[Libwebsockets] Using HTTP proxy and SSL/SNI
fabian.kurz at siemens.com
Tue May 19 14:37:53 CEST 2015
while trying to get libwebsockets to connect a remote host
through a proxy server, with ssl enabled _and_ using SNI,
I encountered two problems:
1) libwebsockets didn't like the proxy's "HTTP/1.1 200"
response because client.c only checks for "HTTP/1.0".
Considering that a websocket upgrade *must* be a
GET request with HTTP/1.1 (or later), I suppose
the reply should always be HTTP/1.1 as well?
2) For SNI, we need to tell OpenSSL/CyaSSL the name of
our peer host so it can send a proper handshake.
When using a proxy server, the peer address in wsi
is apparently set to the proxy address, resulting
in a SNI request for e. g. "myproxy" instead of the
host which we're actually trying to contact.
The attached patch fixes these problems (at least for me).
I am not sure if maybe the first change should _also_ allow
the "HTTP/1.0 200" reply to be valid. The second change
uses the "host" as given to libwebsocket_client_connect()
as the hostname for SNI.
With best regards,
Research and Technology Center
CT RTC ELE RFT-DE
81739 Muenchen, Germany
Tel.: +49 89 636-31500
Fax: +49 89 636-43702
mailto:fabian.kurz at siemens.com
Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Cromme; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Siegfried Russwurm, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 771 bytes
More information about the Libwebsockets