crabapples
/
websockify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Include host in TLS setup 

This enabled SNI, and allows it to check the certificate for the correct
host.
This commit is contained in:
Pierre Ossman 2024-07-30 09:18:31 +02:00
parent f632fa0285
commit b6c02b13e3
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
websockify/websocket.py
View File

@ -140,7 +140,8 @@ class WebSocket(object):
if uri.scheme in ("wss", "https"): if uri.scheme in ("wss", "https"):
context = ssl.create_default_context() context = ssl.create_default_context()
self.socket = context.wrap_socket(self.socket) self.socket = context.wrap_socket(self.socket,
server_hostname=uri.hostname)
self._state = "ssl_handshake" self._state = "ssl_handshake"
else: else:
self._state = "headers" self._state = "headers"

2
websockify/websockifyserver.py
View File

@ -471,7 +471,7 @@ class WebSockifyServer():
sock.connect(addrs[0][4]) sock.connect(addrs[0][4])
if use_ssl: if use_ssl:
context = ssl.create_default_context() context = ssl.create_default_context()
sock = context.wrap_socket(sock) sock = context.wrap_socket(sock, server_hostname=host)
else: else:
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(addrs[0][4]) sock.bind(addrs[0][4])