-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add example for usage with TLS #127
Comments
This works for the client but not for the server. In general, for the server you have to accept TLS connection yourself and then pass it to Tungstenite after accepting. This is done so because you must configure certificates and TLS options on the server side. There are examples how to accept TLS connection in both What you do is just add Tungstenite to their example:
Both |
I don't really understand what is being said above. I have 2 cases: How do I do these 2 cases with a tungstenite client app? |
I think what Alexey meant is that |
Thanks, got that much working now. |
@captainmannering, How did you get it? |
@ProgrammingLife just try to use the example from |
For the record, here's how I did it with rustls
I generated the certs with https://github.com/ctz/rustls/blob/0507dd0/bogo/regen-certs |
@aidanhs I am having issues getting a simple example working with rustls. Could you (or anyone else who knows these kinds of things) take a look? I have an example repo with information about how I created keys. It should be something simple, but I have been bashing my head against this all for quite some time and I am getting a bit disheartened to my own lack of skill with certs and tls.
I am connecting to "wss://localhost:8443" through a web page (code included). All I want is to be able to have a web page connect to a server that will host a game (in the end). |
I have not checked it in the detail, but it looks like you're using the self-signed certificates while relying on the default root certificate (i.e. your certificates are not "signed" by a CA and being rejected by the client that connects to your server), so the validation fails. |
I'd like to recommend another approach, using nginx to proxy TLS stream. So you could keep your websocket code nice and clean and leave TLS auth to nginx. Here's an nginx config example to do that: http://disq.us/p/20a6j7c in case anyone is intereted in. |
Yes, that's actually what we would generally suggest ;) I think most of the typical services nowadays do it like this, i.e. having a reverse-proxy that does the TLS. |
Can you give some details in terms of how you did it? I want my client to connect to my server via wss without server having to care about TLS certificate details. |
You need to use some extra software such as |
Hi,
Anyone have a working example of a secure WebSocket on localhost for example, client and server?
I'm a bit confuse about how to instantiate the client and the server over TLS.
I simply did #[cfg(feature = "tls")] in both the .../example/client.rs and server.rs and use a wss prefix instead of ws in the client URL.
But it crash.
Thanks for helping
Bruno
The text was updated successfully, but these errors were encountered: