From 7e63919e6dec0d6b546ad75e688ce5ba33f45c35 Mon Sep 17 00:00:00 2001 From: Joel Martin Date: Wed, 15 Sep 2010 12:09:17 -0500 Subject: [PATCH] proxy: Issue #14: detect and allow wss:// from Safari. Addresses this issue: http://github.com/kanaka/noVNC/issues#issue/14 Safari starts with '\x80' rather than '\x16' like Chrome and Firefox and having PROTOCOL_TLSv1 doesn't work with Safari. But just removing the ssl_version allows things to work with Safari wss:// connections. Also, if the handshake (after SSL wrapping) is null then terminate the connection. This probably means the certificate was refused by the client. Unfortunately Safari (the version I have) doesn't cleanly shutdown WebSockets connections until the page is reloaded (even if the object is no longer referenced). --- utils/websocket.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/utils/websocket.py b/utils/websocket.py index d63785d..630af9e 100755 --- a/utils/websocket.py +++ b/utils/websocket.py @@ -110,12 +110,11 @@ def do_handshake(sock): sock.send(policy_response) sock.close() return False - elif handshake.startswith("\x16"): + elif handshake[0] in ("\x16", "\x80"): retsock = ssl.wrap_socket( sock, server_side=True, - certfile=settings['cert'], - ssl_version=ssl.PROTOCOL_TLSv1) + certfile=settings['cert']) scheme = "wss" handler_msg("using SSL/TLS") elif settings['ssl_only']: @@ -128,6 +127,8 @@ def do_handshake(sock): handler_msg("using plain (not SSL) socket") handshake = retsock.recv(4096) #handler_msg("handshake: " + repr(handshake)) + if len(handshake) == 0: + raise EClose("Client closed during handshake") h = parse_handshake(handshake) if h.get('key3'):