When attempting to connect to a socket configured with SSL and the WebSocket Hook the connection fails.
JavaScript WebSocket Request:
WebSocket('wss://ohmingle.com:7001');
Chrome responds with:
WebSocket connection to 'wss://ohmingle.com:7001/' failed: WebSocket opening handshake was canceled
InspIRCd debug output:
Wed Jul 12 09:17:13 2017 SOCKET: Accepting connection on socket 192.168.1.200:7001 fd 232
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCDEA2CF0
Wed Jul 12 09:17:13 2017 USERS: New UUID for user: 854AAAAAA
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCDEA2F18
Wed Jul 12 09:17:13 2017 USERS: New user fd: 232
Wed Jul 12 09:17:13 2017 SOCKET: New file descriptor: 232
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCC2A95D0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCC34C1D0
Wed Jul 12 09:17:13 2017 CONNECTCLASS: Setting connect class for UID 854AAAAAA
Wed Jul 12 09:17:13 2017 CONNECTCLASS: Checking main
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O :ohmingle.com NOTICE * :*** Raw I/O logging is enabled on this server. All messages,
passwords, and commands are being recorded.
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O :ohmingle.com NOTICE * :*** Skipping host resolution (disabled by server
administrator)
Wed Jul 12 09:17:13 2017 SOCKET: Error on FD 232 - 'Read Error'
Wed Jul 12 09:17:13 2017 USERS: QuitUser: 854AAAAAA=854AAAAAA 'Read Error'
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O ERROR :Closing link: ([email protected]) [Read Error]
Wed Jul 12 09:17:13 2017 SOCKET: DoWrite on errored or closed socket
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCC2A95D0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCC34C1D0
Wed Jul 12 09:17:13 2017 SOCKET: Remove file descriptor: 232
Wed Jul 12 09:17:13 2017 CULLLIST: Deleting @0000017BCDEA2CF0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::- @0000017BCDEA2F18
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::- @0000017BCDEA2CF0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCDEA2F18
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCDEA2CF0
Note:
Wed Jul 12 09:17:13 2017 SOCKET: Error on FD 232 - 'Read Error'
Wed Jul 12 09:17:13 2017 USERS: QuitUser: 854AAAAAA=854AAAAAA 'Read Error'
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O ERROR :Closing link: ([email protected]) [Read Error]
Wed Jul 12 09:17:13 2017 SOCKET: DoWrite on errored or closed socket
InspIRCd Configuration:
<module name="ssl_openssl">
<module name="sha1">
<module name="websocket">
<sslprofile name="profileSSL"
provider="openssl"
cafile="C:/sslCert/ohmingle.com.ca-bundle" # Certificate Authority Bundle
certfile="C:/sslCert/ohmingle.com.crt" # My Certificate
keyfile="C:/sslCert/ohmingle.key" # My Private Key
dhfile="C:/sslCert/dhparams4096.pem" # DHParams
hash="sha1">
<bind address="192.168.1.200" port="6669" type="clients" ssl="profileSSL">
<bind address="192.168.1.200" port="7001" type="clients" hook="websocket" ssl="profileSSL">
<bind address="127.0.0.1" port="7000" type="servers">
I'm running the latest source version of InspIRCd compiled on windows with OpenSSL 1.0.2l.
Troubleshooting:
I have valid purchased and signed certificates. Testing with HexChat using port 6669 shows no issues connecting with SSL. The certificates are also used for my website and work without any issues.
I have tried removing ssl="profileSSL" from the WebSocket bind (port 7001) then attempting a standard WebSocket(ws://ohmingle.com:7001) connection and it works flawlessly. As soon as I reintroduce ssl="profileSSL" to the bind we cannot connect.
Anyone is welcome to attempt a secure connection to the IRC server at ohmingle.com using a traditional client at port 6669 or a WebSocket capeable client at port 7001. My website https://ohmingle.com/ automatically attempts a secure WebSocket connection in the background so you can use Chrome DEV Console to inspect whats going on.
UPDATE:
Chrome still works as described above.
Everything works fine from FireFox.
Edge works like Chrome but gives a more descriptive error:
SCRIPT12044: WebSocket Error: Network Error 12044, A certificate is required to complete client authentication
Certificate? My web server HAS a valid certificate. The page I'm connected on uses it. Doesn't WebSocket just use the same certificate the webpage it's being called in uses?
Trusted Certificate: https://decoder.link/sslchecker/ohmingle.com/443
To make it work you have to set requestclientcert="no" in your inspircd3 sslprofile tag.