proxy: Issue #14: detect and allow wss:// from Safari.

Addresses this issue: http://github.com/kanaka/noVNC/issues#issue/14 Safari starts with '\x80' rather than '\x16' like Chrome and Firefox and having PROTOCOL_TLSv1 doesn't work with Safari. But just removing the ssl_version allows things to work with Safari wss:// connections. Also, if the handshake (after SSL wrapping) is null then terminate the connection. This probably means the certificate was refused by the client. Unfortunately Safari (the version I have) doesn't cleanly shutdown WebSockets connections until the page is reloaded (even if the object is no longer referenced).
2010-09-15 12:09:17 -05:00 · 2010-09-15 12:09:17 -05:00 · 7e63919e6d
parent e3efeb32a7
commit 7e63919e6d
1 changed files with 4 additions and 3 deletions
--- a/utils/websocket.py
+++ b/utils/websocket.py
@ -110,12 +110,11 @@ def do_handshake(sock):
        sock.send(policy_response)
        sock.close()
        return False
-    elif handshake.startswith("\x16"):
+    elif handshake[0] in ("\x16", "\x80"):
        retsock = ssl.wrap_socket(
                sock,
                server_side=True,
-                certfile=settings['cert'],
-                ssl_version=ssl.PROTOCOL_TLSv1)
+                certfile=settings['cert'])
        scheme = "wss"
        handler_msg("using SSL/TLS")
    elif settings['ssl_only']:
@ -128,6 +127,8 @@ def do_handshake(sock):
        handler_msg("using plain (not SSL) socket")
    handshake = retsock.recv(4096)
    #handler_msg("handshake: " + repr(handshake))
+    if len(handshake) == 0:
+        raise EClose("Client closed during handshake")
    h = parse_handshake(handshake)

    if h.get('key3'):