incubator-wave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vicente J. Ruiz Jurado" <>
Subject Re: Review Request: Make the 'presented' websocket address configurable: BadCertificate exception
Date Mon, 22 Oct 2012 11:19:26 GMT
El 22/10/12 12:36, Thomas Leonard escribió:
> After this patch, I found I got "A turbulence detected!" as soon as
> I opened the page, and BadCertificate errors in the log.
> To save others some debugging, the problem was that the patch
> changes the domain in the wss:// URL from the domain used by the user
> to access the site, to the one in http_frontend_public_address.
> e.g.
> 1. the user loads up https://wave.mydomain/ 2. they confirm the
> certificate for "wave.mydomain" 3. the browser connects to
> wss://123..../ (using the IP address) 4. the browser doesn't trust
> the certificate for "123..." 5. the browser drops the connection
> without asking the user
> Setting http_websocket_presented_address to match the value the
> client enters fixes it (though I'm not sure this is reliable; if the
> client used an IP address to access the server then it would fail
> again - they really have to match).
> BTW, are we ready to merge the client SSL support yet?

This seems to me a configuration problem. Try to use a cert with wilcard
or several domains. In we use a cert that allows the and (the last is the websocket one).



View raw message