proxy: Issue #14: detect and allow wss:// from Safari.
Addresses this issue: http://github.com/kanaka/noVNC/issues#issue/14 Safari starts with '\x80' rather than '\x16' like Chrome and Firefox and having PROTOCOL_TLSv1 doesn't work with Safari. But just removing the ssl_version allows things to work with Safari wss:// connections. Also, if the handshake (after SSL wrapping) is null then terminate the connection. This probably means the certificate was refused by the client. Unfortunately Safari (the version I have) doesn't cleanly shutdown WebSockets connections until the page is reloaded (even if the object is no longer referenced).
This commit is contained in:
parent
e3efeb32a7
commit
7e63919e6d
|
@ -110,12 +110,11 @@ def do_handshake(sock):
|
|||
sock.send(policy_response)
|
||||
sock.close()
|
||||
return False
|
||||
elif handshake.startswith("\x16"):
|
||||
elif handshake[0] in ("\x16", "\x80"):
|
||||
retsock = ssl.wrap_socket(
|
||||
sock,
|
||||
server_side=True,
|
||||
certfile=settings['cert'],
|
||||
ssl_version=ssl.PROTOCOL_TLSv1)
|
||||
certfile=settings['cert'])
|
||||
scheme = "wss"
|
||||
handler_msg("using SSL/TLS")
|
||||
elif settings['ssl_only']:
|
||||
|
@ -128,6 +127,8 @@ def do_handshake(sock):
|
|||
handler_msg("using plain (not SSL) socket")
|
||||
handshake = retsock.recv(4096)
|
||||
#handler_msg("handshake: " + repr(handshake))
|
||||
if len(handshake) == 0:
|
||||
raise EClose("Client closed during handshake")
|
||||
h = parse_handshake(handshake)
|
||||
|
||||
if h.get('key3'):
|
||||
|
|
Loading…
Reference in New Issue