Opened 3 years ago
Closed 2 years ago
#1731 closed defect (fixed)
inconsistent authentication handling
| Reported by: | Antoine Martin | Owned by: | J. Max Mena |
|---|---|---|---|
| Priority: | blocker | Milestone: | 2.3 |
| Component: | server | Version: | 2.2.x |
| Keywords: | Cc: |
Description
Because TCP sockets can be upgraded to websockets, SSL or both (Secure websockets) - for details see #1504 and wiki/Authentication - the authentication module for the connection is not always the one expected: wrapping with websockets uses the new socket type (ws-auth), but ssl would not! (and a wss upgrade from tcp would use ssl!)
Same problem applies to websockets upgraded to ssl (bind-ws with ssl=on), or ssl sockets upgraded to secure-websockets (bind-ssl with html=on).
Change History (3)
comment:1 Changed 3 years ago by
| Status: | new → assigned |
|---|
comment:2 Changed 2 years ago by
| Owner: | changed from Antoine Martin to J. Max Mena |
|---|---|
| Status: | assigned → new |
Backport in r17972.
@mamylyn: FYI, that's a bigger than usual backport.
Note: See
TracTickets for help on using
tickets.
copyleft 2010 - 2020
Minimal? fix in r17798: keep track of the original socket type, use those authentication modules.
Backport still needed. (oh joy)
In the meantime, the easy workaround is to always make sure to set
ssl-auth,ws-authandwss-authif you are settingtcp-auth.