feature from issue #8: Support connecting to SSL/TLS target socket #45
Conversation
|
@d4nshields, this looks good. Can you describe how you test this so that I can verify it works? Once I can verify that it works correctly (now and going forwards) I'll pull your change. Thanks. |
|
Difficult to automate, but here is an overview of the test procedure: Note: the hostname of my local computer is RANDALL.
I did some wondering about how SSL perhaps ought to be required on the target side, in relation to the use of the wss: protocol on the client side, but found no requirement for this in RFC6455, so I decided to let SSL requirements for each path (ie. client -> websocket, websocket -> tcp socket) be independently configured by the proxy. I can make my client javascript test file available as well, if interested, but I suspect it is mundane. Btw I also used Chrome's websockets tab in firebug which came in handy. |
feature from issue #8: Support connecting to SSL/TLS target socket
|
Okay, here is how I ended up testing this:
noVNC will connect to Websockify (SSL or not depending on noVNC setting), which will connect to stunnel (SSL), which will connect to the VNC server (regular TCP). |
|
I just moved the ssl target support down into the websocket.py socket function to make it a bit more generic. That same function may also support unix domain socket connections in the near future too: cloud9ers@c8018f2 |
This is cleanup related to: novnc#45
A simple approach to connect to an ssl target host:
An option, --ssl-target is added to use the feature. ssl.wrap_socket() is used create a compatible child object of socket.socket(). On a global level, the ssl module is imported only if import is successful, and outputs a warning message to the user if they try to use the --ssl-target option when it is not (using a similar import pattern that is used in the websocket.py library for ssl support on the listening side).