[Libwebsockets] Using HTTP proxy and SSL/SNI

Kurz, Fabian fabian.kurz at siemens.com
Tue May 19 14:37:53 CEST 2015


while trying to get libwebsockets to connect a remote host
through a proxy server, with ssl enabled _and_ using SNI,
I encountered two problems:

1) libwebsockets didn't like the proxy's "HTTP/1.1 200"
   response because client.c only checks for "HTTP/1.0".
   Considering that a websocket upgrade *must* be a 
   GET request with HTTP/1.1 (or later), I suppose
   the reply should always be HTTP/1.1 as well?

2) For SNI, we need to tell OpenSSL/CyaSSL the name of
   our peer host so it can send a proper handshake.
   When using a proxy server, the peer address in wsi
   is apparently set to the proxy address, resulting
   in a SNI request for e. g. "myproxy" instead of the
   host which we're actually trying to contact.

The attached patch fixes these problems (at least for me).

I am not sure if maybe the first change should _also_ allow
the "HTTP/1.0 200" reply to be valid. The second change
uses the "host" as given to libwebsocket_client_connect()
as the hostname for SNI.

With best regards,

Siemens AG
Corporate Technology
Research and Technology Center
Otto-Hahn-Ring 6
81739 Muenchen, Germany 
Tel.: +49 89 636-31500
Fax: +49 89 636-43702
mailto:fabian.kurz at siemens.com

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322

-------------- next part --------------
A non-text attachment was scrubbed...
Name: client.c.diff
Type: application/octet-stream
Size: 771 bytes
Desc: client.c.diff
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20150519/3e8e7e33/attachment.obj>

More information about the Libwebsockets mailing list