From 84b71e41418492c30ed042d34955e3e9286878a0 Mon Sep 17 00:00:00 2001 From: Cliff Christianson Date: Mon, 18 Mar 2024 01:46:02 -0700 Subject: [PATCH] Reverst some SSL changes that broke SSL Server badly --- .../html5.websocket/server/html5.websocket.c | 22 ++++++++++++------- src/netlib/ssl_layer.c | 3 ++- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/src/netlib/html5.websocket/server/html5.websocket.c b/src/netlib/html5.websocket/server/html5.websocket.c index a0f9a375c..72c4d844e 100644 --- a/src/netlib/html5.websocket/server/html5.websocket.c +++ b/src/netlib/html5.websocket/server/html5.websocket.c @@ -479,6 +479,7 @@ static void CPROC read_complete_process_data( HTML5WebSocket socket ) { value = VarTextPeek( pvt_output ); if( socket->input_state.on_send ) socket->input_state.on_send( socket->input_state.psvSender, GetText( value ), GetTextSize( value ) ); + // the following are actually unreachable code.... (probably?) else if( socket->input_state.flags.use_ssl ) ssl_Send( socket->pc, GetText( value ), GetTextSize( value ) ); else @@ -553,10 +554,12 @@ void WebSocketWrite( HTML5WebSocket socket, CPOINTER buffer, size_t length ) if( socket->input_state.flags.use_ssl ) { socket->input_state.flags.use_ssl = ssl_IsClientSecure( socket->pc ); if( !socket->input_state.flags.use_ssl ) { + socket->input_state.on_send = WebSocketSendTCP; socket->flags.skip_read = 1; } } else { - socket->input_state.flags.use_ssl = ssl_IsClientSecure( socket->pc ); + //socket->input_state.flags.use_ssl = ssl_IsClientSecure( socket->pc ); + // ssl is default - if that didn't work, then it won't become secure. } } if( !socket->input_state.flags.use_ssl ) { @@ -570,6 +573,10 @@ static void CPROC read_complete( PCLIENT pc, POINTER buffer, size_t length ) HTML5WebSocket socket = (HTML5WebSocket)GetNetworkLong( pc, 0 ); if( !socket ) return; // closing/closed.... WebSocketWrite( socket, buffer, length ); + if( socket->input_state.flags.use_ssl && !ssl_IsClientSecure( pc ) ) { + socket->input_state.flags.use_ssl = 0; + socket->input_state.on_send = WebSocketSendTCP; + } if( !socket->input_state.flags.use_ssl ) { if( socket->flags.skip_read ) socket->flags.skip_read = 0; @@ -588,14 +595,13 @@ static void CPROC connected( PCLIENT pc_server, PCLIENT pc_new ) socket->pc = pc_new; socket->input_state = server_socket->input_state; // clone callback methods and config flags socket->input_state.close_code = 1006; + socket->input_state.close_reason = StrDup( "Because I don't Like You?"); socket->input_state.psvSender = (uintptr_t)pc_new; - if( ssl_IsClientSecure( pc_new ) ) { - socket->input_state.flags.use_ssl = 1; - socket->input_state.on_send = WebSocketSendSSL; - } else { - socket->input_state.flags.use_ssl = 0; - socket->input_state.on_send = WebSocketSendTCP; - } + + // assume secure, when the handshake fails, it demotes to insecure + socket->input_state.flags.use_ssl = 1; + socket->input_state.on_send = WebSocketSendSSL; + socket->http_state = CreateHttpState( &socket->pc ); // start a new http state collector //lprintf( "Init socket: handshake: %p %p %d", pc_new, socket, socket->flags.initial_handshake_done ); SetNetworkLong( pc_new, 0, (uintptr_t)socket ); diff --git a/src/netlib/ssl_layer.c b/src/netlib/ssl_layer.c index fa7afe130..92a35fdff 100644 --- a/src/netlib/ssl_layer.c +++ b/src/netlib/ssl_layer.c @@ -1325,7 +1325,8 @@ LOGICAL ssl_BeginClientSession( PCLIENT pc, CPOINTER client_keypair, size_t clie } LOGICAL ssl_IsClientSecure( PCLIENT pc ) { - return (pc->ssl_session&&(pc->ssl_session->ctx != NULL)); + //lprintf( "Is client secure? %p %d %d", pc, !!pc->ssl_session, (pc->ssl_session&&(pc->ssl_session->ctx != NULL)) ); + return (!!pc->ssl_session);//&&(pc->ssl_session->ctx != NULL)); }