We're splitting the repository into multiple ones. This one will
only retain the Python stuff (and rebind, used by websocketproxy).
Only once license is needed after this, so use the standard COPYING
filename.
The change adds two options to WebSockifyServer. The first is a list of
SSL ciphers. The second is SSL options (intended use is to force a
specific TLS version).
Those two options allow for greater security of WebSocket Proxy.
* Incorporates #190 without breaking compatibility towards old Python versions.
* A new plugin allows authenticating clients by the "common name" defined in their certificate.
* Added manual for certificate-based client authentication, including hints to which Python versions allow client certificate authentication.
* Adjusted test to work with new ssl.create_default_context.
The socket.sendall method is called indirectly via calls
to the python3.6 BaseHTTPRequestHandler.send_error method
which is called by both the Web*RequestHandler classes as
shown below:
======================================================================
ERROR: test_list_dir_with_file_only_returns_error (test_websockifyserver.WebSockifyRequestHandlerTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
File "tests/test_websockifyserver.py", line 115, in test_list_dir_with_file_only_returns_error
FakeSocket('GET / HTTP/1.1'), '127.0.0.1', server)
File "websockify/websockifyserver.py", line 94, in __init__
WebSocketRequestHandler.__init__(self, req, addr, server)
File "websockify/websocketserver.py", line 34, in __init__
BaseHTTPRequestHandler.__init__(self, request, client_address, server)
File "/usr/lib64/python3.6/socketserver.py", line 696, in __init__
self.handle()
File "websockify/websockifyserver.py", line 293, in handle
SimpleHTTPRequestHandler.handle(self)
File "/usr/lib64/python3.6/http/server.py", line 418, in handle
self.handle_one_request()
File "websockify/websocketserver.py", line 46, in handle_one_request
BaseHTTPRequestHandler.handle_one_request(self)
File "/usr/lib64/python3.6/http/server.py", line 406, in handle_one_request
method()
File "websockify/websocketserver.py", line 58, in _websocket_do_GET
self.do_GET()
File "websockify/websockifyserver.py", line 259, in do_GET
SimpleHTTPRequestHandler.do_GET(self)
File "/usr/lib64/python3.6/http/server.py", line 636, in do_GET
f = self.send_head()
File "/usr/lib64/python3.6/http/server.py", line 679, in send_head
return self.list_directory(path)
File "websockify/websockifyserver.py", line 263, in list_directory
self.send_error(404, "No such file")
File "/usr/lib64/python3.6/http/server.py", line 470, in send_error
self.end_headers()
File "/usr/lib64/python3.6/http/server.py", line 520, in end_headers
self.flush_headers()
File "/usr/lib64/python3.6/http/server.py", line 524, in flush_headers
self.wfile.write(b"".join(self._headers_buffer))
File "/usr/lib64/python3.6/socketserver.py", line 775, in write
self._sock.sendall(b)
AttributeError: 'FakeSocket' object has no attribute 'sendall'
======================================================================
ERROR: test_normal_get_with_only_upgrade_returns_error (test_websockifyserver.WebSockifyRequestHandlerTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
File "tests/test_websockifyserver.py", line 101, in test_normal_get_with_only_upgrade_returns_error
FakeSocket('GET /tmp.txt HTTP/1.1'), '127.0.0.1', server)
File "websockify/websockifyserver.py", line 94, in __init__
WebSocketRequestHandler.__init__(self, req, addr, server)
File "websockify/websocketserver.py", line 34, in __init__
BaseHTTPRequestHandler.__init__(self, request, client_address, server)
File "/usr/lib64/python3.6/socketserver.py", line 696, in __init__
self.handle()
File "websockify/websockifyserver.py", line 293, in handle
SimpleHTTPRequestHandler.handle(self)
File "/usr/lib64/python3.6/http/server.py", line 418, in handle
self.handle_one_request()
File "websockify/websocketserver.py", line 46, in handle_one_request
BaseHTTPRequestHandler.handle_one_request(self)
File "/usr/lib64/python3.6/http/server.py", line 406, in handle_one_request
method()
File "websockify/websocketserver.py", line 58, in _websocket_do_GET
self.do_GET()
File "websockify/websockifyserver.py", line 257, in do_GET
self.send_error(405, "Method Not Allowed")
File "/usr/lib64/python3.6/http/server.py", line 470, in send_error
self.end_headers()
File "/usr/lib64/python3.6/http/server.py", line 520, in end_headers
self.flush_headers()
File "/usr/lib64/python3.6/http/server.py", line 524, in flush_headers
self.wfile.write(b"".join(self._headers_buffer))
File "/usr/lib64/python3.6/socketserver.py", line 775, in write
self._sock.sendall(b)
AttributeError: 'FakeSocket' object has no attribute 'sendall'
The WebSocket standard require us to choose one of the protocols
supported by the client. Enforce this with a specific check in the
base class rather than relying on generous clients.
The native WebSocket is in a much better position to do queue
management than us. Many callers also failed to notice this part
of the API, causing stalls.
Sync with noVNC as of commit ae510306b5094b55aa08a2a0d15a151704f70993.
The main change is to make it a more proper object that you can
instantiate multiple times.
The TCP_KEEPCNT option for sockets only work with the Linux kernel,
this isn't available for example in FreeBSD and Hurd, which makes the
package fail to build on these platforms. See Debian bug here:
https://bugs.debian.org/840035
mox is pretty much unmaintained these days, however the OpenStack
project are actively maintaining mox3 (a Python 3 compatibile fork
with some other improvements).
websockify seems quite happy to use mox3 instead, so switch the
test dependency and associated imports to use mox3.
This commit adds support to unix sockets in the token plugin, thus it is
possible to have a token files like:
token: unix_socket:/path/to/socket_file
A single websockify instance will be able to handle multiple sockets.
Signed-off-by: Jose Ricardo Ziviani <jose@ziviani.net>
This commit reworks auth plugins slightly to enable
support for HTTP authentication. By raising an
AuthenticationError, auth plugins can now return
HTTP responses to the upgrade request (such as 401).
Related to kanaka/noVNC#522
This commit introduces strict mode, which is on by default. Currently
strict mode only enforces client-to-server frame masking. However,
in the future, it might enforce other parts of the RFC as well.
Closes#164
Since we switched to using the `logging` module to log
in pull request #100, none of the messages on the 'INFO'
level were being shown from `tests/echo.py` and
`tests/load.py`, since the default log level is 'WARNING'.
Now, the log level is set to INFO in `tests/echo.py` and
`tests/load.py`, to match the log level in the main websockify
executable.
Fixes#109
* commit 'a61ae52610642ae58e914dda705df8bb9c8213ec':
fixed 1.8 compatibility bug for OpenSSL::SSL::SSLSocket#read_nonblock vs #readpartial tested in 1.8 and 2.0
adding SSL support and Ruby1.9 support
Unit test data will now go to a temporary dir that will be deleted
once the test completes. The unit tests also setup a logger which
will persist so that it can be inspected once tests complete.
Also fixes a bug where instance var is missing from decode_hybi()
Co-authored-by: natsume.takashi@lab.ntt.co.jp
To run the unit tests just run tox from the top
level directory which will try to run unit tests
for most versions of python. Requires tox to be
installed. To run tox for a specifice env, run
tox -e<env> e.g. for python 2.7 run 'tox -epy27'.
Co-authored-by: natsume.takashi@lab.ntt.co.jp