[Libwebsockets] Using HTTP proxy and SSL/SNI
andy at warmcat.com
Wed Oct 14 08:56:17 CEST 2015
On 19 May 2015 21:37:53 GMT+09:00, "Kurz, Fabian" <fabian.kurz at siemens.com> wrote:
>while trying to get libwebsockets to connect a remote host
>through a proxy server, with ssl enabled _and_ using SNI,
>I encountered two problems:
>1) libwebsockets didn't like the proxy's "HTTP/1.1 200"
> response because client.c only checks for "HTTP/1.0".
> Considering that a websocket upgrade *must* be a
> GET request with HTTP/1.1 (or later), I suppose
> the reply should always be HTTP/1.1 as well?
I adapted your patch to allow 1.0 as currently, or 1.1, and pushed it.
>2) For SNI, we need to tell OpenSSL/CyaSSL the name of
> our peer host so it can send a proper handshake.
> When using a proxy server, the peer address in wsi
> is apparently set to the proxy address, resulting
> in a SNI request for e. g. "myproxy" instead of the
> host which we're actually trying to contact.
>The attached patch fixes these problems (at least for me).
>I am not sure if maybe the first change should _also_ allow
>the "HTTP/1.0 200" reply to be valid. The second change
>uses the "host" as given to libwebsocket_client_connect()
>as the hostname for SNI.
The second bit is already in lws in the meanwhile (sorry for the very slow response).
>With best regards,
More information about the Libwebsockets