fallback: dont check after first ssl accept attempt

lib/core-net/connect.c

@@ -294,18 +294,19 @@ lws_client_connect_via_info(const struct lws_client_connect_info *i)
 
 	/* PHASE 8: notify protocol with role-specific connected callback */
 
-	/* raw socket doesn't want this... not sure if any want this */
-	if (wsi->role_ops != &role_ops_raw_skt) {
-		lwsl_debug("%s: wsi %p: cb %d to %s %s\n", __func__,
-				wsi, wsi->role_ops->adoption_cb[0],
-				wsi->role_ops->name, wsi->protocol->name);
+	/* raw socket per se doesn't want this... raw socket proxy wants it... */
 
-		wsi->protocol->callback(wsi,
-				wsi->role_ops->adoption_cb[0],
+	if (wsi->role_ops != &role_ops_raw_skt ||
+	    (i->local_protocol_name &&
+	     !strcmp(i->local_protocol_name, "raw-proxy"))) {
+		lwsl_debug("%s: wsi %p: adoption cb %d to %s %s\n", __func__,
+			   wsi, wsi->role_ops->adoption_cb[0],
+			   wsi->role_ops->name, wsi->protocol->name);
+
+		wsi->protocol->callback(wsi, wsi->role_ops->adoption_cb[0],
 				wsi->user_space, NULL, 0);
 	}
 
-
 #if defined(LWS_WITH_HUBBUB)
 	if (i->uri_replace_to)
 		wsi->http.rw = lws_rewrite_create(wsi, html_parser_cb,

lib/core-net/private-lib-core-net.h

@@ -798,6 +798,7 @@ struct lws {
 	unsigned int			do_bind:1;
 	unsigned int			oom4:1;
 	unsigned int			validity_hup:1;
+	unsigned int			skip_fallback:1;
 
 	unsigned int			could_have_pending:1; /* detect back-to-back writes */
 	unsigned int			outer_will_close:1;

lib/roles/http/server/server.c

@@ -1900,8 +1900,8 @@ lws_http_to_fallback(struct lws *wsi, unsigned char *obuf, size_t olen)
 	lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0);
 
 	n = LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED;
-	if (wsi->role_ops->adoption_cb[0])
-		n = wsi->role_ops->adoption_cb[0];
+	if (wsi->role_ops->adoption_cb[1])
+		n = wsi->role_ops->adoption_cb[1];
 
 	ipbuf[0] = '\0';
 #if !defined(LWS_PLAT_OPTEE)

lib/tls/mbedtls/mbedtls-server.c

@@ -302,6 +302,8 @@ lws_tls_server_accept(struct lws *wsi)
 	int m, n;
 
 	n = SSL_accept(wsi->tls.ssl);
+
+	wsi->skip_fallback = 1;
 	if (n == 1) {
 
 		if (strstr(wsi->vhost->name, ".invalid")) {

lib/tls/openssl/openssl-server.c

@@ -622,6 +622,8 @@ lws_tls_server_accept(struct lws *wsi)
 	ERR_clear_error();
 	n = SSL_accept(wsi->tls.ssl);
 
+	wsi->skip_fallback = 1;
+
 	if (n == 1) {
 		n = lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_COMMON_NAME, &ir,
 					   sizeof(ir.ns.name));

lib/tls/tls-server.c

@@ -182,11 +182,10 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 			goto fail;
 		}
 
-		if (wsi->vhost->tls.allow_non_ssl_on_ssl_port) {
+		if (wsi->vhost->tls.allow_non_ssl_on_ssl_port && !wsi->skip_fallback) {
 
 			n = recv(wsi->desc.sockfd, (char *)pt->serv_buf,
 				 context->pt_serv_buf_size, MSG_PEEK);
-
 			/*
 			 * We have LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT..
 			 * this just means don't hang up on him because of no