Serve webhook server on https #627
Conversation
http_proxy.go
Outdated
| certPEM, _ := os.ReadFile(p.CertFile) | ||
| keyPEM, _ := os.ReadFile(p.KeyFile) | ||
| cert, _ := tls.X509KeyPair(certPEM, keyPEM) |
There was a problem hiding this comment.
Can we add some error verifications? If the cert file or Key file are empty we probably need to decide what to do.
- We can return an error informing about the missing parameters for this proxy
- We could ignore these errors and not build a TLS config (but we probably don't want that)
There was a problem hiding this comment.
I am going to take care of those. I just wanted to confirm that indeed this is the right path to the fix
|
So this works, at least for establishing WSS connections to the server. However, there is clearly something wrong as you are creating a TLS listener and also passing the TLS keypair to |
What I observed was we were passing a listener not configured for TLS to |
|
Ok I think the fix is better done in broflake library, see getlantern/browsersunbounded#259 |
This is some rough PR I was using to investigate why
/wsendpoint was not showing it's cert to the client.I started a local http-proxy using a custom broflake config.ini
Before doing
openssl s_client -connect 127.0.0.1:1443 -showcertswould not show any certsAdd the change in this PR and doing
openssl s_client -connect 127.0.0.1:1443 -showcertsreveals the cert detailsI also created a custom self-signed cert and key and added them to my key chain (I am on a mac). I was able to connect to the proxy as egress server using the widget. So websocket connection was established.
Only issue I see is the desktop fails to connect due
2024/09/11 19:10:30 QUIC dial failed (CRYPTO_ERROR 0x146 (remote): tls: protocol version not supported), retrying...I think I can get to the bottom of this soon.