[Libwebsockets] Using HTTP proxy and SSL/SNI

Andy Green andy at warmcat.com
Wed Oct 14 08:56:17 CEST 2015



On 19 May 2015 21:37:53 GMT+09:00, "Kurz, Fabian" <fabian.kurz at siemens.com> wrote:
>Hello,
>
>while trying to get libwebsockets to connect a remote host
>through a proxy server, with ssl enabled _and_ using SNI,
>I encountered two problems:
>
>1) libwebsockets didn't like the proxy's "HTTP/1.1 200"
>   response because client.c only checks for "HTTP/1.0".
>   Considering that a websocket upgrade *must* be a 
>   GET request with HTTP/1.1 (or later), I suppose
>   the reply should always be HTTP/1.1 as well?

I adapted your patch to allow 1.0 as currently, or 1.1, and pushed it.

>2) For SNI, we need to tell OpenSSL/CyaSSL the name of
>   our peer host so it can send a proper handshake.
>   When using a proxy server, the peer address in wsi
>   is apparently set to the proxy address, resulting
>   in a SNI request for e. g. "myproxy" instead of the
>   host which we're actually trying to contact.
>
>The attached patch fixes these problems (at least for me).
>
>I am not sure if maybe the first change should _also_ allow
>the "HTTP/1.0 200" reply to be valid. The second change
>uses the "host" as given to libwebsocket_client_connect()
>as the hostname for SNI.

The second bit is already in lws in the meanwhile (sorry for the very slow response).

-Andy

>With best regards,
>Fabian




More information about the Libwebsockets mailing list