c# - ClientWebSocket on Linux throws AuthenticationException (SSL) -


i run following websocket client code on windows , works fine - expected. if code published linux-arm , copied raspberrypi3 (runs under raspian) end in authenticationexception.

csproj file content:

  <propertygroup>     <outputtype>exe</outputtype>     <targetframework>netcoreapp2.0</targetframework>   </propertygroup>    <itemgroup>     <packagereference include="newtonsoft.json" version="10.0.3" />     <packagereference include="system.net.websockets.client" version="4.3.1" />   </itemgroup>

the connection attempt: (the point exception thrown)

private readonly clientwebsocket _socket;  public apiconnection() {     _socket = new clientwebsocket(); }  public async task connect() {     // uri like: wss://example.com/ws     await _socket.connectasync(new uri(_settings.websocketurl), cancellationtoken.none);      if (_socket.state == websocketstate.open)         console.writeline("connected."); }

exception stack:

system.net.websockets.websocketexception (0x80004005): unable connect remote server ---> system.security.authentication.authenticationexception: remote certificate invalid according validation procedure.          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.net.security.sslstate.startsendauthresetsignal(protocoltoken message, asyncprotocolrequest asyncrequest, exceptiondispatchinfo exception)          @ system.net.security.sslstate.checkcompletionbeforenextreceive(protocoltoken message, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startsendblob(byte[] incoming, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.processreceivedblob(byte[] buffer, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreadframe(byte[] buffer, int32 readbytes, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreceiveblob(byte[] buffer, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.checkcompletionbeforenextreceive(protocoltoken message, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startsendblob(byte[] incoming, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.processreceivedblob(byte[] buffer, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreadframe(byte[] buffer, int32 readbytes, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreceiveblob(byte[] buffer, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.checkcompletionbeforenextreceive(protocoltoken message, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startsendblob(byte[] incoming, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.processreceivedblob(byte[] buffer, int32 count, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.startreadframe(byte[] buffer, int32 readbytes, asyncprotocolrequest asyncrequest)          @ system.net.security.sslstate.partialframecallback(asyncprotocolrequest asyncrequest)       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.net.security.sslstate.internalendprocessauthentication(lazyasyncresult lazyresult)          @ system.net.security.sslstate.endprocessauthentication(iasyncresult result)          @ system.net.security.sslstream.endauthenticateasclient(iasyncresult asyncresult)          @ system.threading.tasks.taskfactory`1.fromasynccorelogic(iasyncresult iar, func`2 endfunction, action`1 endaction, task`1 promise, boolean requiressynchronization)       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)          @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)          @ system.net.websockets.websockethandle.<connectasynccore>d__24.movenext()          @ system.net.websockets.websockethandle.<connectasynccore>d__24.movenext()       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)          @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)          @ system.net.websockets.clientwebsocket.<connectasynccore>d__16.movenext()       --- end of stack trace previous location exception thrown ---          @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()          @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)          @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)          @ system.runtime.compilerservices.taskawaiter.getresult()

the target websocket server running behind nginx proxy on ubuntu. think problem relies on client because if code executed on windows works fine.

i tried importing ca certifacte raspians "certificate store". no luck.

update:
http connection (ws://) works on linux. seems, websocketclient didn't trust letsencrypt cert?

this happens when browser / client not trust ssl cert server throwing @ it.

to test, load same url / url on same site in browser, should warning.

when cert issue resolved warning go away.

the exact process resolving ssl cert issues dependent on lot of things ...

os, web server, cert authority, cert providers portal it's near impossible on here give specifics fixing cert issues, said ...

there bit of generic advice on here on se network ...

https://unix.stackexchange.com/questions/90450/adding-a-self-signed-certificate-to-the-trusted-list

https://unix.stackexchange.com/questions/17748/trust-a-self-signed-pem-certificate

in case, rasbian based on debian, standard debian advice might ...

in debian, certificates stash located in /etc/ssl/certs/. directory contains default series of symlinks points certificates installed ca-certificates package (including needed symlinks generated c_rehash(1)) , ca-certificates.crt concatenation of these certificates. managed update-ca-certificates(8) command taking care of updating symlinks , ca-certificates.crt file.

adding new (ca) certificate stash quite easy update-ca-certificates(8) looking files in /usr/local/share/ca-certificates/, administrator has place new certificate in pem format in directory (with .crt extension) , run update-ca-certificates(8) root. applications on system (wget, …) should trust it.

the other possible solution might "i trust code not request bad url's i'll ignore ssl cert errors" ...

c# ignore certificate errors?

... that's not ideal, @ least gives work around until can resolve issue, worst case still check coding own check instead of blanket return true.

final point:

i find no matter os, doing simple reboot or 2 in between tests / checks can clear out wouldn't consider issue.


Comments

Post a Comment

Popular posts from this blog

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m
Read more

javascript - Z-index in d3.js -

i have map , when hover effect on region of map below yellow line , circle, last ones disappear. how can solve problem? http://jsfiddle.net/ot21n9qx/ var arc = g.append("path") .style("fill", "none") .style("stroke", "yellow") .style("stroke-width", 2) .attr("d", "m" + pathorigin[0] + "," + pathorigin[1] + " q" + svgpoint[0] + "," + pathorigin[1] + " " + svgpoint[0] + "," + svgpoint[1]); var circlesize = d3.scale.linear() .domain([0, 0.5, 1]) .range([4, 10, 4]); svg not have z order draws objects in order created. need create path , circle after create highlight regions. here forked fiddle: http://jsfiddle.net/o00fzgaf/1/
Read more