WebSocket WebSocket wildcard host errors #844
Comments
|
This seems like a request to support to ws4:// and ws6:// to get explicit binding like we have for TCP. The problem with not specifying an address (using INADDR_ANY) is that the consequences of this are highly unportable. This probably does an AF_INET6 binding, and expects that the platform does a dual stack mapping (IPv4 mapped IPv6 address), but the support for this is hardly universal. Btw, what "localhost" maps to is also highly platform specific. It usually maps to 127.0.0.1, but it might also map to ::1. Or it might not. I would be willing to contemplate adding explicit binding options (ws4:// and ws://6, as well as the wss4:// and wss6:// options) for websocket. This would require enhancing the HTTP framework somewhat to support this as well. To be completely honest, I think when binding you're best bet is to specify an actual host IP address or name. This is actually super important if you use TLS because we need the name to match to the certificate. |
|
Sometimes you want to use a hostname for TLS that is different from what
you want to bind to on IP.
…On Mon, 18 Feb 2019, 08:07 gdamore, ***@***.***> wrote:
This seems like a request to support to ws4:// and ws6:// to get explicit
binding like we have for TCP.
The problem with not specifying an address (using INADDR_ANY) is that the
consequences of this are highly unportable. This probably does an AF_INET6
binding, and expects that the platform does a dual stack mapping (IPv4
mapped IPv6 address), but the support for this is hardly universal.
Btw, what "localhost" maps to is also highly platform specific. It
*usually* maps to 127.0.0.1, but it might *also* map to ::1. Or it might
not.
I would be willing to contemplate adding explicit binding options (ws4://
and ws://6, as well as the wss4:// and wss6:// options) for websocket. This
would require enhancing the HTTP framework somewhat to support this as well.
To be completely honest, I think when binding you're best bet is to
specify an actual host IP address or name. This is actually super important
if you use TLS because we need the name to match to the certificate.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#844 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ACBICB_IVLI9dx4B4F5Dx8zotWrIn9Oeks5vOlFMgaJpZM4ZmkQP>
.
|
|
Fair point @janjaapbos |
|
It is possible to specify that different hostname via the nng_tls_config_* API, btw. It just takes extra effort. |
gdamore
changed the title
Connection refusedfixes #1224 wss fails on IPV6 address This fixes bugs and inconsistencies in the way addresses are handled for HTTP (and consequently websocket). The Host: address line needs to look at numeric IPs and treat wildcards as if they are not specified, and needs to understand the IPv6 address format using brackets (e.g. [::1]:80).
Note that by filing an issue, you agree that you have read and agreed to
our contribution guidelines.
NNG & Platform details.
nng-1.1.1, Debian GNU/Linux 9.5 (Stretch)
Expected Behavior
When listening to
ws://*:45454/foobarI would expect that :nng_dialtows://localhost:45454/foobarworksThe documentation, indeed seems to explain it's dependent of the underlying system but as I think it's a common setup for many OS, and that it works out-of-the-box on macOS, i'm wondering if I'm missing something.
Actual Behavior
What happens is the
listenis done only on IPv4 and thedialis using IPv6.The text was updated successfully, but these errors were encountered: