Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/lib/tls/tls-client.c

161 lines
4.3 KiB
C
Raw Permalink Normal View History

ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
/*
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
* libwebsockets - client-related ssl code independent of backend
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
*
clean: general whitespace cleanup
2018-11-23 08:47:56 +08:00
* Copyright (C) 2010-2018 Andy Green <andy@warmcat.com>
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation:
* version 2.1 of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
refactor: core code in lib/core and private-libwebsockets.h to core/private.h This commit is coverity-clean as tested cmake .. -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITHOUT_EXTENSIONS=1 -DLWS_WITH_ACME=1 -DLWS_WITH_LWSWS=1 -DLWS_WITH_LIBUV=1 -DLWS_WITH_HTTP2=1 -DLWS_WITHOUT_CLIENT=0 -DLWS_WITHOUT_SERVER=0 -DLWS_UNIX_SOCK=1 -DLWS_WITH_TLS=0 -DLWS_WITH_MBEDTLS=0 -DLWS_WITH_CGI=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_GENERIC_SESSIONS=1 -DLWS_WITH_RANGES=1 -DLWS_ROLE_WS=1 -DLWS_MAX_SMP=16 -DLWS_ROLE_H1=1 -DLWS_WITH_WOLFSSL=0 -DLWS_WITH_LIBEV=0 -DLWS_WITH_LIBEVENT=1
2018-05-03 10:49:36 +08:00
#include "core/private.h"
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
int
lws_ssl_client_connect1(struct lws *wsi)
{
struct lws_context *context = wsi->context;
polarssl implementation Signed-off-by: Andy Green <andy@warmcat.com>
2016-04-17 11:28:43 +08:00
int n = 0;
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
lws_latency_pre(context, wsi);
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
n = lws_tls_client_connect(wsi);
refactor mode and states into roles and states
2018-04-02 11:55:17 +08:00
lws_latency(context, wsi, "SSL_connect hs", n, n > 0);
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
switch (n) {
case LWS_SSL_CAPABLE_ERROR:
return -1;
case LWS_SSL_CAPABLE_DONE:
return 1; /* connected */
case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
lws_callback_on_writable(wsi);
/* fallthru */
http_proxy: fix for mbedtls
2019-11-15 09:15:37 +00:00
case LWS_SSL_CAPABLE_MORE_SERVICE:
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
refactor mode and states into roles and states
2018-04-02 11:55:17 +08:00
lwsi_set_state(wsi, LRS_WAITING_SSL);
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
break;
}
return 0; /* retry */
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
}
int
mbedtls: wrapper: client: Force mbedTLS to attemp to verify cert AG: unlike openssl, mbedtls does not load the system trust store. So this change will make client tls operations that work OK on openssl fail on mbedtls unless you provide the correct CA cert. This allows lws to distinguish between untrusted CAs, hostname mismatches, expired certificates. NOTE: LCCSCF_ALLOW_SELFSIGNED actually allows for untrusted CAs, and will also skip hostname verification. This is somewhat a limitiation of the current lws verification process. AG: improve error reporting up to the CLIENT_CONNECTION_ERROR argument and add a note specific to mbedtls in the test client. Adapt the test client to note the CA requirement if built with mbedTLS. Adapt the minimal test clients to have the CAs available and use them if mbedTLS.
2018-03-24 17:52:57 +01:00
lws_ssl_client_connect2(struct lws *wsi, char *errbuf, int len)
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
{
polarssl implementation Signed-off-by: Andy Green <andy@warmcat.com>
2016-04-17 11:28:43 +08:00
int n = 0;
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
refactor mode and states into roles and states
2018-04-02 11:55:17 +08:00
if (lwsi_state(wsi) == LRS_WAITING_SSL) {
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
lws_latency_pre(wsi->context, wsi);
plat-optee and boringssl adaptations
2017-01-17 07:01:02 +08:00
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
n = lws_tls_client_connect(wsi);
lwsl_debug("%s: SSL_connect says %d\n", __func__, n);
lws_latency(wsi->context, wsi,
refactor mode and states into roles and states
2018-04-02 11:55:17 +08:00
"SSL_connect LRS_WAITING_SSL", n, n > 0);
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
switch (n) {
case LWS_SSL_CAPABLE_ERROR:
mbedtls: wrapper: client: Force mbedTLS to attemp to verify cert AG: unlike openssl, mbedtls does not load the system trust store. So this change will make client tls operations that work OK on openssl fail on mbedtls unless you provide the correct CA cert. This allows lws to distinguish between untrusted CAs, hostname mismatches, expired certificates. NOTE: LCCSCF_ALLOW_SELFSIGNED actually allows for untrusted CAs, and will also skip hostname verification. This is somewhat a limitiation of the current lws verification process. AG: improve error reporting up to the CLIENT_CONNECTION_ERROR argument and add a note specific to mbedtls in the test client. Adapt the test client to note the CA requirement if built with mbedTLS. Adapt the minimal test clients to have the CAs available and use them if mbedTLS.
2018-03-24 17:52:57 +01:00
lws_snprintf(errbuf, len, "client connect failed");
client fix reaction to tls failure https://github.com/warmcat/libwebsockets/issues/508 Signed-off-by: Andy Green <andy@warmcat.com>
2016-05-03 07:26:10 +08:00
return -1;
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
case LWS_SSL_CAPABLE_DONE:
break; /* connected */
case LWS_SSL_CAPABLE_MORE_SERVICE_WRITE:
lws_callback_on_writable(wsi);
/* fallthru */
case LWS_SSL_CAPABLE_MORE_SERVICE_READ:
refactor mode and states into roles and states
2018-04-02 11:55:17 +08:00
lwsi_set_state(wsi, LRS_WAITING_SSL);
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
/* fallthru */
case LWS_SSL_CAPABLE_MORE_SERVICE:
return 0;
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
}
}
ssl: add LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION
2017-01-10 09:31:23 +08:00
mbedtls: wrapper: client: Force mbedTLS to attemp to verify cert AG: unlike openssl, mbedtls does not load the system trust store. So this change will make client tls operations that work OK on openssl fail on mbedtls unless you provide the correct CA cert. This allows lws to distinguish between untrusted CAs, hostname mismatches, expired certificates. NOTE: LCCSCF_ALLOW_SELFSIGNED actually allows for untrusted CAs, and will also skip hostname verification. This is somewhat a limitiation of the current lws verification process. AG: improve error reporting up to the CLIENT_CONNECTION_ERROR argument and add a note specific to mbedtls in the test client. Adapt the test client to note the CA requirement if built with mbedTLS. Adapt the minimal test clients to have the CAs available and use them if mbedTLS.
2018-03-24 17:52:57 +01:00
if (lws_tls_client_confirm_peer_cert(wsi, errbuf, len))
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
return -1;
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
return 1;
}
context info struct: make lws usage all const
2018-04-27 08:27:16 +08:00
int lws_context_init_client_ssl(const struct lws_context_creation_info *info,
add lws_init_vhost_client_ssl api to allow client ssl use on a vhost Also add lwsws "enable-client-ssl": "1" vhost option to match. Client cert iclient ssl is not supported in lwsws, if someone wants it, it can be added. Signed-off-by: Andy Green <andy@warmcat.com>
2016-05-12 19:39:29 +08:00
struct lws_vhost *vhost)
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
{
client: allow setting client ssl certs from lwsws and connection info separate from server ssl certs
2017-02-22 07:28:13 +08:00
const char *private_key_filepath = info->ssl_private_key_filepath;
esp32: separate factory setup
2017-03-16 10:46:31 +08:00
const char *cert_filepath = info->ssl_cert_filepath;
clean: general whitespace cleanup
2018-11-23 08:47:56 +08:00
const char *ca_filepath = info->ssl_ca_filepath;
const char *cipher_list = info->ssl_cipher_list;
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
struct lws wsi;
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
adopt: allow associated accepted vhost connections to specific role Normalize the vhost options around optionally handling noncompliant traffic at the listening socket for both non-tls and tls cases. By default everything is as before. However it's now possible to tell the vhost to allow noncompliant connects to fall back to a specific role and protocol, both set by name in the vhost creation info struct. The original vhost flags allowing http redirect to https and direct http serving from https server (which is a security downgrade if enabled) are cleaned up and tested. A minimal example minimal-raw-fallback-http-server is added with switches to confirm operation of all the valid possibilities (see the readme on that).
2018-11-29 08:47:49 +08:00
if (vhost->options & LWS_SERVER_OPTION_ADOPT_APPLY_LISTEN_ACCEPT_CONFIG)
Plugins: add ssh-base ssh server plugin
2017-10-16 16:59:57 +08:00
return 0;
old openssl: dont build with membuffer apis
2019-03-08 15:26:33 +08:00
if (vhost->tls.ssl_ctx) {
cert_filepath = NULL;
private_key_filepath = NULL;
ca_filepath = NULL;
}
client: allow setting client ssl certs from lwsws and connection info separate from server ssl certs
2017-02-22 07:28:13 +08:00
/*
* for backwards-compatibility default to using ssl_... members, but
* if the newer client-specific ones are given, use those
*/
if (info->client_ssl_cipher_list)
cipher_list = info->client_ssl_cipher_list;
if (info->client_ssl_cert_filepath)
cert_filepath = info->client_ssl_cert_filepath;
if (info->client_ssl_private_key_filepath)
private_key_filepath = info->client_ssl_private_key_filepath;
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
mbedtls: client provide CA WIP https://github.com/warmcat/libwebsockets/issues/1011
2017-09-02 10:50:54 +08:00
if (info->client_ssl_ca_filepath)
ca_filepath = info->client_ssl_ca_filepath;
client: allow setting client ssl certs from lwsws and connection info separate from server ssl certs
2017-02-22 07:28:13 +08:00
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
return 0;
refactor: also migrate tls to the ops struct and private.h pattern Several new ops are planned for tls... so better to bite the bullet and clean it out to the same level as roles + event-libs first. Also adds a new travis target "mbedtls" and all the tests except autobahn against mbedtls build.
2018-05-01 12:41:42 +08:00
if (vhost->tls.ssl_client_ctx)
client: reject init_client_ssl more than once
2017-07-08 16:01:34 +08:00
return 0;
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
if (info->provided_client_ssl_ctx) {
/* use the provided OpenSSL context if given one */
refactor: also migrate tls to the ops struct and private.h pattern Several new ops are planned for tls... so better to bite the bullet and clean it out to the same level as roles + event-libs first. Also adds a new travis target "mbedtls" and all the tests except autobahn against mbedtls build.
2018-05-01 12:41:42 +08:00
vhost->tls.ssl_client_ctx = info->provided_client_ssl_ctx;
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
/* nothing for lib to delete */
refactor: also migrate tls to the ops struct and private.h pattern Several new ops are planned for tls... so better to bite the bullet and clean it out to the same level as roles + event-libs first. Also adds a new travis target "mbedtls" and all the tests except autobahn against mbedtls build.
2018-05-01 12:41:42 +08:00
vhost->tls.user_supplied_ssl_ctx = 1;
add lws_init_vhost_client_ssl api to allow client ssl use on a vhost Also add lwsws "enable-client-ssl": "1" vhost option to match. Client cert iclient ssl is not supported in lwsws, if someone wants it, it can be added. Signed-off-by: Andy Green <andy@warmcat.com>
2016-05-12 19:39:29 +08:00
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
return 0;
}
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
if (lws_tls_client_create_vhost_context(vhost, info, cipher_list,
client vhost OpenSSL set and clear options https://github.com/warmcat/libwebsockets/issues/1438
2018-10-26 09:44:58 +08:00
ca_filepath,
info->client_ssl_ca_mem,
info->client_ssl_ca_mem_len,
cert_filepath,
tls: client: also allow vhost client ctx to be initialized with in-memory certs
2019-01-11 13:13:40 +08:00
info->client_ssl_cert_mem,
info->client_ssl_cert_mem_len,
tls: split out common, openssl and mbedtls code - introduce lib/tls/mbedtls lib/tls/openssl - move wrapper into lib/tls/mbedtls/wrapper - introduce private helpers to hide backend This patch doesn't replace or remove the wrapper, it moves it to lib/tls/mbedtls/wrapper. But it should be now that the ONLY functions directly consuming wrapper apis are isolated in - lib/tls/mbedtls/client.c (180 lines) - lib/tls/mbedtls/server.c (317 lines) - lib/tls/mbedtls/ssl.c (325 lines) In particular there are no uses of openssl or mbedtls-related constants outside of ./lib/tls any more.
2017-10-18 09:41:44 +08:00
private_key_filepath))
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
return 1;
sequencer: add second aux message arg Since the messages are queued and then read in order from the event loop thread, it's not generally safe to pass pointers to argument structs, since there's no guarantee the lifetime of the thing sending the message lasted until the sequencer read the message. This puts pressure on the single void * argument-passed-as-value... this patch adds a second void * argument-passed-as-value so it's more possible to put what's needed directly in the argument. It's also possible to alloc the argument on the heap and have the sequencer callback free it after it has read it.
2019-08-07 10:41:03 +01:00
lwsl_info("created client ssl context for %s\n", vhost->name);
mbedtls: client provide CA WIP https://github.com/warmcat/libwebsockets/issues/1011
2017-09-02 10:50:54 +08:00
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
/*
* give him a fake wsi with context set, so he can use
* lws_get_context() in the callback
*/
memset(&wsi, 0, sizeof(wsi));
vhost_destroy: use vhost wsi reference counting to trigger destroy This changes the vhost destroy flow to only hand off the listen socket if another vhost sharing it, and mark the vhost as being_destroyed. Each tsi calls lws_check_deferred_free() once a second, if it sees any vhost being_destroyed there, it closes all wsi on its tsi on the same vhost, one time. As the wsi on the vhost complete close (ie, after libuv async close if on libuv event loop), they decrement a reference count for all wsi open on the vhost. The tsi who closes the last one then completes the destroy flow for the vhost itself... it's random which tsi completes the vhost destroy but since there are no wsi left on the vhost, and it holds the context lock, nothing can conflict. The advantage of this is that owning tsi do the close for wsi that are bound to the vhost under destruction, at a time when they are guaranteed to be idle for service, and they do it with both vhost and context locks owned, so no other service thread can conflict for stuff protected by those either. For the situation the user code may have allocations attached to the vhost, this adds args to lws_vhost_destroy() to allow destroying the user allocations just before the vhost is freed.
2018-06-16 09:31:07 +08:00
wsi.vhost = vhost; /* not a real bound wsi */
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
wsi.context = vhost->context;
vhost->protocols[0].callback(&wsi,
LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
clean: general whitespace cleanup
2018-11-23 08:47:56 +08:00
vhost->tls.ssl_client_ctx, NULL, 0);
ssl split out common server and client ssl sources Most of ssl.c is under a #ifdef for client or server disabled... let's get rid of it and have CMake just build the appropriate files Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
return 0;
}
Reference in a new issue Copy permalink