8.0.33 unencrypted websockets not generating correct HTTP CONNECT when using proxies?

[Rich Carreiro <rl...@gmail.com>]

I am running Tomcat 8.0.33.  In my webapp I need to make outbound
websocket connections (i.e. be a client endpoint) through a HTTP proxy.

Outbound encrypted websockets (wss://foo.bar) work fine, but
unencrypted ones (ws://foo.bar) fail.

What I am seeing (in WsWebSocketContainer.createProxyRequest())
is that when there is no explicit port in the websocket URL, the container
does not put in an explicit port when building the CONNECT string.

So both ws://foo.bar and wss://foo.bar turn into
CONNECT foo.bar HTTP/1.1 [etc]

The proxy (reasonably, IMHO) assumes that a connect request
with no explicit port is going to port 443 on the destination host,
and thus the failure.  (And of course, if the proxy assumed no
explicit port meant port 80, then the problem would simply
be happening in the opposite way where ws:// would work
but wss:// would not).

If I add an explicit port to the ws:// URL (so ws://foo.bar:80) then
the websocket works fine through the proxy.

By contrast, Tyrus always puts an explicit port number in the
CONNECT request even when the ws:// and wss:// URLs do not
have explicit port numbers.

I've been looking at RFC 6455 and to my reading it says that a
websocket client should include the port when asking the proxy
to make a connection to the ultimate destination host.

Is this a known bug?  An acceptable difference in interpretation
of the RFC?

-- 
Rich Carreiro             rlcarr@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org