[asterisk-bugs] [JIRA] (ASTERISK-23099) Asterisk WSS ( Secure WebSocket) patch

[Thava Iyer (JIRA)]

Thava Iyer created ASTERISK-23099:
-------------------------------------

             Summary: Asterisk WSS ( Secure WebSocket) patch 
                 Key: ASTERISK-23099
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23099
             Project: Asterisk
          Issue Type: Improvement
      Security Level: None
          Components: Resources/res_http_websocket
    Affects Versions: 11.5.1
         Environment: Linux, Chrome
            Reporter: Thava Iyer
            Severity: Trivial


Asterisk websocket interface (res/res_http_websocket.c) works well for normal websockets (ws) but fails on secure - websockets (wss). The ast_websocket_read() function, first reads the header (14) bytes using first fread() call and then , for the remaining payload,  in a while loop, it first polls the raw-socket for the date before further reads. In the normal websocket, it is fine. But for the secure-websocket case, the underlying ssl_read() would have read the whole data, in the first fread() call (of course to decrypt ) and emptied the socket. This would make the ast_websocket_read() to fail, thus, the sip_websocket_callback() would just waits for data on the socket.

This enables to read the whole available data at first and then wait for any fragmented packets. This enables the secure-websocket connections to work properly.

This has been tested with  Chrome 31.0.1650.63.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira