Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

libressl: adapt type rules

Browse source 
Update libressl rules for options api type,
add some docs to build, use CHECK_SYMBOL_EXISTS since
CHECK_FUNCTION_EXISTS is fooled by the conditionals
in the headers
This commit is contained in:
Andy Green 2021-02-08 19:35:47 +00:00
parent f42c97baa9
commit 1f019f99f4
5 changed files with 77 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.sai.json
View file

@ -129,6 +129,10 @@
"cmake": "cmake .. -DLWS_WITH_BORINGSSL=1 -DLWS_OPENSSL_INCLUDE_DIRS=\"/usr/local/src/boringssl/include\" -DLWS_OPENSSL_LIBRARIES=\"/usr/local/src/boringssl/build/ssl/libssl.so;/usr/local/src/boringssl/build/crypto/libcrypto.so\" -DLWS_WITH_MINIMAL_EXAMPLES=1",
"platforms": "none,linux-fedora-32/x86_64-amd/gcc"
},
"default-examples-libressl": {
"cmake": "cmake .. -DLWS_OPENSSL_LIBRARIES='/opt/libressl-3.3.1/build/tls/libtls.a;/opt/libressl-3.3.1/build/ssl/libssl.a;/opt/libressl-3.3.1/build/crypto/libcrypto.a' -DLWS_OPENSSL_INCLUDE_DIRS=/opt/libressl-3.3.1/include -DLWS_WITH_MINIMAL_EXAMPLES=1",
"platforms": "none,linux-fedora-32/x86_64-amd/gcc"
},
"default-wolfssl": {
"cmake": "-DLWS_WITH_WOLFSSL=1 -DLWS_WOLFSSL_INCLUDE_DIRS=/usr/local/include -DLWS_WOLFSSL_LIBRARIES=/usr/local/lib/libwolfssl.so",
"platforms": "none,linux-fedora-32/x86_64-amd/gcc"

66
READMEs/README.libressl.md Normal file
View file

@ -0,0 +1,66 @@
## Background
libressl is another fork of Openssl.
## Example build for libressl itself
If you unpack or clone into `/path/to/libressl` and enter that dir...
```
$ mkdir build
$ cd build
$ cmake ..
$ make -j8
```
## Example build for lws against libressl
You can just build lws as you would for a specific version of openssl
```
$ mkdir build
$ cd build
$ cmake .. -DLWS_OPENSSL_LIBRARIES='/path/to/libressl/build/tls/libtls.a;/path/to/libressl/build/ssl/libssl.a;/path/to//libressl/build/crypto/libcrypto.a' -DLWS_OPENSSL_INCLUDE_DIRS=/path/to/libressl/include -DLWS_WITH_MINIMAL_EXAMPLES=1
$ make -j8
```
Libressl by default will look for a trust bundle in `/usr/local/etc/ssl/cert.pem`, you either have to
symlink this to your trust bundle if that doesnt happen to be where it is, or give your app the trusted CA
specifically as is done for MBEDTLS and WOLFSSL in the examples.
In Fedora, the system trust store can be found at `/etc/pki/tls/cert.pem`, so you can symlink it
```
$ sudo mkdir -p /usr/local/etc/ssl
$ sudo ln -sf /etc/pki/tls/cert.pem /usr/local/etc/ssl/cert.pem
```
after that you can run examples from the build dir, eg,
```
$ ./bin/lws-minimal-http-client
[2021/02/08 20:10:52:0781] U: LWS minimal http client [-d<verbosity>] [-l] [--h1]
[2021/02/08 20:10:52:0784] N: LWS: 4.1.99-v4.1.0-269-g762ef33fca, loglevel 1031
[2021/02/08 20:10:52:0784] N: NET CLI SRV H1 H2 WS IPv6-absent
[2021/02/08 20:10:52:0786] N: ++ [wsi|0|pipe] (1)
[2021/02/08 20:10:52:0787] N: ++ [vh|0|netlink] (1)
[2021/02/08 20:10:52:0802] N: ++ [vh|1|default] (2)
[2021/02/08 20:10:52:1850] N: ++ [wsicli|0|GET/h1/warmcat.com] (1)
[2021/02/08 20:10:52:2982] N: ++ [mux|0|h2_sid1_(wsicli|0|GET/h1/warmcat.com)] (1)
[2021/02/08 20:10:52:3271] U: Connected to 46.105.127.147, http response: 200
[2021/02/08 20:10:52:3335] U: RECEIVE_CLIENT_HTTP_READ: read 4087
[2021/02/08 20:10:52:3335] U: RECEIVE_CLIENT_HTTP_READ: read 4096
[2021/02/08 20:10:52:3526] U: RECEIVE_CLIENT_HTTP_READ: read 4087
[2021/02/08 20:10:52:3526] U: RECEIVE_CLIENT_HTTP_READ: read 4096
[2021/02/08 20:10:52:3543] U: RECEIVE_CLIENT_HTTP_READ: read 4087
[2021/02/08 20:10:52:3543] U: RECEIVE_CLIENT_HTTP_READ: read 4096
[2021/02/08 20:10:52:3545] U: RECEIVE_CLIENT_HTTP_READ: read 3502
[2021/02/08 20:10:52:3546] U: LWS_CALLBACK_COMPLETED_CLIENT_HTTP
[2021/02/08 20:10:52:3546] N: -- [wsi|0|pipe] (0) 276.019ms
[2021/02/08 20:10:52:3547] N: -- [mux|0|h2_sid1_(wsicli|0|GET/h1/warmcat.com)] (0) 56.417ms
[2021/02/08 20:10:52:3566] N: -- [vh|1|default] (1) 276.384ms
[2021/02/08 20:10:52:3566] N: -- [wsicli|0|GET/h1/warmcat.com|default|h2|h2] (0) 171.599ms
[2021/02/08 20:10:52:3567] N: -- [vh|0|netlink] (0) 277.974ms
[2021/02/08 20:10:52:3567] U: Completed: OK
```

2
lib/tls/CMakeLists.txt
View file

@ -304,7 +304,7 @@ CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_256_cfb128 LWS_HAVE_EVP_aes_256_cfb128 PAR
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE)
CHECK_FUNCTION_EXISTS(${VARIA}RSA_verify_pss_mgf1 LWS_HAVE_RSA_verify_pss_mgf1 PARENT_SCOPE)
CHECK_FUNCTION_EXISTS(${VARIA}HMAC_CTX_new LWS_HAVE_HMAC_CTX_new PARENT_SCOPE)
CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE)
CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE)
CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_EVP_PKEY_new_raw_private_key PARENT_SCOPE)
if (LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS)

6
lib/tls/openssl/openssl-client.c
View file

@ -762,7 +762,8 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
#if defined(LWS_WITH_BORINGSSL)
(uint32_t)
#else
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) /* not documented by openssl */
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && \
!defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
(unsigned long)
#else
(long)
@ -778,7 +779,8 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
#if defined(LWS_WITH_BORINGSSL)
(uint32_t)
#else
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) /* not documented by openssl */
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && \
!defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
(unsigned long)
#else
(long)

4
lib/tls/openssl/openssl-server.c
View file

@ -581,7 +581,7 @@ lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
#if defined(LWS_WITH_BORINGSSL)
(uint32_t)
#else
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) /* not documented by openssl */
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && !defined(LIBRESSL_VERSION_NUMBER) /* not documented by openssl */
(unsigned long)
#else
(long)
@ -597,7 +597,7 @@ lws_tls_server_vhost_backend_init(const struct lws_context_creation_info *info,
#if defined(LWS_WITH_BORINGSSL)
(uint32_t)
#else
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) /* not documented by openssl */
#if (OPENSSL_VERSION_NUMBER >= 0x10003000l) && !defined(LIBRESSL_VERSION_NUMBER)/* not documented by openssl */
(unsigned long)
#else
(long)