incubator-wave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vicente J. Ruiz Jurado" <v...@ourproject.org>
Subject Re: Review Request: Make the 'presented' websocket address configurable: BadCertificate exception
Date Mon, 22 Oct 2012 11:19:26 GMT
El 22/10/12 12:36, Thomas Leonard escribió:
> After this patch, I found I got "A turbulence detected!" as soon as
> I opened the page, and BadCertificate errors in the log.
> 
> To save others some debugging, the problem was that the patch
> changes the domain in the wss:// URL from the domain used by the user
> to access the site, to the one in http_frontend_public_address.
> 
> e.g.
> 
> 1. the user loads up https://wave.mydomain/ 2. they confirm the
> certificate for "wave.mydomain" 3. the browser connects to
> wss://123..../ (using the IP address) 4. the browser doesn't trust
> the certificate for "123..." 5. the browser drops the connection
> without asking the user
> 
> Setting http_websocket_presented_address to match the value the
> client enters fixes it (though I'm not sure this is reliable; if the
> client used an IP address to access the server then it would fail
> again - they really have to match).
> 
> BTW, are we ready to merge the client SSL support yet?
> 

This seems to me a configuration problem. Try to use a cert with wilcard
or several domains. In kune.cc we use a cert that allows the kune.cc and
www.kune.cc (the last is the websocket one).

BR,

Vicente

Mime
View raw message