Secure WebSocket Implementation with tokio-tungstenite | tokio-rustls | rustls-platform-verifier

Hi, I'm trying to build wss connection.
here is my client code

let connect_addr = "wss://192.168.1.2:2525";
    let config = rustls_platform_verifier::tls_config();
    
    
    let connector = tokio_tungstenite::Connector::Rustls(Arc::new(config));
    let ws_stream;
    
    match tokio_tungstenite::connect_async_tls_with_config(connect_addr, None, false, Some(connector)).await {
        Ok(ws_stream_connected) => ws_stream = ws_stream_connected.0,
        Err(_) => {
            return;
        }
    }

and here is my server code:

    let streamer_socket = TcpListener::bind("192.168.1.2:2525").await.unwrap();

    let fullchain: io::Result<Vec<CertificateDer<'static>>> = certs(&mut BufReader::new(
        File::open("certificates/fullchain.pem").unwrap(),
    ))
    .collect();
    let fullchain = fullchain.unwrap();
    let privkey: io::Result<PrivateKeyDer<'static>> = pkcs8_private_keys(&mut BufReader::new(
        File::open("certificates/privkey.pem").unwrap(),
    ))
    .next()
    .unwrap()
    .map(Into::into);
    let privkey = privkey.unwrap();

    let config = tokio_rustls::rustls::ServerConfig::builder()
        .with_no_client_auth()
        .with_single_cert(fullchain, privkey)
        .unwrap();
    let acceptor = TlsAcceptor::from(Arc::new(config));
    loop {
        match streamer_socket.accept().await {
            Ok((streamer_tcp, streamer_info)) => {
                let streamer_tcp_tls = acceptor.accept(streamer_tcp).await.unwrap();
                match tokio_tungstenite::accept_async(streamer_tcp_tls).await {
                    Ok(ws_stream) => {
                        println!(
                            "New Streamer"
                        );
                        break;
                    }
                    Err(err_val) => eprintln!("Error: TCP to WS Transform | {}", err_val),
                }
            }
            Err(err_val) => eprintln!("Error: TCP Accept Connection | {}", err_val),
        }
    }

when I run these codes I get this error at

let streamer_tcp_tls = acceptor.accept(streamer_tcp).await.unwrap();

I couldn't find resources to implement this correctly, that's why I improvised and hoped. I don't know how to make wss stream correctly.

I gave fullchain.pem and got this error, and if I give only cert.pem I get this error:

These certificates are come from letsencrypt and they works well with apache server or axum tls :confused: but not with wss I think

If I create new certificate with openssl, I get this

Okay problem is I was using IP address not the domain address. I changed them and problem solved. I still don't know how to test this in my local machine, but it worked on my remote server.

Why this solved my situation because we register certificates for domain names.

ps: Use fullchain not only certificates in server side, if you are planning to use logic like mine.

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.