Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS stopped working with websockets #2020

Closed
FozzTexx opened this issue Jan 14, 2021 · 2 comments
Closed

TLS stopped working with websockets #2020

FozzTexx opened this issue Jan 14, 2021 · 2 comments
Milestone
2.0.6

Comments

@FozzTexx
Copy link

Spent the last several days going around in circles trying to find the right configuration to get a web browser to connect to a web socket port with TLS enabled. Took quite a while since TLS works fine on the normal port and my Python scripts were able to do TLS without any issues. I had to do some deep digging to find out that it was just the websocket port that was broken.

Using the openssl command line tool for testing I found that on the websocket port it wasn't sending a certificate at all. Discovered it worked on an older version and ran a git bisect and it looks like it just got broken right when I started to work on enabling TLS support for my project! What timing! ;-)

To test if TLS is working on websockets, enable TLS on the websocket port:

listener 1884                                                                                   
protocol websockets                                                                             
cafile /etc/mosquitto/ca_certificates/my-ca.pem                                           
keyfile /etc/mosquitto/certs/mymosq.key                                                       
certfile /etc/mosquitto/certs/mymosq.crt                                                      
tls_version tlsv1.2

After starting the mosquitto broker:

echo "" | openssl s_client -connect localhost:1884 | grep subject=

No subject= information will be printed since no certificate is sent from the mosquitto broker.

Here's the first commit where it broke:

09a870c34287b43fcc47ddbb1efd692935f12e25 is the first bad commit                              
commit 09a870c34287b43fcc47ddbb1efd692935f12e25                                               
Author: Roger A. Light <[email protected]>                                                     
Date:   Mon Jan 11 15:56:57 2021 +0000                                                        

Better behaved lws external poll code.                                                        

:040000 040000 0d1a036da96f2562704ea4d325f0b691fa3ac5d1 62dcf3108ac8ad13701e6655c2933ef83dda7d41 M      src
ralight added a commit that referenced this issue Jan 15, 2021
@ralight
Fix websockets listeners with TLS not responding.
0008362 
Closes #2020. Thanks to FozzTexx.
@ralight
Copy link
Contributor

ralight commented Jan 15, 2021

Thanks for the good report, I've pushed a fix for this to the fixes branch, if you're able to confirm it works for you as well that would be great.

@ralight ralight added this to the 2.0.6 milestone Jan 15, 2021
@FozzTexx
Copy link
Author

Built from the fixes branch and TLS with websockets is working again.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.0.6
Development

No branches or pull requests
2 participants
@ralight @FozzTexx