Re: [jetty-users] Jetty SSL with WebSocket Issue

[Thomas Becker]

Hi Charles,

you confused me. :) It was already working via wss yesterday and the 
change I described is not needed.

var url = _cometd.getURL().replace(/^http/, 'ws');

will replace "http" with "ws" and "https" with "wss" as it only touches 
the http string for sure. If it's already prepended by an s, then the s 
will stay.

Cheers,
Thomas

On 6/1/12 11:21 AM, Thomas Becker wrote:
I quickly replaced:

"var url = _cometd.getURL().replace(/^http/, 'ws');"

with:

"var url = _cometd.getURL().replace(/^https/, 'wss');"

And still it works fine in firefox and safari. Here's some debug 
output from firebug:*
*
Transport websocket waiting at most 30000 ms for messages 
["8"]maxNetworkDelay 10000 , timeouts: Object { 8=13}
cometd.js (line 1324)
Status connecting -> connected
cometd.js (line 1324)
WebSocket message message WebSocket { 
url="wss://localhost:8443/co...o-2.5.0-SNAPSHOT/cometd", readyState=1, 
bufferedAmount=0, more...}
cometd.js (line 1324)
Transport websocket received websocket message message WebSocket { 
url="wss://localhost:8443/co...o-2.5.0-SNAPSHOT/cometd", readyState=1, 
bufferedAmount=0, more...}


On 6/1/12 9:14 AM, Charles Moulliard wrote:
Thomas,

Your example only uses ws:// protocol of websocket (and not like in 
my case wss:// which is the SSL version).

view-source:http://127.0.0.1:8080/cometd-demo-2.5.0-SNAPSHOT/jquery-examples/chat/
--><script type="text/javascript" src="../../org/cometd.js 
<http://127.0.0.1:8080/cometd-demo-2.5.0-SNAPSHOT/org/cometd.js>"></script>

org.cometd.WebSocketTransport = function()
{
     var _super = new org.cometd.Transport();
     var _self = org.cometd.Transport.derive(_super);
     var _cometd;
     // By default, support WebSocket
     var _supportsWebSocket = true;
     // Whether we were able to establish a WebSocket connection
     var _webSocketSupported = false;
     // Envelopes that have been sent
     var _envelopes = {};
     // Timeouts for messages that have been sent
     var _timeouts = {};
     var _webSocket = null;
     var _opened = false;
     var _connected = false;
     var _successCallback;

     function _websocketConnect()
     {
         // Mangle the URL, changing the scheme from 'http' to 'ws'
*         var url = _cometd.getURL().replace(/^http/, 'ws');*
         this._debug('Transport', this.getType(), 'connecting to URL', url);

         var self = this;
         var connectTimer = null;

         var connectTimeout = _cometd.getConfiguration().connectTimeout;
         if (connectTimeout>  0)
         {
             connectTimer = this.setTimeout(function()
             {
                 connectTimer = null;
                 if (!_opened)
                 {
                     self._debug('Transport', self.getType(), 'timed out while 
connecting to URL', url, ':', connectTimeout, 'ms');
                     self.onClose(1002, 'Connect Timeout');
                 }
             }, connectTimeout);
         }

         var webSocket = new org.cometd.WebSocket(url);
         webSocket.onopen = function()
         {

So you do no test SSL using WebSocket communication but only SSL of HTTPs 
protocol
Regards,
Charles

On Thu, May 31, 2012 at 7:24 PM, Thomas Becker <tbec...@intalio.com 
<mailto:tbec...@intalio.com>> wrote:

    Yes. What I've done is to prepare a cometd-demo.war and have it
    running on a jetty with https configured. The chat application
    uses websocket by default and that works fine in ff 12.0 http and
    https.

    Please find attached a slightly patched version of the war file.


    On Thu May 31 19:21:48 2012, Charles Moulliard wrote:

        Is it this project that you have tested on Jetty WebSocket -
        https://github.com/cometd/cometd/tree/master/cometd-demo ?

        On Thu, May 31, 2012 at 6:57 PM, Thomas Becker
        <tbec...@intalio.com <mailto:tbec...@intalio.com>
        <mailto:tbec...@intalio.com <mailto:tbec...@intalio.com>>> wrote:

           Hi Charles,

           I just tried the cometd demo chat application over
        websocket. Both
           http and https version do work fine in firefox 12.0 on
        MacOs Lion.
           Maybe something is wrong with your certificate and safari
        silently
           fails?

           If you like you can retry the same thing using the
           cometd-demo.war. But the current release contains a small
        bug in
           the chat application. Let me know if you want a fixed war
        file to
           test it with different browsers. I'll send it to you then.

           Cheers,
           Thomas

           But it contains a small bug in the chat application which
        we'll
           fix with the next release. You need to


           On Wed May 30 23:26:26 2012, Charles Moulliard wrote:

               Problem :

               When I try to establish a secure wss:// connection between
               Safari and
               Firefox (see version here after), the secure websocket
        connection
               is closed at client / server side. There is a warn message
               appearing
               in the log (nio - Broken Pipe) just after ssl
        NOT_HANDSHAKING.
               That's all.


               1.
                  [              qtp1534925604-36] ssl
                   DEBUG [Session-1, SSL_NULL_WITH_NULL_NULL]
               SslConnection@6199ffdd
                  SSL NOT_HANDSHAKING i/o/u=37/53/0 ishut=false
        oshut=false

               
        {AsyncHttpConnection@5868b72,__g=HttpGenerator{s=0,h=-1,b=-1,__c=-1},p=HttpParser{s=-14,l=0,__c=0},r=0}


                  NOT_HANDSHAKING filled=-1/37 flushed=0/53
               2.

                  [              qtp1534925604-36] nio
                   WARN  java.io.IOException: Broken pipe

               ,

               Remarks :
               - By no error, I would like to say that there is no SSL
               message like
               unknown_certificate, ....
               - That works fine with Google Chrome

               Tests made on Mac OS Lion with :
               Google Chrome - Version 19.0.1084.52 (OK)
               Firefox - Version 12.0 (NOK)
               Safari - Version 5.1.7 (7534.57.2) (NOK)

               Regards,

               Charles
               On Wed, May 30, 2012 at 9:00 PM, Simone Bordet
        <sbor...@intalio.com <mailto:sbor...@intalio.com>
        <mailto:sbor...@intalio.com <mailto:sbor...@intalio.com>>
        <mailto:sbor...@intalio.com <mailto:sbor...@intalio.com>
        <mailto:sbor...@intalio.com <mailto:sbor...@intalio.com>>>>
        wrote:

                  Hi,

                  On Wed, May 30, 2012 at 8:42 PM, Charles Moulliard
        <cmoulli...@gmail.com <mailto:cmoulli...@gmail.com>
        <mailto:cmoulli...@gmail.com <mailto:cmoulli...@gmail.com>>
        <mailto:cmoulli...@gmail.com <mailto:cmoulli...@gmail.com>
        <mailto:cmoulli...@gmail.com <mailto:cmoulli...@gmail.com>>>>

               wrote:
        > Hi.
        >
        > We have developed an Apache Camel WebSocket component using
                  Jetty WebSocket.
        > SSL Communication - wss:// works fine between Google Chrome and
                  Jetty 7.6.3
        > but fails without error (http://pastebin.com/qsXTsFLr) using
                  Firefox/Safari.

                  What does "fail without error" mean ?

                  The pastebin is frankly unparsable :)
                  Can you tell us what the problem is, before we
        attempt to
               reverse
                  engineering the SSL log ?

                  Note that Safari is known to be buggy, but recent
        FF should
               work.

                  You have not mentioned what browser versions you
        are trying.

                  Simon
                  --
        http://cometd.org
        http://intalio.com
        http://bordet.blogspot.com
                  ----
                  Finally, no matter how good the architecture and
        design are,
                  to deliver bug-free software with optimal
        performance and
               reliability,
                  the implementation technique must be flawless.  
        Victoria
               Livschitz
                  _________________________________________________

                  jetty-users mailing list
        jetty-users@eclipse.org <mailto:jetty-users@eclipse.org>
        <mailto:jetty-users@eclipse.org <mailto:jetty-users@eclipse.org>>
        <mailto:jetty-users@eclipse. <mailto:jetty-users@eclipse.>__org
        <mailto:jetty-users@eclipse.org
        <mailto:jetty-users@eclipse.org>>>
        https://dev.eclipse.org/__mailman/listinfo/jetty-users
        <https://dev.eclipse.org/mailman/listinfo/jetty-users>





               _________________________________________________

               jetty-users mailing list
        jetty-users@eclipse.org <mailto:jetty-users@eclipse.org>
        <mailto:jetty-users@eclipse.org <mailto:jetty-users@eclipse.org>>
        https://dev.eclipse.org/__mailman/listinfo/jetty-users

        <https://dev.eclipse.org/mailman/listinfo/jetty-users>


           --
           thomas becker
        tbec...@intalio.com <mailto:tbec...@intalio.com>
        <mailto:tbec...@intalio.com <mailto:tbec...@intalio.com>>


        http://webtide.com / http://intalio.com
           (the folks behind jetty and cometd)



    --
    thomas becker
    tbec...@intalio.com <mailto:tbec...@intalio.com>

    http://webtide.com / http://intalio.com
    (the folks behind jetty and cometd)



--
thomas becker
tbec...@intalio.com

http://webtide.com  /http://intalio.com
(the folks behind jetty and cometd)

--
thomas becker
tbec...@intalio.com

http://webtide.com / http://intalio.com
(the folks behind jetty and cometd)

_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
https://dev.eclipse.org/mailman/listinfo/jetty-users