I made a secure websocket server based on RustTls, my problem is when I try to connect a valid client (made with python) I keep getting "TLS accept failed: invalid certificate: BadDER" from the server. the client can connect to other websocket servers with no problem.
Knowing that I generated the signed certificates (both for Server and Client) using openssl commands, and both certificate work properly with other TLS sockets (made with C and python).
My question is, what does Badder means ? and how I can resolve this ? can I force the server to accepte invalid certificate ?
No, the CN can only be a single entry, while you can have a lot of SAN entries (and entries that aren't DNS names/wildcards). For HTTPS, the CN is not used if there's a SAN, so include the CN as a SAN. Moreover, using CN is deprecated for HTTPS, so always generate a SAN when generating for HTTPS.
(Most browsers will fall back to the CN if there is no SAN for backwards compatibility, but as you've found, that's not the case for RustTls. (Without a custom verifier. Protocols that aren't HTTPS have different verification behavior around CN and SAN.))