Socket.io chat server not presenting SSL certificate

Question

A (simple) chat is part of an application I've created a while back. Today I'm switching the website from http to https. Therefore I also have to SSL my Socket.io chat socket, otherwise browsers will whine.

For some reason though my chatserver isn't presenting any certificate at all. Using openssl on linux confirms this:

openssl s_client -connect my.subdomain.tld:1337 -servername my.subdomain.tld -ssl3

returns

CONNECTED(00000003)
140136057653064:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1436357417
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

I obviously replaced the domains. The port is actually 1337 and the server uses SNI so I believe I have to use the -servername argument?

My Node server (simplified):

var fs = require('fs');
var privateKey = fs.readFileSync('/home/ssl_certificates/my_subdomain_tld.key').toString();
var certificate = fs.readFileSync('/home/ssl_certificates/my_subdomain_tld.crt').toString();
var ca = fs.readFileSync('/home/ssl_certificates/AddTrustExternalCARoot.crt').toString();
var io = require('socket.io').listen(1337, {key: privateKey, cert: certificate, 'ca': ca});

The certificates do exist at that location and they are valid (double checked). How can I go about debugging this? Why is Socket.IO not presenting a certificate?

Possible duplicate: http://stackoverflow.com/questions/15449234/socket-io-cant-connect-through-https — Rahat Mahbub, Jul 10 '15 at 22:54
Wouldn't it be easier keeping socket.io behind an actual webserver like nginx? Let nginx handle the certificates. — bluesman, Jul 13 '15 at 18:40

stefkin · Accepted Answer · 2015-07-15T21:17:13.727

2

As you can see in docs listen is instance method of Server class. Instantiate https server first, attach certificates to it, and then pass it to Server() constructor.

var https = require('https');
var fs = require('fs');

var options = {
  key: fs.readFileSync('~/.certs/my-sub.key'),
  cert: fs.readFileSync('~/.certs/my-sub.crt')
};

var app = https.createServer(options);
var io = require('socket.io')(app);

app.listen(1337);

There is a documented ability to start server using socket.io itself described here.Options that can be passed to io's Server() method are listed in engine.io docs. It seems like you can't attach certificates to it.

edited Jul 15 '15 at 21:17

answered Jul 15 '15 at 21:04

stefkin

679
7
19

Hah, interesting! But it works! Thanks alot, much appreciated :) – Basaa Jul 15 '15 at 22:23
got me started - but if one requires express too - look at https://stackoverflow.com/a/11745114/3022387 … essentially: https.createServer(credential_options,express_app) – flowtron Oct 20 '17 at 13:51

Socket.io chat server not presenting SSL certificate

1 Answers1