http://blog.marcon.me/post/24874118286/secure-websockets-safari
I am working on a little application that tests the performance of Websockets in different browsers, operating systems and network conditions.
To make sure there are no issues when testing Websockets within networks that may route traffic through one or more proxies I decided to use secure Websockets (wss protocol) and consequently serve the single-page application via https. Proxies should not filter the encrypted traffic and tests should work just fine.
While testing my application in localhost using Safari and Mobile Safari running on the iOS simulator I realized that the websocket traffic was not being sent and the connection was instead terminated with an error. I investigated the issue and it looked like Safari was complaining because of the self-signed certificate I am using for the https connection. Since the signing authority (me) was not considered trusted the websocket connection was being prevented by the browser.
When Safari attempts to load the application from the web server with self-signed certificate it complains with this message:
Hitting Continue is enough to load the application properly, however later on when a secure websocket connection is initiated it will immediately fails because Safari does not trust the other end, i.e. the web server.
To make sure an application served via https with self-signed certificate behaves as expected and is able to open secure websocket connections to the web when the identity verification dialog shown above is displayed click Show Certificate. The following dialog will then be displayed.
At this point, unfold the Trust section, and in the first drop down choose Always Trust. Click Continue and enter your admin password. The certificate will get stored in the OSX Keychain and from now on it will always be trusted. This means that secure connections over Websockets will also be possible.
For Mobile Safari things are a little different.
First of all, for some obscure reason, the iOS simulator seems not to have any option to manage certificates. Nope, dragging and dropping a certificate into the simulator does not work, even though for a moment it seems that something is actually happening: looks like the guys at Apple forgot to insert that functionality in the simulator Settings. Therefore forget about wss://.
Importing a self-signed certificate into an iOS device (iPhone or iPad) is instead fairly easy. Just export the certificate as a .cer file from Keychain Access and email it to yourself. Open up the email from the iOS device, touch the attachment and the wizard to import it will show up. After following a couple of steps the certificate gets installed and become trusted, which means Secure Websockets will be able to connect to your server.
All of this works just fine when I run my application in localhost. Unfortunately after deploying it to Nodejitsu Safari was still complaining:
Error during WebSocket handshake: location mismatch...
The only way I found to solve this problem was, unfortunately, to switch to non-secure Websockets (ws://) when Safari is detected. While I do believe this is a bad practice, it was the only way to make it quickly work.
浙公网安备 33010602011771号