[asterisk-bugs] [JIRA] (ASTERISK-23099) Asterisk WSS ( Secure WebSocket) patch
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Mon Jan 27 10:13:03 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-23099?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rusty Newton updated ASTERISK-23099:
------------------------------------
Assignee: Rusty Newton (was: Thava Iyer)
Status: Triage (was: Waiting for Feedback)
> Asterisk WSS ( Secure WebSocket) patch
> ---------------------------------------
>
> Key: ASTERISK-23099
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-23099
> Project: Asterisk
> Issue Type: Improvement
> Security Level: None
> Components: Resources/res_http_websocket
> Affects Versions: 11.5.1
> Environment: Linux, Chrome
> Reporter: Thava Iyer
> Assignee: Rusty Newton
> Attachments: ast_wss_r404720_v11_5_0.patch
>
>
> Asterisk websocket interface (res/res_http_websocket.c) works well for normal websockets (ws) but fails on secure - websockets (wss). The ast_websocket_read() function, first reads the header (14) bytes using first fread() call and then , for the remaining payload, in a while loop, it first polls the raw-socket for the date before further reads. In the normal websocket, it is fine. But for the secure-websocket case, the underlying ssl_read() would have read the whole data, in the first fread() call (of course to decrypt ) and emptied the socket-fd. This would make the ast_websocket_read() to wait for data to appear on the socket.
> This patch enables the ast_websocket_read() function to read the whole available data at first and then wait for any fragmented packets. This makes the secure-websocket connection to work properly.
> This has been tested with Chrome 31.0.1650.63.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list