Skip to content

Commit 31045cf

Browse files
kylecarbskylecarbs
committed
Properly accept WebSockets in DERP HTTP server
1 parent b6042b5 commit 31045cf

File tree

2 files changed

+17
-2
lines changed

2 files changed

+17
-2
lines changed

derp/derphttp/derphttp_server.go

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@
44
package derphttp
55

66
import (
7+
"crypto/sha1"
8+
"encoding/base64"
79
"fmt"
810
"log"
911
"net/http"
@@ -47,14 +49,27 @@ func Handler(s *derp.Server) http.Handler {
4749
if !fastStart {
4850
pubKey := s.PublicKey()
4951
fmt.Fprintf(conn, "HTTP/1.1 101 Switching Protocols\r\n"+
50-
"Upgrade: DERP\r\n"+
52+
"Upgrade: %s\r\n"+
5153
"Connection: Upgrade\r\n"+
54+
"Sec-WebSocket-Accept: %s\r\n"+
5255
"Derp-Version: %v\r\n"+
5356
"Derp-Public-Key: %s\r\n\r\n",
57+
up,
58+
secWebSocketAccept(r.Header.Get("Sec-WebSocket-Key")),
5459
derp.ProtocolVersion,
5560
pubKey.UntypedHexString())
5661
}
5762

5863
s.Accept(r.Context(), netConn, conn, netConn.RemoteAddr().String())
5964
})
6065
}
66+
67+
var keyGUID = []byte("258EAFA5-E914-47DA-95CA-C5AB0DC85B11")
68+
69+
func secWebSocketAccept(secWebSocketKey string) string {
70+
h := sha1.New()
71+
h.Write([]byte(secWebSocketKey))
72+
h.Write(keyGUID)
73+
74+
return base64.StdEncoding.EncodeToString(h.Sum(nil))
75+
}

derp/derphttp/websocket.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
// Copyright (c) Tailscale Inc & AUTHORS
22
// SPDX-License-Identifier: BSD-3-Clause
33

4-
//go:build linux || js
4+
//go:build linux || js || darwin || windows
55

66
package derphttp
77

0 commit comments

Comments
 (0)