Self Signed SSL Cert with socketIO

[abufilba]

Hi.

I am trying to get socketio-client to connect to a local node.js server.

If I run straight http everything is fine.

If I attempt to access the server using https with Self Signed Certs I run into problems.
(I have a working python example connection to the server using urllib2 to post a JSON document so I am fairly sure it all works together.)

I want to use a self signed cert against node.js on my local machine (CN of the cert is the eventual domain)

If I specify a .pem file i.e.
verify='....../certs/server/server.pem'

with SocketIO('https://127.0.0.1:8443',
verify=verify,
cert=('certs/monitor/monitor.crt', 'certs/monitor/monitor.key')) as socketIO:

I get WARNING:socketIO_client:[waiting for connection] hostname '127.0.0.1' doesn't match u'

so its doing CN checking - can we disable this? I have started looking into the urllib3 connectionPooling code as there is an assert_hosts=False flag which should be applicable. However I cannot seem to make this work with socketIO.

If I use verify=False i.e.
SocketIO('https://127.0.0.1:8443',
verify=False,
cert=('certs/monitor/monitor.crt', 'certs/monitor/monitor.key')) as socketIO:

Then I get

WARNING:socketIO_client:[waiting for connection] [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

So it looks like verify is NOT being passed through successfully

in either case it seems to go into a loop attempting to access 127.0.0.1

Any help would be useful.

Excellent apart from that........

[kcampion]

+1

[invisibleroads]

You are running a local socket.io server with a self-signed certificate and accessing the server from the same machine using localhost.

Have you tried using verify=False without specifying the certificate?

SocketIO('https://127.0.0.1:8443', verify=False)

[invisibleroads]

Please feel free to reopen this issue if the suggestion above does not work.

[invisibleroads]

As an update, both server SSL certificate verification and client SSL certificate encryption seem to work properly in [email protected] with socketIO-client>=0.6.5.

# Generate server certificate
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
    -subj "/C=US/ST=New York/L=New York/O=CrossCompute/CN=localhost" \
    -keyout server.key -out server.crt
# Generate client certificate
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
    -subj "/C=US/ST=New York/L=New York/O=CrossCompute/CN=localhost" \
    -keyout client.key -out client.crt

var fs = require('fs');
var options = {
  key: fs.readFileSync('server.key'),
  cert: fs.readFileSync('server.crt')};
var app = require('https').createServer(options);
var io = require('socket.io')(app);
io.on('connection', function(socket) {
  socket.emit('on_test', {'x': 1});
});
app.listen(3000);

from socketIO_client import SocketIO

def on_test_response(*args):
    print('on_test_response', args)

socketIO = SocketIO(
    'https://localhost', 3000,
    verify='server.crt',
    cert=('client.crt', 'client.key'))
socketIO.on('on_test', on_test_response)
socketIO.wait(seconds=1)

http://docs.python-requests.org/en/master/user/advanced/#ssl-cert-verification

[Birendra-Rai]

λ python
Python 3.6.5 |Anaconda, Inc.| (default, Mar 29 2018, 13:32:41) [MSC v.1900 64 bit (
AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.

from socketIO_client import SocketIO, LoggingNamespace
Traceback (most recent call last):
File "", line 1, in
File "C:\Users\R.Birendra\Documents\socketIO-client-master\socketIO-client-master
\socketIO_client_init_.py", line 4, in
from .heartbeats import HeartbeatThread
File "C:\Users\R.Birendra\Documents\socketIO-client-master\socketIO-client-master
\socketIO_client\heartbeats.py", line 1, in
from invisibleroads_macros.log import get_log
ModuleNotFoundError: No module named 'invisibleroads_macros'

[Birendra-Rai]

can you help me out

[lucasalberto01]

I'm having the same problem