This matches the behaviour of SSLSocket, which we are trying to mimic.
It also closely matches the behaviour of normal Socket which can be
assumed to not have sent anything if an error occurs. We might actually
send some data, but the caller cannot really see that and must call us
again as if no data was sent.
This is perfectly valid in the protocol, and may be meningful to some
applications. However send() is still stream oriented so it will ignore
an empty buffer.
getaddrinfo() gladly allows unicode for the host, but the port must
be in ascii (e.g. "https"). Make sure this is properly converted
before we pass it on.
Patch by @caderize on GitHub.
This file allows an easy invocation of websockify as a module, which is handy when running into shebang issues (https://github.com/pypa/virtualenv/issues/596).
With this patch, `python -m websockify ...` has just the same behavior as `./run ...`.
Most installations will not have redis or simplejson installed, so
avoid having them as a hard requirement unless actually using the
TokenRedis plugin.
We can't get the inheritence right in non-trivial cases as a regular
base class, so change it to be a mix-in that is to be combined with
one of the existing request handlers from the Python library.
--ssl-version takes two possible values (tlsv1_1, tlsv1_2). Defaults
to tlsv1_1.
--ssl-ciphers takes allowed ciphers in the same format as
`openssl ciphers`.
Added options for 1.3 and the default ssl config
The change adds two options to WebSockifyServer. The first is a list of
SSL ciphers. The second is SSL options (intended use is to force a
specific TLS version).
Those two options allow for greater security of WebSocket Proxy.
Regression caused by a29946e9. We were no longer detecting a cleanly
closed proxy socket. This is not a WebSocket, but an ordinary one,
so we should be checking for "" rather that None.
If option '--key' is not specified. 'WebSockifyServer class' will
inital self.key as empty string. but ssl load_cert_chain function
will raise error 'no such file' with keyfile param empty string.
* Incorporates #190 without breaking compatibility towards old Python versions.
* A new plugin allows authenticating clients by the "common name" defined in their certificate.
* Added manual for certificate-based client authentication, including hints to which Python versions allow client certificate authentication.
* Adjusted test to work with new ssl.create_default_context.
In python 2 the ssl.wrap_socket doesn't work on sockets created using socket.fromfd.
The workaround is to wrap the socket returned by socket.fromfd into another socket
object using the private _sock constructor parameter.
With the --inetd parameter, websockify doesn't require the source_addr and
source_port paramters and it expects that stdin is already opened and listening
socket.
This way websockify can be used with (x)inetd or as a systemd socket-activated
service.