Self Signed SSL Cert with socketIO
abufilba opened this issue · 7 comments
Hi.
I am trying to get socketio-client to connect to a local node.js server.
If I run straight http everything is fine.
If I attempt to access the server using https with Self Signed Certs I run into problems.
(I have a working python example connection to the server using urllib2 to post a JSON document so I am fairly sure it all works together.)
I want to use a self signed cert against node.js on my local machine (CN of the cert is the eventual domain)
If I specify a .pem file i.e.
verify='....../certs/server/server.pem'
with SocketIO('https://127.0.0.1:8443',
verify=verify,
cert=('certs/monitor/monitor.crt', 'certs/monitor/monitor.key')) as socketIO:
I get WARNING:socketIO_client:[waiting for connection] hostname '127.0.0.1' doesn't match u'
so its doing CN checking - can we disable this? I have started looking into the urllib3 connectionPooling code as there is an assert_hosts=False flag which should be applicable. However I cannot seem to make this work with socketIO.
If I use verify=False i.e.
SocketIO('https://127.0.0.1:8443',
verify=False,
cert=('certs/monitor/monitor.crt', 'certs/monitor/monitor.key')) as socketIO:
Then I get
WARNING:socketIO_client:[waiting for connection] [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
So it looks like verify is NOT being passed through successfully
in either case it seems to go into a loop attempting to access 127.0.0.1
Any help would be useful.
Excellent apart from that........
+1
You are running a local socket.io server with a self-signed certificate and accessing the server from the same machine using localhost.
Have you tried using verify=False without specifying the certificate?
SocketIO('https://127.0.0.1:8443', verify=False)
Please feel free to reopen this issue if the suggestion above does not work.
As an update, both server SSL certificate verification and client SSL certificate encryption seem to work properly in socket.io@1.4.5 with socketIO-client>=0.6.5.
# Generate server certificate
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=US/ST=New York/L=New York/O=CrossCompute/CN=localhost" \
-keyout server.key -out server.crt
# Generate client certificate
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=US/ST=New York/L=New York/O=CrossCompute/CN=localhost" \
-keyout client.key -out client.crt
var fs = require('fs');
var options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt')};
var app = require('https').createServer(options);
var io = require('socket.io')(app);
io.on('connection', function(socket) {
socket.emit('on_test', {'x': 1});
});
app.listen(3000);
from socketIO_client import SocketIO
def on_test_response(*args):
print('on_test_response', args)
socketIO = SocketIO(
'https://localhost', 3000,
verify='server.crt',
cert=('client.crt', 'client.key'))
socketIO.on('on_test', on_test_response)
socketIO.wait(seconds=1)
http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification
λ python
Python 3.6.5 |Anaconda, Inc.| (default, Mar 29 2018, 13:32:41) [MSC v.1900 64 bit (
AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
from socketIO_client import SocketIO, LoggingNamespace
Traceback (most recent call last):
File "", line 1, in
File "C:\Users\R.Birendra\Documents\socketIO-client-master\socketIO-client-master
\socketIO_client_init_.py", line 4, in
from .heartbeats import HeartbeatThread
File "C:\Users\R.Birendra\Documents\socketIO-client-master\socketIO-client-master
\socketIO_client\heartbeats.py", line 1, in
from invisibleroads_macros.log import get_log
ModuleNotFoundError: No module named 'invisibleroads_macros'
can you help me out
I'm having the same problem