SOLVED (following answer)
I am using Starscream library to create a safe websocket wss in the test server we have a self-signed certificate and I find it impossible to make the connection.
var socket = WebSocket(url: NSURL(scheme: "wss", host: "selfsignedserver.com", path: "/")!)
Log
2014-12-16 10:38:10.260 pruebasignin[2135:363455] CFNetwork SSLHandshake failed (-9807)
websocket is disconnected: The operation couldn’t be completed. (OSStatus error -9807.)
and when I try to connect to a server certificate valid also fails to connect
SOLVED
var socket = WebSocket(url: NSURL(scheme: "wss", host: "production.com", path: "/")!)
Log
websocket is disconnected: Invalid HTTP upgrade
Starscream now supports a flag so you can use self-signed certificates:
https://github.com/daltoniam/Starscream/blob/bf0146db269249d200bb3bc4185cb5724cfa2ae8/README.md#self-signed-ssl-and-voip
(Edited for posterity; links to the README that was published as of April 2016)
I solved the problem by allowing self-signed certificates Starscream modifying the library.
To this must be added the arcivo WebSocket.swift the following code:
if url.scheme == "wss" || url.scheme == "https" {
inputStream!.setProperty(NSStreamSocketSecurityLevelNegotiatedSSL, forKey: NSStreamSocketSecurityLevelKey)
outputStream!.setProperty(NSStreamSocketSecurityLevelNegotiatedSSL, forKey: NSStreamSocketSecurityLevelKey)
/* My code */
var settings = Dictionary<NSObject, NSObject>()
settings[kCFStreamSSLValidatesCertificateChain] = NSNumber(bool:false)
settings[kCFStreamSSLPeerName] = kCFNull
CFReadStreamSetProperty(self.inputStream, kCFStreamPropertySSLSettings, settings)
CFWriteStreamSetProperty(self.outputStream, kCFStreamPropertySSLSettings, settings)
/* End my code*/
}
Related
I am trying to send telemetry messages to Azure IoT Hub using the npm mqtt library, instead of using Azure Nodejs SDK/Library.
I am using X509 certificate authentication. The device connection is working fine when I use azure Nodejs SDK/Library and I am able to send telemetry messages.
When trying to use the MQTT library, it is saying unauthorized.
const mqtt = require("mqtt");
const fs = require('fs');
let options = {
cert: fs.readFileSync("device-cert.pem", "utf-8").toString(),
key: fs.readFileSync("device-cert.key", "utf-8").toString(),
passphrase: '1234',
clientId: "device-003",
username: "ih-iot-sample-001.azure-devices.net/device-003/?api-version=2021-04-12",
}
let client = mqtt.connect(
"mqtts://ih-iot-sample-001.azure-devices.net:8883",
options
);
client.on("connect", function () {
console.log("connected");
});
client.on("error", (err) => {
console.log(err);
process.exit(0)
});
Error :
Connection refused: Not authorized
The clientid and the deviceId in the username were wrong. That's why I got this error
I have created an RSA certification using a generated private/public key using this library-
https://github.com/cbaker6/CertificateSigningRequest
thanks to this library I now have a certificate in a PEM string format.
now I want to create an ssl socket that can use this certificate to connect to a remote server that requires an ssl connection.
so for example this is a pseudo code in node.js:
let options = {
key : this.certs.key,
cert: this.certs.cert,
port: this.port,
host : this.host,
rejectUnauthorized: false,
}
console.debug("Start Connect");
this.client = tls.connect(options, () => {
console.debug(this.host + " connected")
});
where the key and the cert are both a PEM string
I tried BlueSSLService lib, but they only support connecting with cert files, no strings.
I was able to connect to a public wss using tls like this:
let port = 443
let url = URL(string: "wss://echo.websocket.org")!
connection = NWConnection(host: NWEndpoint.Host.name(url.host!, nil), port: NWEndpoint.Port(rawValue: UInt16(port))!, using: .tls)
Now I'm trying to connect to a wss websocket in a private network and I'm getting some errors. This is my code:
let port = 8443
let url = URL(string: "wss://ip_address:8443/gs-guide-websocket/websocket")!
connection = NWConnection(host: NWEndpoint.Host.name(url.host!, nil), port: NWEndpoint.Port(rawValue: UInt16(port))!, using: .tls)
And these are the errors:
[BoringSSL] boringssl_context_alert_callback_handler(3747) [C1.1:1][0x7fe945708390] Alert level: fatal, description: certificate unknown
[BoringSSL] boringssl_context_error_print(3699) boringssl ctx 0x600001ec9500: 140639868076392:error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl_Sim/boringssl-109.202.1/ssl/handshake.cc:372:[BoringSSL] boringssl_context_get_error_code(3519) [C1.1:1][0x7fe945708390] SSL_AD_CERTIFICATE_UNKNOWN
Client failed with error: -9808: Optional(bad certificate format)
Do I need to add special options to connect here?
Also, I saw that the wss works because I'm able to connect with SocketRocket, but I want to connect with NWConnection
Thanks.
Solution was to install the certificate that I had on the server and then enable full trust to that certificate in Settings > General > About > Certificate Trust Settings
I have a problem connecting with my socket.io server hosted on cloud9 for testing purposes. Here is how my server looks like:
var app = require('express')();
var http = require('http').createServer(app);
var io = require('socket.io').listen(http);
io.on('connection', function(socket){
console.log('a client has been conected');
socket.on('update', function(){
console.log('receved an update :)');
})
});
http.listen(process.env.PORT || 3000, process.env.IP || "0.0.0.0", function(){
var addr = http.address();
console.log("Chat server listening at", addr.address + ":" + addr.port);
});
and here is my iOS client:
func initalSocketManager(){
self.socket = SocketIOClient(socketURL: "https://applewatchnode-seven-ply.c9users.io")
self.socket.connect()
self.socket.on("connection") {data, ack in
print("socket connected")
}
}
For any reason I'm not able to connect to my socket server. When I run my iOS app the server logs the following info:
info - unhandled socket.io url
Any help will be highly appreciated.
Your server code is a non-ssl HTTP listener on port 3000. Your iOS client code is trying to connect over SSL (port 443). They will never find each other.
Change your iOS code to
http://applewatchnode-seven-ply.c9users.io:3000/
Having node https setup
const server = require('https').createServer(
{
key: fs.readFileSync('ssl/some.key'),
cert: fs.readFileSync('ssl/some.crt')
}, handler);
iOS app performs good with xcode debug, but misses connectivity when app distributed via .ipa file.
Node https setup must include intermediate CA certificate (provided by Certificate Authority):
const server = require('https').createServer(
{
// this line is required.
ca: fs.readFileSync('ssl/intermediate.crt'),
key: fs.readFileSync('ssl/some.key'),
cert: fs.readFileSync('ssl/some.crt')
}, handler);