quic-go: Cannot connect to example server from Chrome via QUIC
I’m trying to connect to a quic-go server from Chrome on localhost with a self-signed certificate. It either fails with a TLS error (unknown certificate), or doesn’t connect at all.
I’ve tried both my own test server as well as the example server in this repo, with the same results. When run with the -tcp flag, the example server will happily serve content via HTTP/1.1, but Chrome refuses to open a QUIC connection.
I’ve tried the following matrix with both the example server and my own server:
- Chrome (91.0.4472.114)
- Chrome Canary (93.0.4552.0)
- With and without the
--origin-to-force-quicflag - With and without the
--allow-insecure-localhostflag
The error message from Chrome, with --origin-to-force-quic enabled:
Is there some known incompatibility between Chrome and quic-go? Am I missing something?
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 16 (11 by maintainers)
@FZambia it seems like Chrome’s QUIC (or the underlying quiche library) differs how Chrome’s H1 and H2 TLS handles certificate verification.
FWIW I was able to get this to work on localhost or 127.0.0.1 using
mkcertand https://github.com/alta/insecure.No, according to https://www.chromium.org/quic/playing-with-quic/ it requires starting Chrome with special switches to use a self-signed cert.
@ydnar thanks a lot! I spent so much time trying to make it work. With installing CA over mkcert tool and using https://github.com/alta/insecure it finally works. I was also able to successfully run WebTransport example from your branch.
@ydnar hello, getting the same errors, have you found any solution to avoid
(ENCRYPTION_HANDSHAKE) 46: certificate unknownerrors?