TLS Encryption not working on iPad 2 #124
Comments
|
Please post the output you see from the proxy/launch.sh when you try and connect. Also, what error do you get from Safari (you'll need to activate debug in Safari settings)? It's possible you are running into the certificate not accepted issue. See the top section on this page: https://github.com/kanaka/noVNC/wiki/Troubleshooting |
That's the strange part - no output was produced.
I loaded the vnc.html via TLS and accepted the cert by then. Will double check though.
Will check! |
|
I noticed this same issue myself but since encrypted noVNC has hiccups on 1 or 2 other desktop browsers as well I just gave up and run unencrypted. At least with self-signed certs. Haven't tried a fancy paid cert. |
|
@astrand, if you aren't getting any output then that means that there isn't even a socket connection being made from the ipad to websockify. Just to confirm, this works if you make an unencrypted connection from noVNC on the iPad? One thing to try is changing the initial URL that you use to load the page to "https://". I have an iPad 2 and I'll give this a try later, but I'm pretty sure I've tried this before and it worked fine. |
|
Yes, it works without encryption. I've tried https://, doesn't help. After enabling the error console, I get 5 errors. The most interesting one is: A similar problem is described here: It seems one must set setValidatesSecureCertificate to false. Can this be done from Javascript? |
|
So I reproduced the problem on the iPad 2 (and iPhone). One of the problems is that websockify was swallowing EOF errors. I've fixed that and now it's clear that wss WebSocket connections from iPad (and iPhone) are triggering an EOF error on the python side. It could be related to the self-signed certificates (possibly a bug with iOS+self-signed+websockets). I can make wss connections via websocket.org/echo.html from the iPad, but they certainly are not using self-signed certificates. |
|
Hi kanaka, regards, daniel |
|
Still a problem, it seems. Using the latest GIT version. Getting: _ssl.c:490: EOF occurred in violation of protocol This is from an iPad mini with user agent: "Mozilla/5.0 (iPad; CPU OS 6_0_1 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A523 Safari/8536.25" I found this thread: https://lists.webkit.org/pipermail/webkit-dev/2011-July/017583.html As soon as my Apple account is active, I will check the bug report. |
|
It turns out that you can only report new bugs to Apple, you cannot view existing bug reports. Thus, I haven't been able to find any details about bug 9697244. |
|
Here follows some information regarding self signed cert and iOS / WebSockets. http://blog.marcon.me/post/24874118286/secure-websockets-safari |
|
Now verified. Works with a valid certificate. A self-signed certificate also works if imported via the mail application. However, the server host name must match. |
|
@hean01 @astrand I have a request. Could you guys update the a couple of wiki pages to help people that are running into these issues? https://github.com/kanaka/noVNC/wiki/Troubleshooting In particular, the article that @hean01 linked to doesn't really go into enough detail about hostname mismatches. Also, if one of you knows how to convert from openssl generated self-signed certs, to the .cer format that the mail client will accept, that would be great to document on the websockify encrypted connections wiki page. Thanks! |
|
I've written some documentation on https://github.com/kanaka/websockify/wiki/Encrypted-Connections now. I didn't include anything about DER certs. At least from the web PEM certs works fine, so my guess is that PEM certs are fine even when importing via the email application (although I haven't verified this). |
|
Yes, I think this is probably sufficient. Thanks for documenting that. I've linked back to this bug on the wiki page. |
Is TLS/wss supposed to work in iPad 2? It doesn't for me, all I get is "Server disconnected". Tried adding "?logging=debug", gave nothing. Works from Firefox 9 on Windows XP. Output from launch script:
$ ./launch.sh --vnc localhost:5901
Starting webserver and WebSockets proxy on port 6080
WebSocket server settings:
Navigate to this URL:
Press Ctrl-C to exit
I'm using the latest git version. iOS 5.0.1.
The text was updated successfully, but these errors were encountered: