InspIRCd 安全 WebSocket 连接失败

InspIRCd Secure WebSocket Connections Fail

尝试连接到配置了 SSL 和 WebSocket Hook 的套接字时,连接失败。

JavaScript WebSocket 请求:

WebSocket('wss://ohmingle.com:7001');

Chrome 响应:

WebSocket connection to 'wss://ohmingle.com:7001/' failed: WebSocket opening handshake was canceled

InspIRCd 调试输出:

Wed Jul 12 09:17:13 2017 SOCKET: Accepting connection on socket 192.168.1.200:7001 fd 232
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCDEA2CF0
Wed Jul 12 09:17:13 2017 USERS: New UUID for user: 854AAAAAA
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCDEA2F18
Wed Jul 12 09:17:13 2017 USERS: New user fd: 232
Wed Jul 12 09:17:13 2017 SOCKET: New file descriptor: 232
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCC2A95D0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::+ @0000017BCC34C1D0
Wed Jul 12 09:17:13 2017 CONNECTCLASS: Setting connect class for UID 854AAAAAA
Wed Jul 12 09:17:13 2017 CONNECTCLASS: Checking main
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O :ohmingle.com NOTICE * :*** Raw I/O logging is enabled on this server. All messages,
 passwords, and commands are being recorded.
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O :ohmingle.com NOTICE * :*** Skipping host resolution (disabled by server
 administrator)
Wed Jul 12 09:17:13 2017 SOCKET: Error on FD 232 - 'Read Error'
Wed Jul 12 09:17:13 2017 USERS: QuitUser: 854AAAAAA=854AAAAAA 'Read Error'
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O ERROR :Closing link: (unknown@68.0.186.85) [Read Error]
Wed Jul 12 09:17:13 2017 SOCKET: DoWrite on errored or closed socket
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCC2A95D0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCC34C1D0
Wed Jul 12 09:17:13 2017 SOCKET: Remove file descriptor: 232
Wed Jul 12 09:17:13 2017 CULLLIST: Deleting @0000017BCDEA2CF0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::- @0000017BCDEA2F18
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::- @0000017BCDEA2CF0
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCDEA2F18
Wed Jul 12 09:17:13 2017 CULLLIST: classbase::~ @0000017BCDEA2CF0

注:

Wed Jul 12 09:17:13 2017 SOCKET: Error on FD 232 - 'Read Error'
Wed Jul 12 09:17:13 2017 USERS: QuitUser: 854AAAAAA=854AAAAAA 'Read Error'
Wed Jul 12 09:17:13 2017 USEROUTPUT: C[854AAAAAA] O ERROR :Closing link: (unknown@68.0.186.85) [Read Error]
Wed Jul 12 09:17:13 2017 SOCKET: DoWrite on errored or closed socket

InspIRCd 配置:

<module name="ssl_openssl">
<module name="sha1">
<module name="websocket">
<sslprofile name="profileSSL"
            provider="openssl"
            cafile="C:/sslCert/ohmingle.com.ca-bundle"  # Certificate Authority Bundle
            certfile="C:/sslCert/ohmingle.com.crt"      # My Certificate
            keyfile="C:/sslCert/ohmingle.key"           # My Private Key
            dhfile="C:/sslCert/dhparams4096.pem"        # DHParams
            hash="sha1">
<bind address="192.168.1.200" port="6669" type="clients" ssl="profileSSL">
<bind address="192.168.1.200" port="7001" type="clients" hook="websocket" ssl="profileSSL">

<bind address="127.0.0.1" port="7000" type="servers">

我是 运行 在 windows 上使用 OpenSSL 1.0.2l 编译的 InspIRCd 的最新源代码版本。

疑难解答:

我有有效的购买和签名证书。使用端口 6669 的 HexChat 测试显示与 SSL 连接没有问题。这些证书也用于我的网站并且没有任何问题。

我试过从 WebSocket 绑定(端口 7001)中删除 ssl="profileSSL",然后尝试标准 WebSocket(ws://ohmingle.com:7001) 连接,它工作得很好。一旦我将 ssl="profileSSL" 重新引入绑定,我们就无法连接。

欢迎任何人使用端口 6669 的传统客户端或端口 7001 的支持 WebSocket 的客户端尝试安全连接到 ohmingle.com 的 IRC 服务器。我的网站 https://ohmingle.com/ 自动尝试安全连接WebSocket 连接在后台,因此您可以使用 Chrome DEV 控制台检查发生了什么。

更新:

Chrome 仍按上述方式工作。

FireFox 一切正常。

Edge 的工作方式与 Chrome 类似,但给出了更具描述性的错误:

SCRIPT12044: WebSocket Error: Network Error 12044, A certificate is required to complete client authentication

证书?我的网络服务器有一个有效的证书。我连接的页面使用它。 WebSocket 不只是使用与调用它的网页相同的证书吗?

可信证书: https://decoder.link/sslchecker/ohmingle.com/443

您必须先在 https://ohmingle.com:7001 上接受自签名证书,然后才能通过 wss 连接。

要使其正常工作,您必须在您的 inspircd3 sslprofile 标签中设置 requestclientcert="no"