wss fails on IPV6 address

[nmset]

wss fails to work on IPV6 addresses. No problem is seen with IPV4 addresses and with wss://localhost:port.

The attached file demonstrates this issue on Linux.

tls or tls+tcp just works in the attached file.

Please advise if wss is expected to work with IPV6 addresses.

Regards.

nng_wss_ipv6_c.cpp.txt

[gdamore]

That should have worked, but tbh I have not really tested for it, and I suspect you've identified a bug.

[gdamore]

Actually, looking in more detail, I expect your use of TLS may be at issue.

Using IP addresses for TLS will generally not work, unless your certificate explicitly lists those IP addresses. You can test this by changing the auth mode on the client from NNG_TLS_AUTH_MODE_REQUIRED to NNG_TLS_AUTH_MODE_NONE.

If that "Just Works", then try changing your certificate.

Having said that, it may be possible that we can do a lookup on the host name and see if it resolves to the given IPv6 address.

I'm going to hold this bug issue open pending feedback.

[gdamore]

It's also entirely possible that the TLS library you are using (probably mbedTLS unless you went out of your want to configure wolfSSL in 1.3.0) may not honor the IPv6 address validation.

[nmset]

I tested with NNG_TLS_AUTH_MODE_NONE to no avail.

Then with both NNG_TLS_AUTH_MODE_NONE and NNG_TLS_AUTH_MODE_REQUIRED, I tried changing the cert common name to ::1, [::1] and [::1]:8000. No better luck.

I'm indeed using mbedTLS.

Using IP addresses for TLS will generally not work

I must precise that tls+tcp://[IP::v6]:port does work.

Thanks for looking into that.

[gdamore]

Ok this is good information. I will write a test case to cover this and make sure to get a fix before too long. I am spread a little thin at the moment so it might be a week or so.

[gdamore]

This looks like it is not specific to wss, but to websocket in general.

Specifically it looks like what is happening is that the method lookup is not working -- I think this is actually a bug in the HTTP server framework.