joshua
/
websockify
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
websockify/other
History
Antti Seppälä 7235c9765e C websockify: Load entire certificate chain 
Instead of single certificate in one file it is sometimes customary to
chain multiple certificates into the same file. This is common practice
for CAs like letsencrypt that are providing intermediate certificates.

This patch switches loading of only one certificate to loading whole chain
of certificates.

The effects can be seen with e.g. the following command:

openssl s_client -showcerts -connect websockify-hostname:8080

Before the change the verify fails:

Certificate chain
 0 s:/CN=websockify-hostname
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

After the change the verify passes:

Certificate chain
 0 s:/CN=websockify-hostname
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
 		2018-02-03 10:18:06 +02:00
..
js Add recording feature to websockify.js. Closes GH-249 2017-11-16 18:37:34 -08:00
Makefile Clean socket shutdown in C version too. 2012-03-23 12:17:50 -05:00
README.md READMEs: kumina features, clarifications. 2011-07-14 12:27:04 -05:00
launch.sh Remove wsproxy references. Sync launch.sh from noVNC. 2013-04-15 12:22:08 -05:00
project.clj Clojure websockify: -main and command line args. 2012-01-30 13:38:18 -06:00
websocket.c C websockify: Load entire certificate chain 2018-02-03 10:18:06 +02:00
websocket.h Properly declare websocket functions in header 2017-10-18 16:35:52 +02:00
websocket.rb Remove Base64 support 2017-02-01 08:09:53 +01:00
websockify.c Avoid implicit int type 2017-10-18 16:35:42 +02:00
websockify.clj Clojure websockify: -main and command line args. 2012-01-30 13:38:18 -06:00
websockify.rb Rename new_client to new_websocket_client, in order to have a better 2013-11-28 13:33:28 +01:00
wswrap Use /usr/bin/env shebang to make more crossplatform. 2011-03-26 15:27:08 -05:00

README.md

This directory contain alternate implementations of WebSockets-to-TCP-Socket proxies (for noVNC).

websockify.c (C)

Description

This is a C version of the original websockify. It is more limited in functionality than the original.

websockify.js

Description

This is a Node.JS (server-side event driven Javascript) implementation of websockify.

kumina.c (C)

Description

The upstream source of the kumina proxy is here.

This article describes the kumina proxy.

kumina is an application that is run from inetd, which allows noVNC to connect to an unmodified VNC server. Furthermore, it makes use of the recently added support in noVNC for file names. The file name is used to denote the port number. Say, you connect to:

ws://host:41337/25900

The kumina proxy opens a connection to:

vnc://host:25900/

The address to which kumina connects, is the same as the address to which the client connected (using getsockname()).

Configuration

kumina can be enabled by adding the following line to inetd.conf:

41337 stream tcp nowait nobody /usr/sbin/kumina kumina 25900 25909

The two parameters of kumina denote the minimum and the maximum allowed port numbers. This allows a single kumina instance to multiplex connections to multiple VNC servers.