GUACAMOLE-623: Merge fix build against older libwebsockets.
This commit is contained in:
commit
b0be808036
30
configure.ac
30
configure.ac
@ -1198,14 +1198,40 @@ then
|
|||||||
have_libwebsockets=no])
|
have_libwebsockets=no])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Check for client-specific closed event, which must be used in favor of the
|
|
||||||
# generic closed event if libwebsockets is recent enough to provide this
|
|
||||||
if test "x$with_websockets" != "xno"
|
if test "x$with_websockets" != "xno"
|
||||||
then
|
then
|
||||||
|
|
||||||
|
# Check for client-specific closed event, which must be used in favor of
|
||||||
|
# the generic closed event if libwebsockets is recent enough to provide
|
||||||
|
# this
|
||||||
AC_CHECK_DECL([LWS_CALLBACK_CLIENT_CLOSED],
|
AC_CHECK_DECL([LWS_CALLBACK_CLIENT_CLOSED],
|
||||||
[AC_DEFINE([HAVE_LWS_CALLBACK_CLIENT_CLOSED],,
|
[AC_DEFINE([HAVE_LWS_CALLBACK_CLIENT_CLOSED],,
|
||||||
[Whether LWS_CALLBACK_CLIENT_CLOSED is defined])],,
|
[Whether LWS_CALLBACK_CLIENT_CLOSED is defined])],,
|
||||||
[#include <libwebsockets.h>])
|
[#include <libwebsockets.h>])
|
||||||
|
|
||||||
|
# Older versions of libwebsockets may not define a flag for requesting
|
||||||
|
# global initialization of OpenSSL, instead performing that initialization
|
||||||
|
# by default
|
||||||
|
AC_CHECK_DECL([LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT],
|
||||||
|
[AC_DEFINE([HAVE_LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT],,
|
||||||
|
[Whether LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT is defined])],,
|
||||||
|
[#include <libwebsockets.h>])
|
||||||
|
|
||||||
|
# Older versions of libwebsockets do not define special macros for SSL
|
||||||
|
# connection flags, instead relying on documented integer values
|
||||||
|
AC_CHECK_DECL([LCCSCF_USE_SSL],
|
||||||
|
[AC_DEFINE([HAVE_LCCSCF_USE_SSL],,
|
||||||
|
[Whether LCCSCF_USE_SSL is defined])],,
|
||||||
|
[#include <libwebsockets.h>])
|
||||||
|
|
||||||
|
# Older versions of libwebsockets do not define a dummy callback which
|
||||||
|
# must be invoked after the main event callback is invoked; the main event
|
||||||
|
# callback must instead manually return zero
|
||||||
|
AC_CHECK_DECL([lws_callback_http_dummy],
|
||||||
|
[AC_DEFINE([HAVE_LWS_CALLBACK_HTTP_DUMMY],,
|
||||||
|
[Whether lws_callback_http_dummy() is defined])],,
|
||||||
|
[#include <libwebsockets.h>])
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
AM_CONDITIONAL([ENABLE_WEBSOCKETS],
|
AM_CONDITIONAL([ENABLE_WEBSOCKETS],
|
||||||
|
@ -66,8 +66,13 @@ static int guac_kubernetes_lws_callback(struct lws* wsi,
|
|||||||
guac_client* client = guac_kubernetes_lws_current_client;
|
guac_client* client = guac_kubernetes_lws_current_client;
|
||||||
|
|
||||||
/* Do not handle any further events if connection is closing */
|
/* Do not handle any further events if connection is closing */
|
||||||
if (client->state != GUAC_CLIENT_RUNNING)
|
if (client->state != GUAC_CLIENT_RUNNING) {
|
||||||
|
#ifdef HAVE_LWS_CALLBACK_HTTP_DUMMY
|
||||||
return lws_callback_http_dummy(wsi, reason, user, in, length);
|
return lws_callback_http_dummy(wsi, reason, user, in, length);
|
||||||
|
#else
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
switch (reason) {
|
switch (reason) {
|
||||||
|
|
||||||
@ -115,6 +120,7 @@ static int guac_kubernetes_lws_callback(struct lws* wsi,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Connection closed */
|
/* Connection closed */
|
||||||
|
case LWS_CALLBACK_WSI_DESTROY:
|
||||||
case LWS_CALLBACK_CLOSED:
|
case LWS_CALLBACK_CLOSED:
|
||||||
guac_client_stop(client);
|
guac_client_stop(client);
|
||||||
guac_client_log(client, GUAC_LOG_DEBUG, "WebSocket connection to "
|
guac_client_log(client, GUAC_LOG_DEBUG, "WebSocket connection to "
|
||||||
@ -127,7 +133,11 @@ static int guac_kubernetes_lws_callback(struct lws* wsi,
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#ifdef HAVE_LWS_CALLBACK_HTTP_DUMMY
|
||||||
return lws_callback_http_dummy(wsi, reason, user, in, length);
|
return lws_callback_http_dummy(wsi, reason, user, in, length);
|
||||||
|
#else
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -259,7 +269,6 @@ void* guac_kubernetes_client_thread(void* data) {
|
|||||||
.origin = settings->hostname,
|
.origin = settings->hostname,
|
||||||
.port = settings->port,
|
.port = settings->port,
|
||||||
.protocol = GUAC_KUBERNETES_LWS_PROTOCOL,
|
.protocol = GUAC_KUBERNETES_LWS_PROTOCOL,
|
||||||
.pwsi = &kubernetes_client->wsi,
|
|
||||||
.userdata = client
|
.userdata = client
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -268,9 +277,15 @@ void* guac_kubernetes_client_thread(void* data) {
|
|||||||
* do our own validation - libwebsockets does not validate properly if
|
* do our own validation - libwebsockets does not validate properly if
|
||||||
* IP addresses are used. */
|
* IP addresses are used. */
|
||||||
if (settings->use_ssl) {
|
if (settings->use_ssl) {
|
||||||
|
#ifdef HAVE_LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT
|
||||||
context_info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
|
context_info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_LCCSCF_USE_SSL
|
||||||
connection_info.ssl_connection = LCCSCF_USE_SSL
|
connection_info.ssl_connection = LCCSCF_USE_SSL
|
||||||
| LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
|
| LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
|
||||||
|
#else
|
||||||
|
connection_info.ssl_connection = 2; /* SSL + no hostname check */
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Create libwebsockets context */
|
/* Create libwebsockets context */
|
||||||
|
@ -110,6 +110,27 @@ static EVP_PKEY* guac_kubernetes_read_key(char* pem) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* OpenSSL certificate verification callback which universally accepts all
|
||||||
|
* certificates without performing any verification at all.
|
||||||
|
*
|
||||||
|
* @param x509_ctx
|
||||||
|
* The current context of the certificate verification process. This
|
||||||
|
* parameter is ignored by this particular implementation of the callback.
|
||||||
|
*
|
||||||
|
* @param arg
|
||||||
|
* The arbitrary value passed to SSL_CTX_set_cert_verify_callback(). This
|
||||||
|
* parameter is ignored by this particular implementation of the callback.
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* Strictly 0 if certificate verification fails, 1 if the certificate is
|
||||||
|
* verified. No other values are legal return values for this callback as
|
||||||
|
* documented by OpenSSL.
|
||||||
|
*/
|
||||||
|
static int guac_kubernetes_assume_cert_ok(X509_STORE_CTX* x509_ctx, void* arg) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
void guac_kubernetes_init_ssl(guac_client* client, SSL_CTX* context) {
|
void guac_kubernetes_init_ssl(guac_client* client, SSL_CTX* context) {
|
||||||
|
|
||||||
guac_kubernetes_client* kubernetes_client =
|
guac_kubernetes_client* kubernetes_client =
|
||||||
@ -118,8 +139,11 @@ void guac_kubernetes_init_ssl(guac_client* client, SSL_CTX* context) {
|
|||||||
guac_kubernetes_settings* settings = kubernetes_client->settings;
|
guac_kubernetes_settings* settings = kubernetes_client->settings;
|
||||||
|
|
||||||
/* Bypass certificate checks if requested */
|
/* Bypass certificate checks if requested */
|
||||||
if (settings->ignore_cert)
|
if (settings->ignore_cert) {
|
||||||
SSL_CTX_set_verify(context, SSL_VERIFY_NONE, NULL);
|
SSL_CTX_set_verify(context, SSL_VERIFY_PEER, NULL);
|
||||||
|
SSL_CTX_set_cert_verify_callback(context,
|
||||||
|
guac_kubernetes_assume_cert_ok, NULL);
|
||||||
|
}
|
||||||
|
|
||||||
/* Otherwise use the given CA certificate to validate (if any) */
|
/* Otherwise use the given CA certificate to validate (if any) */
|
||||||
else if (settings->ca_cert != NULL) {
|
else if (settings->ca_cert != NULL) {
|
||||||
|
Loading…
Reference in New Issue
Block a user