[jetty-users] Jetty SSL with WebSocket Issue

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

[jetty-users] Jetty SSL with WebSocket Issue

Charles Moulliard
Hi.

We have developed an Apache Camel WebSocket component using Jetty
WebSocket. SSL Communication - wss:// works fine between Google Chrome
and Jetty 7.6.3 but fails without error (http://pastebin.com/qsXTsFLr)
using Firefox/Safari. What could be the reason and what can I do to find
the issue ?

Regards,

Charles
Apache Committer
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty SSL with WebSocket Issue

Simone Bordet-2
Hi,

On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard <[hidden email]> wrote:
> Hi.
>
> We have developed an Apache Camel WebSocket component using Jetty WebSocket.
> SSL Communication - wss:// works fine between Google Chrome and Jetty 7.6.3
> but fails without error (http://pastebin.com/qsXTsFLr) using Firefox/Safari.

What does "fail without error" mean ?

The pastebin is frankly unparsable :)
Can you tell us what the problem is, before we attempt to reverse
engineering the SSL log ?

Note that Safari is known to be buggy, but recent FF should work.

You have not mentioned what browser versions you are trying.

Simon
--
http://cometd.org
http://intalio.com
http://bordet.blogspot.com
----
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty SSL with WebSocket Issue

Charles Moulliard
Problem :

When I try to establish a secure wss:// connection between Safari and Firefox (see version here after), the secure websocket connection is closed at client / server side. There is a warn message appearing in the log (nio - Broken Pipe) just after ssl NOT_HANDSHAKING. That's all.


  1. [              qtp1534925604-36] ssl                            DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@6199ffdd SSL NOT_HANDSHAKING i/o/u=37/53/0 ishut=false oshut=false {AsyncHttpConnection@5868b72,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0} NOT_HANDSHAKING filled=-1/37 flushed=0/53
  2. [              qtp1534925604-36] nio                            WARN  java.io.IOException: Broken pipe


Remarks : 
- By no error, I would like to say that there is no SSL message like unknown_certificate, ....
- That works fine with Google Chrome 

Tests made on Mac OS Lion with :
Google Chrome - Version 19.0.1084.52 (OK)
Firefox - Version 12.0 (NOK)
Safari - Version 5.1.7 (7534.57.2) (NOK)

Regards,

Charles
On Wed, May 30, 2012 at 9:00 PM, Simone Bordet <[hidden email]> wrote:
Hi,

On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard <[hidden email]> wrote:
> Hi.
>
> We have developed an Apache Camel WebSocket component using Jetty WebSocket.
> SSL Communication - wss:// works fine between Google Chrome and Jetty 7.6.3
> but fails without error (http://pastebin.com/qsXTsFLr) using Firefox/Safari.

What does "fail without error" mean ?

The pastebin is frankly unparsable :)
Can you tell us what the problem is, before we attempt to reverse
engineering the SSL log ?

Note that Safari is known to be buggy, but recent FF should work.

You have not mentioned what browser versions you are trying.

Simon
--
http://cometd.org
http://intalio.com
http://bordet.blogspot.com
----
Finally, no matter how good the architecture and design are,
to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users


_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty SSL with WebSocket Issue

Thomas Becker
Hi Charles,

I just tried the cometd demo chat application over websocket. Both http
and https version do work fine in firefox 12.0 on MacOs Lion. Maybe
something is wrong with your certificate and safari silently fails?

If you like you can retry the same thing using the cometd-demo.war. But
the current release contains a small bug in the chat application. Let
me know if you want a fixed war file to test it with different
browsers. I'll send it to you then.

Cheers,
Thomas

But it contains a small bug in the chat application which we'll fix
with the next release. You need to

On Wed May 30 23:26:26 2012, Charles Moulliard wrote:

> Problem :
>
> When I try to establish a secure wss:// connection between Safari and
> Firefox (see version here after), the secure websocket connection
> is closed at client / server side. There is a warn message appearing
> in the log (nio - Broken Pipe) just after ssl NOT_HANDSHAKING. That's all.
>
>
> 1.
>     [              qtp1534925604-36] ssl
>      DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL] SslConnection@6199ffdd
>     SSL NOT_HANDSHAKING i/o/u=37/53/0 ishut=false oshut=false
>     {AsyncHttpConnection@5868b72,g=HttpGenerator{s=0,h=-1,b=-1,c=-1},p=HttpParser{s=-14,l=0,c=0},r=0}
>     NOT_HANDSHAKING filled=-1/37 flushed=0/53
> 2.
>     [              qtp1534925604-36] nio
>      WARN  java.io.IOException: Broken pipe
>
> ,
>
> Remarks :
> - By no error, I would like to say that there is no SSL message like
> unknown_certificate, ....
> - That works fine with Google Chrome
>
> Tests made on Mac OS Lion with :
> Google Chrome - Version 19.0.1084.52 (OK)
> Firefox - Version 12.0 (NOK)
> Safari - Version 5.1.7 (7534.57.2) (NOK)
>
> Regards,
>
> Charles
> On Wed, May 30, 2012 at 9:00 PM, Simone Bordet <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Hi,
>
>     On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard
>     <[hidden email] <mailto:[hidden email]>> wrote:
>     > Hi.
>     >
>     > We have developed an Apache Camel WebSocket component using
>     Jetty WebSocket.
>     > SSL Communication - wss:// works fine between Google Chrome and
>     Jetty 7.6.3
>     > but fails without error (http://pastebin.com/qsXTsFLr) using
>     Firefox/Safari.
>
>     What does "fail without error" mean ?
>
>     The pastebin is frankly unparsable :)
>     Can you tell us what the problem is, before we attempt to reverse
>     engineering the SSL log ?
>
>     Note that Safari is known to be buggy, but recent FF should work.
>
>     You have not mentioned what browser versions you are trying.
>
>     Simon
>     --
>     http://cometd.org
>     http://intalio.com
>     http://bordet.blogspot.com
>     ----
>     Finally, no matter how good the architecture and design are,
>     to deliver bug-free software with optimal performance and reliability,
>     the implementation technique must be flawless.   Victoria Livschitz
>     _______________________________________________
>     jetty-users mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://dev.eclipse.org/mailman/listinfo/jetty-users
>
>
>
>
> _______________________________________________
> jetty-users mailing list
> [hidden email]
> https://dev.eclipse.org/mailman/listinfo/jetty-users

--
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty SSL with WebSocket Issue

Charles Moulliard
Thomas,

Your example only uses ws:// protocol of websocket (and not like in my case wss:// which is the SSL version). 

--> <script type="text/javascript" src="../../org/cometd.js"></script>

org.cometd.WebSocketTransport = function()
{
    var _super = new org.cometd.Transport();
    var _self = org.cometd.Transport.derive(_super);
    var _cometd;
    // By default, support WebSocket
    var _supportsWebSocket = true;
    // Whether we were able to establish a WebSocket connection
    var _webSocketSupported = false;
    // Envelopes that have been sent
    var _envelopes = {};
    // Timeouts for messages that have been sent
    var _timeouts = {};
    var _webSocket = null;
    var _opened = false;
    var _connected = false;
    var _successCallback;

    function _websocketConnect()
    {
        // Mangle the URL, changing the scheme from 'http' to 'ws'
        var url = _cometd.getURL().replace(/^http/, 'ws');
        this._debug('Transport', this.getType(), 'connecting to URL', url);

        var self = this;
        var connectTimer = null;

        var connectTimeout = _cometd.getConfiguration().connectTimeout;
        if (connectTimeout > 0)
        {
            connectTimer = this.setTimeout(function()
            {
                connectTimer = null;
                if (!_opened)
                {
                    self._debug('Transport', self.getType(), 'timed out while connecting to URL', url, ':', connectTimeout, 'ms');
                    self.onClose(1002, 'Connect Timeout');
                }
            }, connectTimeout);
        }

        var webSocket = new org.cometd.WebSocket(url);
        webSocket.onopen = function()
        {

So you do no test SSL using WebSocket communication but only SSL of HTTPs protocol 
Regards,
Charles

On Thu, May 31, 2012 at 7:24 PM, Thomas Becker <[hidden email]> wrote:
Yes. What I've done is to prepare a cometd-demo.war and have it running on a jetty with https configured. The chat application uses websocket by default and that works fine in ff 12.0 http and https.

Please find attached a slightly patched version of the war file.


On Thu May 31 19:21:48 2012, Charles Moulliard wrote:
Is it this project that you have tested on Jetty WebSocket -
https://github.com/cometd/cometd/tree/master/cometd-demo ?

On Thu, May 31, 2012 at 6:57 PM, Thomas Becker <[hidden email]
<mailto:[hidden email]>> wrote:

   Hi Charles,

   I just tried the cometd demo chat application over websocket. Both
   http and https version do work fine in firefox 12.0 on MacOs Lion.
   Maybe something is wrong with your certificate and safari silently
   fails?

   If you like you can retry the same thing using the
   cometd-demo.war. But the current release contains a small bug in
   the chat application. Let me know if you want a fixed war file to
   test it with different browsers. I'll send it to you then.

   Cheers,
   Thomas

   But it contains a small bug in the chat application which we'll
   fix with the next release. You need to


   On Wed May 30 23:26:26 2012, Charles Moulliard wrote:

       Problem :

       When I try to establish a secure wss:// connection between
       Safari and
       Firefox (see version here after), the secure websocket connection
       is closed at client / server side. There is a warn message
       appearing
       in the log (nio - Broken Pipe) just after ssl NOT_HANDSHAKING.
       That's all.


       1.
          [              qtp1534925604-36] ssl
           DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL]
       SslConnection@6199ffdd
          SSL NOT_HANDSHAKING i/o/u=37/53/0 ishut=false oshut=false

        {AsyncHttpConnection@5868b72,__g=HttpGenerator{s=0,h=-1,b=-1,__c=-1},p=HttpParser{s=-14,l=0,__c=0},r=0}

          NOT_HANDSHAKING filled=-1/37 flushed=0/53
       2.

          [              qtp1534925604-36] nio
           WARN  java.io.IOException: Broken pipe

       ,

       Remarks :
       - By no error, I would like to say that there is no SSL
       message like
       unknown_certificate, ....
       - That works fine with Google Chrome

       Tests made on Mac OS Lion with :
       Google Chrome - Version 19.0.1084.52 (OK)
       Firefox - Version 12.0 (NOK)
       Safari - Version 5.1.7 (7534.57.2) (NOK)

       Regards,

       Charles
       On Wed, May 30, 2012 at 9:00 PM, Simone Bordet
       <[hidden email] <mailto:[hidden email]>
       <mailto:[hidden email] <mailto:[hidden email]>>> wrote:

          Hi,

          On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard
       <[hidden email] <mailto:[hidden email]>
       <mailto:[hidden email] <mailto:[hidden email]>>>

       wrote:
       > Hi.
       >
       > We have developed an Apache Camel WebSocket component using
          Jetty WebSocket.
       > SSL Communication - wss:// works fine between Google Chrome and
          Jetty 7.6.3
       > but fails without error (http://pastebin.com/qsXTsFLr) using
          Firefox/Safari.

          What does "fail without error" mean ?

          The pastebin is frankly unparsable :)
          Can you tell us what the problem is, before we attempt to
       reverse
          engineering the SSL log ?

          Note that Safari is known to be buggy, but recent FF should
       work.

          You have not mentioned what browser versions you are trying.

          Simon
          --
       http://cometd.org
       http://intalio.com
       http://bordet.blogspot.com
          ----
          Finally, no matter how good the architecture and design are,
          to deliver bug-free software with optimal performance and
       reliability,
          the implementation technique must be flawless.   Victoria
       Livschitz
          _________________________________________________

          jetty-users mailing list
       [hidden email] <mailto:[hidden email]>
       <mailto:[hidden email]__org
       <mailto:[hidden email]>>
       https://dev.eclipse.org/__mailman/listinfo/jetty-users
       <https://dev.eclipse.org/mailman/listinfo/jetty-users>





       _________________________________________________

       jetty-users mailing list
       [hidden email] <mailto:[hidden email]>
       https://dev.eclipse.org/__mailman/listinfo/jetty-users

       <https://dev.eclipse.org/mailman/listinfo/jetty-users>


   --
   thomas becker
   [hidden email] <mailto:[hidden email]>


   http://webtide.com / http://intalio.com
   (the folks behind jetty and cometd)



--
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)


_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty SSL with WebSocket Issue

Thomas Becker
Charles, you're right. Let me quickly change that and see if it still
works.

On Fri Jun  1 09:14:10 2012, Charles Moulliard wrote:

> Thomas,
>
> Your example only uses ws:// protocol of websocket (and not like in my
> case wss:// which is the SSL version).
>
> view-source:http://127.0.0.1:8080/cometd-demo-2.5.0-SNAPSHOT/jquery-examples/chat/
> --><script type="text/javascript" src="../../org/cometd.js
> <http://127.0.0.1:8080/cometd-demo-2.5.0-SNAPSHOT/org/cometd.js>"></script>
>
> org.cometd.WebSocketTransport = function()
> {
>      var _super = new org.cometd.Transport();
>      var _self = org.cometd.Transport.derive(_super);
>      var _cometd;
>      // By default, support WebSocket
>      var _supportsWebSocket = true;
>      // Whether we were able to establish a WebSocket connection
>      var _webSocketSupported = false;
>      // Envelopes that have been sent
>      var _envelopes = {};
>      // Timeouts for messages that have been sent
>      var _timeouts = {};
>      var _webSocket = null;
>      var _opened = false;
>      var _connected = false;
>      var _successCallback;
>
>      function _websocketConnect()
>      {
>          // Mangle the URL, changing the scheme from'http'  to'ws'
> *         var url = _cometd.getURL().replace(/^http/,'ws');*
>          this._debug('Transport', this.getType(),'connecting to URL', url);
>
>          var self = this;
>          var connectTimer = null;
>
>          var connectTimeout = _cometd.getConfiguration().connectTimeout;
>          if (connectTimeout>  0)
>          {
>              connectTimer = this.setTimeout(function()
>              {
>                  connectTimer = null;
>                  if (!_opened)
>                  {
>                      self._debug('Transport', self.getType(),'timed out while connecting to URL', url,':', connectTimeout,'ms');
>                      self.onClose(1002,'Connect Timeout');
>                  }
>              }, connectTimeout);
>          }
>
>          var webSocket = new org.cometd.WebSocket(url);
>          webSocket.onopen = function()
>          {
>
> So you do no test SSL using WebSocket communication but only SSL of HTTPs protocol
> Regards,
> Charles
>
> On Thu, May 31, 2012 at 7:24 PM, Thomas Becker <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     Yes. What I've done is to prepare a cometd-demo.war and have it
>     running on a jetty with https configured. The chat application
>     uses websocket by default and that works fine in ff 12.0 http and
>     https.
>
>     Please find attached a slightly patched version of the war file.
>
>
>     On Thu May 31 19:21:48 2012, Charles Moulliard wrote:
>
>         Is it this project that you have tested on Jetty WebSocket -
>         https://github.com/cometd/__cometd/tree/master/cometd-demo
>         <https://github.com/cometd/cometd/tree/master/cometd-demo> ?
>
>         On Thu, May 31, 2012 at 6:57 PM, Thomas Becker
>         <[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>> wrote:
>
>            Hi Charles,
>
>            I just tried the cometd demo chat application over
>         websocket. Both
>            http and https version do work fine in firefox 12.0 on
>         MacOs Lion.
>            Maybe something is wrong with your certificate and safari
>         silently
>            fails?
>
>            If you like you can retry the same thing using the
>            cometd-demo.war. But the current release contains a small
>         bug in
>            the chat application. Let me know if you want a fixed war
>         file to
>            test it with different browsers. I'll send it to you then.
>
>            Cheers,
>            Thomas
>
>            But it contains a small bug in the chat application which we'll
>            fix with the next release. You need to
>
>
>            On Wed May 30 23:26:26 2012, Charles Moulliard wrote:
>
>                Problem :
>
>                When I try to establish a secure wss:// connection between
>                Safari and
>                Firefox (see version here after), the secure websocket
>         connection
>                is closed at client / server side. There is a warn message
>                appearing
>                in the log (nio - Broken Pipe) just after ssl
>         NOT_HANDSHAKING.
>                That's all.
>
>
>                1.
>                   [              qtp1534925604-36] ssl
>                    DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL]
>                SslConnection@6199ffdd
>                   SSL NOT_HANDSHAKING i/o/u=37/53/0 ishut=false
>         oshut=false
>
>
>         {AsyncHttpConnection@5868b72,____g=HttpGenerator{s=0,h=-1,b=-__1,__c=-1},p=HttpParser{s=-14,__l=0,__c=0},r=0}
>
>                   NOT_HANDSHAKING filled=-1/37 flushed=0/53
>                2.
>
>                   [              qtp1534925604-36] nio
>                    WARN  java.io.IOException: Broken pipe
>
>                ,
>
>                Remarks :
>                - By no error, I would like to say that there is no SSL
>                message like
>                unknown_certificate, ....
>                - That works fine with Google Chrome
>
>                Tests made on Mac OS Lion with :
>                Google Chrome - Version 19.0.1084.52 (OK)
>                Firefox - Version 12.0 (NOK)
>                Safari - Version 5.1.7 (7534.57.2) (NOK)
>
>                Regards,
>
>                Charles
>                On Wed, May 30, 2012 at 9:00 PM, Simone Bordet
>         <[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>
>         <mailto:[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>>> wrote:
>
>                   Hi,
>
>                   On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard
>         <[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>
>         <mailto:[hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>>__>
>
>                wrote:
>         > Hi.
>         >
>         > We have developed an Apache Camel WebSocket component using
>                   Jetty WebSocket.
>         > SSL Communication - wss:// works fine between Google Chrome and
>                   Jetty 7.6.3
>         > but fails without error (http://pastebin.com/qsXTsFLr) using
>                   Firefox/Safari.
>
>                   What does "fail without error" mean ?
>
>                   The pastebin is frankly unparsable :)
>                   Can you tell us what the problem is, before we
>         attempt to
>                reverse
>                   engineering the SSL log ?
>
>                   Note that Safari is known to be buggy, but recent FF
>         should
>                work.
>
>                   You have not mentioned what browser versions you are
>         trying.
>
>                   Simon
>                   --
>         http://cometd.org
>         http://intalio.com
>         http://bordet.blogspot.com
>                   ----
>                   Finally, no matter how good the architecture and
>         design are,
>                   to deliver bug-free software with optimal
>         performance and
>                reliability,
>                   the implementation technique must be flawless.
>         Victoria
>                Livschitz
>                   ___________________________________________________
>
>                   jetty-users mailing list
>         [hidden email] <mailto:[hidden email]>
>         <mailto:jetty-users@eclipse.__org
>         <mailto:[hidden email]>>
>         <mailto:jetty-users@eclipse. <mailto:jetty-users@eclipse.>____org
>         <mailto:jetty-users@eclipse.__org
>         <mailto:[hidden email]>>>
>         https://dev.eclipse.org/____mailman/listinfo/jetty-users
>         <https://dev.eclipse.org/__mailman/listinfo/jetty-users>
>         <https://dev.eclipse.org/__mailman/listinfo/jetty-users
>         <https://dev.eclipse.org/mailman/listinfo/jetty-users>>
>
>
>
>
>
>                ___________________________________________________
>
>                jetty-users mailing list
>         [hidden email] <mailto:[hidden email]>
>         <mailto:jetty-users@eclipse.__org
>         <mailto:[hidden email]>>
>         https://dev.eclipse.org/____mailman/listinfo/jetty-users
>         <https://dev.eclipse.org/__mailman/listinfo/jetty-users>
>
>         <https://dev.eclipse.org/__mailman/listinfo/jetty-users
>         <https://dev.eclipse.org/mailman/listinfo/jetty-users>>
>
>
>            --
>            thomas becker
>         [hidden email] <mailto:[hidden email]>
>         <mailto:[hidden email] <mailto:[hidden email]>>
>
>
>         http://webtide.com / http://intalio.com
>            (the folks behind jetty and cometd)
>
>
>
>     --
>     thomas becker
>     [hidden email] <mailto:[hidden email]>
>
>     http://webtide.com / http://intalio.com
>     (the folks behind jetty and cometd)
>
>

--
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)
_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty SSL with WebSocket Issue

Thomas Becker
In reply to this post by Charles Moulliard
I quickly replaced:

"var url = _cometd.getURL().replace(/^http/, 'ws');"

with:

"
var url = _cometd.getURL().replace(/^https/, 'wss');"

And still it works fine in firefox and safari. Here's some debug output from firebug:

Transport websocket waiting at most 30000 ms for messages ["8"] maxNetworkDelay 10000 , timeouts: Object { 8=13}
cometd.js (line 1324)
Status connecting -> connected
cometd.js (line 1324)


On 6/1/12 9:14 AM, Charles Moulliard wrote:
Thomas,

Your example only uses <a class="moz-txt-link-freetext" href="ws://">ws:// protocol of websocket (and not like in my case <a class="moz-txt-link-freetext" href="wss://">wss:// which is the SSL version). 

--> <script type="text/javascript" src="../../org/cometd.js"></script>

org.cometd.WebSocketTransport = function()
{
    var _super = new org.cometd.Transport();
    var _self = org.cometd.Transport.derive(_super);
    var _cometd;
    // By default, support WebSocket
    var _supportsWebSocket = true;
    // Whether we were able to establish a WebSocket connection
    var _webSocketSupported = false;
    // Envelopes that have been sent
    var _envelopes = {};
    // Timeouts for messages that have been sent
    var _timeouts = {};
    var _webSocket = null;
    var _opened = false;
    var _connected = false;
    var _successCallback;

    function _websocketConnect()
    {
        // Mangle the URL, changing the scheme from 'http' to 'ws'
        var url = _cometd.getURL().replace(/^http/, 'ws');
        this._debug('Transport', this.getType(), 'connecting to URL', url);

        var self = this;
        var connectTimer = null;

        var connectTimeout = _cometd.getConfiguration().connectTimeout;
        if (connectTimeout > 0)
        {
            connectTimer = this.setTimeout(function()
            {
                connectTimer = null;
                if (!_opened)
                {
                    self._debug('Transport', self.getType(), 'timed out while connecting to URL', url, ':', connectTimeout, 'ms');
                    self.onClose(1002, 'Connect Timeout');
                }
            }, connectTimeout);
        }

        var webSocket = new org.cometd.WebSocket(url);
        webSocket.onopen = function()
        {

So you do no test SSL using WebSocket communication but only SSL of HTTPs protocol 
Regards,
Charles

On Thu, May 31, 2012 at 7:24 PM, Thomas Becker <[hidden email]> wrote:
Yes. What I've done is to prepare a cometd-demo.war and have it running on a jetty with https configured. The chat application uses websocket by default and that works fine in ff 12.0 http and https.

Please find attached a slightly patched version of the war file.


On Thu May 31 19:21:48 2012, Charles Moulliard wrote:
Is it this project that you have tested on Jetty WebSocket -
https://github.com/cometd/cometd/tree/master/cometd-demo ?

On Thu, May 31, 2012 at 6:57 PM, Thomas Becker <[hidden email]
<mailto:[hidden email]>> wrote:

   Hi Charles,

   I just tried the cometd demo chat application over websocket. Both
   http and https version do work fine in firefox 12.0 on MacOs Lion.
   Maybe something is wrong with your certificate and safari silently
   fails?

   If you like you can retry the same thing using the
   cometd-demo.war. But the current release contains a small bug in
   the chat application. Let me know if you want a fixed war file to
   test it with different browsers. I'll send it to you then.

   Cheers,
   Thomas

   But it contains a small bug in the chat application which we'll
   fix with the next release. You need to


   On Wed May 30 23:26:26 2012, Charles Moulliard wrote:

       Problem :

       When I try to establish a secure <a class="moz-txt-link-freetext" href="wss://">wss:// connection between
       Safari and
       Firefox (see version here after), the secure websocket connection
       is closed at client / server side. There is a warn message
       appearing
       in the log (nio - Broken Pipe) just after ssl NOT_HANDSHAKING.
       That's all.


       1.
          [              qtp1534925604-36] ssl
           DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL]
       SslConnection@6199ffdd
          SSL NOT_HANDSHAKING i/o/u=37/53/0 ishut=false oshut=false

        {AsyncHttpConnection@5868b72,__g=HttpGenerator{s=0,h=-1,b=-1,__c=-1},p=HttpParser{s=-14,l=0,__c=0},r=0}

          NOT_HANDSHAKING filled=-1/37 flushed=0/53
       2.

          [              qtp1534925604-36] nio
           WARN  java.io.IOException: Broken pipe

       ,

       Remarks :
       - By no error, I would like to say that there is no SSL
       message like
       unknown_certificate, ....
       - That works fine with Google Chrome

       Tests made on Mac OS Lion with :
       Google Chrome - Version 19.0.1084.52 (OK)
       Firefox - Version 12.0 (NOK)
       Safari - Version 5.1.7 (7534.57.2) (NOK)

       Regards,

       Charles
       On Wed, May 30, 2012 at 9:00 PM, Simone Bordet
       <[hidden email] <mailto:[hidden email]>
       <mailto:[hidden email] <mailto:[hidden email]>>> wrote:

          Hi,

          On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard
       <[hidden email] <mailto:[hidden email]>
       <mailto:[hidden email] <mailto:[hidden email]>>>

       wrote:
       > Hi.
       >
       > We have developed an Apache Camel WebSocket component using
          Jetty WebSocket.
       > SSL Communication - <a class="moz-txt-link-freetext" href="wss://">wss:// works fine between Google Chrome and
          Jetty 7.6.3
       > but fails without error (http://pastebin.com/qsXTsFLr) using
          Firefox/Safari.

          What does "fail without error" mean ?

          The pastebin is frankly unparsable :)
          Can you tell us what the problem is, before we attempt to
       reverse
          engineering the SSL log ?

          Note that Safari is known to be buggy, but recent FF should
       work.

          You have not mentioned what browser versions you are trying.

          Simon
          --
       http://cometd.org
       http://intalio.com
       http://bordet.blogspot.com
          ----
          Finally, no matter how good the architecture and design are,
          to deliver bug-free software with optimal performance and
       reliability,
          the implementation technique must be flawless.   Victoria
       Livschitz
          _________________________________________________

          jetty-users mailing list
       [hidden email] <mailto:[hidden email]>
       <mailto:[hidden email]__org
       <mailto:[hidden email]>>
       https://dev.eclipse.org/__mailman/listinfo/jetty-users
       <https://dev.eclipse.org/mailman/listinfo/jetty-users>





       _________________________________________________

       jetty-users mailing list
       [hidden email] <mailto:[hidden email]>
       https://dev.eclipse.org/__mailman/listinfo/jetty-users

       <https://dev.eclipse.org/mailman/listinfo/jetty-users>


   --
   thomas becker
   [hidden email] <mailto:[hidden email]>


   http://webtide.com / http://intalio.com
   (the folks behind jetty and cometd)



--
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)


-- 
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users
Reply | Threaded
Open this post in threaded view
|

Re: [jetty-users] Jetty SSL with WebSocket Issue

Thomas Becker
Hi Charles,

you confused me. :) It was already working via wss yesterday and the change I described is not needed.

var url = _cometd.getURL().replace(/^http/, 'ws');

will replace "http" with "ws" and "https" with "wss" as it only touches the http string for sure. If it's already prepended by an s, then the s will stay.

Cheers,
Thomas

On 6/1/12 11:21 AM, Thomas Becker wrote:
I quickly replaced:

"var url = _cometd.getURL().replace(/^http/, 'ws');"

with:

"
var url = _cometd.getURL().replace(/^https/, 'wss');"

And still it works fine in firefox and safari. Here's some debug output from firebug:

Transport websocket waiting at most 30000 ms for messages ["8"] maxNetworkDelay 10000 , timeouts: Object { 8=13}
cometd.js (line 1324)
Status connecting -> connected
cometd.js (line 1324)


On 6/1/12 9:14 AM, Charles Moulliard wrote:
Thomas,

Your example only uses <a moz-do-not-send="true" class="moz-txt-link-freetext" href="ws://">ws:// protocol of websocket (and not like in my case <a moz-do-not-send="true" class="moz-txt-link-freetext" href="wss://">wss:// which is the SSL version). 

--> <script type="text/javascript" src="../../org/cometd.js"></script>

org.cometd.WebSocketTransport = function()
{
    var _super = new org.cometd.Transport();
    var _self = org.cometd.Transport.derive(_super);
    var _cometd;
    // By default, support WebSocket
    var _supportsWebSocket = true;
    // Whether we were able to establish a WebSocket connection
    var _webSocketSupported = false;
    // Envelopes that have been sent
    var _envelopes = {};
    // Timeouts for messages that have been sent
    var _timeouts = {};
    var _webSocket = null;
    var _opened = false;
    var _connected = false;
    var _successCallback;

    function _websocketConnect()
    {
        // Mangle the URL, changing the scheme from 'http' to 'ws'
        var url = _cometd.getURL().replace(/^http/, 'ws');
        this._debug('Transport', this.getType(), 'connecting to URL', url);

        var self = this;
        var connectTimer = null;

        var connectTimeout = _cometd.getConfiguration().connectTimeout;
        if (connectTimeout > 0)
        {
            connectTimer = this.setTimeout(function()
            {
                connectTimer = null;
                if (!_opened)
                {
                    self._debug('Transport', self.getType(), 'timed out while connecting to URL', url, ':', connectTimeout, 'ms');
                    self.onClose(1002, 'Connect Timeout');
                }
            }, connectTimeout);
        }

        var webSocket = new org.cometd.WebSocket(url);
        webSocket.onopen = function()
        {

So you do no test SSL using WebSocket communication but only SSL of HTTPs protocol 
Regards,
Charles

On Thu, May 31, 2012 at 7:24 PM, Thomas Becker <[hidden email]> wrote:
Yes. What I've done is to prepare a cometd-demo.war and have it running on a jetty with https configured. The chat application uses websocket by default and that works fine in ff 12.0 http and https.

Please find attached a slightly patched version of the war file.


On Thu May 31 19:21:48 2012, Charles Moulliard wrote:
Is it this project that you have tested on Jetty WebSocket -
https://github.com/cometd/cometd/tree/master/cometd-demo ?

On Thu, May 31, 2012 at 6:57 PM, Thomas Becker <[hidden email]
<mailto:[hidden email]>> wrote:

   Hi Charles,

   I just tried the cometd demo chat application over websocket. Both
   http and https version do work fine in firefox 12.0 on MacOs Lion.
   Maybe something is wrong with your certificate and safari silently
   fails?

   If you like you can retry the same thing using the
   cometd-demo.war. But the current release contains a small bug in
   the chat application. Let me know if you want a fixed war file to
   test it with different browsers. I'll send it to you then.

   Cheers,
   Thomas

   But it contains a small bug in the chat application which we'll
   fix with the next release. You need to


   On Wed May 30 23:26:26 2012, Charles Moulliard wrote:

       Problem :

       When I try to establish a secure <a moz-do-not-send="true" class="moz-txt-link-freetext" href="wss://">wss:// connection between
       Safari and
       Firefox (see version here after), the secure websocket connection
       is closed at client / server side. There is a warn message
       appearing
       in the log (nio - Broken Pipe) just after ssl NOT_HANDSHAKING.
       That's all.


       1.
          [              qtp1534925604-36] ssl
           DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL]
       SslConnection@6199ffdd
          SSL NOT_HANDSHAKING i/o/u=37/53/0 ishut=false oshut=false

        {AsyncHttpConnection@5868b72,__g=HttpGenerator{s=0,h=-1,b=-1,__c=-1},p=HttpParser{s=-14,l=0,__c=0},r=0}

          NOT_HANDSHAKING filled=-1/37 flushed=0/53
       2.

          [              qtp1534925604-36] nio
           WARN  java.io.IOException: Broken pipe

       ,

       Remarks :
       - By no error, I would like to say that there is no SSL
       message like
       unknown_certificate, ....
       - That works fine with Google Chrome

       Tests made on Mac OS Lion with :
       Google Chrome - Version 19.0.1084.52 (OK)
       Firefox - Version 12.0 (NOK)
       Safari - Version 5.1.7 (7534.57.2) (NOK)

       Regards,

       Charles
       On Wed, May 30, 2012 at 9:00 PM, Simone Bordet
       <[hidden email] <mailto:[hidden email]>
       <mailto:[hidden email] <mailto:[hidden email]>>> wrote:

          Hi,

          On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard
       <[hidden email] <mailto:[hidden email]>
       <mailto:[hidden email] <mailto:[hidden email]>>>

       wrote:
       > Hi.
       >
       > We have developed an Apache Camel WebSocket component using
          Jetty WebSocket.
       > SSL Communication - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="wss://">wss:// works fine between Google Chrome and
          Jetty 7.6.3
       > but fails without error (http://pastebin.com/qsXTsFLr) using
          Firefox/Safari.

          What does "fail without error" mean ?

          The pastebin is frankly unparsable :)
          Can you tell us what the problem is, before we attempt to
       reverse
          engineering the SSL log ?

          Note that Safari is known to be buggy, but recent FF should
       work.

          You have not mentioned what browser versions you are trying.

          Simon
          --
       http://cometd.org
       http://intalio.com
       http://bordet.blogspot.com
          ----
          Finally, no matter how good the architecture and design are,
          to deliver bug-free software with optimal performance and
       reliability,
          the implementation technique must be flawless.   Victoria
       Livschitz
          _________________________________________________

          jetty-users mailing list
       [hidden email] <mailto:[hidden email]>
       <mailto:[hidden email]__org
       <mailto:[hidden email]>>
       https://dev.eclipse.org/__mailman/listinfo/jetty-users
       <https://dev.eclipse.org/mailman/listinfo/jetty-users>





       _________________________________________________

       jetty-users mailing list
       [hidden email] <mailto:[hidden email]>
       https://dev.eclipse.org/__mailman/listinfo/jetty-users

       <https://dev.eclipse.org/mailman/listinfo/jetty-users>


   --
   thomas becker
   [hidden email] <mailto:[hidden email]>


   http://webtide.com / http://intalio.com
   (the folks behind jetty and cometd)



--
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)


-- 
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)

-- 
thomas becker
[hidden email]

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)

_______________________________________________
jetty-users mailing list
[hidden email]
https://dev.eclipse.org/mailman/listinfo/jetty-users