You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@guacamole.apache.org by mike-jumper <gi...@git.apache.org> on 2018/09/27 05:46:57 UTC

[GitHub] guacamole-server pull request #192: GUACAMOLE-623: Fix build against older l...

GitHub user mike-jumper opened a pull request:

    https://github.com/apache/guacamole-server/pull/192

    GUACAMOLE-623: Fix build against older libwebsockets.

    The build is currently broken on CentOS 7 with EPEL, where libwebsockets is available but at version 1.7.5. Several differences are in play which needed to be addressed here:
    
    * SSL client initialization flags do not exist. Instead, a set of documented integer values is used for no SSL (0), SSL with verification of certificate (1), and SSL which allows self-signed certificates (2). The latter is unfortunately very specific to self-signed certificates, leading to verification failures in other cases - more on that below.
    * The `lws_callback_http_dummy()` function which must be invoked within the event callback to perform some sort of housekeeping tasks internal to libwebsockets is not defined. The event callback is instead expected to simply return 0.
    * The `pwsi` member of the `lws_client_connect_info` structure does not exist. This can safely be removed - our original purpose for using it, exposing the `guac_client` to the event callback, no longer exists as the `guac_client` is exposed through a static variable instead.
    * The SSL verification of server certificates is explicitly bypassed if requested, but the error result is still checked in all cases and still fails the connection for all but extremely specific verification errors related to self-signed certificates. This is addressed through neutering the certificate verification entirely when `ignore_cert` is set, rather than just asking nicely.
    * Older libwebsockets will not fire `LWS_CALLBACK_CLOSED` events under some circumstances, instead only firing `LWS_CALLBACK_WSI_DESTROY` for the destruction of the WebSocket structure. Both need to be handled for the connection to close cleanly in all cases.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/mike-jumper/guacamole-server fix-old-libwebsockets

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/guacamole-server/pull/192.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #192
    
----
commit d8618b0682e69ca5c99f0608368f21188d16fce3
Author: Michael Jumper <mj...@...>
Date:   2018-09-27T04:50:19Z

    GUACAMOLE-623: Support older libwebsockets SSL initialization.

commit b48a1b3a5d15e6c95fa64222342033eb584dc0a3
Author: Michael Jumper <mj...@...>
Date:   2018-09-27T04:51:07Z

    GUACAMOLE-623: Use libwebsockets' dummy callback only if defined.

commit 7ee624844a2ef577bfd5af6c9559919e1ba77846
Author: Michael Jumper <mj...@...>
Date:   2018-09-27T04:51:46Z

    GUACAMOLE-623: Remove unnecessary initialization of pwsi.
    
    The pwsi member was previously used to ensure the lws structure was made
    available to invocations of the event callback early in the connection
    lifecycle such that the underlyin guac_client could always be retrieved.
    Since the migration to guac_kubernetes_lws_current_client, this is not
    necessary, and isn't supported in older versions of libwebsockets
    anyway.

commit 44d3433ea92de6de7d127f93335c0a5be47c735c
Author: Michael Jumper <mj...@...>
Date:   2018-09-27T05:01:43Z

    GUACAMOLE-623: Explicitly bypass certificate checks if requested.
    
    For older versions of libwebsockets, simply requesting that OpenSSL
    ignore the verification result is insufficient, as libwebsockets
    manually checks and confirms the verification result, producing an error
    in all but specific cases.

commit 9c593bde89891522324fe84034e4a9bd415aae2c
Author: Michael Jumper <mj...@...>
Date:   2018-09-27T05:30:08Z

    GUACAMOLE-623: Kill connection if libwebsockets is destroying the underlying WebSocket.
    
    Older versions of libwebsockets will not necessarily invoke close events
    under all circumstances, and will instead sometimes summarily destroy
    the WebSocket. Thankfully there is another event for that, and newer
    versions of libwebsockets continue to define that event. We can hook
    into both to handle disconnect.

----


---

[GitHub] guacamole-server pull request #192: GUACAMOLE-623: Fix build against older l...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/guacamole-server/pull/192


---