remi icon indicating copy to clipboard operation
remi copied to clipboard

Published 20 hours ago verified publisher icon rawpython

Https and SIGINT handling

Open tetofonta opened this issue 8 years ago • 6 comments

When using remi on a network can be useful to use https protocol for security reasons: this can be done by calling "ssl.warp_socket(...)" over the HTTPServer created socket. Also, when developing application, is useful to terminate the process with CTRL+C key, so it can be done by allowing user to specify if SIGINT needs to be ignored.

tetofonta avatar Nov 12 '17 14:11 tetofonta

Hello @tetofonta , thank you so much for contributing to remi project. I will see at your pull req in about a week, I'm abroad right now. ;-)

dddomodossola avatar Nov 12 '17 20:11 dddomodossola

In order to secure any form inputs, the websocket connection would need to be secured. Using wss:// as the protocol that the javascript part connects to.

I have a branch which secures both sockets. Unfortunately in a clumsy way so I never created a PR for it.

PURPORC avatar Nov 16 '17 10:11 PURPORC

@tetofonta I merged your code to a branch called tetofonta-https. I a near future I will merge it to master, after a bit of debugging. @PURPORC have you the possibility to contribute on securing websockets? :-)

dddomodossola avatar Dec 15 '17 09:12 dddomodossola

@tetofonta Made some tests but without success. I got this error:

remi.server INFO Started httpserver https://127.0.0.1:8073/ remi.request ERROR PC14 code 400, message Bad request syntax ('\x16\x03\x01\x00\xae\x01\x00\x00\xaa\x03\x03R\x1d\xa2G\xbcT\xbd\x10\xb7i\xbd\xb6\x02\xdf\xde\xaf') remi.request ERROR PC14 code 400, message Bad request syntax ('\x16\x03\x01\x00\xae\x01\x00\x00\xaa\x03\x03\xd9\xd7\xd1\xbb\xabI\x01\xa5j}D\x149\xbc\xd8\xa9\x9d\x06@-\x8e!4i4\x8a\xf4\xa2\x96\xc7') remi.request DEBUG PC14 " « ¬RóG╝T¢Ài¢Â▀Ì»" 400 - remi.request DEBUG PC14 " « ¬┘ÎÐ╗½IÑj}D9╝Ï®Ø@-Ä!4i4è¶óûÃ" 400 -

Does this work for you? Can you give me some advices?

dddomodossola avatar Jan 10 '18 16:01 dddomodossola

No idea about what's happened, it works fine for me. I've tried right now, no errors from ssl. Anyway I've recommited my working code with a bash script for certificate generation.

tetofonta avatar Jan 11 '18 12:01 tetofonta

@tetofonta Done some more testing. It appears that your https fix is ok but REQUIRES wss (secured websocket) to work correctly. This is because unsecure websocket is not allowed under https. I've tested @PURPORC implementation and works fine, but have to be reworked a bit.

dddomodossola avatar Jan 11 '18 13:01 dddomodossola