5

I'm trying to setup a server to server link using socket.io over ssl connection. This is my example:

/**
 * Server
 */


var app = require('express')();
var config = require('./config');
var https = require('https');
var http = require('http');
var fs = require('fs');
var server = https.createServer({key: fs.readFileSync(config.ssl.key), cert: fs.readFileSync(config.ssl.cert), passphrase: config.ssl.passphrase}, app);
//var server = http.createServer(app);
var io = require('socket.io').listen(server);

server.listen(config.port);

app.get('/', function (req, res) {
    res.send('Server');
  //res.sendfile(__dirname + '/index.html');
});

io.sockets.on('connection', function (socket) {
  socket.emit('news', { hello: 'world' });
  socket.on('my other event', function (data) {
    console.log(data);
  });
});



/**
 * Client
 */


var io = require('socket.io-client');
//var socket = io.connect('http://localhost', {port: 8088});
var socket = io.connect('https://localhost', {secure: true, port: 8088});
  socket.on('connect', function(){
    socket.on('event', function(data){});
    socket.on('disconnect', function(){});
  });

The code works fine when ran without SSL. I suspect it could be my self-signed certificate not being accepted, but I do not know how to make the client accept it.

Can I accept a self-signed SSL certificate, or is there another approach I can take?

Improve this question
1
  • After some more digging, I found that adding: require('https').globalAgent.options.rejectUnauthorized = false; before "var socket" in the client fixes the problem Commented Feb 8, 2014 at 20:21

4 Answers 4

Reset to default
15

I've had to do things a little differently on the client to get this to work, by manually telling socket.io to use that Agent as well (and the secure: true is implied by https:). Here it is:

// Client
var io = require('socket.io-client');
var https = require('https');
https.globalAgent.options.rejectUnauthorized = false;
var socket = io.connect('https://localhost:3210/', { agent: https.globalAgent });
socket.on('connect', function(){ console.log('connected'); });

This is using socket.io v1.0.2.

Alternatively, I've had success with the following as well, as pointed to here: Socket.io + SSL + self-signed CA certificate gives error when connecting

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
var io = require('socket.io-client');
var socket = io.connect('https://localhost:3210/');
socket.on('connect', function(){ console.log('connected'); });
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Worked perfect! I don't use self signed certs, but I want to be able to ignore my certification issues when doing local unit testing against my dev box. This did the trick! Thanks
After a whole day searching and trying, your first solution worked for me. The second one with didn't work. Thanks!
10

After some more searching, adding this in the client makes it work:

require('https').globalAgent.options.rejectUnauthorized = false; 

/**
 * Client
 */


var io = require('socket.io-client');
//var socket = io.connect('http://localhost', {port: 8088});

require('https').globalAgent.options.rejectUnauthorized = false; 

var socket = io.connect('https://localhost', {secure: true, port: 8088});
  socket.on('connect', function(){
    socket.on('event', function(data){});
    socket.on('disconnect', function(){});
  });
Improve this answer

1 Comment

For new versions of node.js you will also have to add process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
6

The previous answers didn't do it for me. require('https').globalAgent is always undefined.

Did some seaching and found the rejectUnauthorized parameter in the docs (https://nodejs.org/api/tls.html). Not sure if it's related to SocketIO, but it somehow seems to work with self-signed certificates:

var socket = io.connect('//yourhost:8000', {secure: true, rejectUnauthorized: false})

secure: true might be optional, but I like to enforce it anyhow.

Improve this answer

Comments

0

While all the above solutions focus on rejectUnauthorized=false, I'd like to suggest an alternative.

const https = require('https');
const rootCas = require('ssl-root-cas').create();
rootCas.addFile('cert/ca.crt');
https.globalAgent.options.ca = rootCas; // optional

const io = require("socket.io-client");
var socket = io.connect("https://...", { agent: https.globalAgent });
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.