fix wss client bug

92f8562c · AlexStocks · 75b0c121 · 92f8562c · 92f8562c · 92f8562c
Commit 92f8562c authored Apr 21, 2017 by AlexStocks
Hide whitespace changes
Inline Side-by-side

Showing with 71 additions and 46 deletions

change_log.md change_log.md +6 -0

client.go client.go +26 -11

server.go server.go +25 -24

session.go session.go +11 -8

version.go version.go +3 -3

No files found.
--- a/change_log.md
+++ b/change_log.md
@@ -11,6 +11,12 @@
 ## develop history ##
 ---

+- 2017/04/21
+    > bug fix
+    * 1 client can not connect wss server because of getty does not verify whether cert&key is nil or not in client.go:dialWSS
+    
+    > version: 0.7.02 
+
 - 2017/02/08
    > improvement
    >

--- a/client.go
+++ b/client.go
@@ -173,6 +173,8 @@ func (c *Client) dialWSS() Session {
 	var (
 		err      error
 		certPem  []byte
+		root     *x509.Certificate
+		roots    []*x509.Certificate
 		certPool *x509.CertPool
 		config   *tls.Config
 		dialer   websocket.Dialer
@@ -186,26 +188,36 @@ func (c *Client) dialWSS() Session {
 		InsecureSkipVerify: true,
 	}

+	if c.cert != "" && c.privateKey != "" {
+		config.Certificates = make([]tls.Certificate, 1)
+		if config.Certificates[0], err = tls.LoadX509KeyPair(c.cert, c.privateKey); err != nil {
+			panic(fmt.Sprintf("tls.LoadX509KeyPair(cert{%s}, privateKey{%s}) = err{%#v}", c.cert, c.privateKey, err))
+		}
+	}
+
+	certPool = x509.NewCertPool()
+	for _, c := range config.Certificates {
+		roots, err = x509.ParseCertificates(c.Certificate[len(c.Certificate)-1])
+		if err != nil {
+			panic(fmt.Sprintf("error parsing server's root cert: %v\n", err))
+		}
+		for _, root = range roots {
+			certPool.AddCert(root)
+		}
+	}
+
 	gxlog.CInfo("client cert:%s, key:%s, caCert:%s", c.cert, c.privateKey, c.caCert)
 	if c.caCert != "" {
 		certPem, err = ioutil.ReadFile(c.caCert)
 		if err != nil {
 			panic(fmt.Errorf("ioutil.ReadFile(caCert{%s}) = err{%#v}", c.caCert, err))
 		}
-		certPool = x509.NewCertPool()
 		if ok := certPool.AppendCertsFromPEM(certPem); !ok {
 			panic("failed to parse root certificate file.")
 		}
-		config.RootCAs = certPool
 		config.InsecureSkipVerify = false
 	}
-
-	if c.cert != "" && c.privateKey != "" {
-		config.Certificates = make([]tls.Certificate, 1)
-		if config.Certificates[0], err = tls.LoadX509KeyPair(c.cert, c.privateKey); err != nil {
-			panic(fmt.Sprintf("tls.LoadX509KeyPair(cert{%s}, privateKey{%s}) = err{%#v}", c.cert, c.privateKey, err))
-		}
-	}
+	config.RootCAs = certPool

 	// dialer.EnableCompression = true
 	dialer.TLSClientConfig = config
@@ -222,6 +234,7 @@ func (c *Client) dialWSS() Session {
 			if ss.(*session).maxMsgLen > 0 {
 				conn.SetReadLimit(int64(ss.(*session).maxMsgLen))
 			}
+			ss.SetName(defaultWSSSessionName)

 			return ss
 		}
@@ -233,10 +246,12 @@ func (c *Client) dialWSS() Session {
 }

 func (c *Client) dial() Session {
+	if strings.HasPrefix(c.addr, "wss") {
+		return c.dialWSS()
+	}
+
 	if strings.HasPrefix(c.addr, "ws") {
 		return c.dialWS()
-	} else if strings.HasPrefix(c.addr, "wss") {
-		return c.dialWSS()
 	}

 	return c.dialTCP()

--- a/server.go
+++ b/server.go
@@ -10,7 +10,7 @@
 package getty

 import (
-	// "context"
+	"context"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
@@ -23,7 +23,6 @@ import (
 )

 import (
-	"github.com/AlexStocks/goext/log"
 	"github.com/AlexStocks/goext/net"
 	"github.com/AlexStocks/goext/sync"
 	"github.com/AlexStocks/goext/time"
@@ -54,8 +53,8 @@ func NewServer() *Server {

 func (s *Server) stop() {
 	var (
-	// err error
-	// ctx context.Context
+		err error
+		ctx context.Context
 	)
 	select {
 	case <-s.done:
@@ -65,12 +64,12 @@ func (s *Server) stop() {
 			close(s.done)
 			s.lock.Lock()
 			if s.server != nil {
-				// ctx, _ = context.WithTimeout(context.Background(), serverFastFailTimeout)
-				// if err = s.server.Shutdown(ctx); err != nil {
-				// 	// 如果下面内容输出为：server shutdown ctx: context deadline exceeded，
-				// 	// 则说明有未处理完的active connections。
-				// 	log.Error("server shutdown ctx:%#v", err)
-				// }
+				ctx, _ = context.WithTimeout(context.Background(), serverFastFailTimeout)
+				if err = s.server.Shutdown(ctx); err != nil {
+					// 如果下面内容输出为：server shutdown ctx: context deadline exceeded，
+					// 则说明有未处理完的active connections。
+					log.Error("server shutdown ctx:%#v", err)
+				}
 			}
 			s.lock.Unlock()
 			// 把listener.Close放在这里，既能防止多次关闭调用，
@@ -252,30 +251,32 @@ func (s *Server) RunWSSEventLoop(
 	path string,
 	cert string,
 	privateKey string,
-	caCert string) {
+	caCert string,
+) {

 	s.wg.Add(1)
 	go func() {
 		defer s.wg.Done()
 		var (
-			err      error
-			certPem  []byte
-			certPool *x509.CertPool
-			config   *tls.Config
-			handler  *wsHandler
-			server   *http.Server
+			err         error
+			certPem     []byte
+			certificate tls.Certificate
+			certPool    *x509.CertPool
+			config      *tls.Config
+			handler     *wsHandler
+			server      *http.Server
 		)

-		config = &tls.Config{
-			InsecureSkipVerify: true,
-			ClientAuth:         tls.NoClientCert,
-		}
-		config.Certificates = make([]tls.Certificate, 1)
-		gxlog.CInfo("server cert:%s, key:%s, caCert:%s", cert, privateKey, caCert)
-		if config.Certificates[0], err = tls.LoadX509KeyPair(cert, privateKey); err != nil {
+		if certificate, err = tls.LoadX509KeyPair(cert, privateKey); err != nil {
 			panic(fmt.Sprintf("tls.LoadX509KeyPair(cert{%s}, privateKey{%s}) = err{%#v}", cert, privateKey, err))
 			return
 		}
+		config = &tls.Config{
+			InsecureSkipVerify: true, // 不对对端的证书进行校验
+			ClientAuth:         tls.NoClientCert,
+			NextProtos:         []string{"http/1.1"},
+			Certificates:       []tls.Certificate{certificate},
+		}

 		if caCert != "" {
 			certPem, err = ioutil.ReadFile(caCert)

--- a/session.go
+++ b/session.go
@@ -28,12 +28,15 @@ import (
 )

 const (
-	maxReadBufLen      = 4 * 1024
-	netIOTimeout       = 1e9      // 1s
-	period             = 60 * 1e9 // 1 minute
-	pendingDuration    = 3e9
-	defaultSessionName = "session"
-	outputFormat       = "session %s, Read Count: %d, Write Count: %d, Read Pkg Count: %d, Write Pkg Count: %d"
+	maxReadBufLen         = 4 * 1024
+	netIOTimeout          = 1e9      // 1s
+	period                = 60 * 1e9 // 1 minute
+	pendingDuration       = 3e9
+	defaultSessionName    = "session"
+	defaultTCPSessionName = "tcp-session"
+	defaultWSSessionName  = "ws-session"
+	defaultWSSSessionName = "wss-session"
+	outputFormat          = "session %s, Read Count: %d, Write Count: %d, Read Pkg Count: %d, Write Pkg Count: %d"
 )

 /////////////////////////////////////////
@@ -121,7 +124,7 @@ func NewSession() Session {

 func NewTCPSession(conn net.Conn) Session {
 	session := &session{
-		name:       defaultSessionName,
+		name:       defaultTCPSessionName,
 		Connection: newGettyTCPConn(conn),
 		done:       make(chan gxsync.Empty),
 		period:     period,
@@ -137,7 +140,7 @@ func NewTCPSession(conn net.Conn) Session {

 func NewWSSession(conn *websocket.Conn) Session {
 	session := &session{
-		name:       defaultSessionName,
+		name:       defaultWSSessionName,
 		Connection: newGettyWSConn(conn),
 		done:       make(chan gxsync.Empty),
 		period:     period,

--- a/version.go
+++ b/version.go
@@ -10,9 +10,9 @@
 package getty

 const (
-	Version     = "0.7.01"
-	DATE        = "2017/02/08"
+	Version     = "0.7.02"
+	DATE        = "2017/04/21"
 	GETTY_MAJOR = 0
 	GETTY_MINOR = 7
-	GETTY_BUILD = 1
+	GETTY_BUILD = 2
 )