proxy: Issue #14: detect and allow wss:// from Safari.

Addresses this issue:
http://github.com/kanaka/noVNC/issues#issue/14

Safari starts with '\x80' rather than '\x16' like Chrome and Firefox
and having PROTOCOL_TLSv1 doesn't work with Safari. But just removing
the ssl_version allows things to work with Safari wss:// connections.

Also, if the handshake (after SSL wrapping) is null then terminate the
connection. This probably means the certificate was refused by the
client. Unfortunately Safari (the version I have) doesn't cleanly
shutdown WebSockets connections until the page is reloaded (even if
the object is no longer referenced).

diff --git a/utils/websocket.py b/utils/websocket.py
index d63785d772faac80271dd20493008ed9bd84cfb7..630af9eeb082d2314f10c4115f4c2c27d51f8db0 100755 (executable)
--- a/utils/websocket.py
+++ b/utils/websocket.py
@@ -110,12 +110,11 @@ def do_handshake(sock):
         sock.send(policy_response)
         sock.close()
         return False
-    elif handshake.startswith("\x16"):
+    elif handshake[0] in ("\x16", "\x80"):
         retsock = ssl.wrap_socket(
                 sock,
                 server_side=True,
-                certfile=settings['cert'],
-                ssl_version=ssl.PROTOCOL_TLSv1)
+                certfile=settings['cert'])
         scheme = "wss"
         handler_msg("using SSL/TLS")
     elif settings['ssl_only']:
@@ -128,6 +127,8 @@ def do_handshake(sock):
         handler_msg("using plain (not SSL) socket")
     handshake = retsock.recv(4096)
     #handler_msg("handshake: " + repr(handshake))
+    if len(handshake) == 0:
+        raise EClose("Client closed during handshake")
     h = parse_handshake(handshake)
 
     if h.get('key3'):