Comments (4)
thank you so much @chrzaszcz , verify_mode = "none" worked, i guess i misread the documentation
from mongooseim.
Hi @alvinlal. The module
option you shared is only valid for c2s
listeners, and not for http
. See the complete list of allowed TLS options for HTTP listeners:
The options accepted here are:
verify_mode
,certfile
,cacertfile
,ciphers
,keyfile
,password
,versions
, dhfile. They have the same semantics as the corresponding c2s options forjust_tls
.
What it means is that there is no module
option because the module used for HTTP is always just_tls
- so you can simply omit this option.
One thing to note is that MongooseIM does not close WebSocket connections if peer verification fails. Only the pki
authentication method can change this behaviour. We are planning to address this in the future.
from mongooseim.
thanks @chrzaszcz for the clarification. But i am still having trouble connecting to secure websocket endpoint of mongooseim. I am using the javascript websocket api to connect to mongooseim and i am getting websocket connection failed error on the browser. i have obtained a valid certificate-key pair from letsencrypt and specified its path in the mongooseim.toml
file. This is my config for the secure websocket endpoint (wss) in mongooseim.toml
file👇
[[listen.http]]
port = 5285
transport.num_acceptors = 10
transport.max_connections = 1024
tls.verify_mode = "peer"
tls.certfile = "/etc/letsencrypt/live/myxmppsite.com/fullchain.pem"
tls.keyfile = "/etc/letsencrypt/live/myxmppsite.com/privkey.pem"
tls.cacertfile = "/etc/letsencrypt/live/myxmppsite.com/fullchain.pem"
[[listen.http.handlers.mod_bosh]]
host = "_"
path = "/http-bind"
[[listen.http.handlers.mod_websockets]]
host = "_"
path = "/ws-xmpp"
This is what is being logged to the latest mongooseim log file in /var/log/mongooseim
folder when the browser attempts the connection.
when=2023-12-23T18:06:51.557669+00:00 level=info pid=<0.7470.0> at=supervisor:report_progress/2:1563 report="[{supervisor,{<0.7470.0>,tls_dyn_connection_sup}},{started,[{pid,<0.7472.0>},{id,receiver},{mfargs,{ssl_gen_statem,start_link,[server,<0.7471.0>,\"localhost\",5285,#Port<0.60>,{#{next_protocols_advertised => [<<\"h2\">>,<<\"http/1.1\">>],
sni_fun => #Fun<ssl.11.44732120>,cookie => true,psk_identity => undefined,protocol => tls,supported_groups => {supported_groups,[x25519,x448,secp256r1,secp384r1]},renegotiate_at => 268435456,crl_cache => {ssl_crl_cache,{internal,[]}},fail_if_no_peer_cert => true,verify => verify_peer,secure_renegotiate => true,certs_keys => [#{certfile => <<\"/etc/letsencrypt/live/myxmppsite.com/fullchain.pem\">>,
keyfile => <<\"/etc/letsencrypt/live/myxmppsite.com/privkey.pem\">>}],stateless_tickets_seed => undefined,session_tickets => disabled,signature_algs => [eddsa_ed25519,eddsa_ed448,ecdsa_secp521r1_sha512,ecdsa_secp384r1_sha384,ecdsa_secp256r1_sha256,rsa_pss_pss_sha512,rsa_pss_pss_sha384,rsa_pss_pss_sha256,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,rsa_pss_rsae_sha256,rsa_pkcs1_sha512,rsa_pkcs1_sha384,rsa_pkcs1_sha256,{sha512,ecdsa},{sha384,ecdsa},
{sha256,ecdsa}],honor_cipher_order => false,user_lookup_fun => undefined
,cacerts => undefined,log_level => notice,partial_chain => #Fun<ssl.5.44732120>,customize_hostname_check => [],eccs => {elliptic_curves,[{1,3,132,0,39},{1,3,132,0,38},{1,3,132,0,35},{1,3,36,3,3,2,8,1,1,13},{1,3,132,0,36},{1,3,132,0,37},{1,3,36,3,3,2,8,1,1,11},{1,3,132,0,34},{1,3,132,0,16},{1,3,132,0,17},{1,3,36,3,3,2,8,1,1,7},{1,3,132,0,10},{1,2,840,10045,3,1,7}]},versions => [{3,4},{3,3}],
crl_check => false,alpn_preferred_protocols => [<<\"h2\">>,<<\"http/1.1\">>],handshake => full,anti_replay => undefined,signature_algs_cert => undefined,client_renegotiation => true,ciphers => [<<19,2>>,<<19,1>>,<<19,3>>,<<19,4>>,<<19,5>>,<<\"À,\">>,<<\"À0\">>,<<\"À\">>,<<\"À¯\">>,<<\"À$\">>,<<\"À(\">>,<<204,169>>,<<204,168>>,<<\"À+\">>,<<\"À/\">>,<<\"À¬\">>,<<\"À®\">>,<<\"À.\">>,<<\"À2\">>,<<\"À&\">>,<<\"À*\">>,<<\"À-\">>,<<\"À1\">>,<<\"À#\">>,<<\"À'\">>,<<\"À%\">>,<<\"À)\">>,<<0,...>>,<<...>>|...],...}
,{socket_options,binary,raw,0,0,false},[{option_tracker,<0.1961.0>},{session_tickets_tracker,disabled},{session_id_tracker,<0.1962.0>}]},<0.1969.0>,{gen_tcp,tcp,tcp_closed,tcp_error,tcp_passive}]}},
{restart_type,temporary},{significant,true},{shutdown,5000},{child_type,worker}]}]" label={supervisor,progress}
I am using this line of code in javascript to connect to the endpoint
const socket = new WebSocket('wss://myxmppsite.com:5285/ws-xmpp');
I am getting this error in browser 👇
WebSocket connection to 'wss://myxmppsite.com:5285/ws-xmpp' failed:
Connection to the ws://
(non-secure) endpoint works fine though , Could you point me in the right direction for wss
?
from mongooseim.
WebSocket connection to 'wss://myxmppsite.com:5285/ws-xmpp' failed:
This error message gives me no information.
tls.cacertfile = "/etc/letsencrypt/live/myxmppsite.com/fullchain.pem"
This is wrong, because fullchain.pem
is not the CA certificate. You could start with verify_mode = "none"
for now.
from mongooseim.
Related Issues (20)
- 4.5.0-alpha1 smack: Message Archive Management is not supported by HOT 3
- `mod_blocking` doesn't stop messages from being processed by `modules.mod_mam.pm` or `mod_inbox` HOT 2
- How to get actual message xml packet with external code or by direct database query in MAM HOT 9
- mongooseimctl ipv6 support HOT 9
- Duplicated messages in `mam_message` HOT 4
- -proto_dist inet6_tcp support? HOT 2
- mod_pubsub using subscribee returns bad-request, invalid-jid HOT 2
- Message sending failure with OMEMO HOT 2
- Change config in muclight replacing old config
- GraphQL session ListSessions returns empty lists
- `max_stanza_size` doesn't work with websockets HOT 2
- GraphQL SSE crashes on large message stanza payload HOT 1
- How does mongooseim handle unacknowledged stanza's ? HOT 2
- Mongooseim not sending push notifications to disconnected clients HOT 4
- mod_event_pusher HTTP only sends chat type messages HOT 2
- How to implement stream resumption in XEP-0198 stream management from client side ? HOT 7
- gen_server 'wpool_pool-mongoose_wpool$rdbms$global$default-1' terminated with reason: {{{integer_overflow,int8,957926528636579656073}, HOT 4
- Messages send through push notifications again resended to the client upon reconnection HOT 2
- how to send push notification data to my custom http endpoint instead of mongoosepush? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mongooseim.