[Webkit-unassigned] [Bug 41419] New: Secure wss WebSocket connections cannot be established

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 30 10:07:52 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=41419

           Summary: Secure wss WebSocket connections cannot be established
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
        OS/Version: Mac OS X 10.6
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mail at mloughran.com


I have not been able to connect to a secure wss:// websocket servers using either Safari 5 or the WebKit nightly.

I have tried the following server implementations: em-websocket (http://github.com/igrigorik/em-websocket) and pywebsocket (http://code.google.com/p/pywebsocket/). For both servers I used a self signed certificate, which I also added as a trusted certificate to my keychain (which made no difference). Both of these server implementations work with Chrome (tested with version 6.0.447.0 dev).

It appears that there is an error establishing an SSL connection. The stacktrace from pywebsocket (instructions to replicate below) looks like this.

    [2010-06-30 17:24:10,655] [ERROR] root: Exception in processing request from: ('127.0.0.1', 59399)
    Traceback (most recent call last):
      File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/SocketServer.py", line 558, in process_request_thread
        self.finish_request(request, client_address)
      File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/SocketServer.py", line 320, in finish_request
        self.RequestHandlerClass(request, client_address, self)
      File "standalone.py", line 237, in __init__
        self, *args, **keywords)
      File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/SocketServer.py", line 615, in __init__
        self.handle()
      File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/BaseHTTPServer.py", line 329, in handle
        self.handle_one_request()
      File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/BaseHTTPServer.py", line 312, in handle_one_request
        self.raw_requestline = self.rfile.readline()
      File "/Library/Python/2.6/site-packages/mod_pywebsocket/memorizingfile.py", line 71, in readline
        line = self._file.readline()
      File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/socket.py", line 395, in readline
        data = recv(1)
    Error: [('SSL routines', 'SSL23_READ', 'ssl handshake failure')]

I also tried using stunnel in front of a patched em-websocket server (operating in non ssl mode, but returning the correct wss handshake). This worked in Chrome, but for the WebKit case the connection was terminated in stunnel with the following debug log:

    2010.06.30 17:20:47 LOG7[31326:140735074479136]: wss accepted FD=11 from 127.0.0.1:59205
    2010.06.30 17:20:47 LOG7[31326:4297367552]: wss started
    2010.06.30 17:20:47 LOG7[31326:4297367552]: FD 11 in non-blocking mode
    2010.06.30 17:20:47 LOG7[31326:4297367552]: Waiting for a libwrap process
    2010.06.30 17:20:47 LOG7[31326:4297367552]: Acquired libwrap process #0
    2010.06.30 17:20:47 LOG7[31326:4297367552]: Releasing libwrap process #0
    2010.06.30 17:20:47 LOG7[31326:4297367552]: Released libwrap process #0
    2010.06.30 17:20:47 LOG7[31326:4297367552]: wss permitted by libwrap from 127.0.0.1:59205
    2010.06.30 17:20:47 LOG5[31326:4297367552]: wss accepted connection from 127.0.0.1:59205
    2010.06.30 17:20:47 LOG7[31326:4297367552]: SSL state (accept): before/accept initialization
    2010.06.30 17:20:47 LOG7[31326:4297367552]: SSL state (accept): SSLv3 read client hello A
    2010.06.30 17:20:47 LOG7[31326:4297367552]: SSL state (accept): SSLv3 write server hello A
    2010.06.30 17:20:47 LOG7[31326:4297367552]: SSL state (accept): SSLv3 write certificate A
    2010.06.30 17:20:47 LOG7[31326:4297367552]: SSL state (accept): SSLv3 write server done A
    2010.06.30 17:20:47 LOG7[31326:4297367552]: SSL state (accept): SSLv3 flush data
    2010.06.30 17:20:47 LOG3[31326:4297367552]: SSL_accept: Peer suddenly disconnected
    2010.06.30 17:20:47 LOG5[31326:4297367552]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
    2010.06.30 17:20:47 LOG7[31326:4297367552]: wss finished (0 left)

Nothing is logged in Safari or to Console.app, so I'm slightly at a loss how to debug further.

Replicating with pywebsocket:

* Download from http://code.google.com/p/pywebsocket/
* Install (see README)
* Run standalone server
** cd `src/mod_pywebsocket`
** `sudo python standalone.py -t -p 443 -k keyfile -c certfile --allow-draft75`
* Connect from WebKit

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list