Cannot connect to secure WSS

[winternet-studio]

Connecting to ws:// works fine but when I use wss:// to the same server (which works just fine in the browser and a websocket tester) it fails:

PHP Fatal error:  Uncaught WebSocket\ConnectionException: Could not open socket to "mydomain.com:443":  (0). in C:\...\includes\composer_libs\textalk\websocket\lib\Client.php:95
Stack trace:
#0 C:\...\includes\composer_libs\textalk\websocket\lib\Base.php(48): WebSocket\Client->connect()
#1 C:\...\run.phpcli(22): WebSocket\Base->send('{"action":"play...')
#2 {main}
  thrown in C:\...\includes\composer_libs\textalk\websocket\lib\Client.php on line 95

Fatal error: Uncaught WebSocket\ConnectionException: Could not open socket to "mydomain.com:443":  (0). in C:\...\includes\composer_libs\textalk\websocket\lib\Client.php on line 95

WebSocket\ConnectionException: Could not open socket to "mydomain.com:443":  (0). in C:\...\includes\composer_libs\textalk\websocket\lib\Client.php on line 95

Call Stack:
    0.2077     355880   1. {main}() C:\...\run.phpcli:0
    0.2148     587168   2. WebSocket\Base->send() C:\...\run.phpcli:22
    0.2148     587200   3. WebSocket\Client->connect() C:\...\includes\composer_libs\textalk\websocket\lib\Base.php:48

Any idea what the problem can be?

The server uses Apache modules proxy and proxy_wstunnel to make the secure connection (followed https://stackoverflow.com/questions/16979793/php-ratchet-websocket-ssl-connect#28393526). Internally the websocket server runs on a port above 8000.

[bennetgallein]

If you can provide some code we'll can help. wss:// works fine for me with apache2 default and php7.0

[ArvyRogerio]

I'm having the same problem, but it shows error on line 60, not on 95.

The server is ok, running wss, and Chrome can connect.

My server is a Nginx running SSL via proxy.

Fatal error: Uncaught exception 'WebSocket\ConnectionException' with message 'Could not open socket to "xxxxx:443": (0).' in /.../textalk/websocket/lib/Client.php:60

[ArvyRogerio]

Found the problem! Maybe help @winternet-studio or others.

The problem was not on Textalk. The server (Nginx) was missing the intermediate certificate. Checked using https://www.sslshopper.com/ssl-checker.html.

To fix: on Nginx "ssl_certificate" must point to a file with the certificate concatenated with the CA certificate. Just "cat cert.pem ca.pem > output.pem" and use it on Nginx. Same thing on Apache, on "SSLCertificateFile".

Using Let's Encrypt, just use fullchain.pem instead of cert.pem.

[winternet-studio]

ssl-checker didn't indicate any problems on my server - it says "all the correct intermediate certificates are installed" and everything else is green as well. I'm also using Let's Encrypt.

Not sure what code to share. I try to connect to the server using this standard code:

$client = new WebSocket\Client('wss://mydomain.com/wss2/', array('timeout' => 10));

In Javascript this code works fine:

var connection = new WebSocket('wss://mydomain.com/wss2/');

If you contact me through my website I can let you know the actual server so you could try it yourself if you're interested.

[nssmart]

Hi,

I have the exact same configuration with nginx proxying ssl to :8000 websocket server, can connect from browsers, but not from the server itself.

Was wondering whether you've had any luck figuring it out?

Thanks in advance!

[winternet-studio]

Sorry, I have not tried anything or found any solutions since my post.

[nssmart]

Thanks for the reply.
Pity it is.. anyone else perhaps?

[winternet-studio]

I've now picked this up again and I found out that it didn't work on my Windows developer machine, but the same code worked fine on a production Linux server. I also tried an asynchronous client https://github.com/ratchetphp/Pawl which also had issue on my local machine but worked fine on Linux server. Hopefully this bit of info might be helpful to someone.

[nssmart]

I figured it out as well, here is the deal.

1. We were using Nginx+Apache configuration on the server.
2. Nginx was configured so that it made an ssl-handshake with client and then internally redirected request to websocket's apache port (like 8080).
3. So when connecting from clients (JS) we used WSS and it worked - their requests came to nginx that handled SSL and forwarded them to Apache.
4. However, when connecting from the same machine from php script, it didn't work.
   What worked was connecting to the apache server directly (WS to port 8080 in this example).

Hope this will help someone as well :).

[karimhb]

I had the sane issue. The problem was that I am restricting access to ws to the origins "localhost" and "our domain". This library doesn't send an origin in the header. Got it fixed by adding
'origin' => 'localhost'
in the $header array in ~ 107 vcendor/texttalk/websocket/lib/Client.php

[sandy5623]

I too had the same issue with localhost wss:// Below code worked for me for byepassing certificate validation
stream_context_set_option($context, 'ssl', 'verify_peer', false); stream_context_set_option($context, 'ssl', 'verify_peer_name', false);

[saeed-khalafinejad]

For me also bypassing the SSL worked....

[balap777]

I too had the same issue with localhost wss:// Below code worked for me for byepassing certificate validation stream_context_set_option($context, 'ssl', 'verify_peer', false); stream_context_set_option($context, 'ssl', 'verify_peer_name', false);

hello @sandy5623 it would be great help if you can share the full code as tried the above but unable make it work and also the latest version gives array error in second parameter so not able to figure out how to use above code thanks in advance