SSL WebSocket exception - Received fatal alert: certificate_unknown #153
Comments
|
Hi there, you might want to give https://github.com/FiloSottile/mkcert a try, as an alternative to a self-signed certificate for local development. |
|
I installed gvm After all that - I don't get the trace stack anymore on the server Yay ! It does send back a header - with a file size .. but no actual file |
|
Here is the debug logging I currently get : |
|
Thanks for the suggestion ... |
|
curl is a little more informative ... so the 7512 bytes never come ..... |
|
Any thoughts for this ? |
|
I don’t quite get why this is configured as a web socket, or is it? The title has it declared as such. U try to serve a simple GET request right? |
|
The js of the client initially is served from static pages .. I'm using the Atmosphere javascript client - https://github.com/Atmosphere/atmosphere-javascript So, yes - a handler is set to serve the static page, the page loads in the browser, executes the js client which opens the websocket. It works without SSL, but not with SSL ... |
|
Gotya, could you run your |
|
heh, sorry about the extremely long pause ... apparently some pandemic got loose ... All bytes are returned specifically 7560 of them ... It returns the correct byte count ... but no data |
|
can we re-open this ? |
|
interestingly, my custom resource works fine in https but any static file with the default file path resource - does not work |
|
@supertick If you can share a github's repo with a test case I will take a look |
|
Easy :) https://github.com/MyRobotLab/nettosphere-ssl ssl = false returns the index.html correctly |
|
@jfarcand I digged a bit too, not sure why the
Cheers. |
|
btw, for the test-case of @supertick to work, I needed to add the below to his |
|
@jfarcand any ideas ? |
|
@supertick On it today |
|
@thabach Have you been able to pass this exception? I think you are right with the code...I forgot how to setup Nettosphere properly hahahaha |
|
@thabach - I updated the pom in the example with the bouncy castle dep. Also, I updated the poms spec references to java 11 (from java 8) ... I'm using Java 11 locally anyway, and see one of the badges on Nettosphere's page as green. |
|
@jfarcand, with @supertick's pom changes, I can start his test and then I do a:
to reproduce the issue with the infamous which is probably the very same issue you see in your client. Therefore I employ the @supertick, gotya, yes I think the culprit is indeed the |
|
@jfarcand, it does not work on exercising the standard/non-ssl |
|
@thabach THANKS!!!! I always like to work with you! Looking at it today! Thanks @supertick |
|
@supertick Fixed in |
|
My super quick way to test - adding the source test to a clean nettosphere
curl -k https://localhost:8080/index.html |
|
@supertick I do get But I do experience issue when I use Chrome |
I think in my case I just need to sign the cert |
|
Hmmm ... 🤔 I've tried curl & wget ... neither get responses ... |
|
@supertick I use the latest Nettosphere snapshot and just added to your pom.xml <dependency>
<groupId>com.sun.activation</groupId>
<artifactId>javax.activation</artifactId>
<version>1.2.0</version>
</dependency> |
|
added activation dep .... WORKY ! Thanks @jfarcand 👍 |
|
@supertick I've released 3.2.6! |
|
Uh oh ... public final class Nettosphere {
public final static String FLASH_SUPPORT = Nettosphere.class.getName() + ".enableFlash";
private static final Logger logger = LoggerFactory.getLogger(Nettosphere.class);
private static final ChannelGroup ALL_CHANNELS = new DefaultChannelGroup("atmosphere",
ImmediateEventExecutor.INSTANCE);My configuration is pretty straightforward - this used to work configBuilder.resource("./resource");
configBuilder.resource("/api", this);
configBuilder.maxWebSocketFrameAggregatorContentLength(maxMsgSize);
configBuilder.initParam("org.atmosphere.cpr.asyncSupport", "org.atmosphere.container.NettyCometSupport");
configBuilder.initParam(ApplicationConfig.SCAN_CLASSPATH, "false");
configBuilder.initParam(ApplicationConfig.PROPERTY_SESSION_SUPPORT, "true").port(port).host(address); // all
configBuilder.maxChunkContentLength(maxMsgSize);
configBuilder.maxWebSocketFrameSize(maxMsgSize);I'll keep testing (Using Java 11 btw - I know reflection access becomes more problematic in future jdks) It seems as now, the websocket after getting connected, is immediately disconnected (not running ssl) |
|
euh...what is that :-) Can you try 3.2.5? |
|
The reflective warning is apparently not an error - netty/netty#7817 The issue is: this is new behavior with 3.2.6 |
|
3.2.1 & 3.2.5 ws connection as expected git checkout 925feaa65d0c144d61acd83fea34397ecad6f1ea
prepare release nettosphere-project-3.2.5
$ wscat -c http://localhost:8080/api
Connected (press CTRL+C to quit)
< X3.2.6 immediate disconnect $ wscat -c http://localhost:8080/api
error: socket hang up |
|
In order to show what is happening easily, I forked your repo and just added a quick test file on switch to Hope this helps. |
|
@supertick Yep that helps. So you are ok with 3.2.5 then. I will rollback the latest changes and release 3.2.7 asap |
|
I think the current state is: |
|
@supertick Can you try 3.2.7-SNAPSHOT? Couples of tests failing but both ws and ssl seems to work fine |
|
yessir |
|
3.2.7-SNAPSHOT
This might be the same results as 3.2.5 |
|
@supertick OK I think I have it fixed. Let me know and SUPER thanks for the help! |
|
I tested 3.2.7 from maven central ... still no worky 😢 |
|
3.2.7 maven central release haven't regression tested the rest yet ... |
|
Let me know what you tested. For me everything works as expected |
|
super simple test - single file, testing with java 11 4 files
I'm using eclipse - start project - start server with 3.2.1 goto http://localhost:8080/index.html switch to 3.2.7 I could document curl requests - but I suspect they are the same as before |
|
I think there might be 4 use cases to test
|
|
Ahoy ! |
|
I wonder if this is a dependency conflict issue 🤔 |
Hello !
Many thanks for nettosphere and its support !
I'm trying to get a self signed certificate with ssl to nettosphere working.
I checked in the unit tests of nettosphere for something appropriate and ended up with this :
The results are mixed.
This exception is constantly being thrown
Strangely it does not appear to affect the resource handlers I have written, however it does kill the
org.atmosphere.nettosphere.HttpStaticFileServerHandler
So in the end the browser won't load the site.
Any ideas, examples, or suggestions on how to remove this exception, but still have a "valid" self signed certificate ?
Thanks !
The text was updated successfully, but these errors were encountered: