Let's encrypt certificate about netcoreserver HOT 11 CLOSED

In "NetCoreServer\examples\WssChatClient\Program.cs" there is an example how to prepare HttpRequest in OnWsConnecting() handler:

        public override void OnWsConnecting(HttpRequest request)
        {
            request.SetBegin("GET", "/");
            request.SetHeader("Host", "localhost");
            request.SetHeader("Origin", "http://localhost");
            request.SetHeader("Upgrade", "websocket");
            request.SetHeader("Connection", "Upgrade");
            request.SetHeader("Sec-WebSocket-Key", Convert.ToBase64String(WsNonce));
            request.SetHeader("Sec-WebSocket-Protocol", "chat, superchat");
            request.SetHeader("Sec-WebSocket-Version", "13");
            request.SetBody();
        }

from netcoreserver.

Fixed

from netcoreserver.

Will see for the Let's encrypt certs solution

from netcoreserver.

Is it possible now to use the WssClient (or other sslclient) with a server using Let's encrypt sertificate? For example, my .net core server is behind a nginx reverse proxy handling the SSL validation

from netcoreserver.

You need to export Let's encrypt certificate to pfx file and use it in WssServer.
Sample instruction can be found here: https://www.alitajran.com/export-lets-encrypt-certificate-in-windows-server/

from netcoreserver.

This is valid for the server, but not sure I can do the same for client certificate

from netcoreserver.

I think SSL client handshake should be updated in SslClient.Connect() method. Can you please try to replace:

_sslStream.AuthenticateAsClient(Address, Context.Certificates ?? new X509CertificateCollection(new[] { Context.Certificate }), Context.Protocols, true);

with

_sslStream.AuthenticateAsClient(Address); 

From MSDN:

Starting with .NET Framework 4.7, this method authenticates using None, which allows the operating system to choose the best protocol to use, and to block protocols that are not secure. In .NET Framework 4.6 (and .NET Framework 4.5 with the latest security patches installed), the allowed TLS/SSL protocols versions are 1.2, 1.1, and 1.0 (unless you disable strong cryptography by editing the Windows Registry). No client certificates are used in the authentication. The certificate revocation list is not checked during authentication. The value specified for targetHost must match the name on the server's certificate.

from netcoreserver.

I have to switch on another project for now, but here are my tests/observations:

SslClient
I changed IPEndPoint to EndPoint
Added a new constructor accepting a DnsEndPoint (and added it to HttpsClient / WssClient)
Modified CreateSocket() so, if the AddressFamily is not set I use AddressFamily.InterNetwork, which is the case when using DnsEndPoint
Modified _sslStream.AuthenticateAsClient(dnsEndPoint.Host); like you said

It works but, I had BadRequest error from my Nginx reverse proxy, so:

HttpRequest
For a WssClient, it's not sending a valid header structure, I've set all the required headers in OnWsConnecting but my Nginx was returning a BadRequest error. After investigating, I found that there is a missing \r\n line after the last header entry. I did a modification to HttpRequest to append a \r\n for my WssClient and it's now accepted by Nginx.

This missing line is added by other fonctions like AddBody() after appending the Content-Length header

Now, it seems to connect but my WsServer doesn't receive anything, might be an error with my reverse proxy configuration but I have to switch on another project. Hope this can help someone

from netcoreserver.

That's perfect, just need to update the Readme

from netcoreserver.

I did a pull request #165 to support
DnsName, let's encrypt certificates. Work perfectly with Nginx reverse proxy

from netcoreserver.

Great, thank! I'll look and merge it soon.

from netcoreserver.