-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebTransport #143
Comments
According to this SO answer, we should be able to open a Something like: openssl req -new -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -x509 -nodes -days 10 \
-out ./cert.pem -keyout ./key.pem -subj '/CN=Test Certificate' -addext "subjectAltName = DNS:localhost"
openssl x509 -in cert.pem | openssl dgst -sha256 -binary | openssl enc -base64 > cert-hash.b64
xpra start --bind-quic=0.0.0.0:10000 --no-daemon \
--start=xterm -d websocket,http,quic --ssl-cert=./cert.pem --ssl-key=./key.pem Then this Javascript should work: const hash = "bVBYOdvpjg5QYaOl9QZXnktoqu7XhMDiTdwbzBn6cAI=";
function base64ToArrayBuffer(base64) {
var binaryString = atob(base64);
var bytes = new Uint8Array(binaryString.length);
for (var i = 0; i < binaryString.length; i++) {
bytes[i] = binaryString.charCodeAt(i);
}
return bytes.buffer;
}
const wt = new WebTransport('https://127.0.0.1:10000/', {
serverCertificateHashes: [
{
algorithm: 'sha-256',
value: base64ToArrayBuffer(hash)
}
]
});
await wt.ready Unfortunately, this raises a:
Important note: do not use This would be extremely useful for testing, or even for deployments were the key hash can be exchanged securely through other means. Another example here: GoogleChrome: webtransport_server.py does not use |
W3C WebTransport: Authentication using Certificate Hashes ChromeThe only test I can find actually checks that hashes don't work..
FirefoxIssues: Support serverCertificateHashes in the WebTransport constructor options and Webtransport: serverCertificateHashes does not work as expected
And both xpra and the aioquic test server report the same sequence of events:
Safariis the new IE - it is hopeless: |
Only managed to connect by using an mkcert CA and an https context hosting the Javascript - without any My guess is that the default CSP is preventing the browser from connecting to a |
Working as of the commit above and xpra 6.1 from git master. To use it:
xpra start --start=xterm --no-daemon -d quic \
--bind-tcp=0.0.0.0:10000 --bind-quic=0.0.0.0:10000 \
--ssl-cert=./cert.pem --ssl-key=./key.pem
Note: using a valid certificate is a pain. To verify that the connection uses xpra info | grep -i connection.type It should show |
chrome status : WebTransport
There's going to be a lot of overlap with Xpra-org/xpra#3376
The text was updated successfully, but these errors were encountered: