From f24940a3692dc9e37f519e0c1af47033b2361306 Mon Sep 17 00:00:00 2001 From: Kurt Pattyn Date: Sun, 16 Feb 2014 13:53:29 +0100 Subject: [PATCH] Fix Google Chrome connection problem Task-number: QTBUG-36757 Change-Id: I6a802e93e28b6281fe03aacf001897003310a027 Reviewed-by: Peter Hartmann --- src/websockets/qwebsocketserver.cpp | 7 +++++++ src/websockets/qwebsocketserver_p.cpp | 18 ++++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/websockets/qwebsocketserver.cpp b/src/websockets/qwebsocketserver.cpp index 0645947..884f422 100644 --- a/src/websockets/qwebsocketserver.cpp +++ b/src/websockets/qwebsocketserver.cpp @@ -70,6 +70,13 @@ \l {http://tools.ietf.org/html/rfc6455#page-39} {extensions} and \l {http://tools.ietf.org/html/rfc6455#page-12} {subprotocols}. + \note When working with self-signed certificates, FireFox currently has a + \l {https://bugzilla.mozilla.org/show_bug.cgi?id=594502} {bug} that prevents it to + connect to a secure websocket server. To work around this problem, first browse to the + secure websocket server using https. FireFox will indicate that the certificate is invalid. + From here on, the certificate can be added to the exceptions. After this, the secure websockets + connection should work. + QWebSocketServer only supports version 13 of the WebSocket protocol, as outlined in RFC 6455. \sa echoserver.html diff --git a/src/websockets/qwebsocketserver_p.cpp b/src/websockets/qwebsocketserver_p.cpp index a43e75a..f349dc2 100644 --- a/src/websockets/qwebsocketserver_p.cpp +++ b/src/websockets/qwebsocketserver_p.cpp @@ -94,7 +94,8 @@ void QWebSocketServerPrivate::init() m_pTcpServer = pSslServer; if (Q_LIKELY(m_pTcpServer)) { QObjectPrivate::connect(pSslServer, &QSslServer::newEncryptedConnection, - this, &QWebSocketServerPrivate::onNewConnection); + this, &QWebSocketServerPrivate::onNewConnection, + Qt::QueuedConnection); QObject::connect(pSslServer, &QSslServer::peerVerifyError, q_ptr, &QWebSocketServer::peerVerifyError); QObject::connect(pSslServer, &QSslServer::sslErrors, @@ -414,13 +415,22 @@ void QWebSocketServerPrivate::handshakeReceived() qWarning() << QWebSocketServer::tr("Sender is not a QTcpSocket. This is a Qt bug!!!"); return; } + //When using Google Chrome the handshake in received in two parts. + //Therefore, the readyRead signal is emitted twice. + //This is a guard against the BEAST attack. + //See: https://www.imperialviolet.org/2012/01/15/beastfollowup.html + //For Safari, the handshake is delivered at once + //FIXME: For FireFox, the readyRead signal is never emitted + //This is a bug in FireFox (see https://bugzilla.mozilla.org/show_bug.cgi?id=594502) + if (!pTcpSocket->canReadLine()) { + return; + } + disconnect(pTcpSocket, &QTcpSocket::readyRead, + this, &QWebSocketServerPrivate::handshakeReceived); Q_Q(QWebSocketServer); bool success = false; bool isSecure = false; - disconnect(pTcpSocket, &QTcpSocket::readyRead, - this, &QWebSocketServerPrivate::handshakeReceived); - if (m_pendingConnections.length() >= maxPendingConnections()) { pTcpSocket->close(); pTcpSocket->deleteLater(); -- 2.7.4