IXWebSocket wss c++ client cannot connect to Node.js wss server using an ip address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

Viktor, your help is much appreciated,

Regarding what you said about the library : 

The right answer is: don't use this library.

There are a couple of alternatives for secured websocket clients.  The most popular is boost::beast, based on boost::asio.  But honestly, the interface is so convoluted and hard to use, that this is one of the reasons I picked IXWebSocket instead.  

I guess that you also tell me to use another library because if this simple thing (checking the ip address) is not well implemented, we cannot trust the rest of the implementation!

But from there, I`ll try to stick to IXWebSocket a little bit more by: 
1. Fixing the ip address problem with the information you gave me. (Moreover, it helps to understand OpenSSL, it can`t do any harm... I only have 2 months of experience, but I am getting (a little bit) better :)  )
2. (More a question here).  By monitoring the traffic between client and server using wireshark.  Is it a good idea (and possible), to check the traffic and make sure the data is encrypted?

About the fix, I realized that IXWebSocket already has : 

            X509_VERIFY_PARAM* param = SSL_get0_param(_ssl_connection);
            X509_VERIFY_PARAM_set1_host(param, host.c_str(), host.size());

So, I guess that I should do something like this instead :

if (isIpAddress(host))
{
       //We are connecting to an ip address.  let OpenSSL validate the ip address in SAN
        SSL_set1_host(_ssl, NULL);
        X509_VERIFY_PARAM *param = SSL_get0_param(_ssl_connection);
        X509_VERIFY_PARAM_set1_ip_asc(param, "<ipaddress>");
}
else
{
            X509_VERIFY_PARAM* param = SSL_get0_param(_ssl_connection);
            X509_VERIFY_PARAM_set1_host(param, host.c_str(), host.size());
}

Does that make sense?

Thank you very much

Pierre-Luc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux