wsproxy: warn when no cert. C sock close cleanup.

Warn early about no SSL cert and add clearer warning when a connection comes in as SSL but no cert file exists. For the C version, cleanup closing of the connection socket. Use shutdown for a cleaner cleanup with the client.

wsproxy: warn when no cert. C sock close cleanup.
Warn early about no SSL cert and add clearer warning when a connection comes in as SSL but no cert file exists. For the C version, cleanup closing of the connection socket. Use shutdown for a cleaner cleanup with the client.
58dc1947 · Joel Martin · 58da507b · 58dc1947 · 58dc1947 · 58dc1947
Commit 58dc1947 authored Jan 04, 2011 by Joel Martin
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 12 deletions

websocket.c utils/websocket.c +21 -10

websocket.py utils/websocket.py +5 -0

wsproxy.c utils/wsproxy.c +8 -2

wsproxy.py utils/wsproxy.py +2 -0

No files found.
--- a/utils/websocket.c
+++ b/utils/websocket.c
@@ -187,6 +187,7 @@ int ws_socket_free(ws_ctx_t *ctx) {
        ctx->ssl_ctx = NULL;
    }
    if (ctx->sockfd) {
+        shutdown(ctx->sockfd, SHUT_RDWR);
        close(ctx->sockfd);
        ctx->sockfd = 0;
    }
@@ -350,26 +351,30 @@ ws_ctx_t *do_handshake(int sock) {
    handshake[len] = 0;
    if (len == 0) {
        handler_msg("ignoring empty handshake\n");
-        close(sock);
        return NULL;
    } else if (bcmp(handshake, "<policy-file-request/>", 22) == 0) {
        len = recv(sock, handshake, 1024, 0);
        handshake[len] = 0;
        handler_msg("sending flash policy response\n");
        send(sock, policy_response, sizeof(policy_response), 0);
-        close(sock);
        return NULL;
    } else if ((bcmp(handshake, "\x16", 1) == 0) ||
               (bcmp(handshake, "\x80", 1) == 0)) {
        // SSL
-        if (! settings.cert) { return NULL; }
+        if (!settings.cert) {
+            handler_msg("SSL connection but no cert specified\n");
+            return NULL;
+        } else if (access(settings.cert, R_OK) != 0) {
+            handler_msg("SSL connection but '%s' not found\n",
+                        settings.cert);
+            return NULL;
+        }
        ws_ctx = ws_socket_ssl(sock, settings.cert, settings.key);
        if (! ws_ctx) { return NULL; }
        scheme = "wss";
        handler_msg("using SSL socket\n");
    } else if (settings.ssl_only) {
        handler_msg("non-SSL connection disallowed\n");
-        close(sock);
        return NULL;
    } else {
        ws_ctx = ws_socket(sock);
@@ -380,14 +385,12 @@ ws_ctx_t *do_handshake(int sock) {
    len = ws_recv(ws_ctx, handshake, 4096);
    if (len == 0) {
        handler_emsg("Client closed during handshake\n");
-        close(sock);
        return NULL;
    }
    handshake[len] = 0;

    if (!parse_handshake(handshake, &headers)) {
        handler_emsg("Invalid WS request\n");
-        close(sock);
        return NULL;
    }

@@ -524,8 +527,7 @@ void start_server() {
        if (pid == 0) {  // handler process
            ws_ctx = do_handshake(csock);
            if (ws_ctx == NULL) {
-                close(csock);
-                handler_msg("No connection after handshake");
+                handler_msg("No connection after handshake\n");
                break;   // Child process exits
            }

@@ -533,13 +535,22 @@ void start_server() {
            if (pipe_error) {
                handler_emsg("Closing due to SIGPIPE\n");
            }
-            close(csock);
-            handler_msg("handler exit\n");
            break;   // Child process exits
        } else {         // parent process
            settings.handler_id += 1;
        }
    }
+    if (pid == 0) {
+        if (ws_ctx) {
+            ws_socket_free(ws_ctx);
+        } else {
+            shutdown(csock, SHUT_RDWR);
+            close(csock);
+        }
+        handler_msg("handler exit\n");
+    } else {
+        handler_msg("wsproxy exit\n");
+    }

 }

--- a/utils/websocket.py
+++ b/utils/websocket.py
@@ -112,6 +112,11 @@ def do_handshake(sock):
        sock.close()
        return False
    elif handshake[0] in ("\x16", "\x80"):
+        if not os.path.exists(settings['cert']):
+            handler_msg("SSL connection but '%s' not found"
+                    % settings['cert'])
+            sock.close()
+            return False
        retsock = ssl.wrap_socket(
                sock,
                server_side=True,

--- a/utils/wsproxy.c
+++ b/utils/wsproxy.c
@@ -257,6 +257,10 @@ int main(int argc, char *argv[])
    };

    settings.cert = realpath("self.pem", NULL);
+    if (!settings.cert) {
+        /* Make sure it's always set to something */
+        settings.cert = "self.pem";
+    }
    settings.key = "";

    while (1) {
@@ -326,9 +330,11 @@ int main(int argc, char *argv[])
    }

    if (ssl_only) {
-        if (!settings.cert || !access(settings.cert, R_OK)) {
-            usage("SSL only and cert file not found\n");
+        if (!access(settings.cert, R_OK)) {
+            usage("SSL only and cert file '%s' not found\n", settings.cert);
        }
+    } else if (access(settings.cert, R_OK) != 0) {
+        fprintf(stderr, "Warning: '%s' not found\n", settings.cert);
    }

    //printf("  verbose: %d\n",   settings.verbose);

--- a/utils/wsproxy.py
+++ b/utils/wsproxy.py
@@ -162,6 +162,8 @@ if __name__ == '__main__':

    if options.ssl_only and not os.path.exists(options.cert):
        parser.error("SSL only and %s not found" % options.cert)
+    elif not os.path.exists(options.cert):
+        print "Warning: %s not found" % options.cert

    settings['verbose'] = options.verbose
    settings['listen_host'] = host