From 581482b4631cfa49d439b6574faf075daa7ebf7b Mon Sep 17 00:00:00 2001 From: David Thompson Date: Fri, 25 Mar 2016 16:20:48 -0400 Subject: client: Generate random nonce for handshake. * web/socket/client.scm (generate-websocket-nonce): New procedure. (make-handshake-request): Change argument from uri to websocket. Generate a real nonce for Sec-WebSocket-Key header. (handshake): Adjust make-handshake-request call. --- web/socket/client.scm | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'web') diff --git a/web/socket/client.scm b/web/socket/client.scm index 5712cd5..8bd0c3d 100644 --- a/web/socket/client.scm +++ b/web/socket/client.scm @@ -111,21 +111,27 @@ scheme." "Return #t if the WebSocket WS is in the closed state." (eq? (websocket-state ws) 'closed)) +(define (generate-websocket-nonce ws) + "Return a random, base64 encoded nonce using the entropy source of +WS." + (base64-encode + (get-bytevector-n (websocket-entropy-port ws) 16))) + ;; See Section 4.1 - Client Requirements -(define (make-handshake-request uri) +(define (make-handshake-request ws) "Create an HTTP request for initiating a WebSocket connect with the remote resource described by URI." - (let ((headers `((host . (,(uri-host uri) . #f)) + (let* ((uri (websocket-uri ws)) + (headers `((host . (,(uri-host uri) . #f)) (upgrade . ("WebSocket")) (connection . (upgrade)) - ;; TODO: Generate a real key. - (sec-websocket-key . "AQIDBAUGBwgJCgsMDQ4PEC==") + (sec-websocket-key . ,(generate-websocket-nonce ws)) (sec-websocket-version . "13")))) (build-request uri #:method 'GET #:headers headers))) (define (handshake ws) "Perform the WebSocket handshake for the client WS." - (write-request (make-handshake-request (websocket-uri ws)) + (write-request (make-handshake-request ws) (websocket-socket ws)) (let* ((response (read-response (websocket-socket ws))) (headers (response-headers response)) -- cgit v1.2.3