Secure WebSocket fails CBLite C# .NET

dbergan · October 5, 2021, 10:15pm

Hi!

I have my sync_gateway set up properly with an SSL certificate here:

However, my Xamarin app won’t connect to the gateway via secure Websockets. Here is the relevant code:

 public CouchbaseRepository (string Login = null, string Password = null)
        {
            var defaultDirectory = Service.GetInstance<IDefaultDirectoryResolver>().DefaultDirectory() ;
            var databaseConfig = new DatabaseConfiguration
            {
                Directory = defaultDirectory
            } ;
            _db = new Database("prodigy", databaseConfig) ;

// THE CONNECTION LINE
            var targetUrlEndpoint = new URLEndpoint(new System.Uri("wss://flashtothetop.com:4984/prodigy/"));
// *******************
            var configuration = new ReplicatorConfiguration(_db, targetUrlEndpoint)
            {
                ReplicatorType = ReplicatorType.PushAndPull,
                Continuous = true
            };

            if (Login != null && Password != null)
            {
                configuration.Authenticator = new BasicAuthenticator(Login, Password);
Console.WriteLine($"Couchbase Login: {Login}   Password: {Password}");
            }
            _replicator = new Replicator(configuration);
            _replicatorListenerToken = _replicator.AddChangeListener(OnReplicatorUpdate);
            _InitialReplicationComplete = false;
            _replicator.Start();
            InitialReplication = Task.Run(() =>
            {
Console.WriteLine($"Couchbase InitialReplication Start");
                while (_InitialReplicationComplete == false) { ; }
Console.WriteLine($"Couchbase InitialReplication Done");
            });
        }

And here this is the console output:

CouchbaseLite: All documents synced
Couchbase InitialReplication Start
Thread finished:  #4
Thread started:  #9
Thread started: <Thread Pool> #10
Loaded assembly: /data/data/com.davidbergan.flashtothetop/files/.__override__/System.Xml.dll [External]
The thread 0x4 has exited with code 0 (0x0).
The thread 0x9 has exited with code 0 (0x0).
Thread finished:  #9
Thread started: <Thread Pool> #11
Thread started: <Thread Pool> #12
Thread started: <Thread Pool> #13
Thread started:  #14
Thread started:  #15
Thread started:  #16
Thread started:  #17
Loaded assembly: /data/data/com.davidbergan.flashtothetop/files/.__override__/System.Runtime.Serialization.dll [External]
Loaded assembly: /data/data/com.davidbergan.flashtothetop/files/.__override__/System.ServiceModel.Internals.dll [External]
Thread finished:  #14
The thread 0xe has exited with code 0 (0x0).
[CouchbaseLite] [Thread Pool Worker]| [Replicator] (WebSocketWrapper) [Thread Pool Worker (15)] Error validating TLS chain: RemoteCertificateChainErrors
Thread started:  #18
Thread started:  #19
Thread finished:  #18
[CouchbaseLite] [21]| [Network] {N8litecore4repl12C4SocketImplE#1} WebSocket failed to connect! (reason=Network error 8)
Thread started:  #20
[CouchbaseLite] [22]| [Replicator] {Repl#2} Got LiteCore error: Network error 8 "Certificate verification failed (RemoteCertificateChainErrors)"
Thread finished:  #19
Thread started:  #21
CouchbaseLite: Connecting to Sync Gateway
CouchbaseLite: All documents synced

And here is what the Sync Gateway says:

2021/10/05 21:59:41 http: TLS handshake error from 184.83.42.94:58843: EOF

And here is WireShark:

No.	Time	Source	Destination	Protocol	Length	Info
33	3.333205	192.168.1.4	35.238.130.163	TCP	66	63072 → 4984 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
34	3.371395	35.238.130.163	192.168.1.4	TCP	66	4984 → 63072 [SYN, ACK] Seq=0 Ack=1 Win=65320 Len=0 MSS=1420 SACK_PERM=1 WS=128
35	3.371474	192.168.1.4	35.238.130.163	TCP	54	63072 → 4984 [ACK] Seq=1 Ack=1 Win=262656 Len=0
36	3.385335	192.168.1.4	35.238.130.163	TLSv1.2	241	Client Hello
37	3.422390	35.238.130.163	192.168.1.4	TCP	60	4984 → 63072 [ACK] Seq=1 Ack=188 Win=65152 Len=0
38	3.424809	35.238.130.163	192.168.1.4	TLSv1.2	1474	Server Hello
39	3.424809	35.238.130.163	192.168.1.4	TCP	1474	4984 → 63072 [ACK] Seq=1421 Ack=188 Win=65152 Len=1420 [TCP segment of a reassembled PDU]
40	3.424853	192.168.1.4	35.238.130.163	TCP	54	63072 → 4984 [ACK] Seq=188 Ack=2841 Win=262656 Len=0
41	3.425632	35.238.130.163	192.168.1.4	TLSv1.2	1474	Certificate [TCP segment of a reassembled PDU]
42	3.425632	35.238.130.163	192.168.1.4	TLSv1.2	197	Server Key Exchange, Server Hello Done
43	3.425671	192.168.1.4	35.238.130.163	TCP	54	63072 → 4984 [ACK] Seq=188 Ack=4404 Win=262656 Len=0
44	3.433165	192.168.1.4	35.238.130.163	TCP	54	63072 → 4984 [FIN, ACK] Seq=188 Ack=4404 Win=262656 Len=0
45	3.471369	35.238.130.163	192.168.1.4	TCP	60	4984 → 63072 [FIN, ACK] Seq=4404 Ack=189 Win=65152 Len=0
46	3.471426	192.168.1.4	35.238.130.163	TCP	54	63072 → 4984 [ACK] Seq=189 Ack=4405 Win=262656 Len=0
69	5.762030	192.168.1.4	35.238.130.163	TCP	66	63075 → 4984 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
70	5.798553	35.238.130.163	192.168.1.4	TCP	66	4984 → 63075 [SYN, ACK] Seq=0 Ack=1 Win=65320 Len=0 MSS=1420 SACK_PERM=1 WS=128
71	5.798615	192.168.1.4	35.238.130.163	TCP	54	63075 → 4984 [ACK] Seq=1 Ack=1 Win=262656 Len=0
72	5.810263	192.168.1.4	35.238.130.163	TLSv1	241	Client Hello
73	5.849598	35.238.130.163	192.168.1.4	TCP	60	4984 → 63075 [ACK] Seq=1 Ack=188 Win=65152 Len=0
74	5.851545	35.238.130.163	192.168.1.4	TLSv1.2	1474	Server Hello
75	5.851613	35.238.130.163	192.168.1.4	TCP	1474	4984 → 63075 [ACK] Seq=1421 Ack=188 Win=65152 Len=1420 [TCP segment of a reassembled PDU]
76	5.851641	192.168.1.4	35.238.130.163	TCP	54	63075 → 4984 [ACK] Seq=188 Ack=2841 Win=262656 Len=0
77	5.852151	35.238.130.163	192.168.1.4	TLSv1.2	1474	Certificate [TCP segment of a reassembled PDU]
78	5.852151	35.238.130.163	192.168.1.4	TLSv1.2	197	Server Key Exchange, Server Hello Done
79	5.852187	192.168.1.4	35.238.130.163	TCP	54	63075 → 4984 [ACK] Seq=188 Ack=4404 Win=262656 Len=0
80	5.856790	192.168.1.4	35.238.130.163	TCP	54	63075 → 4984 [FIN, ACK] Seq=188 Ack=4404 Win=262656 Len=0
81	5.894193	35.238.130.163	192.168.1.4	TCP	60	4984 → 63075 [FIN, ACK] Seq=4404 Ack=189 Win=65152 Len=0
82	5.894239	192.168.1.4	35.238.130.163	TCP	54	63075 → 4984 [ACK] Seq=189 Ack=4405 Win=262656 Len=0
93	6.977324	35.238.130.163	192.168.1.4	TCP	1474	443 → 57829 [ACK] Seq=1 Ack=1 Win=737 Len=1420 [TCP segment of a reassembled PDU]
94	6.977324	35.238.130.163	192.168.1.4	TCP	1474	443 → 57829 [ACK] Seq=1421 Ack=1 Win=737 Len=1420 [TCP segment of a reassembled PDU]
95	6.977436	192.168.1.4	35.238.130.163	TCP	54	57829 → 443 [ACK] Seq=1 Ack=2841 Win=1026 Len=0
96	6.977448	35.238.130.163	192.168.1.4	TCP	1474	443 → 57829 [ACK] Seq=2841 Ack=1 Win=737 Len=1420 [TCP segment of a reassembled PDU]
97	6.977448	35.238.130.163	192.168.1.4	TLSv1.2	827	Application Data
98	6.977478	192.168.1.4	35.238.130.163	TCP	54	57829 → 443 [ACK] Seq=1 Ack=5034 Win=1026 Len=0
99	6.980382	192.168.1.4	35.238.130.163	TLSv1.2	890	Application Data
102	7.017850	35.238.130.163	192.168.1.4	TCP	60	443 → 57829 [ACK] Seq=5034 Ack=837 Win=750 Len=0

End result: because of this error, there’s no replication between the Android device and Couchbase Server.

My C# code used to work before the SSL certificates (the connection line was ws:// instead of wss://), however, the Android SDK now requires that all transactions go through SSL. As far as I can tell, my certificate is set up correctly since it works just with https:// from a browser or Postman.

What does “WebSocket failed to connect! (reason=Network error 8)” refer to and how can I fix it?

Kind regards,
David

Topic		Replies	Views
TLS/SSL Cert. error on web socket connection to sync.gateway Couchbase Lite connections , android	9	2427	June 7, 2022
ToDo 2.0 and BLIPS Mobile	24	2207	December 11, 2017
WebSocketException: An error has occurred during a TLS handshake Couchbase Lite xamarin	2	2405	March 17, 2022
Error while trying to sync via SSL Mobile	3	2583	September 3, 2014
Couchbase Lite Switching to HTTP Couchbase Lite	5	1557	December 9, 2017

Secure WebSocket fails CBLite C# .NET

Related topics