1

I created a SSL certificate with openssl on a debian 8 VM. So i have a single PEM file which contain my key and my certificate.

I would like to know if it's possible to use a SSL certificate without https, express etc, simply by using a architecture with socket IO (server side) and socket IO client (client side).

Server side :

var fs          = require("fs")
,   options     = {
    key     : fs.readFileSync('./test/apache.pem'),
    cert    : fs.readFileSync('./test/apache.pem')
}

var io = require('socket.io').listen(45621, options)

io.sockets.on("connection", function(socket) {
    console.log("socket " + socket.id + " connected !")
})

Client side : (I'm using a simple html client)

<script src="http://code.jquery.com/jquery-latest.min.js"></script>
<script src="socket-io-1-2-1.js"></script>
<script>
    var socket = io.connect('https://localhost:45621', {secure: true})
    socket.on("connect", function() { alert("we are connected to socket io!") })
</script>

When i'm running my client page, i automatically receive a connection close. (net::ERR_CONNECTION_CLOSED)

It works if i remove the SSL options in server side and change my client connection with :

 io.connect("http://localhost:45621")

but exchanges aren't secure ?

Edit: Isn't a duplicate of this because i don't want to use http, https, express by createServer method. I'm only using socket io.

Community
  • 1
  • 1
Gregor Mountain
  • 213
  • 1
  • 2
  • 9

1 Answers1

6

I think it isn't possible to only use socket-io server to secure your exchanges if you wants your client to connect with "wss://" or "https://". I found a solution, but for that you need to require "https", "express" libraries even if you don't use them and create your server like this :

var https = require('https')
,   fs    = require('fs') //require fs to read your key & cert
,   app   = require("express")
,   key   = fs.readFileSync('<<PATH TO YOUR SSL KEY>>apache.key', 'utf8')
,   cert  = fs.readFileSync('<<PATH TO YOUR SSL CERT>>apache.crt', 'utf8')

var server = https.createServer({key: key, cert: cert}, app); //then create your server

server.listen(45621)
var io = require("socket.io").listen(server);

io.sockets.on("connection", function(socket) {
    console.log("socket id " + socket.id + " connected !")
    socket.on("foo", function() { console.log("bar") })
})

Then your web client need to be like this:

<script src="https://code.jquery.com/jquery-latest.min.js"></script>
<script src="https://cdn.socket.io/socket.io-1.4.5.js"></script>
<script>
  var socket = io.connect("https://192.168.0.35:45621/socket.io/?EIO=3&transport=websocket")
  socket.on("connect", function() { alert("my socket is connected !") })
</script>

If you want to test a SSL certificate for localhost, don't write "localhost" at the step "common name" with openssl command but write your local IP (192.168.0.35 for me). Then with your client, do not connect with https://localhost but with this following url :

https://YOUR LOCAL IP:YOUR SERVER PORT/socket.io/?EIO=3&transport=websocket

At this moment, i've got a problem, i can connect my socket to my io server, but i can't emit and receive any emits. I tried this solution, but it doesn't works. I will edit this post when i will find the problem.

Edit : You need to run your web client through https://, not http://. Protocol http authorized your socket to connect to your io server however you can't to anything (emit/receive events).

Community
  • 1
  • 1
Gregor Mountain
  • 213
  • 1
  • 2
  • 9
  • Brilliant thank you. Based on your code I managed to get my MQTT socket server to finally work over SSL. – CMP Oct 13 '16 at 21:42