diff --git a/lib/core-net/connect.c b/lib/core-net/connect.c index 1b6d82f75..384e90ca9 100644 --- a/lib/core-net/connect.c +++ b/lib/core-net/connect.c @@ -294,18 +294,19 @@ lws_client_connect_via_info(const struct lws_client_connect_info *i) /* PHASE 8: notify protocol with role-specific connected callback */ - /* raw socket doesn't want this... not sure if any want this */ - if (wsi->role_ops != &role_ops_raw_skt) { - lwsl_debug("%s: wsi %p: cb %d to %s %s\n", __func__, - wsi, wsi->role_ops->adoption_cb[0], - wsi->role_ops->name, wsi->protocol->name); + /* raw socket per se doesn't want this... raw socket proxy wants it... */ - wsi->protocol->callback(wsi, - wsi->role_ops->adoption_cb[0], + if (wsi->role_ops != &role_ops_raw_skt || + (i->local_protocol_name && + !strcmp(i->local_protocol_name, "raw-proxy"))) { + lwsl_debug("%s: wsi %p: adoption cb %d to %s %s\n", __func__, + wsi, wsi->role_ops->adoption_cb[0], + wsi->role_ops->name, wsi->protocol->name); + + wsi->protocol->callback(wsi, wsi->role_ops->adoption_cb[0], wsi->user_space, NULL, 0); } - #if defined(LWS_WITH_HUBBUB) if (i->uri_replace_to) wsi->http.rw = lws_rewrite_create(wsi, html_parser_cb, diff --git a/lib/core-net/private-lib-core-net.h b/lib/core-net/private-lib-core-net.h index f6f0d979a..0d1556a55 100644 --- a/lib/core-net/private-lib-core-net.h +++ b/lib/core-net/private-lib-core-net.h @@ -798,6 +798,7 @@ struct lws { unsigned int do_bind:1; unsigned int oom4:1; unsigned int validity_hup:1; + unsigned int skip_fallback:1; unsigned int could_have_pending:1; /* detect back-to-back writes */ unsigned int outer_will_close:1; diff --git a/lib/roles/http/server/server.c b/lib/roles/http/server/server.c index eb45bb43a..5c503649b 100644 --- a/lib/roles/http/server/server.c +++ b/lib/roles/http/server/server.c @@ -1900,8 +1900,8 @@ lws_http_to_fallback(struct lws *wsi, unsigned char *obuf, size_t olen) lws_set_timeout(wsi, NO_PENDING_TIMEOUT, 0); n = LWS_CALLBACK_SERVER_NEW_CLIENT_INSTANTIATED; - if (wsi->role_ops->adoption_cb[0]) - n = wsi->role_ops->adoption_cb[0]; + if (wsi->role_ops->adoption_cb[1]) + n = wsi->role_ops->adoption_cb[1]; ipbuf[0] = '\0'; #if !defined(LWS_PLAT_OPTEE) diff --git a/lib/tls/mbedtls/mbedtls-server.c b/lib/tls/mbedtls/mbedtls-server.c index c247ceb7b..2b6983045 100644 --- a/lib/tls/mbedtls/mbedtls-server.c +++ b/lib/tls/mbedtls/mbedtls-server.c @@ -302,6 +302,8 @@ lws_tls_server_accept(struct lws *wsi) int m, n; n = SSL_accept(wsi->tls.ssl); + + wsi->skip_fallback = 1; if (n == 1) { if (strstr(wsi->vhost->name, ".invalid")) { diff --git a/lib/tls/openssl/openssl-server.c b/lib/tls/openssl/openssl-server.c index cf19dfd15..9adfbb891 100644 --- a/lib/tls/openssl/openssl-server.c +++ b/lib/tls/openssl/openssl-server.c @@ -622,6 +622,8 @@ lws_tls_server_accept(struct lws *wsi) ERR_clear_error(); n = SSL_accept(wsi->tls.ssl); + wsi->skip_fallback = 1; + if (n == 1) { n = lws_tls_peer_cert_info(wsi, LWS_TLS_CERT_INFO_COMMON_NAME, &ir, sizeof(ir.ns.name)); diff --git a/lib/tls/tls-server.c b/lib/tls/tls-server.c index a7b27b512..43c930f03 100644 --- a/lib/tls/tls-server.c +++ b/lib/tls/tls-server.c @@ -182,11 +182,10 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) goto fail; } - if (wsi->vhost->tls.allow_non_ssl_on_ssl_port) { + if (wsi->vhost->tls.allow_non_ssl_on_ssl_port && !wsi->skip_fallback) { n = recv(wsi->desc.sockfd, (char *)pt->serv_buf, context->pt_serv_buf_size, MSG_PEEK); - /* * We have LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT.. * this just means don't hang up on him because of no