Re: [Libvncserver-common] LibVNCServer websockets and wss:// connection with novnc

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I'm not sure it's a libvncserver or noVNC issue, but rather that
browsers have become more strict about self-signed
certificates in the past couple of years. I tried building
libvncserver but got an error about AVStream structure. I
suspect my system is too out of date to build it.

I think he problem is that browsers don't prompt to accept self-signed
certs when it's on a WebSockets connection.
I filed some bugs about that years ago, but it's a difficult problem
because WebSocket connections are asynchronous
and you don't want pages to be able to make arbitrary connections to
other sites and trick the user into accepting
certs that they don't expect. Most people barely understand the
difference between HTTP and HTTPS as it is.

If you browse to https://localhost:5900 (i.e. try and browse normallyl
to the websocket port), accept the certificate
(permanently) and then try and load the regular page it might work. At
least, that has worked for me in the past.
TBH, I'm no longer actively involved in noVNC. I transitioned it to
the rest of the team a few years ago.

Regards,

Joel Martin (kanaka)
On Sun, Nov 11, 2018 at 10:30 AM Christian Beier
<chr...@go...> wrote:
>
>
> Hi Joel, Gernot,
>
> I am currently tackling https://github.com/LibVNC/libvncserver/issues/68 and am
> having a hard time setting up a wss:// connection between a LibVNCServer
> example server and novnc 1.0.0. As you two are the principal authors of the
> websockets code in LibVNCServer, I need your advice.
>
> This is what I'm doing, using libvncserver master:
>
> ```
> mkdir build
> cd build
> cmake -DWITH_GNUTLS=OFF .. # use OpenSSL as GnuTLS is simply broken, crashes
> make
> cd ..
> cd webclients
> openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes # create a self-signed cert
> ../build/examples/example  -sslcertfile cert.pem -sslkeyfile key.pem
> ```
>
> and open http://localhost:5800/novnc/vnc.html?autoconnect=true&host=localhost&port=5900&encrypt=true in
> a browser. However, I get
>
> ```
> 11/11/2018 17:22:37 Got connection from client 127.0.0.1
> 11/11/2018 17:22:37   other clients:
> 11/11/2018 17:22:37 Got TLS/SSL WebSockets connection
> 11/11/2018 17:22:37 webSocketsHandshake: invalid client header
> 11/11/2018 17:22:37 Client 127.0.0.1 gone
> ```
>
> Am I doing something wrong?
>
> If it worked with former versions - any idea where it could have been broken?
>
> Thanks for your thoughts,
>
>    Christian