CODEWITHSUNDEEP
pythonbashwebsocketwscat
cclst
cclst

Reputation: 11

Different behaviors with 2 different Websocket APIs

this question is a reformulation (and simplification) of a precedent question which doesn't interest the community (Different behaviors with 2 different Websocket APIs but same request).

I am trying to communicate with a server on my local network thanks to Websockets but I am a real noob.

Currently, I am stuck because I don't have the same behaviour when I am doing (or trying to do) the same thing with "wscat" in bash and "websocket" lib in python.

$ wscat -c $serveur_address -n
Connected (press CTRL+C to quit)
< {[...]"token":"11235326"[...]}
> 

>>> import websocket, ssl
>>> uri = 'server_address'
>>> ws = websocket.create_connection(uri, sslopt={"cert_reqs": ssl.CERT_NONE})
>>> ws.recv()
... infinite wait

With wscat I receive immediately a response containing a token to use for next connection.
But with websocket in python, no response at all.

Is there differences between those two creations of Websocket ?

Edit: In both cases the server_address is 'wss://192.168.1.20:8002/api/v2/channels/samsung.remote.control?name=dGVzdA=='

I assumed that giving a wss address is in both cases automatically detected as a secure websocket request.

Upvotes: 0

Views: 154

Answers (1)

cclst
cclst

Reputation: 11

Okay, I found what is the difference between those two API in my case !

In python, I succed to connect like with wscat when I do this:

import asyncio
import websockets
import ssl

async def connect(uri):
    #HIGHLY INSECURE
    ssl_context = ssl.SSLContext()
    ssl_context.check_hostname = False
    ssl_context.verify_mode = ssl.CERT_NONE
    #HIGHLY INSECURE
    async with websockets.connect(uri, ssl=ssl_context) as websocket:
        message = await websocket.recv()
        dprint(message)

uri = ...
asyncio.get_event_loop().run_until_complete(connect(uri))

The asyncio is just here to not freeze my application python script after calling the asynchronous connect.

The most interesting part, I think, is the ssl_context.check_hostname = False.

The option -n on Wscat is described like this : -n, --no-check do not check for unauthorized certificates.

I assumed that giving sslopt={"cert_reqs": ssl.CERT_NONE}to the python websocket implementation was the equivalent, but apparently one should also specify that they don't want to check the hostname.

Upvotes: 0

Related Questions