From 57702318b095358ffe8fa3a99ec330d7aed3fca3 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Sat, 3 Oct 2020 13:53:17 +0200 Subject: [PATCH] Add support for Websockets with https inspection enabled Set the CT_TABOO flag in case of status code 101 and continue shuffling data around until one of the sockets gets closed. --- jcc.c | 31 +++++++++++++++++++++++++++++++ parsers.c | 3 ++- 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/jcc.c b/jcc.c index bb57dedb..dbc5e115 100644 --- a/jcc.c +++ b/jcc.c @@ -2841,6 +2841,37 @@ static void handle_established_connection(struct client_state *csp) #ifdef FEATURE_HTTPS_INSPECTION if (client_use_ssl(csp)) { + if (csp->http->status == 101) + { + len = ssl_recv_data(&(csp->ssl_client_attr), + (unsigned char *)csp->receive_buffer, + (size_t)max_bytes_to_read); + if (len == -1) + { + log_error(LOG_LEVEL_ERROR, "Failed to receive data " + "on client socket %d for an upgraded connection", + csp->cfd); + break; + } + if (len == 0) + { + log_error(LOG_LEVEL_CONNECT, "Done receiving data " + "on client socket %d for an upgraded connection", + csp->cfd); + break; + } + byte_count += (unsigned long long)len; + len = ssl_send_data(&(csp->ssl_server_attr), + (unsigned char *)csp->receive_buffer, (size_t)len); + if (len == -1) + { + log_error(LOG_LEVEL_ERROR, "Failed to send data " + "on server socket %d for an upgraded connection", + csp->server_connection.sfd); + break; + } + continue; + } log_error(LOG_LEVEL_CONNECT, "Breaking with TLS/SSL."); break; } diff --git a/parsers.c b/parsers.c index 06f1ae8b..3f704deb 100644 --- a/parsers.c +++ b/parsers.c @@ -4067,7 +4067,8 @@ static jb_err server_http(struct client_state *csp, char **header) return JB_ERR_PARSE; } - if (csp->http->status == 206) + if (csp->http->status == 101 || + csp->http->status == 206) { csp->content_type = CT_TABOO; } -- 2.39.2