WebSocket SSL error self-signed certificate

[kaihendry]

I noticed #122 though I don't understand why a self signed certificate with mtls should fail?

websocat: WebSocketError: WebSocket SSL error: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1889: (self-signed certificate)
websocat: error running

-k is documented as "Accept invalid certificates and hostnames while connecting to TLS". There is nothing invalid here?

server moans like so:
websocat: error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1586:SSL alert number 48

❯ openssl version
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)

https://gist.github.com/kaihendry/990027a7c9a54efcdf138d45f720088e

Thank you!

[vi]

Does some workaround with websocat spawning subprocess instead of doing TLS work?

server moans like so: ...

Can you connect to server instance of Websocat from a browser (after temporarily whilelisting the domain for invalid cert)?

[kaihendry]

I get a websocat: error:0A00009C:SSL routines:ssl3_get_record:http request:ssl/record/ssl3_record.c:345: when I try point Chrome to http://localhost:4321/

wss is surprisingly a ERR_UNKNOWN_URL_SCHEME

[vi]

ERR_UNKNOWN_URL_SCHEME

You should try https://localhost:4321/ and accept the certificate in browser. Websocat should reply something like Only WebSocket connections are welcome here if TLS connections works.
After that wss:// connections (from the code, not from address line) would also work for this session.

[kaihendry]

Yes it works, Chrome does complain about NET::ERR_CERT_AUTHORITY_INVALID, though I didn't expect websocat server to mediate the CA, unless I misunderstood.