mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-16 00:00:07 +01:00
mbedtls: Add mbedTLS backend support
This commit is contained in:
parent
77a71e94d1
commit
41909eac97
15 changed files with 186 additions and 76 deletions
|
@ -170,7 +170,6 @@ endif()
|
|||
|
||||
if (LWS_WITH_ESP32)
|
||||
set(LWS_WITH_SHARED OFF)
|
||||
set(LWS_WITH_SSL ON)
|
||||
set(LWS_USE_MBEDTLS ON)
|
||||
# set(LWS_WITHOUT_CLIENT ON)
|
||||
set(LWS_WITHOUT_TESTAPPS ON)
|
||||
|
@ -595,22 +594,35 @@ if (NOT LWS_WITHOUT_CLIENT)
|
|||
lib/client-parser.c)
|
||||
endif()
|
||||
|
||||
if (LWS_WITH_SSL)
|
||||
list(APPEND SOURCES
|
||||
lib/ssl.c)
|
||||
|
||||
if (NOT LWS_WITHOUT_SERVER)
|
||||
list(APPEND SOURCES
|
||||
lib/ssl-server.c)
|
||||
endif()
|
||||
if (NOT LWS_WITHOUT_CLIENT)
|
||||
list(APPEND SOURCES
|
||||
lib/ssl-client.c)
|
||||
endif()
|
||||
endif()
|
||||
if (LWS_USE_MBEDTLS)
|
||||
set(LWS_WITH_SSL ON)
|
||||
|
||||
list(APPEND HDR_PRIVATE
|
||||
lib/mbedtls_wrapper/include/internal/ssl3.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_cert.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_code.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_dbg.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_lib.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_methods.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_pkey.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_stack.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_types.h
|
||||
lib/mbedtls_wrapper/include/internal/ssl_x509.h
|
||||
lib/mbedtls_wrapper/include/internal/tls1.h
|
||||
lib/mbedtls_wrapper/include/internal/x509_vfy.h)
|
||||
|
||||
list(APPEND HDR_PRIVATE
|
||||
lib/mbedtls_wrapper/include/openssl/ssl.h)
|
||||
|
||||
list(APPEND HDR_PRIVATE
|
||||
lib/mbedtls_wrapper/include/platform/ssl_pm.h
|
||||
lib/mbedtls_wrapper/include/platform/ssl_port.h)
|
||||
|
||||
include_directories(lib/mbedtls_wrapper/include)
|
||||
include_directories(lib/mbedtls_wrapper/include/platform)
|
||||
include_directories(lib/mbedtls_wrapper/include/internal)
|
||||
include_directories(lib/mbedtls_wrapper/include/openssl)
|
||||
|
||||
if (LWS_WITH_MBEDTLS)
|
||||
# list(APPEND HDR_PRIVATE)
|
||||
list(APPEND SOURCES
|
||||
lib/mbedtls_wrapper/library/ssl_cert.c
|
||||
lib/mbedtls_wrapper/library/ssl_lib.c
|
||||
|
@ -624,6 +636,19 @@ if (LWS_WITH_MBEDTLS)
|
|||
lib/mbedtls_wrapper/platform/ssl_port.c)
|
||||
endif()
|
||||
|
||||
if (LWS_WITH_SSL)
|
||||
list(APPEND SOURCES
|
||||
lib/ssl.c)
|
||||
|
||||
if (NOT LWS_WITHOUT_SERVER)
|
||||
list(APPEND SOURCES
|
||||
lib/ssl-server.c)
|
||||
endif()
|
||||
if (NOT LWS_WITHOUT_CLIENT)
|
||||
list(APPEND SOURCES
|
||||
lib/ssl-client.c)
|
||||
endif()
|
||||
endif()
|
||||
|
||||
if (NOT LWS_WITHOUT_BUILTIN_SHA1)
|
||||
list(APPEND SOURCES
|
||||
|
@ -1087,7 +1112,7 @@ set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIST})
|
|||
CHECK_FUNCTION_EXISTS(SSL_CTX_set1_param LWS_HAVE_SSL_CTX_set1_param)
|
||||
CHECK_FUNCTION_EXISTS(SSL_set_info_callback LWS_HAVE_SSL_SET_INFO_CALLBACK)
|
||||
CHECK_FUNCTION_EXISTS(X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host)
|
||||
if (LWS_WITH_ESP32)
|
||||
if (LWS_USE_MBEDTLS)
|
||||
set(LWS_HAVE_TLS_CLIENT_METHOD 1)
|
||||
else()
|
||||
CHECK_FUNCTION_EXISTS(TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD)
|
||||
|
|
|
@ -204,7 +204,7 @@ typedef unsigned long long lws_intptr_t;
|
|||
#endif /* not USE_OLD_CYASSL */
|
||||
#else
|
||||
#include <openssl/ssl.h>
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
#endif /* not USE_WOLFSSL */
|
||||
|
|
|
@ -15,7 +15,6 @@
|
|||
#ifndef _SSL_DEBUG_H_
|
||||
#define _SSL_DEBUG_H_
|
||||
|
||||
#include "platform/ssl_opt.h"
|
||||
#include "platform/ssl_port.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
|
|
@ -101,6 +101,8 @@ int SSL_add_client_CA(SSL *ssl, X509 *x);
|
|||
*/
|
||||
int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d);
|
||||
|
||||
const char *X509_verify_cert_error_string(long n);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -104,6 +104,11 @@
|
|||
|
||||
#define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72
|
||||
|
||||
typedef void X509_STORE_CTX;
|
||||
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
|
||||
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#include <stdlib.h>
|
||||
#include "internal/ssl_x509.h"
|
||||
#include "internal/ssl_pkey.h"
|
||||
|
||||
|
@ -26,6 +27,7 @@
|
|||
{
|
||||
*/
|
||||
|
||||
#define SSL_CB_ALERT 0x4000
|
||||
/**
|
||||
* @brief create a SSL context
|
||||
*
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#ifndef _SSL_OPT_H_
|
||||
#define _SSL_OPT_H_
|
||||
|
||||
#include "sdkconfig.h"
|
||||
|
||||
#endif
|
|
@ -19,8 +19,10 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
/*
|
||||
#include "esp_types.h"
|
||||
#include "esp_log.h"
|
||||
*/
|
||||
#include "string.h"
|
||||
#include "malloc.h"
|
||||
|
||||
|
|
|
@ -1554,3 +1554,26 @@ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_C
|
|||
ssl->verify_mode = mode;
|
||||
ssl->verify_callback = verify_callback;
|
||||
}
|
||||
|
||||
void ERR_error_string_n(unsigned long e, char *buf, size_t len)
|
||||
{
|
||||
strncpy(buf, "unknown", len);
|
||||
}
|
||||
|
||||
void ERR_free_strings(void)
|
||||
{
|
||||
}
|
||||
|
||||
char *ERR_error_string(unsigned long e, char *buf)
|
||||
{
|
||||
if (buf) {
|
||||
strcpy(buf, "unknown");
|
||||
}
|
||||
|
||||
return "unknown";
|
||||
}
|
||||
|
||||
void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -283,3 +283,17 @@ X509 *SSL_get_peer_certificate(const SSL *ssl)
|
|||
return ssl->session->peer;
|
||||
}
|
||||
|
||||
int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
|
||||
{
|
||||
return X509_V_ERR_UNSPECIFIED;
|
||||
}
|
||||
|
||||
int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
const char *X509_verify_cert_error_string(long n)
|
||||
{
|
||||
return "unknown";
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
|
||||
/* mbedtls include */
|
||||
#include "mbedtls/platform.h"
|
||||
#include "mbedtls/net.h"
|
||||
#include "mbedtls/net_sockets.h"
|
||||
#include "mbedtls/debug.h"
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/ctr_drbg.h"
|
||||
|
|
|
@ -274,7 +274,7 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen);
|
|||
#endif /* not USE_OLD_CYASSL */
|
||||
#else
|
||||
#include <openssl/ssl.h>
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/md5.h>
|
||||
|
|
|
@ -35,7 +35,7 @@ extern int lws_ssl_get_error(struct lws *wsi, int n);
|
|||
static int
|
||||
OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||
{
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
// long gvr = ssl_pm_get_verify_result(
|
||||
lwsl_notice("%s\n", __func__);
|
||||
|
||||
|
@ -149,14 +149,14 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
|||
|
||||
#endif
|
||||
|
||||
#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32)
|
||||
#if !defined(USE_WOLFSSL) && !defined(LWS_USE_MBEDTLS)
|
||||
#ifndef USE_OLD_CYASSL
|
||||
/* OpenSSL_client_verify_callback will be called @ SSL_connect() */
|
||||
SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32)
|
||||
#if !defined(USE_WOLFSSL) && !defined(LWS_USE_MBEDTLS)
|
||||
SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
#endif
|
||||
/*
|
||||
|
@ -174,7 +174,7 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
|||
#endif
|
||||
#endif
|
||||
#else
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
// esp-idf openssl shim does not seem ready for this
|
||||
// SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback);
|
||||
SSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, OpenSSL_client_verify_callback);
|
||||
|
@ -203,7 +203,7 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
|||
#endif
|
||||
#endif /* USE_WOLFSSL */
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
wsi->client_bio = BIO_new_socket(wsi->desc.sockfd, BIO_NOCLOSE);
|
||||
SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);
|
||||
#else
|
||||
|
@ -217,12 +217,12 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
|||
wolfSSL_set_using_nonblock(wsi->ssl, 1);
|
||||
#endif
|
||||
#else
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
SSL_set_ex_data(wsi->ssl, openssl_websocket_private_data_index,
|
||||
wsi);
|
||||
#endif
|
||||
|
@ -230,7 +230,7 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
|||
return 0;
|
||||
}
|
||||
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
int ERR_get_error(void)
|
||||
{
|
||||
return 0;
|
||||
|
@ -377,7 +377,7 @@ lws_ssl_client_connect2(struct lws *wsi)
|
|||
}
|
||||
}
|
||||
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
{
|
||||
X509 *peer = SSL_get_peer_certificate(wsi->ssl);
|
||||
|
||||
|
@ -434,7 +434,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
|||
SSL_METHOD *method = NULL;
|
||||
struct lws wsi;
|
||||
unsigned long error;
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
const char *cipher_list = info->ssl_cipher_list;
|
||||
const char *ca_filepath = info->ssl_ca_filepath;
|
||||
const char *private_key_filepath = info->ssl_private_key_filepath;
|
||||
|
@ -502,7 +502,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
|||
SSL_CTX_set_options(vhost->ssl_client_ctx, SSL_OP_NO_COMPRESSION);
|
||||
#endif
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
SSL_CTX_set_options(vhost->ssl_client_ctx,
|
||||
SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
|
||||
|
@ -541,7 +541,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
|||
* callback allowing user code to load extra verification certs
|
||||
* helping the client to verify server identity
|
||||
*/
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
|
||||
/* support for client-side certificate authentication */
|
||||
if (cert_filepath) {
|
||||
|
|
|
@ -27,7 +27,7 @@ extern int openssl_websocket_private_data_index,
|
|||
extern void
|
||||
lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info);
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
static int
|
||||
OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||
{
|
||||
|
@ -130,7 +130,7 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
|
|||
|
||||
lwsl_notice(" SSL ECDH curve '%s'\n", ecdh_curve);
|
||||
#else
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
lwsl_notice(" OpenSSL doesn't support ECDH\n");
|
||||
#endif
|
||||
#endif
|
||||
|
@ -230,7 +230,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
* versions", compared to e.g. TLSv1_2_server_method() which only allows
|
||||
* tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options()
|
||||
*/
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
{
|
||||
SSL_METHOD *method;
|
||||
|
||||
|
@ -263,7 +263,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
|
||||
}
|
||||
#endif
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
|
||||
/* associate the lws context with the SSL_CTX */
|
||||
|
||||
|
@ -292,7 +292,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
|
||||
verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
SSL_CTX_set_session_id_context(vhost->ssl_ctx,
|
||||
(unsigned char *)context, sizeof(void *));
|
||||
|
||||
|
@ -312,7 +312,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
* give user code a chance to load certs into the server
|
||||
* allowing it to verify incoming client certs
|
||||
*/
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
if (info->ssl_ca_filepath &&
|
||||
!SSL_CTX_load_verify_locations(vhost->ssl_ctx,
|
||||
info->ssl_ca_filepath, NULL)) {
|
||||
|
@ -346,7 +346,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
|
||||
if (vhost->use_ssl) {
|
||||
/* openssl init for server sockets */
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
/* set the local certificate from CertFile */
|
||||
n = SSL_CTX_use_certificate_chain_file(vhost->ssl_ctx,
|
||||
info->ssl_cert_filepath);
|
||||
|
@ -377,6 +377,10 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
lwsl_err("Problem loading cert\n");
|
||||
return 1;
|
||||
}
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
free(p);
|
||||
p = NULL;
|
||||
#endif
|
||||
|
||||
if (alloc_pem_to_der_file(vhost->context,
|
||||
info->ssl_private_key_filepath, &p, &flen)) {
|
||||
|
@ -392,10 +396,13 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
return 1;
|
||||
}
|
||||
|
||||
// free(p);
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
free(p);
|
||||
p = NULL;
|
||||
#endif
|
||||
#endif
|
||||
if (info->ssl_private_key_filepath != NULL) {
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
/* set the private key from KeyFile */
|
||||
if (SSL_CTX_use_PrivateKey_file(vhost->ssl_ctx,
|
||||
info->ssl_private_key_filepath,
|
||||
|
@ -416,7 +423,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
|
||||
return 1;
|
||||
}
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
/* verify private key */
|
||||
if (!SSL_CTX_check_private_key(vhost->ssl_ctx)) {
|
||||
lwsl_err("Private SSL key doesn't match cert\n");
|
||||
|
|
77
lib/ssl.c
77
lib/ssl.c
|
@ -54,6 +54,7 @@ bail:
|
|||
return ret;
|
||||
}
|
||||
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf,
|
||||
lws_filepos_t *amount)
|
||||
|
@ -85,6 +86,56 @@ bail:
|
|||
|
||||
return n;
|
||||
}
|
||||
#else
|
||||
int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf,
|
||||
lws_filepos_t *amount)
|
||||
{
|
||||
FILE *f;
|
||||
size_t s;
|
||||
int n = 0;
|
||||
|
||||
f =fopen(filename, "rb");
|
||||
if (f == NULL) {
|
||||
n = 1;
|
||||
goto bail;
|
||||
}
|
||||
|
||||
if (fseek(f, 0, SEEK_END) != 0) {
|
||||
n = 1;
|
||||
goto bail;
|
||||
}
|
||||
|
||||
s = ftell(f);
|
||||
if (s == -1) {
|
||||
n = 1;
|
||||
goto bail;
|
||||
}
|
||||
|
||||
if (fseek(f, 0, SEEK_SET) != 0) {
|
||||
n = 1;
|
||||
goto bail;
|
||||
}
|
||||
|
||||
*buf = malloc(s);
|
||||
if (!*buf) {
|
||||
n = 2;
|
||||
goto bail;
|
||||
}
|
||||
|
||||
if (fread(*buf, s, 1, f) != 1) {
|
||||
free(*buf);
|
||||
n = 1;
|
||||
goto bail;
|
||||
}
|
||||
|
||||
*amount = s;
|
||||
|
||||
bail:
|
||||
fclose(f);
|
||||
return n;
|
||||
|
||||
}
|
||||
#endif
|
||||
int alloc_pem_to_der_file(struct lws_context *context, const char *filename, uint8_t **buf,
|
||||
lws_filepos_t *amount)
|
||||
{
|
||||
|
@ -199,7 +250,7 @@ char* lws_ssl_get_error_string(int status, int ret, char *buf, size_t len) {
|
|||
void
|
||||
lws_ssl_elaborate_error(void)
|
||||
{
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
char buf[256];
|
||||
u_long err;
|
||||
|
@ -211,7 +262,7 @@ lws_ssl_elaborate_error(void)
|
|||
#endif
|
||||
}
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
|
||||
static int
|
||||
lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata)
|
||||
|
@ -265,7 +316,7 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
|||
|
||||
lwsl_notice("Doing SSL library init\n");
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
SSL_library_init();
|
||||
OpenSSL_add_all_algorithms();
|
||||
SSL_load_error_strings();
|
||||
|
@ -291,7 +342,7 @@ lws_ssl_destroy(struct lws_vhost *vhost)
|
|||
SSL_CTX_free(vhost->ssl_ctx);
|
||||
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
|
||||
SSL_CTX_free(vhost->ssl_client_ctx);
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
|
||||
// after 1.1.0 no need
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
|
||||
|
@ -352,7 +403,7 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len)
|
|||
struct lws_context *context = wsi->context;
|
||||
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
||||
int n = 0;
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
int ssl_read_errno = 0;
|
||||
#endif
|
||||
|
||||
|
@ -388,7 +439,7 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len)
|
|||
return LWS_SSL_CAPABLE_ERROR;
|
||||
|
||||
if (n == SSL_ERROR_SYSCALL) {
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
int err = ERR_get_error();
|
||||
if (err == 0 && (ssl_read_errno == EPIPE ||
|
||||
ssl_read_errno == ECONNABORTED ||
|
||||
|
@ -483,7 +534,7 @@ LWS_VISIBLE int
|
|||
lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len)
|
||||
{
|
||||
int n;
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
int ssl_read_errno = 0;
|
||||
#endif
|
||||
|
||||
|
@ -506,7 +557,7 @@ lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len)
|
|||
if (n == SSL_ERROR_ZERO_RETURN)
|
||||
return LWS_SSL_CAPABLE_ERROR;
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
if (n == SSL_ERROR_SYSCALL) {
|
||||
|
||||
int err = ERR_get_error();
|
||||
|
@ -618,7 +669,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
struct lws_context *context = wsi->context;
|
||||
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
||||
int n, m;
|
||||
#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32)
|
||||
#if !defined(USE_WOLFSSL) && !defined(LWS_USE_MBEDTLS)
|
||||
BIO *bio;
|
||||
#endif
|
||||
char buf[256];
|
||||
|
@ -661,7 +712,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
context->updated = 1;
|
||||
#endif
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
SSL_set_ex_data(wsi->ssl,
|
||||
openssl_websocket_private_data_index, wsi);
|
||||
#endif
|
||||
|
@ -674,7 +725,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
wolfSSL_set_using_nonblock(wsi->ssl, 1);
|
||||
#endif
|
||||
#else
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
lws_plat_set_socket_options(wsi->vhost, accept_fd);
|
||||
#else
|
||||
SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
|
@ -791,7 +842,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
|
||||
m = lws_ssl_get_error(wsi, n);
|
||||
|
||||
#if defined(LWS_WITH_ESP32)
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
if (m == 5 && errno == 11)
|
||||
m = SSL_ERROR_WANT_READ;
|
||||
#endif
|
||||
|
@ -864,7 +915,7 @@ void
|
|||
lws_ssl_context_destroy(struct lws_context *context)
|
||||
{
|
||||
|
||||
#if !defined(LWS_WITH_ESP32)
|
||||
#if !defined(LWS_USE_MBEDTLS)
|
||||
|
||||
// after 1.1.0 no need
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
|
||||
|
|
Loading…
Add table
Reference in a new issue