b64_pton and b64_ntop functions are not portable and cannot be found in
all C library implementations (e.g. uClibc, musl).
Since c-websockify already has explicit dependency to openssl it can be
used to replace b64_pton/ntop with versions that are portable without
introducing too much additional code or dependencies.
Instead of single certificate in one file it is sometimes customary to
chain multiple certificates into the same file. This is common practice
for CAs like letsencrypt that are providing intermediate certificates.
This patch switches loading of only one certificate to loading whole chain
of certificates.
The effects can be seen with e.g. the following command:
openssl s_client -showcerts -connect websockify-hostname:8080
Before the change the verify fails:
Certificate chain
0 s:/CN=websockify-hostname
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
After the change the verify passes:
Certificate chain
0 s:/CN=websockify-hostname
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
Fixes a problem that occurs in Chrome 61 where the following error message appears in the console:
'Failed to load module script: The server responded with a non-JavaScript MIME type of "".
Strict MIME type checking is enforced for module scripts per HTML spec.'
This works a bit differently than python websockify implementation
since the server either runs in HTTP or in HTTPS and both web and
websocket servers only support the same mode. Specifying the --cert
parameter activates encrypted HTTPS/WSS mode.
This version requires a patched version of einaros/ws that can be
found here: https://github.com/kanaka/ws You can use the patched
version like this:
cd websockify/other
git clone https://github.com/kanaka/ws
npm link ./ws
Once the upstream 'ws' module supports subprotocol negotiation then
this will no longer be necessary.
Changes:
- Adds support for binary data and subprotocol negotiation of 'base64'
vs 'binary' with 'binary' preferred if the client offers it.
- Add client address to log messages.
- Close the target when the client closes.
- Catch errors when we try and send to a client that is no longer
connected.