Connecting to WSS: Unable to complete SSL/TLS handshake about pawl HOT 7 CLOSED

Since 2017, the way to do it changed, and I think it should now be:

require __DIR__ . '/vendor/autoload.php';

$loop = \React\EventLoop\Factory::create();
$connector = new \React\Socket\Connector($loop, [
  'timeout' => 20,
  'tls' => [ // here we define the SSL Context options (https://www.php.net/manual/en/context.ssl.php)
    'verify_peer' => false,
    'verify_peer_name' => false,
    'allow_self_signed' => true
  ]
]);
$wsClient = new \Ratchet\Client\Connector($loop, $connector);
$wsClient('wss://IP:PORT')->then(function($conn) {
    $conn->on('message', function($msg) use ($conn) {
        echo "Received: {$msg}\n";
        $conn->close();
    });

    $conn->send('Hello World!');
}, function ($e) {
    echo "Could not connect: {$e->getMessage()}\n";
});

$loop->run();

from pawl.

Take a look at previous issues about ssl. It looks like you're using a self signed certificate? In that case you need to pass SSL context options to the Connector.

from pawl.

It's working now, thank you.

$loop = \React\EventLoop\Factory::create();
$wsClient = new \Ratchet\Client\Connector($loop, null, ['verify_peer_name' => false, 'allow_self_signed' => true]);
$wsClient('wss://' . WEBSOCKET_SERVER_IP . ':' . WEBSOCKET_SERVER_PORT)->then(
      function ($conn) use ($message) {
          $conn->send($message);
          $conn->close();
      }
);

$loop->run();

Follow up question: this only appears to work by using the IP address in the URL. Is there a way to use the host name instead?

from pawl.

I didn't see the follow up question - reopening...

from pawl.

@JimmyPruitt - On your follow-up question - do you know if the name is able to be resolved? By default the resolver in Pawl uses 8.8.8.8.

from pawl.

Unable to complete SSL/TLS handshake: stream_socket_enable_crypto(): Peer certificate CN='*.foo.bar' did not match expected CN='local.blah.foo.bar'.

This error looks correct to me, as wildcard SSL certificates should only work one level below the root domain, perhaps https://stackoverflow.com/questions/2115611/wildcard-ssl-on-sub-subdomain could help here?

Other than that, you may also pass the peer_name context option to set the expected peer name for your remote host. This parameter should have preference over the implicit domain name from the connection URI.

from pawl.

Closing this issue - please feel free to comment if your issue is not fixed.

from pawl.