Menu
▾
▴
Re: [Libvncserver-common] LibVNCServer websockets and wss:// connection with novnc
|
From: Joel M. <gi...@ma...> - 2018-11-11 20:19:21
|
I'm not sure it's a libvncserver or noVNC issue, but rather that browsers have become more strict about self-signed certificates in the past couple of years. I tried building libvncserver but got an error about AVStream structure. I suspect my system is too out of date to build it. I think he problem is that browsers don't prompt to accept self-signed certs when it's on a WebSockets connection. I filed some bugs about that years ago, but it's a difficult problem because WebSocket connections are asynchronous and you don't want pages to be able to make arbitrary connections to other sites and trick the user into accepting certs that they don't expect. Most people barely understand the difference between HTTP and HTTPS as it is. If you browse to https://localhost:5900 (i.e. try and browse normallyl to the websocket port), accept the certificate (permanently) and then try and load the regular page it might work. At least, that has worked for me in the past. TBH, I'm no longer actively involved in noVNC. I transitioned it to the rest of the team a few years ago. Regards, Joel Martin (kanaka) On Sun, Nov 11, 2018 at 10:30 AM Christian Beier <chr...@go...> wrote: > > > Hi Joel, Gernot, > > I am currently tackling https://github.com/LibVNC/libvncserver/issues/68 and am > having a hard time setting up a wss:// connection between a LibVNCServer > example server and novnc 1.0.0. As you two are the principal authors of the > websockets code in LibVNCServer, I need your advice. > > This is what I'm doing, using libvncserver master: > > ``` > mkdir build > cd build > cmake -DWITH_GNUTLS=OFF .. # use OpenSSL as GnuTLS is simply broken, crashes > make > cd .. > cd webclients > openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes # create a self-signed cert > ../build/examples/example -sslcertfile cert.pem -sslkeyfile key.pem > ``` > > and open http://localhost:5800/novnc/vnc.html?autoconnect=true&host=localhost&port=5900&encrypt=true in > a browser. However, I get > > ``` > 11/11/2018 17:22:37 Got connection from client 127.0.0.1 > 11/11/2018 17:22:37 other clients: > 11/11/2018 17:22:37 Got TLS/SSL WebSockets connection > 11/11/2018 17:22:37 webSocketsHandshake: invalid client header > 11/11/2018 17:22:37 Client 127.0.0.1 gone > ``` > > Am I doing something wrong? > > If it worked with former versions - any idea where it could have been broken? > > Thanks for your thoughts, > > Christian |
