proxy: Issue #14: detect and allow wss:// from Safari.
Addresses this issue: http://github.com/kanaka/noVNC/issues#issue/14 Safari starts with '\x80' rather than '\x16' like Chrome and Firefox and having PROTOCOL_TLSv1 doesn't work with Safari. But just removing the ssl_version allows things to work with Safari wss:// connections. Also, if the handshake (after SSL wrapping) is null then terminate the connection. This probably means the certificate was refused by the client. Unfortunately Safari (the version I have) doesn't cleanly shutdown WebSockets connections until the page is reloaded (even if the object is no longer referenced).
This commit is contained in:
parent
e3efeb32a7
commit
7e63919e6d
|
@ -110,12 +110,11 @@ def do_handshake(sock):
|
||||||
sock.send(policy_response)
|
sock.send(policy_response)
|
||||||
sock.close()
|
sock.close()
|
||||||
return False
|
return False
|
||||||
elif handshake.startswith("\x16"):
|
elif handshake[0] in ("\x16", "\x80"):
|
||||||
retsock = ssl.wrap_socket(
|
retsock = ssl.wrap_socket(
|
||||||
sock,
|
sock,
|
||||||
server_side=True,
|
server_side=True,
|
||||||
certfile=settings['cert'],
|
certfile=settings['cert'])
|
||||||
ssl_version=ssl.PROTOCOL_TLSv1)
|
|
||||||
scheme = "wss"
|
scheme = "wss"
|
||||||
handler_msg("using SSL/TLS")
|
handler_msg("using SSL/TLS")
|
||||||
elif settings['ssl_only']:
|
elif settings['ssl_only']:
|
||||||
|
@ -128,6 +127,8 @@ def do_handshake(sock):
|
||||||
handler_msg("using plain (not SSL) socket")
|
handler_msg("using plain (not SSL) socket")
|
||||||
handshake = retsock.recv(4096)
|
handshake = retsock.recv(4096)
|
||||||
#handler_msg("handshake: " + repr(handshake))
|
#handler_msg("handshake: " + repr(handshake))
|
||||||
|
if len(handshake) == 0:
|
||||||
|
raise EClose("Client closed during handshake")
|
||||||
h = parse_handshake(handshake)
|
h = parse_handshake(handshake)
|
||||||
|
|
||||||
if h.get('key3'):
|
if h.get('key3'):
|
||||||
|
|
Loading…
Reference in New Issue