS on another server). We have created development certificates and loaded into the IIS server store and generated the .pfx referencing in the WebSocketServer code.

On attempting to connect from the JavaScript to the WebSocketServer using wss://, JavaScript throws the 1006 abnormal close code. Logging enabled in the WebSocketServer states that the connection opens then a second later closes.

We have found one .NET exception trace that complains about the certificates (and the fabulous 'unknown error occurred'), I have that trace added below.

Have others succeeeded in accomplishing a similar architecture where you call out of an HTTPS sourced page to interconnect with other apps on the desktop using WebSocket4Net? We think this is certificate related and used CertificateCreator, MakeCert and IIS Cert Generator as well as put into the Trusted store.

Are we barking up the wrong tree?

info.log:
2012-07-27 08:25:53,175 [8432] INFO  SuperWebSocket - Session: 05eb865f-d423-4791-b795-f0e861ce88ad/135.115.72.187:52055 New SocketSession was accepted!
2012-07-27 08:25:55,566 [10444] INFO  SuperWebSocket - Session: 05eb865f-d423-4791-b795-f0e861ce88ad/135.115.72.187:52055 This session was closed!

error.log:
2012-07-27 08:25:53,550 [10444] ERROR SuperWebSocket - Session: 05eb865f-d423-4791-b795-f0e861ce88ad/135.115.72.187:52055 System.IO.IOException: The decryption operation failed, see inner exception. ---> System.ComponentModel.Win32Exception: An unknown error occurred while processing the certificate

    --- End of inner exception stack trace ---

   at System.Net.Security._SslStream.ProcessReadErrorCode(SecurityStatus errorCode, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest, Byte[] extraBuffer)
   at System.Net.Security._SslStream.ProcessFrameBody(Int32 readBytes, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.StartFrameBody(Int32 readBytes, Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.Read(Byte[] buffer, Int32 offset, Int32 count)
   at SuperSocket.SocketEngine.SyncSocketSession`2.TryGetCommand(TCommandInfo& commandInfo)

 

 

Coordinator
Jul 28, 2012 at 8:24 AM

The problem is about SuperWebSocket instead of WebSocket4Net.

I think your problem was caused by the browser didn't trust the certificate, could you try install the certificate in the client computer?

BTW, it seems you are using Sync mode, I suggest you use Async mode.

Jul 28, 2012 at 8:55 AM

Thanks Kerry for the reply. Yes, we switched to Sync as we receive an immediate exit of the program when running Async but from your recommendation, will investigate further why. Since the post, I have installed the certificate into the client computer but will put both of your recommendations together and determine if that solves the objective. Appreciated.

Coordinator
Jul 28, 2012 at 1:49 PM

One another issue you need to take care:

The certificate's CN should be same as host of the websocket server.

For instance, the websocket serer is access by the uri wss://websocketserver/xxxx, so the CN of the certificate also should be "websocketserver".

Jul 28, 2012 at 4:09 PM

Hi Kerry, by following your last recommendations it looks like I am over the hurdle of SSL certs. Your statement does place a concern being that since the interaction between the JavaScript and .NET WebSocketServer is per-workstation, the FQDN is unique to each workstation. Currently I am using 127.0.0.1 as the WebSocketServer address in the wss:// so it can address any local socket server. Is that strategy going to lead to trouble?

Since I have switched to Async mode, I have wrapped the WebSocketServer into a simple Windows form application but it still quits on connect from the client socket. No information appears as to why in any of the logs. I merely get the sucessful connection statement appear in the Debug log then the quit occurs.

My code base is as simple creating the WebSocketServer, adding in the Prot, Security, Mode, Certificate etc as the ServerConfig and starting the thread, as per your examples. I have traces on the two events but nothing fires (evidently quits before then). On looking at SuperSocket, I see all the Command control... do I need to implement the actual services in this manner and my ommision is causing the failure or can I just receive/respond to data via the DataReceived event handler?

Regards and thanks.

Coordinator
Jul 28, 2012 at 5:09 PM

If you use wss://127.0.0.1/, please make sure your certificate's CN is "127.0.0.1".

Dec 28, 2013 at 5:35 PM
Hi,

I am having the same issue.

How can i modify my Certificate's CN?

Thanks you!
Coordinator
Dec 29, 2013 at 1:40 AM
Generate a new certificate with the correct dns and then use it in your server program