You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\azuka\AppData\Local\go-build
set GOENV=C:\Users\azuka\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\azuka\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\azuka\go
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=C:\Program Files\Go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLCHAIN=auto
set GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.21.0
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=0
set GOMOD=NUL
set GOWORK=
set CGO_CFLAGS=-O2 -g
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-O2 -g
set CGO_FFLAGS=-O2 -g
set CGO_LDFLAGS=-O2 -g
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=C:\Users\azuka\AppData\Local\Temp\go-build1597027050=/tmp/go-build -gno-record-gcc-switches
What did you do?
I am using go's reverse proxy from the httputils package. It works really well, and perform HTTPS TLS termination perfectly when proxying HTTPS > HTTPS.
I will see this error, which basically tells me I am using a self signed certificate.
node:events:492
throw er; // Unhandled 'error' event
^
Error: self-signed certificate
at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
at TLSSocket.emit (node:events:514:28)
at TLSSocket._finishInit (node:_tls_wrap:1070:8)
at ssl.onhandshakedone (node:_tls_wrap:856:12)
Emitted 'error' event on WebSocket instance at:
at emitErrorAndClose (C:\Users\azuka\Desktop\New folder\node_modules\ws\lib\websocket.js:1033:13)
at ClientRequest.<anonymous> (C:\Users\azuka\Desktop\New folder\node_modules\ws\lib\websocket.js:880:5)
at ClientRequest.emit (node:events:514:28)
at TLSSocket.socketErrorListener (node:_http_client:495:9)
at TLSSocket.emit (node:events:514:28)
at emitErrorNT (node:internal/streams/destroy:151:8)
at emitErrorCloseNT (node:internal/streams/destroy:116:3)
at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
}
Node.js v20.9.0
Note that if I un-comment rejectUnauthorized: false, it will start working perfectly
What did you expect to see?
I would expect WSS to act like HTTPS in general: the reverse proxy terminate the SSL connection, et re-encrypt with the new certificate, but instead it seems to be carrying over the origin certificate.
The text was updated successfully, but these errors were encountered:
OK so I have spent the evening debugging this and I came to the conclusion that it's a Synology specific problem, as unlike what I initially thought, I am unable to reproduce the issue again
Go version
go version go1.21.0 windows/amd64
Output of
go env
in your module/workspace:What did you do?
I am using go's reverse proxy from the httputils package. It works really well, and perform HTTPS TLS termination perfectly when proxying HTTPS > HTTPS.
See implementation: https://github.com/azukaar/Cosmos-Server/blob/master/src/proxy/routeTo.go#L53
What did you see happen?
When proxying a WSS connection to a WSS server however, the certificate does not seem to be the right one.
Here's an example server:
if I proxy it from the reverse proxy, and connect to it via a client:
I will see this error, which basically tells me I am using a self signed certificate.
Note that if I un-comment
rejectUnauthorized: false
, it will start working perfectlyWhat did you expect to see?
I would expect WSS to act like HTTPS in general: the reverse proxy terminate the SSL connection, et re-encrypt with the new certificate, but instead it seems to be carrying over the origin certificate.
The text was updated successfully, but these errors were encountered: