Centrifugo-go client do not accept self signed SSL certificate with SAN
korvinko opened this issue · 11 comments
I generated new self signed cert with SAN fields as require chrome from 58 and made it trusted globally in entire system (https://www.archlinux.org/news/ca-certificates-update/). Chrome 58 accept it and Centrifugo web server works good and I can open it. Centrifugo-js connect without problem but centrifugo-go client does not accept it. Are you know any workaround for it?
Centrifugo-go output:
2017/04/27 13:20:33 crm.loc
2017/04/27 13:20:33 Start program
2017/04/27 13:20:33 x509: certificate signed by unknown authority
@johndoejdg hello, I have no quick answer on this, are you trying to connect to Centrifugo with centrifuge-go from the same host where you added cert to trusted?
Yes, the same. And php client (phpcent) have same problem but for it possible set UNSAFE transport.
Transport::setSafety(Transport::UNSAFE)
Would be good have same option for go client.
Do you really need this? In production you will have a valid non-self-signed certificate right?
No, It just for dev environment. Because CA can not issue certificate for non public IP.
Why not developing without certificate at all? You will anyway need to use custom client with disabled certificate check - so it will just make things more complex for you
Development should as close to production as possible. One flag to disable certificate authority is not problem. I have a hack to solve it problem with real cert and attaching real domain to 127.0.0.1 But will be good has flag to avoid it.
ok, got it, let's add an option then - will try to do this during this weekend
Thank you
Merged:
wsURL := "wss://localhost:8000/connection/websocket"
conf := centrifuge.DefaultConfig
conf.SkipVerify = true
c := centrifuge.NewCentrifuge(wsURL, creds, nil, conf)Thank you, will check soon and tell you about results
Just confirm that all works perfect. Thank you.