Can you post the relevant code here instead of a zip file?

On Sat, Sep 10, 2016 at 10:40 AM GuyBrand [email protected] wrote:

Hi .

We are trying to create a secure WS with self signed certificates .
Taken the chat sample changed home.html to use wss and it works.
BUT
When a GO client (already working without tls) , and are getting various
results from x509: certificate signed by unknown authority if skipverify =
false to tls: oversized record received with length 20527 when its true .
sample client (with commented code of some of the trial and error) ,
server , html and cert creator (from tls package) is attached .

chat1.zip https://github.com/gorilla/websocket/files/465536/chat1.zip

Thanks,
Guy .

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158, or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcPzRJ_kPYbS28aGKzziivQCVihBIks5qouuQgaJpZM4J5xuM
.

You mean as files or inline?

On Sep 11, 2016 2:58 AM, "Matt Silverlock" [email protected] wrote:

Can you post the relevant code here instead of a zip file?

On Sat, Sep 10, 2016 at 10:40 AM GuyBrand [email protected]
wrote:

Hi .

We are trying to create a secure WS with self signed certificates .
Taken the chat sample changed home.html to use wss and it works.
BUT
When a GO client (already working without tls) , and are getting various

results from x509: certificate signed by unknown authority if skipverify

false to tls: oversized record received with length 20527 when its true .
sample client (with commented code of some of the trial and error) ,
server , html and cert creator (from tls package) is attached .

chat1.zip https://github.com/gorilla/websocket/files/465536/chat1.zip

Thanks,
Guy .

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158, or mute the thread
kPYbS28aGKzziivQCVihBIks5qouuQgaJpZM4J5xuM>
.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158#issuecomment-246129421,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFpMclgMsAZWMdHMJsEzk0VBi0KYRkRNks5qov3EgaJpZM4J5xuM
.

Inline, or a gist, or a repo. Minimal is best - something I can run without
having to configure is better.
On Sat, Sep 10, 2016 at 3:55 PM GuyBrand [email protected] wrote:

You mean as files or inline?

On Sep 11, 2016 2:58 AM, "Matt Silverlock" [email protected]
wrote:

Can you post the relevant code here instead of a zip file?

On Sat, Sep 10, 2016 at 10:40 AM GuyBrand [email protected]
wrote:

Hi .

We are trying to create a secure WS with self signed certificates .
Taken the chat sample changed home.html to use wss and it works.
BUT
When a GO client (already working without tls) , and are getting
various
results from x509: certificate signed by unknown authority if

skipverify

false to tls: oversized record received with length 20527 when its
true .
sample client (with commented code of some of the trial and error) ,
server , html and cert creator (from tls package) is attached .

chat1.zip <https://github.com/gorilla/websocket/files/465536/chat1.zip

Thanks,
Guy .

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158, or mute the thread
kPYbS28aGKzziivQCVihBIks5qouuQgaJpZM4J5xuM>
.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://github.com/gorilla/websocket/issues/158#issuecomment-246129421
,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AFpMclgMsAZWMdHMJsEzk0VBi0KYRkRNks5qov3EgaJpZM4J5xuM

.

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158#issuecomment-246149840,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcPKTt0wUAN4CTo8l0nUfpc9PHWNAks5qozVjgaJpZM4J5xuM
.

uploaded to git :
https://github.com/GuyBrand/WssSample
Although in 3 folders, very minimal :

Sample repo for using golang wss with gorilla websocket
genCrt - midified copy of tls/generate_cert.go to create local ssl certificate
server - modified copy of the gorilla/websocket chat sample, working with https
client - a gorilla/websocket go client using https , with some tweaks comment out for several attempts

Is the error on this line?

Yes .

From: Gary Burd [mailto:[email protected]]
Sent: Sunday, September 11, 2016 4:59 PM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

Is the error on this line https://github.com/GuyBrand/WssSample/blob/92b40168972b5013dc6d641fbc16107532a84b19/goClient/goClient.go#L56 ?

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/gorilla/websocket/issues/158#issuecomment-246181634 , or mute the thread https://github.com/notifications/unsubscribe-auth/AFpMcuqvQunI0m2TvESagpH-9FiOhX8qks5qpAk6gaJpZM4J5xuM . https://github.com/notifications/beacon/AFpMckqOgiryUaonp_UM5rq911cnOY46ks5qpAk6gaJpZM4J5xuM.gif

The issue is with the call to tls.Dial or http.ListenAndServeTLS. These calls are made before any code in the websocket package is executed.

Well,
Another thing I tried was talking this:
https://github.com/nareix/tls-example
Implementing on both server side and client side.

In this case, tls.dial passes, but the newclient prob gets the handshake
error

On Sep 12, 2016 11:41, "Gary Burd" [email protected] wrote:

The issue is with the call to tls.Dial
https://github.com/GuyBrand/WssSample/blob/92b40168972b5013dc6d641fbc16107532a84b19/goClient/goClient.go#L56
or http.ListenAndServeTLS
https://github.com/GuyBrand/WssSample/blob/92b40168972b5013dc6d641fbc16107532a84b19/server/main.go#L45.
These calls are made before any code in the websocket package is executed.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158#issuecomment-246236783,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AFpMcgUwySohisDrf4gJkrhqV-wHVvzJks5qpMnogaJpZM4J5xuM
.

Show the specific error returned from NewClient.

The error is : oversized record received with length 20527 .

But I think the question is a little broader,

We can probably trial and error until we get it working , or at least look like it (does - InsecureSkipVerify: true acount for “working” when security is considered ?)

Assuming we are in a world that switches all services to ssl ,

Can you give an example of how to create a gorilla/websocket server and gorilla websocket client running on top of ssl certificate ?

Thanks .

From: Gary Burd [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:10 AM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

Show the specific error returned from NewClient.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/gorilla/websocket/issues/158#issuecomment-246239270 , or mute the thread https://github.com/notifications/unsubscribe-auth/AFpMck40SWoZSSNh5GCsBa1BLCfVji6Tks5qpNCbgaJpZM4J5xuM . https://github.com/notifications/beacon/AFpMcilroxYKYxC2MHzpi8DSLBL8i-s_ks5qpNCbgaJpZM4J5xuM.gif

The error is : oversized record received with length 20527 .

This means the server is responding with a plain HTTP response, and not a
TLS response. Your server does not serve over TLS:
https://github.com/GuyBrand/WssSample/blob/master/server/main.go#L49

This needs to be ListenAndServeTLS - and be provided with a server-side
cert to serve.

On Sun, Sep 11, 2016 at 9:29 PM GuyBrand [email protected] wrote:

The error is : oversized record received with length 20527 .

But I think the question is a little broader,

We can probably trial and error until we get it working , or at least look
like it (does - InsecureSkipVerify: true acount for “working” when security
is considered ?)

Assuming we are in a world that switches all services to ssl ,

Can you give an example of how to create a gorilla/websocket server and
gorilla websocket client running on top of ssl certificate ?

Thanks .

From: Gary Burd [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:10 AM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

Show the specific error returned from NewClient.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <
https://github.com/gorilla/websocket/issues/158#issuecomment-246239270> ,
or mute the thread <
https://github.com/notifications/unsubscribe-auth/AFpMck40SWoZSSNh5GCsBa1BLCfVji6Tks5qpNCbgaJpZM4J5xuM>
. <
https://github.com/notifications/beacon/AFpMcilroxYKYxC2MHzpi8DSLBL8i-s_ks5qpNCbgaJpZM4J5xuM.gif>

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158#issuecomment-246241793,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcDGTxeA-TpSS3w3i9qexFwthiA0cks5qpNUngaJpZM4J5xuM
.

The code actually goes through :

if _, err := os.Stat("./algo.crt");err==nil{

So the server runs ListenAndServeTLS

From: Matt Silverlock [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:36 AM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

The error is : oversized record received with length 20527 .

This means the server is responding with a plain HTTP response, and not a
TLS response. Your server does not serve over TLS:
https://github.com/GuyBrand/WssSample/blob/master/server/main.go#L49

This needs to be ListenAndServeTLS - and be provided with a server-side
cert to serve.

On Sun, Sep 11, 2016 at 9:29 PM GuyBrand <[email protected] notifications@github.com > wrote:

The error is : oversized record received with length 20527 .

But I think the question is a little broader,

We can probably trial and error until we get it working , or at least look
like it (does - InsecureSkipVerify: true acount for “working” when security
is considered ?)

Assuming we are in a world that switches all services to ssl ,

Can you give an example of how to create a gorilla/websocket server and
gorilla websocket client running on top of ssl certificate ?

Thanks .

From: Gary Burd [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:10 AM
To: gorilla/websocket <[email protected] websocket@noreply.github.com >
Cc: GuyBrand <[email protected] GuybrandW@gmail.com >; Author <[email protected] author@noreply.github.com >
Subject: Re: [gorilla/websocket] wss client sample (#158)

Show the specific error returned from NewClient.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <
https://github.com/gorilla/websocket/issues/158#issuecomment-246239270> ,
or mute the thread <
https://github.com/notifications/unsubscribe-auth/AFpMck40SWoZSSNh5GCsBa1BLCfVji6Tks5qpNCbgaJpZM4J5xuM>
. <
https://github.com/notifications/beacon/AFpMcilroxYKYxC2MHzpi8DSLBL8i-s_ks5qpNCbgaJpZM4J5xuM.gif>

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158#issuecomment-246241793,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcDGTxeA-TpSS3w3i9qexFwthiA0cks5qpNUngaJpZM4J5xuM
.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/gorilla/websocket/issues/158#issuecomment-246243358 , or mute the thread https://github.com/notifications/unsubscribe-auth/AFpMcuW47eIeOsvt2veObpe1cY4Bze5oks5qpNbMgaJpZM4J5xuM . https://github.com/notifications/beacon/AFpMcqi3U6C_XkiwnJfNjbnCgZ1U5DZHks5qpNbMgaJpZM4J5xuM.gif

Are you sure? Does it actually load the cert?
On Sun, Sep 11, 2016 at 10:13 PM GuyBrand [email protected] wrote:

The code actually goes through :

if _, err := os.Stat("./algo.crt");err==nil{

So the server runs ListenAndServeTLS

From: Matt Silverlock [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:36 AM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

The error is : oversized record received with length 20527 .

This means the server is responding with a plain HTTP response, and not a
TLS response. Your server does not serve over TLS:
https://github.com/GuyBrand/WssSample/blob/master/server/main.go#L49

This needs to be ListenAndServeTLS - and be provided with a server-side
cert to serve.

On Sun, Sep 11, 2016 at 9:29 PM GuyBrand <[email protected]
notifications@github.com > wrote:

The error is : oversized record received with length 20527 .

But I think the question is a little broader,

We can probably trial and error until we get it working , or at least
look
like it (does - InsecureSkipVerify: true acount for “working” when
security
is considered ?)

Assuming we are in a world that switches all services to ssl ,

Can you give an example of how to create a gorilla/websocket server and
gorilla websocket client running on top of ssl certificate ?

Thanks .

From: Gary Burd [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:10 AM
To: gorilla/websocket <[email protected] [email protected]> >
Cc: GuyBrand <[email protected] GuybrandW@gmail.com >;
Author <[email protected] author@noreply.github.com >
Subject: Re: [gorilla/websocket] wss client sample (#158)

Show the specific error returned from NewClient.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <
https://github.com/gorilla/websocket/issues/158#issuecomment-246239270>
,
or mute the thread <

https://github.com/notifications/unsubscribe-auth/AFpMck40SWoZSSNh5GCsBa1BLCfVji6Tks5qpNCbgaJpZM4J5xuM

. <

https://github.com/notifications/beacon/AFpMcilroxYKYxC2MHzpi8DSLBL8i-s_ks5qpNCbgaJpZM4J5xuM.gif

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
<https://github.com/gorilla/websocket/issues/158#issuecomment-246241793
,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AABIcDGTxeA-TpSS3w3i9qexFwthiA0cks5qpNUngaJpZM4J5xuM

.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <
https://github.com/gorilla/websocket/issues/158#issuecomment-246243358> ,
or mute the thread <
https://github.com/notifications/unsubscribe-auth/AFpMcuW47eIeOsvt2veObpe1cY4Bze5oks5qpNbMgaJpZM4J5xuM>
. <
https://github.com/notifications/beacon/AFpMcqi3U6C_XkiwnJfNjbnCgZ1U5DZHks5qpNbMgaJpZM4J5xuM.gif>

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158#issuecomment-246251658,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcJFgN4wgTHWAxbLNvwXPoO9bqpxjks5qpN-UgaJpZM4J5xuM
.

Yes , if you see the line :

fmt.Println("file ", "algo.crt found switching to https")

it prints on the console .

From: Matt Silverlock [mailto:[email protected]]
Sent: Monday, September 12, 2016 8:17 AM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

Are you sure? Does it actually load the cert?
On Sun, Sep 11, 2016 at 10:13 PM GuyBrand <[email protected] notifications@github.com > wrote:

The code actually goes through :

if _, err := os.Stat("./algo.crt");err==nil{

So the server runs ListenAndServeTLS

From: Matt Silverlock [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:36 AM
To: gorilla/websocket <[email protected] websocket@noreply.github.com >
Cc: GuyBrand <[email protected] GuybrandW@gmail.com >; Author <[email protected] author@noreply.github.com >
Subject: Re: [gorilla/websocket] wss client sample (#158)

The error is : oversized record received with length 20527 .

This means the server is responding with a plain HTTP response, and not a
TLS response. Your server does not serve over TLS:
https://github.com/GuyBrand/WssSample/blob/master/server/main.go#L49

This needs to be ListenAndServeTLS - and be provided with a server-side
cert to serve.

On Sun, Sep 11, 2016 at 9:29 PM GuyBrand <[email protected]
mailto:[email protected] > wrote:

The error is : oversized record received with length 20527 .

But I think the question is a little broader,

We can probably trial and error until we get it working , or at least
look
like it (does - InsecureSkipVerify: true acount for “working” when
security
is considered ?)

Assuming we are in a world that switches all services to ssl ,

Can you give an example of how to create a gorilla/websocket server and
gorilla websocket client running on top of ssl certificate ?

Thanks .

From: Gary Burd [mailto:[email protected]]
Sent: Monday, September 12, 2016 7:10 AM
To: gorilla/websocket <[email protected] [email protected] websocket@noreply.github.com > >
Cc: GuyBrand <[email protected] mailto:[email protected] >;
Author <[email protected] mailto:[email protected] >
Subject: Re: [gorilla/websocket] wss client sample (#158)

Show the specific error returned from NewClient.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <
https://github.com/gorilla/websocket/issues/158#issuecomment-246239270>
,
or mute the thread <

https://github.com/notifications/unsubscribe-auth/AFpMck40SWoZSSNh5GCsBa1BLCfVji6Tks5qpNCbgaJpZM4J5xuM

. <

https://github.com/notifications/beacon/AFpMcilroxYKYxC2MHzpi8DSLBL8i-s_ks5qpNCbgaJpZM4J5xuM.gif

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
<https://github.com/gorilla/websocket/issues/158#issuecomment-246241793 ,
or mute the thread
<
https://github.com/notifications/unsubscribe-auth/AABIcDGTxeA-TpSS3w3i9qexFwthiA0cks5qpNUngaJpZM4J5xuM

.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <
https://github.com/gorilla/websocket/issues/158#issuecomment-246243358> ,
or mute the thread <
https://github.com/notifications/unsubscribe-auth/AFpMcuW47eIeOsvt2veObpe1cY4Bze5oks5qpNbMgaJpZM4J5xuM>
. <
https://github.com/notifications/beacon/AFpMcqi3U6C_XkiwnJfNjbnCgZ1U5DZHks5qpNbMgaJpZM4J5xuM.gif>

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/gorilla/websocket/issues/158#issuecomment-246251658,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABIcJFgN4wgTHWAxbLNvwXPoO9bqpxjks5qpN-UgaJpZM4J5xuM
.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/gorilla/websocket/issues/158#issuecomment-246251918 , or mute the thread https://github.com/notifications/unsubscribe-auth/AFpMcgUu6hjElLKeTqFqbw0TS2RYLb5Nks5qpOA0gaJpZM4J5xuM . https://github.com/notifications/beacon/AFpMcopWB8b-szRQ9LCWh4Bju2GpEmESks5qpOA0gaJpZM4J5xuM.gif

Can you give an example of how to create a gorilla/websocket server and gorilla websocket client running on top of ssl certificate ?

The package has a test that dials a server with a self-signed certificate. It's not written as an example, but it might be helpful to you. The TLS listener for this test is created in the net/http/httptest package.

If the server is not using a self-signed certificate, then the client application should simply dial with a wss URL. The dialer handles the TLS details.

A websocket server should call the http.ListenAndServeTLS helper function or the lower-level functions called by ListenAndServeTLS. Here are some example calls to ListenAndServeTLS.

I’ve seen the tester , but it looks like both server and client are loading the certificates in the same manner, this is not the way it will happen on a client-server operation (theoretically I wish for the client to not have a certificate , but if not other option , I am willing to install public-private couples) .

From: Gary Burd [mailto:[email protected]]
Sent: Monday, September 12, 2016 6:59 PM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

Can you give an example of how to create a gorilla/websocket server and gorilla websocket client running on top of ssl certificate ?

The package has a test for dialing TLS connections https://github.com/gorilla/websocket/blob/2d1e4548da234d9cb742cc3628556fef86aafbac/client_server_test.go#L230-L253 . It's not written as an example, but it might be helpful to you. The TLS listener for this test is created in the net/http/httptest package https://github.com/golang/go/blob/dfc56a4cd313c9c5de37f4fadb14912286edc42f/src/net/http/httptest/server.go#L107-L132 .

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/gorilla/websocket/issues/158#issuecomment-246395931 , or mute the thread https://github.com/notifications/unsubscribe-auth/AFpMcmmfedLahn8KYGL0GtVySPZzXtjoks5qpXbTgaJpZM4J5xuM . https://github.com/notifications/beacon/AFpMci3BBO6GxT_TeDpEC2PTcSQf-6dxks5qpXbTgaJpZM4J5xuM.gif

Just did that again, I’m either getting

x509: certificate signed by unknown authority

or

x509: certificate signed by unknown authority (possibly because of "x509: invalid signature: parent certificate cannot sign this kind of certificate" while trying to verify candidate authority certificate "serial:240832071503402080516336044108555611205")

depending on the cert I’m using .

added another folder “perTest" to the repo , with two options, with the above error , including certs

From: Gary Burd [mailto:[email protected]]
Sent: Monday, September 12, 2016 6:59 PM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

Can you give an example of how to create a gorilla/websocket server and gorilla websocket client running on top of ssl certificate ?

The package has a test for dialing TLS connections https://github.com/gorilla/websocket/blob/2d1e4548da234d9cb742cc3628556fef86aafbac/client_server_test.go#L230-L253 . It's not written as an example, but it might be helpful to you. The TLS listener for this test is created in the net/http/httptest package https://github.com/golang/go/blob/dfc56a4cd313c9c5de37f4fadb14912286edc42f/src/net/http/httptest/server.go#L107-L132 .

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/gorilla/websocket/issues/158#issuecomment-246395931 , or mute the thread https://github.com/notifications/unsubscribe-auth/AFpMcmmfedLahn8KYGL0GtVySPZzXtjoks5qpXbTgaJpZM4J5xuM . https://github.com/notifications/beacon/AFpMci3BBO6GxT_TeDpEC2PTcSQf-6dxks5qpXbTgaJpZM4J5xuM.gif

Here's how to modify the echo example to use a self-signed cert:

Generate cert with:

go run `go list -f {{.Dir}} crypto/tls`/generate_cert.go  --rsa-bits 1024 --host 127.0.0.1,::1,localhost --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h

Change the server to call:

log.Fatal(http.ListenAndServeTLS(*addr, "cert.pem", "key.pem", nil))

Change the client to use a dialer configured with root cert:

roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM(rootPEM)
if !ok {
    log.Fatal("failed to parse root certificate")
}
d := websocket.Dialer{TLSClientConfig: &tls.Config{RootCAs: roots}}
c, _, err := d.Dial(u.String(), nil)

This was a good lead , its working with some changes , when We finalise it , I can upload to this ticket , or you can use it as a sample .

Thanks !

From: Gary Burd [mailto:[email protected]]
Sent: Tuesday, September 13, 2016 4:53 AM
To: gorilla/websocket [email protected]
Cc: GuyBrand [email protected]; Author [email protected]
Subject: Re: [gorilla/websocket] wss client sample (#158)

Here's how to modify the echo example to use a self-signed cert:

Generate cert with:

go run go list -f {{.Dir}} crypto/tls/generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,localhost --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h

Change server https://github.com/gorilla/websocket/blob/2d1e4548da234d9cb742cc3628556fef86aafbac/examples/echo/server.go#L53 to call:

log.Fatal(http.ListenAndServeTLS(*addr, "cert.pem", "key.pem", nil))

Change client https://github.com/gorilla/websocket/blob/2d1e4548da234d9cb742cc3628556fef86aafbac/examples/echo/client.go#L32 to use dialer configured with root cert:

roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM(rootPEM)
if !ok {
log.Fatal("failed to parse root certificate")
}
d := websocket.Dialer{TLSClientConfig: &tls.Config{RootCAs: roots}}
c, _, err := d.Dial(u.String(), nil)

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub https://github.com/gorilla/websocket/issues/158#issuecomment-246550045 , or mute the thread https://github.com/notifications/unsubscribe-auth/AFpMcsfMHLviRgnVqsOofxLx2Z46BtIjks5qpgH6gaJpZM4J5xuM . https://github.com/notifications/beacon/AFpMcvHewl0IlhUY3lVbeuC3iAn-RSyWks5qpgH6gaJpZM4J5xuM.gif