From d8618b0682e69ca5c99f0608368f21188d16fce3 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 26 Sep 2018 21:50:19 -0700 Subject: [PATCH] GUACAMOLE-623: Support older libwebsockets SSL initialization. --- configure.ac | 22 ++++++++++++++++++++-- src/protocols/kubernetes/kubernetes.c | 6 ++++++ 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index d26db39f..bb23f62c 100644 --- a/configure.ac +++ b/configure.ac @@ -1198,14 +1198,32 @@ then have_libwebsockets=no]) fi -# Check for client-specific closed event, which must be used in favor of the -# generic closed event if libwebsockets is recent enough to provide this if test "x$with_websockets" != "xno" then + + # Check for client-specific closed event, which must be used in favor of + # the generic closed event if libwebsockets is recent enough to provide + # this AC_CHECK_DECL([LWS_CALLBACK_CLIENT_CLOSED], [AC_DEFINE([HAVE_LWS_CALLBACK_CLIENT_CLOSED],, [Whether LWS_CALLBACK_CLIENT_CLOSED is defined])],, [#include ]) + + # Older versions of libwebsockets may not define a flag for requesting + # global initialization of OpenSSL, instead performing that initialization + # by default + AC_CHECK_DECL([LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT], + [AC_DEFINE([HAVE_LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT],, + [Whether LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT is defined])],, + [#include ]) + + # Older versions of libwebsockets do not define special macros for SSL + # connection flags, instead relying on documented integer values + AC_CHECK_DECL([LCCSCF_USE_SSL], + [AC_DEFINE([HAVE_LCCSCF_USE_SSL],, + [Whether LCCSCF_USE_SSL is defined])],, + [#include ]) + fi AM_CONDITIONAL([ENABLE_WEBSOCKETS], diff --git a/src/protocols/kubernetes/kubernetes.c b/src/protocols/kubernetes/kubernetes.c index f314c597..9cb0b13b 100644 --- a/src/protocols/kubernetes/kubernetes.c +++ b/src/protocols/kubernetes/kubernetes.c @@ -268,9 +268,15 @@ void* guac_kubernetes_client_thread(void* data) { * do our own validation - libwebsockets does not validate properly if * IP addresses are used. */ if (settings->use_ssl) { +#ifdef HAVE_LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT context_info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; +#endif +#ifdef HAVE_LCCSCF_USE_SSL connection_info.ssl_connection = LCCSCF_USE_SSL | LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK; +#else + connection_info.ssl_connection = 2; /* SSL + no hostname check */ +#endif } /* Create libwebsockets context */