No Security Information for wss connections
Reported by
d3c...@gmail.com,
Apr 6 2018
|
||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 Steps to reproduce the problem: have a webpage that opens a websocket over wss:// . Look in Developer Tools->Security The wss connection will show up, but there are no security details for it. What is the expected behavior? Should be able to see certificate received from the server, and view details of certificates. What went wrong? wss:// shows up under 'Unknown/Canceled' connections instead of 'Secure Origins'. While writing this, I went to 'https://youtube.com' to see security info there, and it has several other https:// references which show up and are browsable with security information. Did this work before? No Chrome version: 65.0.3325.181 Channel: stable OS Version: 10.0 Flash Version: My application loads from a webserver (html/js), and uses websockets to connect to a different server, using wss. This second connection is using our own certificate chain, which means I have to connect to that server over https:// and then I can accept that certifcate as valid, then the wss:// connection works. (although it does have a default-accept-bad-cert sort of option enabled). This websocket connection gets a redirect to one of many other servers also using wss:// but since that is a different IP is a different certificate. (but since it's still on the same host, for now, the default accept is still working). I can communicate on this second websocket; and perform a login, and service request, on the service request, I get another address and port to connect to. This third redirection is failing.,,, VM190:164 WebSocket connection to 'wss://...:13616/' failed: Error in connection establishment: net::ERR_CERT_AUTHORITY_INVALID I would like to be able to see the certificate information to see if it really is invalid, or if this third redirectly through temporarily valid sockets is what's failing... But; none of the wss connections show their certificate information. In the normal application, which includes the root certificate to complete the chain, I have no issue connecting to the same services. but this is about the lack of information; not the failure.
,
Apr 8 2018
Issue 830002 has been merged into this issue.
,
Apr 8 2018
,
Apr 8 2018
I made a batch file that can update the root cert into the keystore; and then I get this as the error.... ERR_CERT_COMMON_NAME_INVALID which is right; I built that cert wrong, and my other app doesn't recognize that. The above was reporting ERR_CERT_AUTHORITY_INVALID; which it was in the state of having accepted the incomplete certificate chain.... it could have also reported as COMMON_NAME_INVALID... (which if the security tab could show that cert chain I could have also seen that)
,
Apr 8 2018
So I fixed my common name issue... but now it's saying the time isn't valid...
Validity
Not Before: Apr 8 17:51:25 2018 GMT
Not After : Apr 15 17:51:25 2018 GMT
It is currently 18:08 APR 8 2018 UTC ( 11:08AM PDT)
I suspect if I just wait an hour it will fix itself....
,
Apr 11 2018
d3ck0r@ Thanks for the issue. Request you to provide a test URL where this issue can be reproduced which will help in further triaging. Thanks..
,
Apr 11 2018
https://chatment.com/testApp/index6.html This has a single connection; this single connection does not show security info for WSS... Working on a more complete example with certs that return wrong/misleading error when accepted... and on a less valid cert chain... But the above does give a wss connection which shows in security.
,
Apr 11 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Apr 11 2018
https://gist.github.com/d3x0r/168b9fc4a74d3fcf425b15b009fdc844 This is a minimal self hosted server using node, and my system abstraction addon. it dynamically generates a valid cert chain with a root, a CA, and a cert. if the root was logged and installed as a root authority it would even be valid (until the program exited) it doesn't save the certs...
,
Apr 16 2018
,
May 15 2018
As the issue seems to be out of scope for triaging from our end which is related to certificate(s), hence adding label "TE-NeedsTriageHelp" and requesting some one from Dev team to have a look into this and help in further triaging it. Thanks!
,
May 29 2018
,
Oct 12
,
Oct 25
is this issue resolved?
,
Oct 25
I'm Facing same issue while calling wss url from google chrome |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by d3c...@gmail.com
, Apr 6 2018