diff --git a/CMakeLists.txt b/CMakeLists.txt index 11b0d5857..50b90e6c1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -66,6 +66,7 @@ option(LWS_WITH_HTTP_UNCOMMON_HEADERS "Include less common http header support" option(LWS_WITH_SECURE_STREAMS "Secure Streams protocol-agnostic API" OFF) option(LWS_WITH_SECURE_STREAMS_PROXY_API "Secure Streams support to work across processes" OFF) option(LWS_WITH_SECURE_STREAMS_SYS_AUTH_API_AMAZON_COM "Auth support for api.amazon.com" OFF) +option(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY "Secure Streams Policy is hardcoded only" OFF) # # TLS library options... all except mbedTLS are basically OpenSSL variants. @@ -1176,10 +1177,15 @@ if (LWS_WITH_NETWORK) if (LWS_WITH_SECURE_STREAMS) list(APPEND SOURCES lib/secure-streams/secure-streams.c - lib/secure-streams/policy.c - lib/secure-streams/system/fetch-policy/fetch-policy.c + lib/secure-streams/policy-common.c lib/secure-streams/system/captive-portal-detect/captive-portal-detect.c ) + if (NOT LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) + list(APPEND SOURCES + lib/secure-streams/policy-json.c + lib/secure-streams/system/fetch-policy/fetch-policy.c + ) + endif() if (LWS_ROLE_H1) list(APPEND SOURCES lib/secure-streams/protocols/ss-h1.c diff --git a/cmake/lws_config.h.in b/cmake/lws_config.h.in index 1af2f0235..178857683 100644 --- a/cmake/lws_config.h.in +++ b/cmake/lws_config.h.in @@ -154,6 +154,7 @@ #cmakedefine LWS_WITH_SECURE_STREAMS #cmakedefine LWS_WITH_SECURE_STREAMS_SYS_AUTH_API_AMAZON_COM #cmakedefine LWS_WITH_SECURE_STREAMS_PROXY_API +#cmakedefine LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY #cmakedefine LWS_WITH_SELFTESTS #cmakedefine LWS_WITH_SEQUENCER #cmakedefine LWS_WITH_SERVER_STATUS diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index 33143b923..c0c61a0b7 100644 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -712,9 +712,14 @@ struct lws_context_creation_info { /**< CONTEXT: percentage of udp reads we actually received * to make disappear, in order to simulate and test udp retry flow */ #if defined(LWS_WITH_SECURE_STREAMS) +#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) + const struct lws_ss_policy *pss_policies; /**< CONTEXT: point to first + * in a linked-list of streamtype policies prepared by user code */ +#else const char *pss_policies_json; /**< CONTEXT: point to a string * containing a JSON description of the secure streams policies. Set * to NULL if not using Secure Streams. */ +#endif const struct lws_ss_plugin **pss_plugins; /**< CONTEXT: point to an array * of pointers to plugin structs here, terminated with a NULL ptr. * Set to NULL if not using Secure Streams. */ diff --git a/include/libwebsockets/lws-secure-streams-policy.h b/include/libwebsockets/lws-secure-streams-policy.h index 02122fff6..86ed2de0f 100644 --- a/include/libwebsockets/lws-secure-streams-policy.h +++ b/include/libwebsockets/lws-secure-streams-policy.h @@ -122,7 +122,7 @@ typedef struct lws_ss_trust_store { struct lws_ss_trust_store *next; const char *name; - lws_ss_x509_t *ssx509[8]; + const lws_ss_x509_t *ssx509[6]; int count; } lws_ss_trust_store_t; @@ -130,6 +130,7 @@ enum { LWSSSP_H1, LWSSSP_H2, LWSSSP_WS, + LWSSSP_MQTT, LWSSS_HBI_AUTH = 0, @@ -179,6 +180,8 @@ typedef struct lws_ss_policy { union { +#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) || defined(LWS_ROLE_WS) + /* details for http-related protocols... */ struct { @@ -211,6 +214,10 @@ typedef struct lws_ss_policy { uint8_t fail_redirect:1; } http; +#endif + +#if defined(LWS_ROLE_MQTT) + struct { const char *topic; /* stream sends on this topic */ const char *subscribe; /* stream subscribes to this topic */ @@ -226,6 +233,8 @@ typedef struct lws_ss_policy { } mqtt; +#endif + /* details for non-http related protocols... */ } u; @@ -248,6 +257,12 @@ typedef struct lws_ss_policy { 0 = none, 1+ = cc 0+ */ } lws_ss_policy_t; +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) + +/* + * These only exist / have meaning if there's a dynamic JSON policy enabled + */ + LWS_VISIBLE LWS_EXTERN int lws_ss_policy_parse_begin(struct lws_context *context, int overlay); @@ -259,3 +274,12 @@ lws_ss_policy_parse(struct lws_context *context, const uint8_t *buf, size_t len) LWS_VISIBLE LWS_EXTERN int lws_ss_policy_overlay(struct lws_context *context, const char *overlay); + +/* + * You almost certainly don't want this, it returns the first policy object + * in a linked-list of objects created by lws_ss_policy_parse above + */ +LWS_VISIBLE LWS_EXTERN const lws_ss_policy_t * +lws_ss_policy_get(struct lws_context *context); + +#endif diff --git a/lib/core/context.c b/lib/core/context.c index 27b1d11f1..8c357d7eb 100644 --- a/lib/core/context.c +++ b/lib/core/context.c @@ -161,6 +161,7 @@ lws_state_notify_protocol_init(struct lws_state_manager *mgr, /* it failed, eg, no streamtype for it in the policy */ } +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) /* * Skip this if we are running something without the policy for it */ @@ -173,6 +174,7 @@ lws_state_notify_protocol_init(struct lws_state_manager *mgr, if (!lws_ss_sys_fetch_policy(context)) return 1; } +#endif #endif /* protocol part */ @@ -295,6 +297,11 @@ lws_create_context(const struct lws_context_creation_info *info) __func__, context->udp_loss_sim_tx_pc, context->udp_loss_sim_rx_pc); +#if defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) + /* directly use the user-provided policy object list */ + context->pss_policies = info->pss_policies; +#endif + #if defined(LWS_WITH_SECURE_STREAMS_PROXY_API) context->ss_proxy_bind = info->ss_proxy_bind; context->ss_proxy_port = info->ss_proxy_port; @@ -318,7 +325,9 @@ lws_create_context(const struct lws_context_creation_info *info) #endif #if defined(LWS_WITH_SECURE_STREAMS) +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) context->pss_policies_json = info->pss_policies_json; +#endif context->pss_plugins = info->pss_plugins; #endif @@ -822,6 +831,7 @@ lws_create_context(const struct lws_context_creation_info *info) #if defined(LWS_WITH_SECURE_STREAMS) +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) if (context->pss_policies_json) { /* * You must create your context with the explicit vhosts flag @@ -844,6 +854,16 @@ lws_create_context(const struct lws_context_creation_info *info) goto bail; } } else +#else + if (context->pss_policies) { + /* user code set the policy objects directly, no parsing step */ + + if (lws_ss_policy_set(context, "hardcoded")) { + lwsl_err("%s: policy set failed\n", __func__); + goto bail; + } + } else +#endif lws_create_vhost(context, info); #endif @@ -1096,9 +1116,11 @@ lws_context_destroy2(struct lws_context *context) #if defined(LWS_WITH_SECURE_STREAMS) lws_dll2_foreach_safe(&pt->ss_owner, NULL, lws_ss_destroy_dll); +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) if (context->ac_policy) lwsac_free(&context->ac_policy); #endif +#endif #if defined(LWS_WITH_SECURE_STREAMS_PROXY_API) lws_dll2_foreach_safe(&pt->ss_client_owner, NULL, lws_sspc_destroy_dll); diff --git a/lib/core/private-lib-core.h b/lib/core/private-lib-core.h index 77380456b..49ea3f6bd 100644 --- a/lib/core/private-lib-core.h +++ b/lib/core/private-lib-core.h @@ -358,7 +358,6 @@ struct lws_context { #endif #if defined(LWS_WITH_SECURE_STREAMS_SYS_AUTH_API_AMAZON_COM) - void *pol_args; struct lws_ss_handle *hss_auth; struct lws_ss_handle *hss_fetch_policy; lws_sorted_usec_list_t sul_api_amazon_com; @@ -440,10 +439,13 @@ struct lws_context { const lws_system_ops_t *system_ops; #if defined(LWS_WITH_SECURE_STREAMS) +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) const char *pss_policies_json; + struct lwsac *ac_policy; + void *pol_args; +#endif const lws_ss_policy_t *pss_policies; const lws_ss_plugin_t **pss_plugins; - struct lwsac *ac_policy; #endif void *external_baggage_free_on_destroy; diff --git a/lib/secure-streams/README.md b/lib/secure-streams/README.md index d0540f695..7508cac2b 100644 --- a/lib/secure-streams/README.md +++ b/lib/secure-streams/README.md @@ -528,3 +528,30 @@ socks_proxy=127.0.0.1:1337 ./bin/lws-minimal-secure-streams-client -p 1234 -i 12 You can confirm this goes through the ssh socks5 proxy to get to the SS proxy and fulfil the connection. + +## Using static policies + +If one of your targets is too constrained to make use of dynamic JSON policies, but +using SS and the policies is attractive for wider reasons, you can use a static policy +built into the firmware for the constrained target. + +The secure-streams example "policy2c" (which runs on the build machine, not the device) + +https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/secure-streams/minimal-secure-streams-policy2c + +accepts a normal JSON policy on stdin, and emits a C code representation that can be +included directly in the firmware. + +https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/static-policy.h + +Using this technique it's possible to standardize on maintaining JSON policies across a +range of devices with different contraints, and use the C conversion of the policy on devices +that are too small. + +The Cmake option `LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY` should be enabled to use this +mode, it will not build the JSON parser (and the option for LEJP can also be disabled if +you're not otherwise using it, saving an additional couple of KB). + +Notice policy2c example tool must be built with `LWS_ROLE_H1`, `LWS_ROLE_H2`, `LWS_ROLE_WS` +and `LWS_ROLE_MQTT` enabled so it can handle any kind of policy. + diff --git a/lib/secure-streams/policy-common.c b/lib/secure-streams/policy-common.c new file mode 100644 index 000000000..98102dfc3 --- /dev/null +++ b/lib/secure-streams/policy-common.c @@ -0,0 +1,279 @@ +/* + * libwebsockets - small server side websockets and web server implementation + * + * Copyright (C) 2019 - 2020 Andy Green + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to + * deal in the Software without restriction, including without limitation the + * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + * sell copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + * IN THE SOFTWARE. + * + * This file contains the stuff related to secure streams policy, it's always + * built if LWS_WITH_SECURE_STREAMS enabled. + */ + +#include + +const lws_ss_policy_t * +lws_ss_policy_lookup(const struct lws_context *context, const char *streamtype) +{ + const lws_ss_policy_t *p = context->pss_policies; + + if (!streamtype) + return NULL; + + while (p) { + if (!strcmp(p->streamtype, streamtype)) + return p; + p = p->next; + } + + return NULL; +} + +int +lws_ss_set_metadata(struct lws_ss_handle *h, const char *name, + const void *value, size_t len) +{ + lws_ss_metadata_t *omd = lws_ss_policy_metadata(h->policy, name); + + if (!omd) { + lwsl_err("%s: unknown metadata %s\n", __func__, name); + return 1; + } + + h->metadata[omd->length].name = name; + h->metadata[omd->length].value = (void *)value; + h->metadata[omd->length].length = len; + + return 0; +} + +lws_ss_metadata_t * +lws_ss_get_handle_metadata(struct lws_ss_handle *h, const char *name) +{ + lws_ss_metadata_t *omd = lws_ss_policy_metadata(h->policy, name); + + if (!omd) + return NULL; + + return &h->metadata[omd->length]; +} + +lws_ss_metadata_t * +lws_ss_policy_metadata(const lws_ss_policy_t *p, const char *name) +{ + lws_ss_metadata_t *pmd = p->metadata; + + while (pmd) { + if (pmd->name && !strcmp(name, pmd->name)) + return pmd; + pmd = pmd->next; + } + + return NULL; +} + +lws_ss_metadata_t * +lws_ss_policy_metadata_index(const lws_ss_policy_t *p, size_t index) +{ + lws_ss_metadata_t *pmd = p->metadata; + + while (pmd) { + if (pmd->length == index) + return pmd; + pmd = pmd->next; + } + + return NULL; +} + +int +lws_ss_policy_set(struct lws_context *context, const char *name) +{ +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) + struct policy_cb_args *args = (struct policy_cb_args *)context->pol_args; + lws_ss_x509_t *x; + char buf[16]; + int m; +#endif + const lws_ss_policy_t *pol; + struct lws_vhost *v; + int ret = 0; + +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) + /* + * Parsing seems to have succeeded, and we're going to use the new + * policy that's laid out in args->ac + */ + + lejp_destruct(&args->jctx); + + if (context->ac_policy) { + + /* + * So this is a bit fun-filled, we already had a policy in + * force, perhaps it was the default policy that's just good for + * fetching the real policy, and we're doing that now. + * + * We can destroy all the policy-related direct allocations + * easily because they're cleanly in a single lwsac... + */ + lwsac_free(&context->ac_policy); + + /* + * ...but when we did the trust stores, we created vhosts for + * each. We need to destroy those now too, and recreate new + * ones from the new policy, perhaps with different X.509s. + */ + + v = context->vhost_list; + while (v) { + if (v->from_ss_policy) { + struct lws_vhost *vh = v->vhost_next; + lwsl_debug("%s: destroying vh %p\n", __func__, v); + lws_vhost_destroy(v); + v = vh; + continue; + } + v = v->vhost_next; + } + + lws_check_deferred_free(context, 0, 1); + } + + context->pss_policies = args->heads[LTY_POLICY].p; + context->ac_policy = args->ac; + + lws_humanize(buf, sizeof(buf), lwsac_total_alloc(args->ac), + humanize_schema_si_bytes); + if (lwsac_total_alloc(args->ac)) + m = (int)((lwsac_total_overhead(args->ac) * 100) / + lwsac_total_alloc(args->ac)); + else + m = 0; + + lwsl_notice("%s: %s, pad %d%c: %s\n", __func__, buf, m, '%', name); +#endif + + /* Create vhosts for each type of trust store */ + + pol = context->pss_policies; + while (pol) { + struct lws_context_creation_info i; + int n; + + memset(&i, 0, sizeof(i)); + + /* + * We get called from context creation... instantiates + * vhosts with client tls contexts set up for each unique CA. + * + * For compatibility with static policy, we create the vhosts + * by walking streamtype list and create vhosts using trust + * store name if it doesn't already exist. + */ + + if (!pol->trust_store) { + pol = pol->next; + continue; + } + v = lws_get_vhost_by_name(context, pol->trust_store->name); + if (v) { + /* vhost for this trust store already exists, skip */ + pol = pol->next; + continue; + } + + i.options = context->options; + i.vhost_name = pol->trust_store->name; + lwsl_debug("%s: %s\n", __func__, i.vhost_name); + i.client_ssl_ca_mem = pol->trust_store->ssx509[0]->ca_der; + i.client_ssl_ca_mem_len = pol->trust_store->ssx509[0]->ca_der_len; + i.port = CONTEXT_PORT_NO_LISTEN; + lwsl_info("%s: %s trust store initial '%s'\n", __func__, + i.vhost_name, pol->trust_store->ssx509[0]->vhost_name); + + v = lws_create_vhost(context, &i); + if (!v) { + lwsl_err("%s: failed to create vhost %s\n", + __func__, i.vhost_name); + ret = 1; + } else + v->from_ss_policy = 1; + + for (n = 1; v && n < pol->trust_store->count; n++) { + lwsl_info("%s: add '%s' to trust store\n", __func__, + pol->trust_store->ssx509[n]->vhost_name); + if (lws_tls_client_vhost_extra_cert_mem(v, + pol->trust_store->ssx509[n]->ca_der, + pol->trust_store->ssx509[n]->ca_der_len)) { + lwsl_err("%s: add extra cert failed\n", + __func__); + ret = 1; + } + } + + pol = pol->next; + } + +#if defined(LWS_WITH_SOCKS5) + + /* + * ... we need to go through every vhost updating its understanding of + * which socks5 proxy to use... + */ + + v = context->vhost_list; + while (v) { + lws_set_socks(v, args->socks5_proxy); + v = v->vhost_next; + } + if (context->vhost_system) + lws_set_socks(context->vhost_system, args->socks5_proxy); + + if (args->socks5_proxy) + lwsl_notice("%s: global socks5 proxy: %s\n", __func__, + args->socks5_proxy); +#endif + +#if !defined(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY) + + /* + * For dynamic policy case, now we processed the x.509 CAs, we can free + * all of our originals. For static policy, they're in .rodata, nothing + * to free. + */ + + x = args->heads[LTY_X509].x; + while (x) { + /* + * Free all the DER buffers now they have been parsed into + * tls library X.509 objects + */ + lws_free((void *)x->ca_der); + x->ca_der = NULL; + x = x->next; + } + + /* and we can discard the parsing args object now, invalidating args */ + + lws_free_set_NULL(context->pol_args); +#endif + + return ret; +} + diff --git a/lib/secure-streams/policy.c b/lib/secure-streams/policy-json.c similarity index 77% rename from lib/secure-streams/policy.c rename to lib/secure-streams/policy-json.c index 6991e5281..09e5a0c73 100644 --- a/lib/secure-streams/policy.c +++ b/lib/secure-streams/policy-json.c @@ -20,16 +20,13 @@ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS * IN THE SOFTWARE. + * + * This file contains the stuff related to JSON-provided policy, it's not built + * if LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY enabled. */ #include -typedef struct backoffs { - struct backoffs *next; - const char *name; - lws_retry_bo_t r; -} backoff_t; - static const char * const lejp_tokens_policy[] = { "release", "product", @@ -161,39 +158,6 @@ typedef enum { LSSPPT_STREAMTYPES } policy_token_t; -union u { - backoff_t *b; - lws_ss_x509_t *x; - lws_ss_trust_store_t *t; - lws_ss_policy_t *p; -}; - -enum { - LTY_BACKOFF, - LTY_X509, - LTY_TRUSTSTORE, - LTY_POLICY, - - _LTY_COUNT /* always last */ -}; - -struct policy_cb_args { - struct lejp_ctx jctx; - struct lws_context *context; - struct lwsac *ac; - - const char *socks5_proxy; - - struct lws_b64state b64; - - union u heads[_LTY_COUNT]; - union u curr[_LTY_COUNT]; - - uint8_t *p; - - int count; -}; - #define POL_AC_INITIAL 2048 #define POL_AC_GRAIN 800 #define MAX_CERT_TEMP 2048 /* used to discover actual cert size for realloc */ @@ -212,63 +176,6 @@ static const char *protonames[] = { "mqtt", /* LWSSSP_MQTT */ }; -lws_ss_metadata_t * -lws_ss_policy_metadata(const lws_ss_policy_t *p, const char *name) -{ - lws_ss_metadata_t *pmd = p->metadata; - - while (pmd) { - if (pmd->name && !strcmp(name, pmd->name)) - return pmd; - pmd = pmd->next; - } - - return NULL; -} - -lws_ss_metadata_t * -lws_ss_policy_metadata_index(const lws_ss_policy_t *p, size_t index) -{ - lws_ss_metadata_t *pmd = p->metadata; - - while (pmd) { - if (pmd->length == index) - return pmd; - pmd = pmd->next; - } - - return NULL; -} - -int -lws_ss_set_metadata(struct lws_ss_handle *h, const char *name, - const void *value, size_t len) -{ - lws_ss_metadata_t *omd = lws_ss_policy_metadata(h->policy, name); - - if (!omd) { - lwsl_err("%s: unknown metadata %s\n", __func__, name); - return 1; - } - - h->metadata[omd->length].name = name; - h->metadata[omd->length].value = (void *)value; - h->metadata[omd->length].length = len; - - return 0; -} - -lws_ss_metadata_t * -lws_ss_get_handle_metadata(struct lws_ss_handle *h, const char *name) -{ - lws_ss_metadata_t *omd = lws_ss_policy_metadata(h->policy, name); - - if (!omd) - return NULL; - - return &h->metadata[omd->length]; -} - static signed char lws_ss_policy_parser_cb(struct lejp_ctx *ctx, char reason) { @@ -645,6 +552,7 @@ lws_ss_policy_parser_cb(struct lejp_ctx *ctx, char reason) a->curr[LTY_POLICY].p->metadata_count++; break; +#if defined(LWS_ROLE_H1) || defined(LWS_ROLE_H2) case LSSPPT_HTTP_AUTH_HEADER: case LSSPPT_HTTP_DSN_HEADER: case LSSPPT_HTTP_FWV_HEADER: @@ -690,6 +598,9 @@ lws_ss_policy_parser_cb(struct lejp_ctx *ctx, char reason) a->curr[LTY_POLICY].p->u.http.fail_redirect = reason == LEJPCB_VAL_TRUE; break; +#endif + +#if defined(LWS_ROLE_WS) case LSSPPT_WS_SUBPROTOCOL: pp = (char **)&a->curr[LTY_POLICY].p->u.http.u.ws.subprotocol; @@ -699,11 +610,14 @@ lws_ss_policy_parser_cb(struct lejp_ctx *ctx, char reason) a->curr[LTY_POLICY].p->u.http.u.ws.binary = reason == LEJPCB_VAL_TRUE; break; +#endif + case LSSPPT_LOCAL_SINK: if (reason == LEJPCB_VAL_TRUE) a->curr[LTY_POLICY].p->flags |= LWSSSPOLF_LOCAL_SINK; break; +#if defined(LWS_ROLE_MQTT) case LSSPPT_MQTT_TOPIC: pp = (char **)&a->curr[LTY_POLICY].p->u.mqtt.topic; goto string2; @@ -739,6 +653,7 @@ lws_ss_policy_parser_cb(struct lejp_ctx *ctx, char reason) a->curr[LTY_POLICY].p->u.mqtt.will_retain = reason == LEJPCB_VAL_TRUE; break; +#endif case LSSPPT_PROTOCOL: a->curr[LTY_POLICY].p->protocol = 0xff; @@ -752,6 +667,9 @@ lws_ss_policy_parser_cb(struct lejp_ctx *ctx, char reason) lws_strnncpy(dotstar, ctx->buf, ctx->npos, sizeof(dotstar)); lwsl_err("%s: unknown protocol name %s\n", __func__, dotstar); return -1; + + default: + break; } return 0; @@ -835,6 +753,7 @@ lws_ss_policy_parse_abandon(struct lws_context *context) struct policy_cb_args *args = (struct policy_cb_args *)context->pol_args; lejp_destruct(&args->jctx); + lwsac_free(&args->ac); lws_free_set_NULL(context->pol_args); return 0; @@ -865,175 +784,13 @@ lws_ss_policy_overlay(struct lws_context *context, const char *overlay) strlen(overlay)); } -int -lws_ss_policy_set(struct lws_context *context, const char *name) +const lws_ss_policy_t * +lws_ss_policy_get(struct lws_context *context) { struct policy_cb_args *args = (struct policy_cb_args *)context->pol_args; - lws_ss_trust_store_t *ts; - struct lws_vhost *v; - lws_ss_x509_t *x; - char buf[16]; - int m, ret = 0; - /* - * Parsing seems to have succeeded, and we're going to use the new - * policy that's laid out in args->ac - */ - - lejp_destruct(&args->jctx); - - if (context->ac_policy) { - - /* - * So this is a bit fun-filled, we already had a policy in - * force, perhaps it was the default policy that's just good for - * fetching the real policy, and we're doing that now. - * - * We can destroy all the policy-related direct allocations - * easily because they're cleanly in a single lwsac... - */ - lwsac_free(&context->ac_policy); - - /* - * ...but when we did the trust stores, we created vhosts for - * each. We need to destroy those now too, and recreate new - * ones from the new policy, perhaps with different X.509s. - */ - - v = context->vhost_list; - while (v) { - if (v->from_ss_policy) { - struct lws_vhost *vh = v->vhost_next; - lwsl_debug("%s: destroying vh %p\n", __func__, v); - lws_vhost_destroy(v); - v = vh; - continue; - } - v = v->vhost_next; - } - - lws_check_deferred_free(context, 0, 1); - } - - context->pss_policies = args->heads[LTY_POLICY].p; - context->ac_policy = args->ac; - - lws_humanize(buf, sizeof(buf), lwsac_total_alloc(args->ac), - humanize_schema_si_bytes); - if (lwsac_total_alloc(args->ac)) - m = (int)((lwsac_total_overhead(args->ac) * 100) / - lwsac_total_alloc(args->ac)); - else - m = 0; - - lwsl_notice("%s: %s, pad %d%c: %s\n", __func__, buf, m, '%', name); - - /* Create vhosts for each type of trust store */ - - ts = args->heads[LTY_TRUSTSTORE].t; - while (ts) { - struct lws_context_creation_info i; - - memset(&i, 0, sizeof(i)); - - /* - * We get called from context creation... instantiates - * vhosts with client tls contexts set up for each unique CA. - * - * Create the vhost with the first (mandatory) entry in the - * trust store... - */ - - v = lws_get_vhost_by_name(context, ts->name); - if (!v) { - int n; - - i.options = context->options; - i.vhost_name = ts->name; - lwsl_debug("%s: %s\n", __func__, i.vhost_name); - i.client_ssl_ca_mem = ts->ssx509[0]->ca_der; - i.client_ssl_ca_mem_len = ts->ssx509[0]->ca_der_len; - i.port = CONTEXT_PORT_NO_LISTEN; - lwsl_info("%s: %s trust store initial '%s'\n", __func__, - ts->name, ts->ssx509[0]->vhost_name); - - v = lws_create_vhost(context, &i); - if (!v) { - lwsl_err("%s: failed to create vhost %s\n", - __func__, ts->name); - ret = 1; - } else - v->from_ss_policy = 1; - - for (n = 1; v && n < ts->count; n++) { - lwsl_info("%s: add '%s' to trust store\n", - __func__, ts->ssx509[n]->vhost_name); - if (lws_tls_client_vhost_extra_cert_mem(v, - ts->ssx509[n]->ca_der, - ts->ssx509[n]->ca_der_len)) { - lwsl_err("%s: add extra cert failed\n", - __func__); - ret = 1; - } - } - } - - ts = ts->next; - } - -#if defined(LWS_WITH_SOCKS5) - - /* - * ... we need to go through every vhost updating its understanding of - * which socks5 proxy to use... - */ - - v = context->vhost_list; - while (v) { - lws_set_socks(v, args->socks5_proxy); - v = v->vhost_next; - } - if (context->vhost_system) - lws_set_socks(context->vhost_system, args->socks5_proxy); - - if (args->socks5_proxy) - lwsl_notice("%s: global socks5 proxy: %s\n", __func__, - args->socks5_proxy); -#endif - - /* now we processed the x.509 CAs, we can free all of our originals */ - - x = args->heads[LTY_X509].x; - while (x) { - /* - * Free all the DER buffers now they have been parsed into - * tls library X.509 objects - */ - lws_free((void *)x->ca_der); - x->ca_der = NULL; - x = x->next; - } - - /* and we can discard the parsing args object now, invalidating args */ - - lws_free_set_NULL(context->pol_args); - - return ret; -} - -const lws_ss_policy_t * -lws_ss_policy_lookup(const struct lws_context *context, const char *streamtype) -{ - const lws_ss_policy_t *p = context->pss_policies; - - if (!streamtype) + if (!args) return NULL; - while (p) { - if (!strcmp(p->streamtype, streamtype)) - return p; - p = p->next; - } - - return NULL; + return args->heads[LTY_POLICY].p; } diff --git a/lib/secure-streams/private-lib-secure-streams.h b/lib/secure-streams/private-lib-secure-streams.h index 90dd44587..9d9044e28 100644 --- a/lib/secure-streams/private-lib-secure-streams.h +++ b/lib/secure-streams/private-lib-secure-streams.h @@ -242,6 +242,46 @@ typedef struct lws_sspc_handle { uint8_t destroying:1; } lws_sspc_handle_t; +typedef struct backoffs { + struct backoffs *next; + const char *name; + lws_retry_bo_t r; +} backoff_t; + +union u { + backoff_t *b; + lws_ss_x509_t *x; + lws_ss_trust_store_t *t; + lws_ss_policy_t *p; +}; + +enum { + LTY_BACKOFF, + LTY_X509, + LTY_TRUSTSTORE, + LTY_POLICY, + + _LTY_COUNT /* always last */ +}; + + +struct policy_cb_args { + struct lejp_ctx jctx; + struct lws_context *context; + struct lwsac *ac; + + const char *socks5_proxy; + + struct lws_b64state b64; + + union u heads[_LTY_COUNT]; + union u curr[_LTY_COUNT]; + + uint8_t *p; + + int count; +}; + int lws_ss_deserialize_parse(struct lws_ss_serialization_parser *par, struct lws_context *context, diff --git a/minimal-examples/secure-streams/minimal-secure-streams-alexa/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-alexa/CMakeLists.txt index b28d84e0a..0fb81078f 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams-alexa/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams-alexa/CMakeLists.txt @@ -66,6 +66,7 @@ set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) require_lws_config(LWS_WITH_ALSA 1 requirements) if (requirements) diff --git a/minimal-examples/secure-streams/minimal-secure-streams-avs/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-avs/CMakeLists.txt index 7e58274aa..e336dad3c 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams-avs/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams-avs/CMakeLists.txt @@ -65,6 +65,7 @@ set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) if (requirements) add_executable(${SAMP} main.c avs.c) diff --git a/minimal-examples/secure-streams/minimal-secure-streams-metadata/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-metadata/CMakeLists.txt index 2b1b4b1c7..b53fb9bba 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams-metadata/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams-metadata/CMakeLists.txt @@ -66,6 +66,7 @@ set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) if (requirements) add_executable(${SAMP} minimal-secure-streams.c) diff --git a/minimal-examples/secure-streams/minimal-secure-streams-policy2c/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-policy2c/CMakeLists.txt new file mode 100644 index 000000000..5aec9b007 --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-policy2c/CMakeLists.txt @@ -0,0 +1,82 @@ +cmake_minimum_required(VERSION 2.8) +include(CheckCSourceCompiles) + +set(SAMP lws-minimal-secure-streams-policy2c) + +# If we are being built as part of lws, confirm current build config supports +# reqconfig, else skip building ourselves. +# +# If we are being built externally, confirm installed lws was configured to +# support reqconfig, else error out with a helpful message about the problem. +# +MACRO(require_lws_config reqconfig _val result) + + if (DEFINED ${reqconfig}) + if (${reqconfig}) + set (rq 1) + else() + set (rq 0) + endif() + else() + set(rq 0) + endif() + + if (${_val} EQUAL ${rq}) + set(SAME 1) + else() + set(SAME 0) + endif() + + if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) + if (${_val}) + message("${SAMP}: skipping as lws being built without ${reqconfig}") + else() + message("${SAMP}: skipping as lws built with ${reqconfig}") + endif() + set(${result} 0) + else() + if (LWS_WITH_MINIMAL_EXAMPLES) + set(MET ${SAME}) + else() + CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) + if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) + set(HAS_${reqconfig} 0) + else() + set(HAS_${reqconfig} 1) + endif() + if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) + set(MET 1) + else() + set(MET 0) + endif() + endif() + if (NOT MET) + if (${_val}) + message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") + else() + message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") + endif() + endif() + endif() +ENDMACRO() + + +set(requirements 1) +require_lws_config(LWS_ROLE_H1 1 requirements) +require_lws_config(LWS_ROLE_H2 1 requirements) +require_lws_config(LWS_ROLE_MQTT 1 requirements) +require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) + +if (requirements) + add_executable(${SAMP} minimal-secure-streams.c) + + if (websockets_shared) + target_link_libraries(${SAMP} websockets_shared) + add_dependencies(${SAMP} websockets_shared) + else() + target_link_libraries(${SAMP} websockets) + endif() + +endif() diff --git a/minimal-examples/secure-streams/minimal-secure-streams-policy2c/README.md b/minimal-examples/secure-streams/minimal-secure-streams-policy2c/README.md new file mode 100644 index 000000000..8e093ea68 --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-policy2c/README.md @@ -0,0 +1,49 @@ +# lws minimal secure streams policy2c + +This application parses a JSON policy passed on stdin and emits the +equivalent of it in C structs ready for compilation. + +This is useful in the case your platform doesn't use a dynamic JSON +policy and is space-constrained, you can still form and maintain the +policy in JSON, but with this utility convert it into compileable C. + +**Notice** this depends on LWS_ROLE_H1, LWS_ROLE_H2, LWS_ROLE_WS and +LWS_ROLE_MQTT build of lws, since it has to be able to work with any kind +of policy content. + +## build + +``` + $ cmake . && make +``` + +## usage + +Commandline option|Meaning +---|--- +-d |Debug verbosity in decimal, eg, -d15 + +``` +$ cat mypolicy.json | lws-minimal-secure-streams-policy2c + +(on stdout) + +static const uint32_t _rbo_bo_0[] = { + 1000, 2000, 3000, 5000, 10000, +}; +static const lws_retry_bo_t _rbo_0 = { + .retry_ms_table = _rbo_bo_0, + .retry_ms_table_count = 5, + .conceal_count = 5, + .secs_since_valid_ping = 30, + .secs_since_valid_hangup = 35, + .jitter_percent = 20, +}; +static const uint8_t _ss_der_amazon_root_ca_1[] = { + /* 0x 0 */ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x06, + /* 0x 10 */ 0x6C, 0x9F, 0xCF, 0x99, 0xBF, 0x8C, 0x0A, 0x39, + /* 0x 18 */ 0xE2, 0xF0, 0x78, 0x8A, 0x43, 0xE6, 0x96, 0x36, + /* 0x 20 */ 0x5B, 0xCA, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, +... +``` diff --git a/minimal-examples/secure-streams/minimal-secure-streams-policy2c/minimal-secure-streams.c b/minimal-examples/secure-streams/minimal-secure-streams-policy2c/minimal-secure-streams.c new file mode 100644 index 000000000..0dfa5fa13 --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-policy2c/minimal-secure-streams.c @@ -0,0 +1,570 @@ +/* + * lws-minimal-secure-streams-policy2c + * + * Written in 2010-2020 by Andy Green + * + * This file is made available under the Creative Commons CC0 1.0 + * Universal Public Domain Dedication. + * + * + * This reads policy JSON on stdin and emits it as compileable + * C structs. + * + * It's useful if your platform is too space-constrained for a + * JSON policy and needs to build a static policy in C via + * LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY... this way you can + * still create and maintain the JSON policy but implement it directly + * as C structs in your code. + */ + +#include +#include +#include +#include + +static int interrupted, bad = 1; + + +static void +sigint_handler(int sig) +{ + interrupted = 1; +} + +struct aggstr { + struct aggstr *next; + + const char *orig; + size_t offset; +}; + +static struct aggstr *rbomap, /* retry / backoff object map */ + *trustmap, /* trust store map */ + *certmap; /* x.509 cert map */ +static size_t last_offset; + + + +static const char * +purify_csymbol(const char *in, char *temp, size_t templen) +{ + const char *otemp = temp; + + assert (strlen(in) < templen); + + while (*in) { + if ((*in >= 'a' && *in <= 'z') || (*in >= 'A' && *in <= 'Z') || + (*in >= '0' && *in <= '9')) + *temp++ = *in; + else + *temp++ = '_'; + + in++; + } + + *temp = '\0'; + + return otemp; +} + +int main(int argc, const char **argv) +{ + const lws_ss_policy_t *pol, *lastpol = NULL; + struct lws_context_creation_info info; + size_t json_size = 0, est = 0; + struct lws_context *context; + char prev[128], curr[128]; + int unique_rbo = 0, m, n; + char buf[64], buf1[64]; + lws_ss_metadata_t *md; + struct aggstr *a, *a1; + + signal(SIGINT, sigint_handler); + + memset(&info, 0, sizeof info); + lws_cmdline_option_handle_builtin(argc, argv, &info); + + lwsl_user("LWS secure streams policy2c [-d]\n"); + + info.fd_limit_per_thread = 1 + 6 + 1; + info.port = CONTEXT_PORT_NO_LISTEN; + + info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS | + LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; + + /* create the context */ + + context = lws_create_context(&info); + if (!context) { + lwsl_err("lws init failed\n"); + return 1; + } + + lws_ss_policy_parse_begin(context, 0); + + printf("/*\n * Autogenerated from the following JSON policy\n */\n\n#if 0\n"); + + do { + int m, n = read(0, buf, sizeof(buf)); + + if (n < 1) + break; + + m = lws_ss_policy_parse(context, (uint8_t *)buf, (size_t)n); + + printf("%.*s", n, buf); + json_size += n; + + if (m < 0 && m != LEJP_CONTINUE) { + lwsl_err("%s: policy parse failed... lws has WITH_ROLEs" + "for what's in the JSON?\n", __func__); + goto bail; + } + } while (1); + + printf("\n\n Original JSON size: %zu\n#endif\n\n", json_size); + + lwsl_notice("%s: parsed JSON\n", __func__); + + /* + * Well, this is fun, isn't it... we have parsed the JSON into in-memory + * policy objects, and it has set the context policy pointer to the head + * of those but has not set the new policy (which would free the x.509). + * + * We want to walk the streamtype list first discovering unique objects + * and strings referenced there and emitting them compactly as C data, + * and then second to emit the streamtype linked-list referring to those + * objects. + * + * For const strings, we aggregate them and avoid generating extra + * pointers by encoding the reference as &_lws_ss_staticpol_str[xxx] + * where xxx is the fixed offset in the aggregated monster-string. When + * doing that, we keep a map of original pointers to offsets. + * + * Although we want to minimize memory used by the emitted C, we don't + * have to sweat memory during this conversion since it's happening on a + * PC + */ + + pol = lws_ss_policy_get(context); + lwsl_notice("%s: pol %p\n", __func__, pol); + while (pol) { + + /* + * Walk the metadata list gathering strings and issuing the + * C struct + */ + + md = pol->metadata; + + if (md) { + int idx = 0; + + printf("\nstatic const lws_ss_metadata_t "); + + prev[0] = '\0'; + md = pol->metadata; + while (md) { + + est += sizeof(lws_ss_metadata_t); + + lws_snprintf(curr, sizeof(curr), "_md_%s_%s", + purify_csymbol(pol->streamtype, buf, + sizeof(buf)), + purify_csymbol(md->name, buf1, + sizeof(buf1))); + + printf("%s = {\n", curr); + if (prev[0]) + printf("\t.next = (void *)&%s, \n", prev); + + printf("\t.name = \"%s\",\n", (const char *)md->name); + if (md->value) + printf("\t.value = (void *)\"%s\",\n", (const char *)md->value); + + printf("\t.length = %d,\n", idx++); // md->length); + + printf("}"); + if (md->next) + printf(",\n"); + + lws_strncpy(prev, curr, sizeof(prev)); + + md = md->next; + } + + printf(";\n\n"); + } + + /* + * Create unique retry policies... have we seen this guy? + */ + + if (pol->retry_bo) { + a = rbomap; + while (a) { + if (a->orig == (const char *)pol->retry_bo) + break; + + a = a->next; + } + + if (!a) { + + /* We haven't seen it before and need to create it */ + + a = malloc(sizeof(*a)); + if (!a) + goto bail; + a->next = rbomap; + a->offset = unique_rbo++; + a->orig = (const char *)pol->retry_bo; + rbomap = a; + + printf("static const uint32_t _rbo_bo_%zu[] = {\n", + a->offset); + for (n = 0; n < pol->retry_bo->retry_ms_table_count; n++) + printf(" %u, ", (unsigned int) + pol->retry_bo->retry_ms_table[n]); + + est += sizeof(uint32_t) * + pol->retry_bo->retry_ms_table_count; + + printf("\n};\nstatic const " + "lws_retry_bo_t _rbo_%zu = {\n", a->offset); + + printf("\t.retry_ms_table = _rbo_bo_%zu,\n", + a->offset); + printf("\t.retry_ms_table_count = %u,\n", + pol->retry_bo->retry_ms_table_count); + printf("\t.conceal_count = %u,\n", + pol->retry_bo->conceal_count); + printf("\t.secs_since_valid_ping = %u,\n", + pol->retry_bo->secs_since_valid_ping); + printf("\t.secs_since_valid_hangup = %u,\n", + pol->retry_bo->secs_since_valid_hangup); + printf("\t.jitter_percent = %u,\n", + pol->retry_bo->jitter_percent); + printf("};\n"); + + est += sizeof(lws_retry_bo_t); + } + } + + /* + * How about his trust store, it's new to us? + */ + + if (pol->trust_store) { + a = trustmap; + while (a) { + if (a->orig == (const char *)pol->trust_store) + break; + + a = a->next; + } + + if (!a) { + + /* it's new to us... */ + + a = malloc(sizeof(*a)); + if (!a) + goto bail; + a->next = trustmap; + a->offset = 0; /* don't care, just track seen */ + a->orig = (const char *)pol->trust_store; + trustmap = a; + + /* + * Have a look through his x.509 stack... + * any that're new to us? + */ + + for (n = 0; n < pol->trust_store->count; n++) { + if (!pol->trust_store->ssx509[n]) + continue; + a1 = certmap; + while (a1) { + if (a1->orig == (const char *)pol->trust_store->ssx509[n]) + break; + a1 = a1->next; + } + + if (!a1) { + /* + * This x.509 cert is new to us... + * let's capture the DER + */ + + a1 = malloc(sizeof(*a1)); + if (!a1) + goto bail; + a1->next = certmap; + a1->offset = 0; /* don't care, just track seen */ + a1->orig = (const char *)pol->trust_store->ssx509[n]; + certmap = a1; + + printf("static const uint8_t _ss_der_%s[] = {\n", + purify_csymbol(pol->trust_store->ssx509[n]->vhost_name, + buf, sizeof(buf))); + + for (m = 0; m < (int)pol->trust_store->ssx509[n]->ca_der_len; m++) { + if ((m & 7) == 0) + printf("\t/* 0x%3x */ ", m); + + printf("0x%02X, ", pol->trust_store->ssx509[n]->ca_der[m]); + if ((m & 7) == 7) + printf("\n"); + } + + printf("\n};\nstatic const lws_ss_x509_t _ss_x509_%s = {\n", + purify_csymbol(pol->trust_store->ssx509[n]->vhost_name, + buf, sizeof(buf))); + printf("\t.vhost_name = \"%s\",\n", pol->trust_store->ssx509[n]->vhost_name); + printf("\t.ca_der = _ss_der_%s,\n", + purify_csymbol(pol->trust_store->ssx509[n]->vhost_name, + buf, sizeof(buf))); + printf("\t.ca_der_len = %zu,\n", pol->trust_store->ssx509[n]->ca_der_len); + printf("};\n"); + + est += sizeof(lws_ss_x509_t) + pol->trust_store->ssx509[n]->ca_der_len; + } + + } + + + printf("static const lws_ss_trust_store_t _ss_ts_%s = {\n", + purify_csymbol(pol->trust_store->name, + buf, sizeof(buf))); + + printf("\t.name = \"%s\",\n", pol->trust_store->name); + printf("\t.ssx509 = {\n"); + + for (n = pol->trust_store->count - 1; n >= 0 ; n--) + printf("\t\t&_ss_x509_%s,\n", + pol->trust_store->ssx509[n]->vhost_name); + + printf("\t}\n};\n"); + + est += sizeof(lws_ss_trust_store_t); + + } + } + + pol = pol->next; + } + + + + /* + * The streamtypes + */ + + pol = lws_ss_policy_get(context); + lwsl_notice("%s: pol %p\n", __func__, pol); + + printf("\nstatic const lws_ss_policy_t "); + prev[0] = '\0'; + + while (pol) { + + est += sizeof(*pol); + + lws_snprintf(curr, sizeof(curr), "_ssp_%s", + purify_csymbol(pol->streamtype, buf, sizeof(buf))); + printf("%s = {\n", curr); + + + if (prev[0]) + printf("\t.next = (void *)&%s,\n", prev); + + printf("\t.streamtype = \"%s\",\n", pol->streamtype); + if (pol->endpoint) + printf("\t.endpoint = \"%s\",\n", pol->endpoint); + if (pol->rideshare_streamtype) + printf("\t.rideshare_streamtype = \"%s\",\n", + pol->rideshare_streamtype); + if (pol->payload_fmt) + printf("\t.payload_fmt = \"%s\",\n", + pol->payload_fmt); + if (pol->socks5_proxy) + printf("\t.socks5_proxy = \"%s\",\n", + pol->socks5_proxy); + + { + lws_ss_metadata_t *nv = pol->metadata, *last = NULL; + + while (nv) { + last = nv; + nv = nv->next; + } + if (pol->metadata) + printf("\t.metadata = (void *)&_md_%s_%s,\n", + purify_csymbol(pol->streamtype, buf, sizeof(buf)), + purify_csymbol(last->name, buf1, sizeof(buf1))); + } + + + switch (pol->protocol) { + case LWSSSP_H1: + case LWSSSP_H2: + case LWSSSP_WS: + + printf("\t.u = {\n\t\t.http = {\n"); + + if (pol->u.http.method) + printf("\t\t\t.method = \"%s\",\n", + pol->u.http.method); + if (pol->u.http.url) + printf("\t\t\t.url = \"%s\",\n", + pol->u.http.url); + if (pol->u.http.multipart_name) + printf("\t\t\t.multipart_name = \"%s\",\n", + pol->u.http.multipart_name); + if (pol->u.http.multipart_filename) + printf("\t\t\t.multipart_filename = \"%s\",\n", + pol->u.http.multipart_filename); + if (pol->u.http.multipart_content_type) + printf("\t\t\t.multipart_content_type = \"%s\",\n", + pol->u.http.multipart_content_type); + if (pol->u.http.auth_preamble) + printf("\t\t\t.auth_preamble = \"%s\",\n", + pol->u.http.auth_preamble); + + if (pol->u.http.blob_header[0]) { + printf("\t\t\t.blob_header = {\n"); + for (n = 0; n < (int)LWS_ARRAY_SIZE(pol->u.http.blob_header); n++) + if (pol->u.http.blob_header[n]) + printf("\t\t\t\t\"%s\",\n", + pol->u.http.blob_header[n]); + + printf("\t\t\t},\n"); + } + + if (pol->protocol == LWSSSP_WS) { + printf("\t\t\t.u = {\n\t\t\t\t.ws = {\n"); + if (pol->u.http.u.ws.subprotocol) + printf("\t\t\t\t\t.subprotocol = \"%s\",\n", + pol->u.http.u.ws.subprotocol); + printf("\t\t\t\t\t.binary = %u\n", pol->u.http.u.ws.binary); + printf("\t\t\t\t}\n\t\t\t},\n"); + } + + if (pol->u.http.resp_expect) + printf("\t\t\t.resp_expect = %u,\n", pol->u.http.resp_expect); + if (pol->u.http.fail_redirect) + printf("\t\t\t.fail_redirect = %u,\n", pol->u.http.fail_redirect); + + printf("\t\t}\n\t},\n"); + + break; + case LWSSSP_MQTT: + + printf("\t.u = {\n\t\t.mqtt = {\n"); + + if (pol->u.mqtt.topic) + printf("\t\t\t.topic = \"%s\",\n", + pol->u.mqtt.topic); + if (pol->u.mqtt.subscribe) + printf("\t\t\t.subscribe = \"%s\",\n", + pol->u.mqtt.subscribe); + if (pol->u.mqtt.will_topic) + printf("\t\t\t.will_topic = \"%s\",\n", + pol->u.mqtt.will_topic); + if (pol->u.mqtt.will_message) + printf("\t\t\t.will_message = \"%s\",\n", + pol->u.mqtt.will_message); + + if (pol->u.mqtt.keep_alive) + printf("\t\t\t.keep_alive = %u,\n", + pol->u.mqtt.keep_alive); + if (pol->u.mqtt.qos) + printf("\t\t\t.qos = %u,\n", + pol->u.mqtt.qos); + if (pol->u.mqtt.clean_start) + printf("\t\t\t.clean_start = %u,\n", + pol->u.mqtt.clean_start); + if (pol->u.mqtt.will_qos) + printf("\t\t\t.will_qos = %u,\n", + pol->u.mqtt.will_qos); + if (pol->u.mqtt.will_retain) + printf("\t\t\t.will_retain = %u,\n", + pol->u.mqtt.will_retain); + + printf("\t\t}\n\t},\n"); + + break; + default: + lwsl_err("%s: unknown ss protocol index %d\n", __func__, + pol->protocol); + goto bail; + } + +#if 0 + const lws_ss_trust_store_t *trust_store; /**< CA certs needed for conn + validation, only set between policy parsing and vhost creation */ +#endif + + if (pol->retry_bo) { + a = rbomap; + while (a) { + if (a->orig == (const char *)pol->retry_bo) + break; + + a = a->next; + } + if (!a) + goto bail; + + printf("\t.retry_bo = &_rbo_%zu,\n", a->offset); + } + + if (pol->flags) + printf("\t.flags = 0x%x,\n", pol->flags); + if (pol->port) + printf("\t.port = %u,\n", pol->port); + if (pol->metadata_count) + printf("\t.metadata_count = %u,\n", pol->metadata_count); + printf("\t.protocol = %u,\n", pol->protocol); + if (pol->client_cert) + printf("\t.client_cert = %u,\n", pol->client_cert); + + if (pol->trust_store) + printf("\t.trust_store = &_ss_ts_%s,\n", + purify_csymbol(pol->trust_store->name, buf, sizeof(buf))); + + + printf("}"); + if (pol->next) + printf(",\n"); + + lws_strncpy(prev, curr, sizeof(prev)); + + lastpol = pol; + + pol = pol->next; + } + + printf(";\n"); + if (lastpol) + printf("#define _ss_static_policy_entry _ssp_%s\n", + purify_csymbol(lastpol->streamtype, buf, sizeof(buf))); + + est += last_offset; + + printf("/* estimated footprint %zu (when sizeof void * = %zu) */\n", + est, sizeof(void *)); + + lws_ss_policy_parse_abandon(context); + bad = 0; + +bail: + + + lws_context_destroy(context); + + lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); + + return bad; +} diff --git a/minimal-examples/secure-streams/minimal-secure-streams-proxy/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-proxy/CMakeLists.txt index 00c0c3d60..60e105ec3 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams-proxy/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams-proxy/CMakeLists.txt @@ -67,6 +67,7 @@ require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS_PROXY_API 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) if (requirements) add_executable(${SAMP} ${SRCS}) diff --git a/minimal-examples/secure-streams/minimal-secure-streams-seq/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-seq/CMakeLists.txt index b55a3a00e..cd466d90f 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams-seq/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams-seq/CMakeLists.txt @@ -66,6 +66,7 @@ set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) if (requirements) add_executable(${SAMP} ${SRCS}) diff --git a/minimal-examples/secure-streams/minimal-secure-streams-sink/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-sink/CMakeLists.txt index 080ddeaa0..e32bcbd7b 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams-sink/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams-sink/CMakeLists.txt @@ -66,6 +66,7 @@ set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) if (requirements) add_executable(${SAMP} ${SRCS}) diff --git a/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/CMakeLists.txt new file mode 100644 index 000000000..df7290f2b --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/CMakeLists.txt @@ -0,0 +1,80 @@ +cmake_minimum_required(VERSION 2.8) +include(CheckCSourceCompiles) + +set(SAMP lws-minimal-secure-streams-staticpolicy) + +# If we are being built as part of lws, confirm current build config supports +# reqconfig, else skip building ourselves. +# +# If we are being built externally, confirm installed lws was configured to +# support reqconfig, else error out with a helpful message about the problem. +# +MACRO(require_lws_config reqconfig _val result) + + if (DEFINED ${reqconfig}) + if (${reqconfig}) + set (rq 1) + else() + set (rq 0) + endif() + else() + set(rq 0) + endif() + + if (${_val} EQUAL ${rq}) + set(SAME 1) + else() + set(SAME 0) + endif() + + if (LWS_WITH_MINIMAL_EXAMPLES AND NOT ${SAME}) + if (${_val}) + message("${SAMP}: skipping as lws being built without ${reqconfig}") + else() + message("${SAMP}: skipping as lws built with ${reqconfig}") + endif() + set(${result} 0) + else() + if (LWS_WITH_MINIMAL_EXAMPLES) + set(MET ${SAME}) + else() + CHECK_C_SOURCE_COMPILES("#include \nint main(void) {\n#if defined(${reqconfig})\n return 0;\n#else\n fail;\n#endif\n return 0;\n}\n" HAS_${reqconfig}) + if (NOT DEFINED HAS_${reqconfig} OR NOT HAS_${reqconfig}) + set(HAS_${reqconfig} 0) + else() + set(HAS_${reqconfig} 1) + endif() + if ((HAS_${reqconfig} AND ${_val}) OR (NOT HAS_${reqconfig} AND NOT ${_val})) + set(MET 1) + else() + set(MET 0) + endif() + endif() + if (NOT MET) + if (${_val}) + message(FATAL_ERROR "This project requires lws must have been configured with ${reqconfig}") + else() + message(FATAL_ERROR "Lws configuration of ${reqconfig} is incompatible with this project") + endif() + endif() + endif() +ENDMACRO() + + +set(requirements 1) +require_lws_config(LWS_ROLE_H1 1 requirements) +require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 1 requirements) + +if (requirements) + add_executable(${SAMP} minimal-secure-streams.c) + + if (websockets_shared) + target_link_libraries(${SAMP} websockets_shared) + add_dependencies(${SAMP} websockets_shared) + else() + target_link_libraries(${SAMP} websockets) + endif() + +endif() diff --git a/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/README.md b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/README.md new file mode 100644 index 000000000..64002b20b --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/README.md @@ -0,0 +1,61 @@ +# lws minimal secure streams static policy + +The application goes to https://warmcat.com and reads index.html there. + +It does it using a static Secure Streams policy generated from JSON by +policy2c example. + +## build + +``` + $ cmake . && make +``` + +## usage + +Commandline option|Meaning +---|--- +-d |Debug verbosity in decimal, eg, -d15 + +``` +$ ./lws-minimal-secure-streams-staticpolicy +[2020/03/26 15:49:12:6640] U: LWS secure streams static policy test client [-d] +[2020/03/26 15:49:12:7067] N: lws_create_context: using ss proxy bind '(null)', port 0, ads '(null)' +[2020/03/26 15:49:12:7567] N: lws_tls_client_create_vhost_context: using mem client CA cert 914 +[2020/03/26 15:49:12:7597] N: lws_tls_client_create_vhost_context: using mem client CA cert 1011 +[2020/03/26 15:49:12:7603] N: lws_tls_client_create_vhost_context: using mem client CA cert 1425 +[2020/03/26 15:49:12:7605] N: lws_tls_client_create_vhost_context: using mem client CA cert 1011 +[2020/03/26 15:49:12:9713] N: lws_system_cpd_set: setting CPD result OK +[2020/03/26 15:49:13:9625] N: ss_api_amazon_auth_rx: acquired 588-byte api.amazon.com auth token, exp 3600s +[2020/03/26 15:49:13:9747] U: myss_state: LWSSSCS_CREATING, ord 0x0 +[2020/03/26 15:49:13:9774] U: myss_state: LWSSSCS_CONNECTING, ord 0x0 +[2020/03/26 15:49:14:1897] U: myss_state: LWSSSCS_CONNECTED, ord 0x0 +[2020/03/26 15:49:14:1926] U: myss_rx: len 1520, flags: 1 +[2020/03/26 15:49:14:1945] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:1946] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:1947] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:1948] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:1949] U: myss_rx: len 583, flags: 0 +[2020/03/26 15:49:14:2087] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2089] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2090] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2091] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2092] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2093] U: myss_rx: len 583, flags: 0 +[2020/03/26 15:49:14:2109] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2110] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2111] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2112] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2113] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2114] U: myss_rx: len 583, flags: 0 +[2020/03/26 15:49:14:2135] U: myss_rx: len 1520, flags: 0 +[2020/03/26 15:49:14:2136] U: myss_rx: len 1358, flags: 0 +[2020/03/26 15:49:14:2136] U: myss_rx: len 0, flags: 2 +[2020/03/26 15:49:14:2138] U: myss_state: LWSSSCS_QOS_ACK_REMOTE, ord 0x0 +[2020/03/26 15:49:14:2139] N: myss_state: LWSSSCS_QOS_ACK_REMOTE +[2020/03/26 15:49:14:2170] U: myss_state: LWSSSCS_DISCONNECTED, ord 0x0 +[2020/03/26 15:49:14:2192] U: myss_state: LWSSSCS_DESTROYING, ord 0x0 +[2020/03/26 15:49:14:2265] E: lws_context_destroy3 +[2020/03/26 15:49:14:2282] U: Completed: OK + +``` diff --git a/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/minimal-secure-streams.c b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/minimal-secure-streams.c new file mode 100644 index 000000000..3febea07a --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/minimal-secure-streams.c @@ -0,0 +1,291 @@ +/* + * lws-minimal-secure-streams + * + * Written in 2010-2020 by Andy Green + * + * This file is made available under the Creative Commons CC0 1.0 + * Universal Public Domain Dedication. + * + * + * This demonstrates a minimal http client using secure streams api. + * + * It visits https://warmcat.com/ and receives the html page there. + * + * This example is built two different ways from the same source... one includes + * the policy everything needed to fulfil the stream directly. The other -client + * variant has no policy itself and some other minor init changes, and connects + * to the -proxy example to actually get the connection done. + * + * In the -client build case, the example does not even init the tls libraries + * since the proxy part will take care of all that. + */ + +#include +#include +#include + +static int interrupted, bad = 1, force_cpd_fail_portal, + force_cpd_fail_no_internet; +static lws_state_notify_link_t nl; + +/* + * This is example builds with a static policy autogenerated from a JSON + * policy... + */ +#include "static-policy.h" + + +typedef struct myss { + struct lws_ss_handle *ss; + void *opaque_data; + /* ... application specific state ... */ + lws_sorted_usec_list_t sul; +} myss_t; + +static const char *canned_root_token_payload = + "grant_type=refresh_token" + "&refresh_token=Atzr|IwEBIJedGXjDqsU_vMxykqOMg" + "SHfYe3CPcedueWEMWSDMaDnEmiW8RlR1Kns7Cb4B-TOSnqp7ifVsY4BMY2B8tpHfO39XP" + "zfu9HapGjTR458IyHX44FE71pWJkGZ79uVBpljP4sazJuk8XS3Oe_yLnm_DIO6fU1nU3Y" + "0flYmsOiOAQE_gRk_pdlmEtHnpMA-9rLw3mkY5L89Ty9kUygBsiFaYatouROhbsTn8-jW" + "k1zZLUDpT6ICtBXSnrCIg0pUbZevPFhTwdXd6eX-u4rq0W-XaDvPWFO7au-iPb4Zk5eZE" + "iX6sissYrtNmuEXc2uHu7MnQO1hHCaTdIO2CANVumf-PHSD8xseamyh04sLV5JgFzY45S" + "KvKMajiUZuLkMokOx86rjC2Hdkx5DO7G-dbG1ufBDG-N79pFMSs7Ck5pc283IdLoJkCQc" + "AGvTX8o8I29QqkcGou-9TKhOJmpX8As94T61ok0UqqEKPJ7RhfQHHYdCtsdwxgvfVr9qI" + "xL_hDCcTho8opCVX-6QhJHl6SQFlTw13" + "&client_id=" + "amzn1.application-oa2-client.4823334c434b4190a2b5a42c07938a2d"; + +/* secure streams payload interface */ + +static int +myss_rx(void *userobj, const uint8_t *buf, size_t len, int flags) +{ +// myss_t *m = (myss_t *)userobj; + + lwsl_user("%s: len %d, flags: %d\n", __func__, (int)len, flags); + lwsl_hexdump_info(buf, len); + + /* + * If we received the whole message, for our example it means + * we are done. + */ + if (flags & LWSSS_FLAG_EOM) { + bad = 0; + interrupted = 1; + } + + return 0; +} + +static int +myss_tx(void *userobj, lws_ss_tx_ordinal_t ord, uint8_t *buf, size_t *len, + int *flags) +{ + //myss_t *m = (myss_t *)userobj; + + return 0; +} + +static int +myss_state(void *userobj, void *sh, lws_ss_constate_t state, + lws_ss_tx_ordinal_t ack) +{ + myss_t *m = (myss_t *)userobj; + + lwsl_user("%s: %s, ord 0x%x\n", __func__, lws_ss_state_name(state), + (unsigned int)ack); + + switch (state) { + case LWSSSCS_CREATING: + lws_ss_set_metadata(m->ss, "uptag", "myuptag123", 10); + lws_ss_set_metadata(m->ss, "ctype", "myctype", 7); + lws_ss_client_connect(m->ss); + break; + case LWSSSCS_ALL_RETRIES_FAILED: + /* if we're out of retries, we want to close the app and FAIL */ + interrupted = 1; + break; + case LWSSSCS_QOS_ACK_REMOTE: + lwsl_notice("%s: LWSSSCS_QOS_ACK_REMOTE\n", __func__); + break; + default: + break; + } + + return 0; +} + +static int +app_system_state_nf(lws_state_manager_t *mgr, lws_state_notify_link_t *link, + int current, int target) +{ + struct lws_context *context = lws_system_context_from_system_mgr(mgr); + lws_system_blob_t *ab = lws_system_get_blob(context, + LWS_SYSBLOB_TYPE_AUTH, 1 /* AUTH_IDX_ROOT */); + size_t size; + + /* + * For the things we care about, let's notice if we are trying to get + * past them when we haven't solved them yet, and make the system + * state wait while we trigger the dependent action. + */ + switch (target) { + + case LWS_SYSTATE_REGISTERED: + size = lws_system_blob_get_size(ab); + if (size) + break; + + /* let's register our canned root token so auth can use it */ + lws_system_blob_direct_set(ab, + (const uint8_t *)canned_root_token_payload, + strlen(canned_root_token_payload)); + break; + + case LWS_SYSTATE_OPERATIONAL: + if (current == LWS_SYSTATE_OPERATIONAL) { + lws_ss_info_t ssi; + + /* We're making an outgoing secure stream ourselves */ + + memset(&ssi, 0, sizeof(ssi)); + ssi.handle_offset = offsetof(myss_t, ss); + ssi.opaque_user_data_offset = offsetof(myss_t, + opaque_data); + ssi.rx = myss_rx; + ssi.tx = myss_tx; + ssi.state = myss_state; + ssi.user_alloc = sizeof(myss_t); + ssi.streamtype = "mintest"; + + if (lws_ss_create(context, 0, &ssi, NULL, NULL, + NULL, NULL)) { + lwsl_err("%s: failed to create secure stream\n", + __func__); + return -1; + } + } + break; + } + + return 0; +} + +static lws_state_notify_link_t * const app_notifier_list[] = { + &nl, NULL +}; + +static void +sigint_handler(int sig) +{ + interrupted = 1; +} + +int main(int argc, const char **argv) +{ + struct lws_context_creation_info info; + struct lws_context *context; + int n = 0; + + signal(SIGINT, sigint_handler); + + memset(&info, 0, sizeof info); + lws_cmdline_option_handle_builtin(argc, argv, &info); + + lwsl_user("LWS secure streams static policy test client [-d]\n"); + + /* these options are mutually exclusive if given */ + + if (lws_cmdline_option(argc, argv, "--force-portal")) + force_cpd_fail_portal = 1; + + if (lws_cmdline_option(argc, argv, "--force-no-internet")) + force_cpd_fail_no_internet = 1; + + info.fd_limit_per_thread = 1 + 6 + 1; + info.port = CONTEXT_PORT_NO_LISTEN; +#if defined(LWS_SS_USE_SSPC) + info.protocols = lws_sspc_protocols; + { + const char *p; + + /* connect to ssproxy via UDS by default, else via + * tcp connection to this port */ + if ((p = lws_cmdline_option(argc, argv, "-p"))) + info.ss_proxy_port = atoi(p); + + /* UDS "proxy.ss.lws" in abstract namespace, else this socket + * path; when -p given this can specify the network interface + * to bind to */ + if ((p = lws_cmdline_option(argc, argv, "-i"))) + info.ss_proxy_bind = p; + + /* if -p given, -a specifies the proxy address to connect to */ + if ((p = lws_cmdline_option(argc, argv, "-a"))) + info.ss_proxy_address = p; + } +#else + info.pss_policies = &_ss_static_policy_entry; + info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS | + LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT; +#endif +#if defined(LWS_WITH_DETAILED_LATENCY) + info.detailed_latency_cb = lws_det_lat_plot_cb; + info.detailed_latency_filepath = "/tmp/lws-latency-ssproxy"; +#endif + + /* integrate us with lws system state management when context created */ + + nl.name = "app"; + nl.notify_cb = app_system_state_nf; + info.register_notifier_list = app_notifier_list; + + /* create the context */ + + context = lws_create_context(&info); + if (!context) { + lwsl_err("lws init failed\n"); + return 1; + } + + /* + * Set the related lws_system blobs + * + * ...direct_set() sets a pointer, so the thing pointed to has to have + * a suitable lifetime, eg, something that already exists on the heap or + * a const string in .rodata like this + */ + + lws_system_blob_direct_set(lws_system_get_blob(context, + LWS_SYSBLOB_TYPE_DEVICE_SERIAL, 0), + (const uint8_t *)"SN12345678", 10); + lws_system_blob_direct_set(lws_system_get_blob(context, + LWS_SYSBLOB_TYPE_DEVICE_FW_VERSION, 0), + (const uint8_t *)"v0.01", 5); + + /* + * ..._heap_append() appends to a buflist kind of arrangement on heap, + * just one block is fine, otherwise it will concatenate the fragments + * in the order they were appended (and take care of freeing them at + * context destroy time). ..._heap_empty() is also available to remove + * everything that was already allocated. + * + * Here we use _heap_append() just so it's tested as well as direct set. + */ + + lws_system_blob_heap_append(lws_system_get_blob(context, + LWS_SYSBLOB_TYPE_DEVICE_TYPE, 0), + (const uint8_t *)"spacerocket", 11); + + /* the event loop */ + + while (n >= 0 && !interrupted) + n = lws_service(context, 0); + + lws_context_destroy(context); + + lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); + + return bad; +} diff --git a/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/static-policy.h b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/static-policy.h new file mode 100644 index 000000000..d2b1bede5 --- /dev/null +++ b/minimal-examples/secure-streams/minimal-secure-streams-staticpolicy/static-policy.h @@ -0,0 +1,1511 @@ +/* + * Autogenerated from the following JSON policy + */ + +#if 0 +{ + "release": "01234567", + "product": "myproduct", + "schema-version": 1, + "retry": [{ + "default": { + "backoff": [1000, 2000, 3000, 5000, 10000], + "conceal": 5, + "jitterpc": 20, + "svalidping": 30, + "svalidhup": 35 + } + }], + "certs": [{ + "isrg_root_x1": "MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZLubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=" + }, { + "LEX3_isrg_root_x1": "MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrXNSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHlNpi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7DcGu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgzuEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMBAAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEFBQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsGAQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYDVR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIBABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGxA/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRMUM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOuOsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vwp7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKRPB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5brUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt" + }, { + "amazon_root_ca_1": "MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5" + }, { + "digicert_global_root_g2": "MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTflMrY=" + }, { + "digicert_global_ca_g2": "MIIEizCCA3OgAwIBAgIQDI7gyQ1qiRWIBAYe4kH5rzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0yODA4MDExMjAwMDBaMEQxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFURpZ2lDZXJ0IEdsb2JhbCBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANNIfL7zBYZdW9UvhU5L4IatFaxhz1uvPmoKR/uadpFgC4przc/cV35gmAvkVNlW7SHMArZagV+Xau4CLyMnuG3UsOcGAngLH1ypmTb+u6wbBfpXzYEQQGfWMItYNdSWYb7QjHqXnxr5IuYUL6nG6AEfq/gmD6yOTSwyOR2Bm40cZbIc22GoiS9g5+vCShjEbyrpEJIJ7RfRACvmfe8EiRROM6GyD5eHn7OgzS+8LOy4g2gxPR/VSpAQGQuBldYpdlH5NnbQtwl6OErXb4y/E3w57bqukPyV93t4CTZedJMeJfD/1K2uaGvG/w/VNfFVbkhJ+Pi474j48V4Rd6rfArMCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RHMi5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFCRuKy3QapJRUSVpAaqaR6aJ50AgMB8GA1UdIwQYMBaAFE4iVCAYlebjbuYP+vq5Eu0GF485MA0GCSqGSIb3DQEBCwUAA4IBAQALOYSR+ZfrqoGvhOlaOJL84mxZvzbIRacxAxHhBsCsMsdaVSnaT0AC9aHesO3ewPj2dZ12uYf+QYB6z13jAMZbAuabeGLJ3LhimnftiQjXS8X9Q9ViIyfEBFltcT8jW+rZ8uckJ2/0lYDblizkVIvP6hnZf1WZUXoOLRg9eFhSvGNoVwvdRLNXSmDmyHBwW4coatc7TlJFGa8kBpJIERqLrqwYElesA8u49L3KJg6nwd3jM+/AVTANlVlOnAM2BvjAjxSZnE0qnsHhfTuvcqdFuhOWKU4Z0BqYBvQ3lBetoxi6PrABDJXWKTUgNX31EGDk92hiHuwZ4STyhxGs6QiA" + }, { + "starfield_services_root_ca": "MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6" + }, { + "starfield_class_2_ca": "MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJlxy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=" + }], + "trust_stores": [{ + "name": "le_via_isrg", + "stack": ["isrg_root_x1", "LEX3_isrg_root_x1"] + }, { + "name": "api_amazon_com", + "stack": ["digicert_global_ca_g2", "digicert_global_root_g2"] + }, { + "name": "avs_via_starfield", + "stack": ["starfield_class_2_ca", "starfield_services_root_ca"] + }, { + "name": "mqtt_amz_iot", + "stack": ["amazon_root_ca_1", "starfield_class_2_ca", "starfield_services_root_ca"] + }], + "s": [{ + "api_amazon_com_auth": { + "endpoint": "api.amazon.com", + "port": 443, + "protocol": "h1", + "http_method": "POST", + "http_url": "auth/o2/token", + "plugins": [], + "opportunistic": true, + "tls": true, + "h2q_oflow_txcr": true, + "http_www_form_urlencoded": true, + "http_no_content_length": true, + "retry": "default", + "tls_trust_store": "api_amazon_com" + } + }, { + "avs_event": { + "endpoint": "alexa.na.gateway.devices.a2z.com", + "port": 443, + "protocol": "h2", + "http_method": "GET", + "http_url": "v20160207/directives", + "h2q_oflow_txcr": true, + "http_auth_header": "authorization:", + "http_auth_preamble": "Bearer ", + "http_no_content_length": true, + "nailed_up": true, + "long_poll": true, + "retry": "default", + "plugins": [], + "tls": true, + "tls_trust_store": "avs_via_starfield" + } + }, { + "avs_metadata": { + "endpoint": "alexa.na.gateway.devices.a2z.com", + "port": 443, + "protocol": "h2", + "http_method": "POST", + "http_url": "v20160207/events", + "opportunistic": true, + "h2q_oflow_txcr": true, + "http_auth_header": "authorization:", + "http_auth_preamble": "Bearer ", + "http_multipart_name": "metadata", + "http_mime_content_type": "application/json; charset=UTF-8", + "http_no_content_length": true, + "rideshare": "avs_audio", + "retry": "default", + "plugins": [], + "tls": true, + "tls_trust_store": "avs_via_starfield" + } + }, { + "avs_audio": { + "endpoint": "alexa.na.gateway.devices.a2z.com", + "port": 443, + "protocol": "h2", + "http_method": "POST", + "http_url": "v20160207/events", + "plugins": [], + "tls": true, + "h2q_oflow_txcr": true, + "http_auth_header": "authorization:", + "http_auth_preamble": "Bearer ", + "http_multipart_name": "audio", + "http_mime_content_type": "application/octet-stream", + "http_no_content_length": true, + "retry": "default", + "tls_trust_store": "avs_via_starfield" + } + }, { + "mintest": { + "endpoint": "warmcat.com", + "port": 443, + "protocol": "h1", + "http_method": "GET", + "http_url": "index.html?uptag=${uptag}", + "http_dsn_header": "x-dsn:", + "http_fwv_header": "x-fw-version:", + "http_devtype_header": "x-devtype:", + "metadata": [{ + "uptag": "X-Upload-Tag:" + }, { + "ctype": "Content-Type:" + }, { + "xctype": "X-Content-Type:" + }], + "plugins": [], + "tls": true, + "opportunistic": true, + "retry": "default", + "tls_trust_store": "le_via_isrg" + } + }, { + "h2longpolltest": { + "endpoint": "warmcat.com", + "port": 443, + "protocol": "h2", + "http_method": "GET", + "http_url": "index.html", + "plugins": [], + "tls": true, + "nailed_up": true, + "long_poll": true, + "retry": "default", + "tls_trust_store": "le_via_isrg" + } + }, { + "mintest-fail": { + "endpoint": "warmcat.com", + "port": 22, + "protocol": "h1", + "http_method": "GET", + "http_url": "index.html", + "plugins": [], + "tls": true, + "opportunistic": true, + "retry": "default", + "tls_trust_store": "le_via_isrg" + } + }, { + "minpost": { + "endpoint": "warmcat.com", + "port": 443, + "protocol": "h1", + "http_method": "POST", + "http_url": "testserver/formtest", + "plugins": [], + "tls": true, + "opportunistic": true, + "retry": "default", + "tls_trust_store": "le_via_isrg" + } + }, { + "mqtt_test": { + "endpoint": "a1ygonr3im5cv2-ats.iot.us-west-2.amazonaws.com", + "port": 443, + "tls": true, + "client_cert": 0, + "tls_trust_store": "mqtt_amz_iot", + "protocol": "mqtt", + "mqtt_topic": "test/topic0", + "mqtt_subscribe": "test/topic0", + "mqtt_qos": 0, + "retry": "default" + } + }, { + "mqtt_test1": { + "endpoint": "a1ygonr3im5cv2-ats.iot.us-west-2.amazonaws.com", + "port": 443, + "tls": true, + "client_cert": 0, + "tls_trust_store": "mqtt_amz_iot", + "protocol": "mqtt", + "mqtt_topic": "test/topic1", + "mqtt_subscribe": "test/topic1", + "mqtt_qos": 1, + "retry": "default" + } + }, { + "captive_portal_detect": { + "endpoint": "connectivitycheck.android.com", + "port": 80, + "protocol": "h1", + "http_method": "GET", + "http_url": "generate_204", + "opportunistic": true, + "http_expect": 204, + "http_fail_redirect": true + } + } + ] +} + + + Original JSON size: 15491 +#endif + +static const uint32_t _rbo_bo_0[] = { + 1000, 2000, 3000, 5000, 10000, +}; +static const lws_retry_bo_t _rbo_0 = { + .retry_ms_table = _rbo_bo_0, + .retry_ms_table_count = 5, + .conceal_count = 5, + .secs_since_valid_ping = 30, + .secs_since_valid_hangup = 35, + .jitter_percent = 20, +}; +static const uint8_t _ss_der_amazon_root_ca_1[] = { + /* 0x 0 */ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x06, + /* 0x 10 */ 0x6C, 0x9F, 0xCF, 0x99, 0xBF, 0x8C, 0x0A, 0x39, + /* 0x 18 */ 0xE2, 0xF0, 0x78, 0x8A, 0x43, 0xE6, 0x96, 0x36, + /* 0x 20 */ 0x5B, 0xCA, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + /* 0x 28 */ 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + /* 0x 30 */ 0x00, 0x30, 0x39, 0x31, 0x0B, 0x30, 0x09, 0x06, + /* 0x 38 */ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + /* 0x 40 */ 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, + /* 0x 48 */ 0x0A, 0x13, 0x06, 0x41, 0x6D, 0x61, 0x7A, 0x6F, + /* 0x 50 */ 0x6E, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, + /* 0x 58 */ 0x04, 0x03, 0x13, 0x10, 0x41, 0x6D, 0x61, 0x7A, + /* 0x 60 */ 0x6F, 0x6E, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, + /* 0x 68 */ 0x43, 0x41, 0x20, 0x31, 0x30, 0x1E, 0x17, 0x0D, + /* 0x 70 */ 0x31, 0x35, 0x30, 0x35, 0x32, 0x36, 0x30, 0x30, + /* 0x 78 */ 0x30, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x33, + /* 0x 80 */ 0x38, 0x30, 0x31, 0x31, 0x37, 0x30, 0x30, 0x30, + /* 0x 88 */ 0x30, 0x30, 0x30, 0x5A, 0x30, 0x39, 0x31, 0x0B, + /* 0x 90 */ 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + /* 0x 98 */ 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, + /* 0x a0 */ 0x03, 0x55, 0x04, 0x0A, 0x13, 0x06, 0x41, 0x6D, + /* 0x a8 */ 0x61, 0x7A, 0x6F, 0x6E, 0x31, 0x19, 0x30, 0x17, + /* 0x b0 */ 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x10, 0x41, + /* 0x b8 */ 0x6D, 0x61, 0x7A, 0x6F, 0x6E, 0x20, 0x52, 0x6F, + /* 0x c0 */ 0x6F, 0x74, 0x20, 0x43, 0x41, 0x20, 0x31, 0x30, + /* 0x c8 */ 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + /* 0x d0 */ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + /* 0x d8 */ 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, + /* 0x e0 */ 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, + /* 0x e8 */ 0xB2, 0x78, 0x80, 0x71, 0xCA, 0x78, 0xD5, 0xE3, + /* 0x f0 */ 0x71, 0xAF, 0x47, 0x80, 0x50, 0x74, 0x7D, 0x6E, + /* 0x f8 */ 0xD8, 0xD7, 0x88, 0x76, 0xF4, 0x99, 0x68, 0xF7, + /* 0x100 */ 0x58, 0x21, 0x60, 0xF9, 0x74, 0x84, 0x01, 0x2F, + /* 0x108 */ 0xAC, 0x02, 0x2D, 0x86, 0xD3, 0xA0, 0x43, 0x7A, + /* 0x110 */ 0x4E, 0xB2, 0xA4, 0xD0, 0x36, 0xBA, 0x01, 0xBE, + /* 0x118 */ 0x8D, 0xDB, 0x48, 0xC8, 0x07, 0x17, 0x36, 0x4C, + /* 0x120 */ 0xF4, 0xEE, 0x88, 0x23, 0xC7, 0x3E, 0xEB, 0x37, + /* 0x128 */ 0xF5, 0xB5, 0x19, 0xF8, 0x49, 0x68, 0xB0, 0xDE, + /* 0x130 */ 0xD7, 0xB9, 0x76, 0x38, 0x1D, 0x61, 0x9E, 0xA4, + /* 0x138 */ 0xFE, 0x82, 0x36, 0xA5, 0xE5, 0x4A, 0x56, 0xE4, + /* 0x140 */ 0x45, 0xE1, 0xF9, 0xFD, 0xB4, 0x16, 0xFA, 0x74, + /* 0x148 */ 0xDA, 0x9C, 0x9B, 0x35, 0x39, 0x2F, 0xFA, 0xB0, + /* 0x150 */ 0x20, 0x50, 0x06, 0x6C, 0x7A, 0xD0, 0x80, 0xB2, + /* 0x158 */ 0xA6, 0xF9, 0xAF, 0xEC, 0x47, 0x19, 0x8F, 0x50, + /* 0x160 */ 0x38, 0x07, 0xDC, 0xA2, 0x87, 0x39, 0x58, 0xF8, + /* 0x168 */ 0xBA, 0xD5, 0xA9, 0xF9, 0x48, 0x67, 0x30, 0x96, + /* 0x170 */ 0xEE, 0x94, 0x78, 0x5E, 0x6F, 0x89, 0xA3, 0x51, + /* 0x178 */ 0xC0, 0x30, 0x86, 0x66, 0xA1, 0x45, 0x66, 0xBA, + /* 0x180 */ 0x54, 0xEB, 0xA3, 0xC3, 0x91, 0xF9, 0x48, 0xDC, + /* 0x188 */ 0xFF, 0xD1, 0xE8, 0x30, 0x2D, 0x7D, 0x2D, 0x74, + /* 0x190 */ 0x70, 0x35, 0xD7, 0x88, 0x24, 0xF7, 0x9E, 0xC4, + /* 0x198 */ 0x59, 0x6E, 0xBB, 0x73, 0x87, 0x17, 0xF2, 0x32, + /* 0x1a0 */ 0x46, 0x28, 0xB8, 0x43, 0xFA, 0xB7, 0x1D, 0xAA, + /* 0x1a8 */ 0xCA, 0xB4, 0xF2, 0x9F, 0x24, 0x0E, 0x2D, 0x4B, + /* 0x1b0 */ 0xF7, 0x71, 0x5C, 0x5E, 0x69, 0xFF, 0xEA, 0x95, + /* 0x1b8 */ 0x02, 0xCB, 0x38, 0x8A, 0xAE, 0x50, 0x38, 0x6F, + /* 0x1c0 */ 0xDB, 0xFB, 0x2D, 0x62, 0x1B, 0xC5, 0xC7, 0x1E, + /* 0x1c8 */ 0x54, 0xE1, 0x77, 0xE0, 0x67, 0xC8, 0x0F, 0x9C, + /* 0x1d0 */ 0x87, 0x23, 0xD6, 0x3F, 0x40, 0x20, 0x7F, 0x20, + /* 0x1d8 */ 0x80, 0xC4, 0x80, 0x4C, 0x3E, 0x3B, 0x24, 0x26, + /* 0x1e0 */ 0x8E, 0x04, 0xAE, 0x6C, 0x9A, 0xC8, 0xAA, 0x0D, + /* 0x1e8 */ 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x42, 0x30, + /* 0x1f0 */ 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, + /* 0x1f8 */ 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, + /* 0x200 */ 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, + /* 0x208 */ 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, + /* 0x210 */ 0x01, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, + /* 0x218 */ 0x0E, 0x04, 0x16, 0x04, 0x14, 0x84, 0x18, 0xCC, + /* 0x220 */ 0x85, 0x34, 0xEC, 0xBC, 0x0C, 0x94, 0x94, 0x2E, + /* 0x228 */ 0x08, 0x59, 0x9C, 0xC7, 0xB2, 0x10, 0x4E, 0x0A, + /* 0x230 */ 0x08, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + /* 0x238 */ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, + /* 0x240 */ 0x03, 0x82, 0x01, 0x01, 0x00, 0x98, 0xF2, 0x37, + /* 0x248 */ 0x5A, 0x41, 0x90, 0xA1, 0x1A, 0xC5, 0x76, 0x51, + /* 0x250 */ 0x28, 0x20, 0x36, 0x23, 0x0E, 0xAE, 0xE6, 0x28, + /* 0x258 */ 0xBB, 0xAA, 0xF8, 0x94, 0xAE, 0x48, 0xA4, 0x30, + /* 0x260 */ 0x7F, 0x1B, 0xFC, 0x24, 0x8D, 0x4B, 0xB4, 0xC8, + /* 0x268 */ 0xA1, 0x97, 0xF6, 0xB6, 0xF1, 0x7A, 0x70, 0xC8, + /* 0x270 */ 0x53, 0x93, 0xCC, 0x08, 0x28, 0xE3, 0x98, 0x25, + /* 0x278 */ 0xCF, 0x23, 0xA4, 0xF9, 0xDE, 0x21, 0xD3, 0x7C, + /* 0x280 */ 0x85, 0x09, 0xAD, 0x4E, 0x9A, 0x75, 0x3A, 0xC2, + /* 0x288 */ 0x0B, 0x6A, 0x89, 0x78, 0x76, 0x44, 0x47, 0x18, + /* 0x290 */ 0x65, 0x6C, 0x8D, 0x41, 0x8E, 0x3B, 0x7F, 0x9A, + /* 0x298 */ 0xCB, 0xF4, 0xB5, 0xA7, 0x50, 0xD7, 0x05, 0x2C, + /* 0x2a0 */ 0x37, 0xE8, 0x03, 0x4B, 0xAD, 0xE9, 0x61, 0xA0, + /* 0x2a8 */ 0x02, 0x6E, 0xF5, 0xF2, 0xF0, 0xC5, 0xB2, 0xED, + /* 0x2b0 */ 0x5B, 0xB7, 0xDC, 0xFA, 0x94, 0x5C, 0x77, 0x9E, + /* 0x2b8 */ 0x13, 0xA5, 0x7F, 0x52, 0xAD, 0x95, 0xF2, 0xF8, + /* 0x2c0 */ 0x93, 0x3B, 0xDE, 0x8B, 0x5C, 0x5B, 0xCA, 0x5A, + /* 0x2c8 */ 0x52, 0x5B, 0x60, 0xAF, 0x14, 0xF7, 0x4B, 0xEF, + /* 0x2d0 */ 0xA3, 0xFB, 0x9F, 0x40, 0x95, 0x6D, 0x31, 0x54, + /* 0x2d8 */ 0xFC, 0x42, 0xD3, 0xC7, 0x46, 0x1F, 0x23, 0xAD, + /* 0x2e0 */ 0xD9, 0x0F, 0x48, 0x70, 0x9A, 0xD9, 0x75, 0x78, + /* 0x2e8 */ 0x71, 0xD1, 0x72, 0x43, 0x34, 0x75, 0x6E, 0x57, + /* 0x2f0 */ 0x59, 0xC2, 0x02, 0x5C, 0x26, 0x60, 0x29, 0xCF, + /* 0x2f8 */ 0x23, 0x19, 0x16, 0x8E, 0x88, 0x43, 0xA5, 0xD4, + /* 0x300 */ 0xE4, 0xCB, 0x08, 0xFB, 0x23, 0x11, 0x43, 0xE8, + /* 0x308 */ 0x43, 0x29, 0x72, 0x62, 0xA1, 0xA9, 0x5D, 0x5E, + /* 0x310 */ 0x08, 0xD4, 0x90, 0xAE, 0xB8, 0xD8, 0xCE, 0x14, + /* 0x318 */ 0xC2, 0xD0, 0x55, 0xF2, 0x86, 0xF6, 0xC4, 0x93, + /* 0x320 */ 0x43, 0x77, 0x66, 0x61, 0xC0, 0xB9, 0xE8, 0x41, + /* 0x328 */ 0xD7, 0x97, 0x78, 0x60, 0x03, 0x6E, 0x4A, 0x72, + /* 0x330 */ 0xAE, 0xA5, 0xD1, 0x7D, 0xBA, 0x10, 0x9E, 0x86, + /* 0x338 */ 0x6C, 0x1B, 0x8A, 0xB9, 0x59, 0x33, 0xF8, 0xEB, + /* 0x340 */ 0xC4, 0x90, 0xBE, 0xF1, 0xB9, +}; +static const lws_ss_x509_t _ss_x509_amazon_root_ca_1 = { + .vhost_name = "amazon_root_ca_1", + .ca_der = _ss_der_amazon_root_ca_1, + .ca_der_len = 837, +}; +static const uint8_t _ss_der_starfield_class_2_ca[] = { + /* 0x 0 */ 0x30, 0x82, 0x04, 0x0F, 0x30, 0x82, 0x02, 0xF7, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, + /* 0x 10 */ 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + /* 0x 18 */ 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, + /* 0x 20 */ 0x68, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + /* 0x 28 */ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x25, + /* 0x 30 */ 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, + /* 0x 38 */ 0x1C, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, + /* 0x 40 */ 0x6C, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, + /* 0x 48 */ 0x6F, 0x6C, 0x6F, 0x67, 0x69, 0x65, 0x73, 0x2C, + /* 0x 50 */ 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x31, 0x32, 0x30, + /* 0x 58 */ 0x30, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x29, + /* 0x 60 */ 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6C, + /* 0x 68 */ 0x64, 0x20, 0x43, 0x6C, 0x61, 0x73, 0x73, 0x20, + /* 0x 70 */ 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + /* 0x 78 */ 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, + /* 0x 80 */ 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, + /* 0x 88 */ 0x79, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x34, 0x30, + /* 0x 90 */ 0x36, 0x32, 0x39, 0x31, 0x37, 0x33, 0x39, 0x31, + /* 0x 98 */ 0x36, 0x5A, 0x17, 0x0D, 0x33, 0x34, 0x30, 0x36, + /* 0x a0 */ 0x32, 0x39, 0x31, 0x37, 0x33, 0x39, 0x31, 0x36, + /* 0x a8 */ 0x5A, 0x30, 0x68, 0x31, 0x0B, 0x30, 0x09, 0x06, + /* 0x b0 */ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + /* 0x b8 */ 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, + /* 0x c0 */ 0x0A, 0x13, 0x1C, 0x53, 0x74, 0x61, 0x72, 0x66, + /* 0x c8 */ 0x69, 0x65, 0x6C, 0x64, 0x20, 0x54, 0x65, 0x63, + /* 0x d0 */ 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x69, 0x65, + /* 0x d8 */ 0x73, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x31, + /* 0x e0 */ 0x32, 0x30, 0x30, 0x06, 0x03, 0x55, 0x04, 0x0B, + /* 0x e8 */ 0x13, 0x29, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, + /* 0x f0 */ 0x65, 0x6C, 0x64, 0x20, 0x43, 0x6C, 0x61, 0x73, + /* 0x f8 */ 0x73, 0x20, 0x32, 0x20, 0x43, 0x65, 0x72, 0x74, + /* 0x100 */ 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, + /* 0x108 */ 0x6E, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, + /* 0x110 */ 0x69, 0x74, 0x79, 0x30, 0x82, 0x01, 0x20, 0x30, + /* 0x118 */ 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + /* 0x120 */ 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, + /* 0x128 */ 0x01, 0x0D, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, + /* 0x130 */ 0x82, 0x01, 0x01, 0x00, 0xB7, 0x32, 0xC8, 0xFE, + /* 0x138 */ 0xE9, 0x71, 0xA6, 0x04, 0x85, 0xAD, 0x0C, 0x11, + /* 0x140 */ 0x64, 0xDF, 0xCE, 0x4D, 0xEF, 0xC8, 0x03, 0x18, + /* 0x148 */ 0x87, 0x3F, 0xA1, 0xAB, 0xFB, 0x3C, 0xA6, 0x9F, + /* 0x150 */ 0xF0, 0xC3, 0xA1, 0xDA, 0xD4, 0xD8, 0x6E, 0x2B, + /* 0x158 */ 0x53, 0x90, 0xFB, 0x24, 0xA4, 0x3E, 0x84, 0xF0, + /* 0x160 */ 0x9E, 0xE8, 0x5F, 0xEC, 0xE5, 0x27, 0x44, 0xF5, + /* 0x168 */ 0x28, 0xA6, 0x3F, 0x7B, 0xDE, 0xE0, 0x2A, 0xF0, + /* 0x170 */ 0xC8, 0xAF, 0x53, 0x2F, 0x9E, 0xCA, 0x05, 0x01, + /* 0x178 */ 0x93, 0x1E, 0x8F, 0x66, 0x1C, 0x39, 0xA7, 0x4D, + /* 0x180 */ 0xFA, 0x5A, 0xB6, 0x73, 0x04, 0x25, 0x66, 0xEB, + /* 0x188 */ 0x77, 0x7F, 0xE7, 0x59, 0xC6, 0x4A, 0x99, 0x25, + /* 0x190 */ 0x14, 0x54, 0xEB, 0x26, 0xC7, 0xF3, 0x7F, 0x19, + /* 0x198 */ 0xD5, 0x30, 0x70, 0x8F, 0xAF, 0xB0, 0x46, 0x2A, + /* 0x1a0 */ 0xFF, 0xAD, 0xEB, 0x29, 0xED, 0xD7, 0x9F, 0xAA, + /* 0x1a8 */ 0x04, 0x87, 0xA3, 0xD4, 0xF9, 0x89, 0xA5, 0x34, + /* 0x1b0 */ 0x5F, 0xDB, 0x43, 0x91, 0x82, 0x36, 0xD9, 0x66, + /* 0x1b8 */ 0x3C, 0xB1, 0xB8, 0xB9, 0x82, 0xFD, 0x9C, 0x3A, + /* 0x1c0 */ 0x3E, 0x10, 0xC8, 0x3B, 0xEF, 0x06, 0x65, 0x66, + /* 0x1c8 */ 0x7A, 0x9B, 0x19, 0x18, 0x3D, 0xFF, 0x71, 0x51, + /* 0x1d0 */ 0x3C, 0x30, 0x2E, 0x5F, 0xBE, 0x3D, 0x77, 0x73, + /* 0x1d8 */ 0xB2, 0x5D, 0x06, 0x6C, 0xC3, 0x23, 0x56, 0x9A, + /* 0x1e0 */ 0x2B, 0x85, 0x26, 0x92, 0x1C, 0xA7, 0x02, 0xB3, + /* 0x1e8 */ 0xE4, 0x3F, 0x0D, 0xAF, 0x08, 0x79, 0x82, 0xB8, + /* 0x1f0 */ 0x36, 0x3D, 0xEA, 0x9C, 0xD3, 0x35, 0xB3, 0xBC, + /* 0x1f8 */ 0x69, 0xCA, 0xF5, 0xCC, 0x9D, 0xE8, 0xFD, 0x64, + /* 0x200 */ 0x8D, 0x17, 0x80, 0x33, 0x6E, 0x5E, 0x4A, 0x5D, + /* 0x208 */ 0x99, 0xC9, 0x1E, 0x87, 0xB4, 0x9D, 0x1A, 0xC0, + /* 0x210 */ 0xD5, 0x6E, 0x13, 0x35, 0x23, 0x5E, 0xDF, 0x9B, + /* 0x218 */ 0x5F, 0x3D, 0xEF, 0xD6, 0xF7, 0x76, 0xC2, 0xEA, + /* 0x220 */ 0x3E, 0xBB, 0x78, 0x0D, 0x1C, 0x42, 0x67, 0x6B, + /* 0x228 */ 0x04, 0xD8, 0xF8, 0xD6, 0xDA, 0x6F, 0x8B, 0xF2, + /* 0x230 */ 0x44, 0xA0, 0x01, 0xAB, 0x02, 0x01, 0x03, 0xA3, + /* 0x238 */ 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x30, 0x1D, 0x06, + /* 0x240 */ 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, + /* 0x248 */ 0xBF, 0x5F, 0xB7, 0xD1, 0xCE, 0xDD, 0x1F, 0x86, + /* 0x250 */ 0xF4, 0x5B, 0x55, 0xAC, 0xDC, 0xD7, 0x10, 0xC2, + /* 0x258 */ 0x0E, 0xA9, 0x88, 0xE7, 0x30, 0x81, 0x92, 0x06, + /* 0x260 */ 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0x8A, 0x30, + /* 0x268 */ 0x81, 0x87, 0x80, 0x14, 0xBF, 0x5F, 0xB7, 0xD1, + /* 0x270 */ 0xCE, 0xDD, 0x1F, 0x86, 0xF4, 0x5B, 0x55, 0xAC, + /* 0x278 */ 0xDC, 0xD7, 0x10, 0xC2, 0x0E, 0xA9, 0x88, 0xE7, + /* 0x280 */ 0xA1, 0x6C, 0xA4, 0x6A, 0x30, 0x68, 0x31, 0x0B, + /* 0x288 */ 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + /* 0x290 */ 0x02, 0x55, 0x53, 0x31, 0x25, 0x30, 0x23, 0x06, + /* 0x298 */ 0x03, 0x55, 0x04, 0x0A, 0x13, 0x1C, 0x53, 0x74, + /* 0x2a0 */ 0x61, 0x72, 0x66, 0x69, 0x65, 0x6C, 0x64, 0x20, + /* 0x2a8 */ 0x54, 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, + /* 0x2b0 */ 0x67, 0x69, 0x65, 0x73, 0x2C, 0x20, 0x49, 0x6E, + /* 0x2b8 */ 0x63, 0x2E, 0x31, 0x32, 0x30, 0x30, 0x06, 0x03, + /* 0x2c0 */ 0x55, 0x04, 0x0B, 0x13, 0x29, 0x53, 0x74, 0x61, + /* 0x2c8 */ 0x72, 0x66, 0x69, 0x65, 0x6C, 0x64, 0x20, 0x43, + /* 0x2d0 */ 0x6C, 0x61, 0x73, 0x73, 0x20, 0x32, 0x20, 0x43, + /* 0x2d8 */ 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + /* 0x2e0 */ 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x41, 0x75, 0x74, + /* 0x2e8 */ 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x82, 0x01, + /* 0x2f0 */ 0x00, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, + /* 0x2f8 */ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + /* 0x300 */ 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + /* 0x308 */ 0x0D, 0x01, 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, + /* 0x310 */ 0x01, 0x01, 0x00, 0x05, 0x9D, 0x3F, 0x88, 0x9D, + /* 0x318 */ 0xD1, 0xC9, 0x1A, 0x55, 0xA1, 0xAC, 0x69, 0xF3, + /* 0x320 */ 0xF3, 0x59, 0xDA, 0x9B, 0x01, 0x87, 0x1A, 0x4F, + /* 0x328 */ 0x57, 0xA9, 0xA1, 0x79, 0x09, 0x2A, 0xDB, 0xF7, + /* 0x330 */ 0x2F, 0xB2, 0x1E, 0xCC, 0xC7, 0x5E, 0x6A, 0xD8, + /* 0x338 */ 0x83, 0x87, 0xA1, 0x97, 0xEF, 0x49, 0x35, 0x3E, + /* 0x340 */ 0x77, 0x06, 0x41, 0x58, 0x62, 0xBF, 0x8E, 0x58, + /* 0x348 */ 0xB8, 0x0A, 0x67, 0x3F, 0xEC, 0xB3, 0xDD, 0x21, + /* 0x350 */ 0x66, 0x1F, 0xC9, 0x54, 0xFA, 0x72, 0xCC, 0x3D, + /* 0x358 */ 0x4C, 0x40, 0xD8, 0x81, 0xAF, 0x77, 0x9E, 0x83, + /* 0x360 */ 0x7A, 0xBB, 0xA2, 0xC7, 0xF5, 0x34, 0x17, 0x8E, + /* 0x368 */ 0xD9, 0x11, 0x40, 0xF4, 0xFC, 0x2C, 0x2A, 0x4D, + /* 0x370 */ 0x15, 0x7F, 0xA7, 0x62, 0x5D, 0x2E, 0x25, 0xD3, + /* 0x378 */ 0x00, 0x0B, 0x20, 0x1A, 0x1D, 0x68, 0xF9, 0x17, + /* 0x380 */ 0xB8, 0xF4, 0xBD, 0x8B, 0xED, 0x28, 0x59, 0xDD, + /* 0x388 */ 0x4D, 0x16, 0x8B, 0x17, 0x83, 0xC8, 0xB2, 0x65, + /* 0x390 */ 0xC7, 0x2D, 0x7A, 0xA5, 0xAA, 0xBC, 0x53, 0x86, + /* 0x398 */ 0x6D, 0xDD, 0x57, 0xA4, 0xCA, 0xF8, 0x20, 0x41, + /* 0x3a0 */ 0x0B, 0x68, 0xF0, 0xF4, 0xFB, 0x74, 0xBE, 0x56, + /* 0x3a8 */ 0x5D, 0x7A, 0x79, 0xF5, 0xF9, 0x1D, 0x85, 0xE3, + /* 0x3b0 */ 0x2D, 0x95, 0xBE, 0xF5, 0x71, 0x90, 0x43, 0xCC, + /* 0x3b8 */ 0x8D, 0x1F, 0x9A, 0x00, 0x0A, 0x87, 0x29, 0xE9, + /* 0x3c0 */ 0x55, 0x22, 0x58, 0x00, 0x23, 0xEA, 0xE3, 0x12, + /* 0x3c8 */ 0x43, 0x29, 0x5B, 0x47, 0x08, 0xDD, 0x8C, 0x41, + /* 0x3d0 */ 0x6A, 0x65, 0x06, 0xA8, 0xE5, 0x21, 0xAA, 0x41, + /* 0x3d8 */ 0xB4, 0x95, 0x21, 0x95, 0xB9, 0x7D, 0xD1, 0x34, + /* 0x3e0 */ 0xAB, 0x13, 0xD6, 0xAD, 0xBC, 0xDC, 0xE2, 0x3D, + /* 0x3e8 */ 0x39, 0xCD, 0xBD, 0x3E, 0x75, 0x70, 0xA1, 0x18, + /* 0x3f0 */ 0x59, 0x03, 0xC9, 0x22, 0xB4, 0x8F, 0x9C, 0xD5, + /* 0x3f8 */ 0x5E, 0x2A, 0xD7, 0xA5, 0xB6, 0xD4, 0x0A, 0x6D, + /* 0x400 */ 0xF8, 0xB7, 0x40, 0x11, 0x46, 0x9A, 0x1F, 0x79, + /* 0x408 */ 0x0E, 0x62, 0xBF, 0x0F, 0x97, 0xEC, 0xE0, 0x2F, + /* 0x410 */ 0x1F, 0x17, 0x94, +}; +static const lws_ss_x509_t _ss_x509_starfield_class_2_ca = { + .vhost_name = "starfield_class_2_ca", + .ca_der = _ss_der_starfield_class_2_ca, + .ca_der_len = 1043, +}; +static const uint8_t _ss_der_starfield_services_root_ca[] = { + /* 0x 0 */ 0x30, 0x82, 0x03, 0xEF, 0x30, 0x82, 0x02, 0xD7, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x00, + /* 0x 10 */ 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + /* 0x 18 */ 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + /* 0x 20 */ 0x81, 0x98, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + /* 0x 28 */ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + /* 0x 30 */ 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, + /* 0x 38 */ 0x13, 0x07, 0x41, 0x72, 0x69, 0x7A, 0x6F, 0x6E, + /* 0x 40 */ 0x61, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + /* 0x 48 */ 0x04, 0x07, 0x13, 0x0A, 0x53, 0x63, 0x6F, 0x74, + /* 0x 50 */ 0x74, 0x73, 0x64, 0x61, 0x6C, 0x65, 0x31, 0x25, + /* 0x 58 */ 0x30, 0x23, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, + /* 0x 60 */ 0x1C, 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, + /* 0x 68 */ 0x6C, 0x64, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, + /* 0x 70 */ 0x6F, 0x6C, 0x6F, 0x67, 0x69, 0x65, 0x73, 0x2C, + /* 0x 78 */ 0x20, 0x49, 0x6E, 0x63, 0x2E, 0x31, 0x3B, 0x30, + /* 0x 80 */ 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x32, + /* 0x 88 */ 0x53, 0x74, 0x61, 0x72, 0x66, 0x69, 0x65, 0x6C, + /* 0x 90 */ 0x64, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + /* 0x 98 */ 0x65, 0x73, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, + /* 0x a0 */ 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + /* 0x a8 */ 0x61, 0x74, 0x65, 0x20, 0x41, 0x75, 0x74, 0x68, + /* 0x b0 */ 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x2D, 0x20, + /* 0x b8 */ 0x47, 0x32, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x39, + /* 0x c0 */ 0x30, 0x39, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, + /* 0x c8 */ 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x33, 0x37, 0x31, + /* 0x d0 */ 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, + /* 0x d8 */ 0x39, 0x5A, 0x30, 0x81, 0x98, 0x31, 0x0B, 0x30, + /* 0x e0 */ 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + /* 0x e8 */ 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + /* 0x f0 */ 0x55, 0x04, 0x08, 0x13, 0x07, 0x41, 0x72, 0x69, + /* 0x f8 */ 0x7A, 0x6F, 0x6E, 0x61, 0x31, 0x13, 0x30, 0x11, + /* 0x100 */ 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x0A, 0x53, + /* 0x108 */ 0x63, 0x6F, 0x74, 0x74, 0x73, 0x64, 0x61, 0x6C, + /* 0x110 */ 0x65, 0x31, 0x25, 0x30, 0x23, 0x06, 0x03, 0x55, + /* 0x118 */ 0x04, 0x0A, 0x13, 0x1C, 0x53, 0x74, 0x61, 0x72, + /* 0x120 */ 0x66, 0x69, 0x65, 0x6C, 0x64, 0x20, 0x54, 0x65, + /* 0x128 */ 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x69, + /* 0x130 */ 0x65, 0x73, 0x2C, 0x20, 0x49, 0x6E, 0x63, 0x2E, + /* 0x138 */ 0x31, 0x3B, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, + /* 0x140 */ 0x03, 0x13, 0x32, 0x53, 0x74, 0x61, 0x72, 0x66, + /* 0x148 */ 0x69, 0x65, 0x6C, 0x64, 0x20, 0x53, 0x65, 0x72, + /* 0x150 */ 0x76, 0x69, 0x63, 0x65, 0x73, 0x20, 0x52, 0x6F, + /* 0x158 */ 0x6F, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, + /* 0x160 */ 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x41, + /* 0x168 */ 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, + /* 0x170 */ 0x20, 0x2D, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, + /* 0x178 */ 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, + /* 0x180 */ 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, + /* 0x188 */ 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, + /* 0x190 */ 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xD5, 0x0C, + /* 0x198 */ 0x3A, 0xC4, 0x2A, 0xF9, 0x4E, 0xE2, 0xF5, 0xBE, + /* 0x1a0 */ 0x19, 0x97, 0x5F, 0x8E, 0x88, 0x53, 0xB1, 0x1F, + /* 0x1a8 */ 0x3F, 0xCB, 0xCF, 0x9F, 0x20, 0x13, 0x6D, 0x29, + /* 0x1b0 */ 0x3A, 0xC8, 0x0F, 0x7D, 0x3C, 0xF7, 0x6B, 0x76, + /* 0x1b8 */ 0x38, 0x63, 0xD9, 0x36, 0x60, 0xA8, 0x9B, 0x5E, + /* 0x1c0 */ 0x5C, 0x00, 0x80, 0xB2, 0x2F, 0x59, 0x7F, 0xF6, + /* 0x1c8 */ 0x87, 0xF9, 0x25, 0x43, 0x86, 0xE7, 0x69, 0x1B, + /* 0x1d0 */ 0x52, 0x9A, 0x90, 0xE1, 0x71, 0xE3, 0xD8, 0x2D, + /* 0x1d8 */ 0x0D, 0x4E, 0x6F, 0xF6, 0xC8, 0x49, 0xD9, 0xB6, + /* 0x1e0 */ 0xF3, 0x1A, 0x56, 0xAE, 0x2B, 0xB6, 0x74, 0x14, + /* 0x1e8 */ 0xEB, 0xCF, 0xFB, 0x26, 0xE3, 0x1A, 0xBA, 0x1D, + /* 0x1f0 */ 0x96, 0x2E, 0x6A, 0x3B, 0x58, 0x94, 0x89, 0x47, + /* 0x1f8 */ 0x56, 0xFF, 0x25, 0xA0, 0x93, 0x70, 0x53, 0x83, + /* 0x200 */ 0xDA, 0x84, 0x74, 0x14, 0xC3, 0x67, 0x9E, 0x04, + /* 0x208 */ 0x68, 0x3A, 0xDF, 0x8E, 0x40, 0x5A, 0x1D, 0x4A, + /* 0x210 */ 0x4E, 0xCF, 0x43, 0x91, 0x3B, 0xE7, 0x56, 0xD6, + /* 0x218 */ 0x00, 0x70, 0xCB, 0x52, 0xEE, 0x7B, 0x7D, 0xAE, + /* 0x220 */ 0x3A, 0xE7, 0xBC, 0x31, 0xF9, 0x45, 0xF6, 0xC2, + /* 0x228 */ 0x60, 0xCF, 0x13, 0x59, 0x02, 0x2B, 0x80, 0xCC, + /* 0x230 */ 0x34, 0x47, 0xDF, 0xB9, 0xDE, 0x90, 0x65, 0x6D, + /* 0x238 */ 0x02, 0xCF, 0x2C, 0x91, 0xA6, 0xA6, 0xE7, 0xDE, + /* 0x240 */ 0x85, 0x18, 0x49, 0x7C, 0x66, 0x4E, 0xA3, 0x3A, + /* 0x248 */ 0x6D, 0xA9, 0xB5, 0xEE, 0x34, 0x2E, 0xBA, 0x0D, + /* 0x250 */ 0x03, 0xB8, 0x33, 0xDF, 0x47, 0xEB, 0xB1, 0x6B, + /* 0x258 */ 0x8D, 0x25, 0xD9, 0x9B, 0xCE, 0x81, 0xD1, 0x45, + /* 0x260 */ 0x46, 0x32, 0x96, 0x70, 0x87, 0xDE, 0x02, 0x0E, + /* 0x268 */ 0x49, 0x43, 0x85, 0xB6, 0x6C, 0x73, 0xBB, 0x64, + /* 0x270 */ 0xEA, 0x61, 0x41, 0xAC, 0xC9, 0xD4, 0x54, 0xDF, + /* 0x278 */ 0x87, 0x2F, 0xC7, 0x22, 0xB2, 0x26, 0xCC, 0x9F, + /* 0x280 */ 0x59, 0x54, 0x68, 0x9F, 0xFC, 0xBE, 0x2A, 0x2F, + /* 0x288 */ 0xC4, 0x55, 0x1C, 0x75, 0x40, 0x60, 0x17, 0x85, + /* 0x290 */ 0x02, 0x55, 0x39, 0x8B, 0x7F, 0x05, 0x02, 0x03, + /* 0x298 */ 0x01, 0x00, 0x01, 0xA3, 0x42, 0x30, 0x40, 0x30, + /* 0x2a0 */ 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, + /* 0x2a8 */ 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, + /* 0x2b0 */ 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, + /* 0x2b8 */ 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, + /* 0x2c0 */ 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, + /* 0x2c8 */ 0x16, 0x04, 0x14, 0x9C, 0x5F, 0x00, 0xDF, 0xAA, + /* 0x2d0 */ 0x01, 0xD7, 0x30, 0x2B, 0x38, 0x88, 0xA2, 0xB8, + /* 0x2d8 */ 0x6D, 0x4A, 0x9C, 0xF2, 0x11, 0x91, 0x83, 0x30, + /* 0x2e0 */ 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + /* 0x2e8 */ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + /* 0x2f0 */ 0x01, 0x01, 0x00, 0x4B, 0x36, 0xA6, 0x84, 0x77, + /* 0x2f8 */ 0x69, 0xDD, 0x3B, 0x19, 0x9F, 0x67, 0x23, 0x08, + /* 0x300 */ 0x6F, 0x0E, 0x61, 0xC9, 0xFD, 0x84, 0xDC, 0x5F, + /* 0x308 */ 0xD8, 0x36, 0x81, 0xCD, 0xD8, 0x1B, 0x41, 0x2D, + /* 0x310 */ 0x9F, 0x60, 0xDD, 0xC7, 0x1A, 0x68, 0xD9, 0xD1, + /* 0x318 */ 0x6E, 0x86, 0xE1, 0x88, 0x23, 0xCF, 0x13, 0xDE, + /* 0x320 */ 0x43, 0xCF, 0xE2, 0x34, 0xB3, 0x04, 0x9D, 0x1F, + /* 0x328 */ 0x29, 0xD5, 0xBF, 0xF8, 0x5E, 0xC8, 0xD5, 0xC1, + /* 0x330 */ 0xBD, 0xEE, 0x92, 0x6F, 0x32, 0x74, 0xF2, 0x91, + /* 0x338 */ 0x82, 0x2F, 0xBD, 0x82, 0x42, 0x7A, 0xAD, 0x2A, + /* 0x340 */ 0xB7, 0x20, 0x7D, 0x4D, 0xBC, 0x7A, 0x55, 0x12, + /* 0x348 */ 0xC2, 0x15, 0xEA, 0xBD, 0xF7, 0x6A, 0x95, 0x2E, + /* 0x350 */ 0x6C, 0x74, 0x9F, 0xCF, 0x1C, 0xB4, 0xF2, 0xC5, + /* 0x358 */ 0x01, 0xA3, 0x85, 0xD0, 0x72, 0x3E, 0xAD, 0x73, + /* 0x360 */ 0xAB, 0x0B, 0x9B, 0x75, 0x0C, 0x6D, 0x45, 0xB7, + /* 0x368 */ 0x8E, 0x94, 0xAC, 0x96, 0x37, 0xB5, 0xA0, 0xD0, + /* 0x370 */ 0x8F, 0x15, 0x47, 0x0E, 0xE3, 0xE8, 0x83, 0xDD, + /* 0x378 */ 0x8F, 0xFD, 0xEF, 0x41, 0x01, 0x77, 0xCC, 0x27, + /* 0x380 */ 0xA9, 0x62, 0x85, 0x33, 0xF2, 0x37, 0x08, 0xEF, + /* 0x388 */ 0x71, 0xCF, 0x77, 0x06, 0xDE, 0xC8, 0x19, 0x1D, + /* 0x390 */ 0x88, 0x40, 0xCF, 0x7D, 0x46, 0x1D, 0xFF, 0x1E, + /* 0x398 */ 0xC7, 0xE1, 0xCE, 0xFF, 0x23, 0xDB, 0xC6, 0xFA, + /* 0x3a0 */ 0x8D, 0x55, 0x4E, 0xA9, 0x02, 0xE7, 0x47, 0x11, + /* 0x3a8 */ 0x46, 0x3E, 0xF4, 0xFD, 0xBD, 0x7B, 0x29, 0x26, + /* 0x3b0 */ 0xBB, 0xA9, 0x61, 0x62, 0x37, 0x28, 0xB6, 0x2D, + /* 0x3b8 */ 0x2A, 0xF6, 0x10, 0x86, 0x64, 0xC9, 0x70, 0xA7, + /* 0x3c0 */ 0xD2, 0xAD, 0xB7, 0x29, 0x70, 0x79, 0xEA, 0x3C, + /* 0x3c8 */ 0xDA, 0x63, 0x25, 0x9F, 0xFD, 0x68, 0xB7, 0x30, + /* 0x3d0 */ 0xEC, 0x70, 0xFB, 0x75, 0x8A, 0xB7, 0x6D, 0x60, + /* 0x3d8 */ 0x67, 0xB2, 0x1E, 0xC8, 0xB9, 0xE9, 0xD8, 0xA8, + /* 0x3e0 */ 0x6F, 0x02, 0x8B, 0x67, 0x0D, 0x4D, 0x26, 0x57, + /* 0x3e8 */ 0x71, 0xDA, 0x20, 0xFC, 0xC1, 0x4A, 0x50, 0x8D, + /* 0x3f0 */ 0xB1, 0x28, 0xBA, +}; +static const lws_ss_x509_t _ss_x509_starfield_services_root_ca = { + .vhost_name = "starfield_services_root_ca", + .ca_der = _ss_der_starfield_services_root_ca, + .ca_der_len = 1011, +}; +static const lws_ss_trust_store_t _ss_ts_mqtt_amz_iot = { + .name = "mqtt_amz_iot", + .ssx509 = { + &_ss_x509_starfield_services_root_ca, + &_ss_x509_starfield_class_2_ca, + &_ss_x509_amazon_root_ca_1, + } +}; +static const uint8_t _ss_der_isrg_root_x1[] = { + /* 0x 0 */ 0x30, 0x82, 0x05, 0x6B, 0x30, 0x82, 0x03, 0x53, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x11, 0x00, + /* 0x 10 */ 0x82, 0x10, 0xCF, 0xB0, 0xD2, 0x40, 0xE3, 0x59, + /* 0x 18 */ 0x44, 0x63, 0xE0, 0xBB, 0x63, 0x82, 0x8B, 0x00, + /* 0x 20 */ 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + /* 0x 28 */ 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + /* 0x 30 */ 0x4F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + /* 0x 38 */ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x29, + /* 0x 40 */ 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, + /* 0x 48 */ 0x20, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, + /* 0x 50 */ 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, + /* 0x 58 */ 0x74, 0x79, 0x20, 0x52, 0x65, 0x73, 0x65, 0x61, + /* 0x 60 */ 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6F, 0x75, + /* 0x 68 */ 0x70, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, + /* 0x 70 */ 0x04, 0x03, 0x13, 0x0C, 0x49, 0x53, 0x52, 0x47, + /* 0x 78 */ 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x58, 0x31, + /* 0x 80 */ 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x30, 0x36, + /* 0x 88 */ 0x30, 0x34, 0x31, 0x31, 0x30, 0x34, 0x33, 0x38, + /* 0x 90 */ 0x5A, 0x17, 0x0D, 0x33, 0x35, 0x30, 0x36, 0x30, + /* 0x 98 */ 0x34, 0x31, 0x31, 0x30, 0x34, 0x33, 0x38, 0x5A, + /* 0x a0 */ 0x30, 0x4F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + /* 0x a8 */ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + /* 0x b0 */ 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x0A, + /* 0x b8 */ 0x13, 0x20, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, + /* 0x c0 */ 0x65, 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, + /* 0x c8 */ 0x69, 0x74, 0x79, 0x20, 0x52, 0x65, 0x73, 0x65, + /* 0x d0 */ 0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6F, + /* 0x d8 */ 0x75, 0x70, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, + /* 0x e0 */ 0x55, 0x04, 0x03, 0x13, 0x0C, 0x49, 0x53, 0x52, + /* 0x e8 */ 0x47, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x58, + /* 0x f0 */ 0x31, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0D, 0x06, + /* 0x f8 */ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + /* 0x100 */ 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0F, + /* 0x108 */ 0x00, 0x30, 0x82, 0x02, 0x0A, 0x02, 0x82, 0x02, + /* 0x110 */ 0x01, 0x00, 0xAD, 0xE8, 0x24, 0x73, 0xF4, 0x14, + /* 0x118 */ 0x37, 0xF3, 0x9B, 0x9E, 0x2B, 0x57, 0x28, 0x1C, + /* 0x120 */ 0x87, 0xBE, 0xDC, 0xB7, 0xDF, 0x38, 0x90, 0x8C, + /* 0x128 */ 0x6E, 0x3C, 0xE6, 0x57, 0xA0, 0x78, 0xF7, 0x75, + /* 0x130 */ 0xC2, 0xA2, 0xFE, 0xF5, 0x6A, 0x6E, 0xF6, 0x00, + /* 0x138 */ 0x4F, 0x28, 0xDB, 0xDE, 0x68, 0x86, 0x6C, 0x44, + /* 0x140 */ 0x93, 0xB6, 0xB1, 0x63, 0xFD, 0x14, 0x12, 0x6B, + /* 0x148 */ 0xBF, 0x1F, 0xD2, 0xEA, 0x31, 0x9B, 0x21, 0x7E, + /* 0x150 */ 0xD1, 0x33, 0x3C, 0xBA, 0x48, 0xF5, 0xDD, 0x79, + /* 0x158 */ 0xDF, 0xB3, 0xB8, 0xFF, 0x12, 0xF1, 0x21, 0x9A, + /* 0x160 */ 0x4B, 0xC1, 0x8A, 0x86, 0x71, 0x69, 0x4A, 0x66, + /* 0x168 */ 0x66, 0x6C, 0x8F, 0x7E, 0x3C, 0x70, 0xBF, 0xAD, + /* 0x170 */ 0x29, 0x22, 0x06, 0xF3, 0xE4, 0xC0, 0xE6, 0x80, + /* 0x178 */ 0xAE, 0xE2, 0x4B, 0x8F, 0xB7, 0x99, 0x7E, 0x94, + /* 0x180 */ 0x03, 0x9F, 0xD3, 0x47, 0x97, 0x7C, 0x99, 0x48, + /* 0x188 */ 0x23, 0x53, 0xE8, 0x38, 0xAE, 0x4F, 0x0A, 0x6F, + /* 0x190 */ 0x83, 0x2E, 0xD1, 0x49, 0x57, 0x8C, 0x80, 0x74, + /* 0x198 */ 0xB6, 0xDA, 0x2F, 0xD0, 0x38, 0x8D, 0x7B, 0x03, + /* 0x1a0 */ 0x70, 0x21, 0x1B, 0x75, 0xF2, 0x30, 0x3C, 0xFA, + /* 0x1a8 */ 0x8F, 0xAE, 0xDD, 0xDA, 0x63, 0xAB, 0xEB, 0x16, + /* 0x1b0 */ 0x4F, 0xC2, 0x8E, 0x11, 0x4B, 0x7E, 0xCF, 0x0B, + /* 0x1b8 */ 0xE8, 0xFF, 0xB5, 0x77, 0x2E, 0xF4, 0xB2, 0x7B, + /* 0x1c0 */ 0x4A, 0xE0, 0x4C, 0x12, 0x25, 0x0C, 0x70, 0x8D, + /* 0x1c8 */ 0x03, 0x29, 0xA0, 0xE1, 0x53, 0x24, 0xEC, 0x13, + /* 0x1d0 */ 0xD9, 0xEE, 0x19, 0xBF, 0x10, 0xB3, 0x4A, 0x8C, + /* 0x1d8 */ 0x3F, 0x89, 0xA3, 0x61, 0x51, 0xDE, 0xAC, 0x87, + /* 0x1e0 */ 0x07, 0x94, 0xF4, 0x63, 0x71, 0xEC, 0x2E, 0xE2, + /* 0x1e8 */ 0x6F, 0x5B, 0x98, 0x81, 0xE1, 0x89, 0x5C, 0x34, + /* 0x1f0 */ 0x79, 0x6C, 0x76, 0xEF, 0x3B, 0x90, 0x62, 0x79, + /* 0x1f8 */ 0xE6, 0xDB, 0xA4, 0x9A, 0x2F, 0x26, 0xC5, 0xD0, + /* 0x200 */ 0x10, 0xE1, 0x0E, 0xDE, 0xD9, 0x10, 0x8E, 0x16, + /* 0x208 */ 0xFB, 0xB7, 0xF7, 0xA8, 0xF7, 0xC7, 0xE5, 0x02, + /* 0x210 */ 0x07, 0x98, 0x8F, 0x36, 0x08, 0x95, 0xE7, 0xE2, + /* 0x218 */ 0x37, 0x96, 0x0D, 0x36, 0x75, 0x9E, 0xFB, 0x0E, + /* 0x220 */ 0x72, 0xB1, 0x1D, 0x9B, 0xBC, 0x03, 0xF9, 0x49, + /* 0x228 */ 0x05, 0xD8, 0x81, 0xDD, 0x05, 0xB4, 0x2A, 0xD6, + /* 0x230 */ 0x41, 0xE9, 0xAC, 0x01, 0x76, 0x95, 0x0A, 0x0F, + /* 0x238 */ 0xD8, 0xDF, 0xD5, 0xBD, 0x12, 0x1F, 0x35, 0x2F, + /* 0x240 */ 0x28, 0x17, 0x6C, 0xD2, 0x98, 0xC1, 0xA8, 0x09, + /* 0x248 */ 0x64, 0x77, 0x6E, 0x47, 0x37, 0xBA, 0xCE, 0xAC, + /* 0x250 */ 0x59, 0x5E, 0x68, 0x9D, 0x7F, 0x72, 0xD6, 0x89, + /* 0x258 */ 0xC5, 0x06, 0x41, 0x29, 0x3E, 0x59, 0x3E, 0xDD, + /* 0x260 */ 0x26, 0xF5, 0x24, 0xC9, 0x11, 0xA7, 0x5A, 0xA3, + /* 0x268 */ 0x4C, 0x40, 0x1F, 0x46, 0xA1, 0x99, 0xB5, 0xA7, + /* 0x270 */ 0x3A, 0x51, 0x6E, 0x86, 0x3B, 0x9E, 0x7D, 0x72, + /* 0x278 */ 0xA7, 0x12, 0x05, 0x78, 0x59, 0xED, 0x3E, 0x51, + /* 0x280 */ 0x78, 0x15, 0x0B, 0x03, 0x8F, 0x8D, 0xD0, 0x2F, + /* 0x288 */ 0x05, 0xB2, 0x3E, 0x7B, 0x4A, 0x1C, 0x4B, 0x73, + /* 0x290 */ 0x05, 0x12, 0xFC, 0xC6, 0xEA, 0xE0, 0x50, 0x13, + /* 0x298 */ 0x7C, 0x43, 0x93, 0x74, 0xB3, 0xCA, 0x74, 0xE7, + /* 0x2a0 */ 0x8E, 0x1F, 0x01, 0x08, 0xD0, 0x30, 0xD4, 0x5B, + /* 0x2a8 */ 0x71, 0x36, 0xB4, 0x07, 0xBA, 0xC1, 0x30, 0x30, + /* 0x2b0 */ 0x5C, 0x48, 0xB7, 0x82, 0x3B, 0x98, 0xA6, 0x7D, + /* 0x2b8 */ 0x60, 0x8A, 0xA2, 0xA3, 0x29, 0x82, 0xCC, 0xBA, + /* 0x2c0 */ 0xBD, 0x83, 0x04, 0x1B, 0xA2, 0x83, 0x03, 0x41, + /* 0x2c8 */ 0xA1, 0xD6, 0x05, 0xF1, 0x1B, 0xC2, 0xB6, 0xF0, + /* 0x2d0 */ 0xA8, 0x7C, 0x86, 0x3B, 0x46, 0xA8, 0x48, 0x2A, + /* 0x2d8 */ 0x88, 0xDC, 0x76, 0x9A, 0x76, 0xBF, 0x1F, 0x6A, + /* 0x2e0 */ 0xA5, 0x3D, 0x19, 0x8F, 0xEB, 0x38, 0xF3, 0x64, + /* 0x2e8 */ 0xDE, 0xC8, 0x2B, 0x0D, 0x0A, 0x28, 0xFF, 0xF7, + /* 0x2f0 */ 0xDB, 0xE2, 0x15, 0x42, 0xD4, 0x22, 0xD0, 0x27, + /* 0x2f8 */ 0x5D, 0xE1, 0x79, 0xFE, 0x18, 0xE7, 0x70, 0x88, + /* 0x300 */ 0xAD, 0x4E, 0xE6, 0xD9, 0x8B, 0x3A, 0xC6, 0xDD, + /* 0x308 */ 0x27, 0x51, 0x6E, 0xFF, 0xBC, 0x64, 0xF5, 0x33, + /* 0x310 */ 0x43, 0x4F, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, + /* 0x318 */ 0x42, 0x30, 0x40, 0x30, 0x0E, 0x06, 0x03, 0x55, + /* 0x320 */ 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, + /* 0x328 */ 0x02, 0x01, 0x06, 0x30, 0x0F, 0x06, 0x03, 0x55, + /* 0x330 */ 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, + /* 0x338 */ 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1D, 0x06, 0x03, + /* 0x340 */ 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x79, + /* 0x348 */ 0xB4, 0x59, 0xE6, 0x7B, 0xB6, 0xE5, 0xE4, 0x01, + /* 0x350 */ 0x73, 0x80, 0x08, 0x88, 0xC8, 0x1A, 0x58, 0xF6, + /* 0x358 */ 0xE9, 0x9B, 0x6E, 0x30, 0x0D, 0x06, 0x09, 0x2A, + /* 0x360 */ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + /* 0x368 */ 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, 0x00, 0x55, + /* 0x370 */ 0x1F, 0x58, 0xA9, 0xBC, 0xB2, 0xA8, 0x50, 0xD0, + /* 0x378 */ 0x0C, 0xB1, 0xD8, 0x1A, 0x69, 0x20, 0x27, 0x29, + /* 0x380 */ 0x08, 0xAC, 0x61, 0x75, 0x5C, 0x8A, 0x6E, 0xF8, + /* 0x388 */ 0x82, 0xE5, 0x69, 0x2F, 0xD5, 0xF6, 0x56, 0x4B, + /* 0x390 */ 0xB9, 0xB8, 0x73, 0x10, 0x59, 0xD3, 0x21, 0x97, + /* 0x398 */ 0x7E, 0xE7, 0x4C, 0x71, 0xFB, 0xB2, 0xD2, 0x60, + /* 0x3a0 */ 0xAD, 0x39, 0xA8, 0x0B, 0xEA, 0x17, 0x21, 0x56, + /* 0x3a8 */ 0x85, 0xF1, 0x50, 0x0E, 0x59, 0xEB, 0xCE, 0xE0, + /* 0x3b0 */ 0x59, 0xE9, 0xBA, 0xC9, 0x15, 0xEF, 0x86, 0x9D, + /* 0x3b8 */ 0x8F, 0x84, 0x80, 0xF6, 0xE4, 0xE9, 0x91, 0x90, + /* 0x3c0 */ 0xDC, 0x17, 0x9B, 0x62, 0x1B, 0x45, 0xF0, 0x66, + /* 0x3c8 */ 0x95, 0xD2, 0x7C, 0x6F, 0xC2, 0xEA, 0x3B, 0xEF, + /* 0x3d0 */ 0x1F, 0xCF, 0xCB, 0xD6, 0xAE, 0x27, 0xF1, 0xA9, + /* 0x3d8 */ 0xB0, 0xC8, 0xAE, 0xFD, 0x7D, 0x7E, 0x9A, 0xFA, + /* 0x3e0 */ 0x22, 0x04, 0xEB, 0xFF, 0xD9, 0x7F, 0xEA, 0x91, + /* 0x3e8 */ 0x2B, 0x22, 0xB1, 0x17, 0x0E, 0x8F, 0xF2, 0x8A, + /* 0x3f0 */ 0x34, 0x5B, 0x58, 0xD8, 0xFC, 0x01, 0xC9, 0x54, + /* 0x3f8 */ 0xB9, 0xB8, 0x26, 0xCC, 0x8A, 0x88, 0x33, 0x89, + /* 0x400 */ 0x4C, 0x2D, 0x84, 0x3C, 0x82, 0xDF, 0xEE, 0x96, + /* 0x408 */ 0x57, 0x05, 0xBA, 0x2C, 0xBB, 0xF7, 0xC4, 0xB7, + /* 0x410 */ 0xC7, 0x4E, 0x3B, 0x82, 0xBE, 0x31, 0xC8, 0x22, + /* 0x418 */ 0x73, 0x73, 0x92, 0xD1, 0xC2, 0x80, 0xA4, 0x39, + /* 0x420 */ 0x39, 0x10, 0x33, 0x23, 0x82, 0x4C, 0x3C, 0x9F, + /* 0x428 */ 0x86, 0xB2, 0x55, 0x98, 0x1D, 0xBE, 0x29, 0x86, + /* 0x430 */ 0x8C, 0x22, 0x9B, 0x9E, 0xE2, 0x6B, 0x3B, 0x57, + /* 0x438 */ 0x3A, 0x82, 0x70, 0x4D, 0xDC, 0x09, 0xC7, 0x89, + /* 0x440 */ 0xCB, 0x0A, 0x07, 0x4D, 0x6C, 0xE8, 0x5D, 0x8E, + /* 0x448 */ 0xC9, 0xEF, 0xCE, 0xAB, 0xC7, 0xBB, 0xB5, 0x2B, + /* 0x450 */ 0x4E, 0x45, 0xD6, 0x4A, 0xD0, 0x26, 0xCC, 0xE5, + /* 0x458 */ 0x72, 0xCA, 0x08, 0x6A, 0xA5, 0x95, 0xE3, 0x15, + /* 0x460 */ 0xA1, 0xF7, 0xA4, 0xED, 0xC9, 0x2C, 0x5F, 0xA5, + /* 0x468 */ 0xFB, 0xFF, 0xAC, 0x28, 0x02, 0x2E, 0xBE, 0xD7, + /* 0x470 */ 0x7B, 0xBB, 0xE3, 0x71, 0x7B, 0x90, 0x16, 0xD3, + /* 0x478 */ 0x07, 0x5E, 0x46, 0x53, 0x7C, 0x37, 0x07, 0x42, + /* 0x480 */ 0x8C, 0xD3, 0xC4, 0x96, 0x9C, 0xD5, 0x99, 0xB5, + /* 0x488 */ 0x2A, 0xE0, 0x95, 0x1A, 0x80, 0x48, 0xAE, 0x4C, + /* 0x490 */ 0x39, 0x07, 0xCE, 0xCC, 0x47, 0xA4, 0x52, 0x95, + /* 0x498 */ 0x2B, 0xBA, 0xB8, 0xFB, 0xAD, 0xD2, 0x33, 0x53, + /* 0x4a0 */ 0x7D, 0xE5, 0x1D, 0x4D, 0x6D, 0xD5, 0xA1, 0xB1, + /* 0x4a8 */ 0xC7, 0x42, 0x6F, 0xE6, 0x40, 0x27, 0x35, 0x5C, + /* 0x4b0 */ 0xA3, 0x28, 0xB7, 0x07, 0x8D, 0xE7, 0x8D, 0x33, + /* 0x4b8 */ 0x90, 0xE7, 0x23, 0x9F, 0xFB, 0x50, 0x9C, 0x79, + /* 0x4c0 */ 0x6C, 0x46, 0xD5, 0xB4, 0x15, 0xB3, 0x96, 0x6E, + /* 0x4c8 */ 0x7E, 0x9B, 0x0C, 0x96, 0x3A, 0xB8, 0x52, 0x2D, + /* 0x4d0 */ 0x3F, 0xD6, 0x5B, 0xE1, 0xFB, 0x08, 0xC2, 0x84, + /* 0x4d8 */ 0xFE, 0x24, 0xA8, 0xA3, 0x89, 0xDA, 0xAC, 0x6A, + /* 0x4e0 */ 0xE1, 0x18, 0x2A, 0xB1, 0xA8, 0x43, 0x61, 0x5B, + /* 0x4e8 */ 0xD3, 0x1F, 0xDC, 0x3B, 0x8D, 0x76, 0xF2, 0x2D, + /* 0x4f0 */ 0xE8, 0x8D, 0x75, 0xDF, 0x17, 0x33, 0x6C, 0x3D, + /* 0x4f8 */ 0x53, 0xFB, 0x7B, 0xCB, 0x41, 0x5F, 0xFF, 0xDC, + /* 0x500 */ 0xA2, 0xD0, 0x61, 0x38, 0xE1, 0x96, 0xB8, 0xAC, + /* 0x508 */ 0x5D, 0x8B, 0x37, 0xD7, 0x75, 0xD5, 0x33, 0xC0, + /* 0x510 */ 0x99, 0x11, 0xAE, 0x9D, 0x41, 0xC1, 0x72, 0x75, + /* 0x518 */ 0x84, 0xBE, 0x02, 0x41, 0x42, 0x5F, 0x67, 0x24, + /* 0x520 */ 0x48, 0x94, 0xD1, 0x9B, 0x27, 0xBE, 0x07, 0x3F, + /* 0x528 */ 0xB9, 0xB8, 0x4F, 0x81, 0x74, 0x51, 0xE1, 0x7A, + /* 0x530 */ 0xB7, 0xED, 0x9D, 0x23, 0xE2, 0xBE, 0xE0, 0xD5, + /* 0x538 */ 0x28, 0x04, 0x13, 0x3C, 0x31, 0x03, 0x9E, 0xDD, + /* 0x540 */ 0x7A, 0x6C, 0x8F, 0xC6, 0x07, 0x18, 0xC6, 0x7F, + /* 0x548 */ 0xDE, 0x47, 0x8E, 0x3F, 0x28, 0x9E, 0x04, 0x06, + /* 0x550 */ 0xCF, 0xA5, 0x54, 0x34, 0x77, 0xBD, 0xEC, 0x89, + /* 0x558 */ 0x9B, 0xE9, 0x17, 0x43, 0xDF, 0x5B, 0xDB, 0x5F, + /* 0x560 */ 0xFE, 0x8E, 0x1E, 0x57, 0xA2, 0xCD, 0x40, 0x9D, + /* 0x568 */ 0x7E, 0x62, 0x22, 0xDA, 0xDE, 0x18, 0x27, +}; +static const lws_ss_x509_t _ss_x509_isrg_root_x1 = { + .vhost_name = "isrg_root_x1", + .ca_der = _ss_der_isrg_root_x1, + .ca_der_len = 1391, +}; +static const uint8_t _ss_der_LEX3_isrg_root_x1[] = { + /* 0x 0 */ 0x30, 0x82, 0x05, 0x8D, 0x30, 0x82, 0x03, 0x75, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x11, 0x00, + /* 0x 10 */ 0xD3, 0xB1, 0x72, 0x26, 0x34, 0x23, 0x32, 0xDC, + /* 0x 18 */ 0xF4, 0x05, 0x28, 0x51, 0x2A, 0xEC, 0x9C, 0x6A, + /* 0x 20 */ 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + /* 0x 28 */ 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, + /* 0x 30 */ 0x4F, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + /* 0x 38 */ 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x29, + /* 0x 40 */ 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, + /* 0x 48 */ 0x20, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x65, + /* 0x 50 */ 0x74, 0x20, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, + /* 0x 58 */ 0x74, 0x79, 0x20, 0x52, 0x65, 0x73, 0x65, 0x61, + /* 0x 60 */ 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6F, 0x75, + /* 0x 68 */ 0x70, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, + /* 0x 70 */ 0x04, 0x03, 0x13, 0x0C, 0x49, 0x53, 0x52, 0x47, + /* 0x 78 */ 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x58, 0x31, + /* 0x 80 */ 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36, 0x31, 0x30, + /* 0x 88 */ 0x30, 0x36, 0x31, 0x35, 0x34, 0x33, 0x35, 0x35, + /* 0x 90 */ 0x5A, 0x17, 0x0D, 0x32, 0x31, 0x31, 0x30, 0x30, + /* 0x 98 */ 0x36, 0x31, 0x35, 0x34, 0x33, 0x35, 0x35, 0x5A, + /* 0x a0 */ 0x30, 0x4A, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, + /* 0x a8 */ 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + /* 0x b0 */ 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0A, + /* 0x b8 */ 0x13, 0x0D, 0x4C, 0x65, 0x74, 0x27, 0x73, 0x20, + /* 0x c0 */ 0x45, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x31, + /* 0x c8 */ 0x23, 0x30, 0x21, 0x06, 0x03, 0x55, 0x04, 0x03, + /* 0x d0 */ 0x13, 0x1A, 0x4C, 0x65, 0x74, 0x27, 0x73, 0x20, + /* 0x d8 */ 0x45, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x20, + /* 0x e0 */ 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, + /* 0x e8 */ 0x79, 0x20, 0x58, 0x33, 0x30, 0x82, 0x01, 0x22, + /* 0x f0 */ 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + /* 0x f8 */ 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + /* 0x100 */ 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, + /* 0x108 */ 0x02, 0x82, 0x01, 0x01, 0x00, 0x9C, 0xD3, 0x0C, + /* 0x110 */ 0xF0, 0x5A, 0xE5, 0x2E, 0x47, 0xB7, 0x72, 0x5D, + /* 0x118 */ 0x37, 0x83, 0xB3, 0x68, 0x63, 0x30, 0xEA, 0xD7, + /* 0x120 */ 0x35, 0x26, 0x19, 0x25, 0xE1, 0xBD, 0xBE, 0x35, + /* 0x128 */ 0xF1, 0x70, 0x92, 0x2F, 0xB7, 0xB8, 0x4B, 0x41, + /* 0x130 */ 0x05, 0xAB, 0xA9, 0x9E, 0x35, 0x08, 0x58, 0xEC, + /* 0x138 */ 0xB1, 0x2A, 0xC4, 0x68, 0x87, 0x0B, 0xA3, 0xE3, + /* 0x140 */ 0x75, 0xE4, 0xE6, 0xF3, 0xA7, 0x62, 0x71, 0xBA, + /* 0x148 */ 0x79, 0x81, 0x60, 0x1F, 0xD7, 0x91, 0x9A, 0x9F, + /* 0x150 */ 0xF3, 0xD0, 0x78, 0x67, 0x71, 0xC8, 0x69, 0x0E, + /* 0x158 */ 0x95, 0x91, 0xCF, 0xFE, 0xE6, 0x99, 0xE9, 0x60, + /* 0x160 */ 0x3C, 0x48, 0xCC, 0x7E, 0xCA, 0x4D, 0x77, 0x12, + /* 0x168 */ 0x24, 0x9D, 0x47, 0x1B, 0x5A, 0xEB, 0xB9, 0xEC, + /* 0x170 */ 0x1E, 0x37, 0x00, 0x1C, 0x9C, 0xAC, 0x7B, 0xA7, + /* 0x178 */ 0x05, 0xEA, 0xCE, 0x4A, 0xEB, 0xBD, 0x41, 0xE5, + /* 0x180 */ 0x36, 0x98, 0xB9, 0xCB, 0xFD, 0x6D, 0x3C, 0x96, + /* 0x188 */ 0x68, 0xDF, 0x23, 0x2A, 0x42, 0x90, 0x0C, 0x86, + /* 0x190 */ 0x74, 0x67, 0xC8, 0x7F, 0xA5, 0x9A, 0xB8, 0x52, + /* 0x198 */ 0x61, 0x14, 0x13, 0x3F, 0x65, 0xE9, 0x82, 0x87, + /* 0x1a0 */ 0xCB, 0xDB, 0xFA, 0x0E, 0x56, 0xF6, 0x86, 0x89, + /* 0x1a8 */ 0xF3, 0x85, 0x3F, 0x97, 0x86, 0xAF, 0xB0, 0xDC, + /* 0x1b0 */ 0x1A, 0xEF, 0x6B, 0x0D, 0x95, 0x16, 0x7D, 0xC4, + /* 0x1b8 */ 0x2B, 0xA0, 0x65, 0xB2, 0x99, 0x04, 0x36, 0x75, + /* 0x1c0 */ 0x80, 0x6B, 0xAC, 0x4A, 0xF3, 0x1B, 0x90, 0x49, + /* 0x1c8 */ 0x78, 0x2F, 0xA2, 0x96, 0x4F, 0x2A, 0x20, 0x25, + /* 0x1d0 */ 0x29, 0x04, 0xC6, 0x74, 0xC0, 0xD0, 0x31, 0xCD, + /* 0x1d8 */ 0x8F, 0x31, 0x38, 0x95, 0x16, 0xBA, 0xA8, 0x33, + /* 0x1e0 */ 0xB8, 0x43, 0xF1, 0xB1, 0x1F, 0xC3, 0x30, 0x7F, + /* 0x1e8 */ 0xA2, 0x79, 0x31, 0x13, 0x3D, 0x2D, 0x36, 0xF8, + /* 0x1f0 */ 0xE3, 0xFC, 0xF2, 0x33, 0x6A, 0xB9, 0x39, 0x31, + /* 0x1f8 */ 0xC5, 0xAF, 0xC4, 0x8D, 0x0D, 0x1D, 0x64, 0x16, + /* 0x200 */ 0x33, 0xAA, 0xFA, 0x84, 0x29, 0xB6, 0xD4, 0x0B, + /* 0x208 */ 0xC0, 0xD8, 0x7D, 0xC3, 0x93, 0x02, 0x03, 0x01, + /* 0x210 */ 0x00, 0x01, 0xA3, 0x82, 0x01, 0x67, 0x30, 0x82, + /* 0x218 */ 0x01, 0x63, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, + /* 0x220 */ 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, + /* 0x228 */ 0x01, 0x86, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1D, + /* 0x230 */ 0x13, 0x01, 0x01, 0xFF, 0x04, 0x08, 0x30, 0x06, + /* 0x238 */ 0x01, 0x01, 0xFF, 0x02, 0x01, 0x00, 0x30, 0x54, + /* 0x240 */ 0x06, 0x03, 0x55, 0x1D, 0x20, 0x04, 0x4D, 0x30, + /* 0x248 */ 0x4B, 0x30, 0x08, 0x06, 0x06, 0x67, 0x81, 0x0C, + /* 0x250 */ 0x01, 0x02, 0x01, 0x30, 0x3F, 0x06, 0x0B, 0x2B, + /* 0x258 */ 0x06, 0x01, 0x04, 0x01, 0x82, 0xDF, 0x13, 0x01, + /* 0x260 */ 0x01, 0x01, 0x30, 0x30, 0x30, 0x2E, 0x06, 0x08, + /* 0x268 */ 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x01, + /* 0x270 */ 0x16, 0x22, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, + /* 0x278 */ 0x2F, 0x63, 0x70, 0x73, 0x2E, 0x72, 0x6F, 0x6F, + /* 0x280 */ 0x74, 0x2D, 0x78, 0x31, 0x2E, 0x6C, 0x65, 0x74, + /* 0x288 */ 0x73, 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, + /* 0x290 */ 0x2E, 0x6F, 0x72, 0x67, 0x30, 0x1D, 0x06, 0x03, + /* 0x298 */ 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xA8, + /* 0x2a0 */ 0x4A, 0x6A, 0x63, 0x04, 0x7D, 0xDD, 0xBA, 0xE6, + /* 0x2a8 */ 0xD1, 0x39, 0xB7, 0xA6, 0x45, 0x65, 0xEF, 0xF3, + /* 0x2b0 */ 0xA8, 0xEC, 0xA1, 0x30, 0x33, 0x06, 0x03, 0x55, + /* 0x2b8 */ 0x1D, 0x1F, 0x04, 0x2C, 0x30, 0x2A, 0x30, 0x28, + /* 0x2c0 */ 0xA0, 0x26, 0xA0, 0x24, 0x86, 0x22, 0x68, 0x74, + /* 0x2c8 */ 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, 0x72, 0x6C, + /* 0x2d0 */ 0x2E, 0x72, 0x6F, 0x6F, 0x74, 0x2D, 0x78, 0x31, + /* 0x2d8 */ 0x2E, 0x6C, 0x65, 0x74, 0x73, 0x65, 0x6E, 0x63, + /* 0x2e0 */ 0x72, 0x79, 0x70, 0x74, 0x2E, 0x6F, 0x72, 0x67, + /* 0x2e8 */ 0x30, 0x72, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + /* 0x2f0 */ 0x05, 0x07, 0x01, 0x01, 0x04, 0x66, 0x30, 0x64, + /* 0x2f8 */ 0x30, 0x30, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, + /* 0x300 */ 0x05, 0x07, 0x30, 0x01, 0x86, 0x24, 0x68, 0x74, + /* 0x308 */ 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6F, 0x63, 0x73, + /* 0x310 */ 0x70, 0x2E, 0x72, 0x6F, 0x6F, 0x74, 0x2D, 0x78, + /* 0x318 */ 0x31, 0x2E, 0x6C, 0x65, 0x74, 0x73, 0x65, 0x6E, + /* 0x320 */ 0x63, 0x72, 0x79, 0x70, 0x74, 0x2E, 0x6F, 0x72, + /* 0x328 */ 0x67, 0x2F, 0x30, 0x30, 0x06, 0x08, 0x2B, 0x06, + /* 0x330 */ 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x24, + /* 0x338 */ 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x63, + /* 0x340 */ 0x65, 0x72, 0x74, 0x2E, 0x72, 0x6F, 0x6F, 0x74, + /* 0x348 */ 0x2D, 0x78, 0x31, 0x2E, 0x6C, 0x65, 0x74, 0x73, + /* 0x350 */ 0x65, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2E, + /* 0x358 */ 0x6F, 0x72, 0x67, 0x2F, 0x30, 0x1F, 0x06, 0x03, + /* 0x360 */ 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + /* 0x368 */ 0x14, 0x79, 0xB4, 0x59, 0xE6, 0x7B, 0xB6, 0xE5, + /* 0x370 */ 0xE4, 0x01, 0x73, 0x80, 0x08, 0x88, 0xC8, 0x1A, + /* 0x378 */ 0x58, 0xF6, 0xE9, 0x9B, 0x6E, 0x30, 0x0D, 0x06, + /* 0x380 */ 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + /* 0x388 */ 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x02, 0x01, + /* 0x390 */ 0x00, 0x19, 0xCF, 0x75, 0x20, 0x34, 0x2D, 0x3A, + /* 0x398 */ 0xA6, 0x45, 0xFF, 0xD0, 0xD5, 0xE6, 0x8C, 0xDA, + /* 0x3a0 */ 0x32, 0xE8, 0x9C, 0x6E, 0x1B, 0x41, 0xD1, 0x27, + /* 0x3a8 */ 0xA8, 0xE2, 0x50, 0xF2, 0x70, 0xAA, 0xC4, 0xE7, + /* 0x3b0 */ 0x93, 0x46, 0xB4, 0xE8, 0x10, 0xAB, 0x70, 0x4F, + /* 0x3b8 */ 0xEF, 0xB7, 0xEA, 0x04, 0xD2, 0x94, 0x11, 0xB1, + /* 0x3c0 */ 0x03, 0xFE, 0x5D, 0xBA, 0xDF, 0x36, 0x8C, 0x94, + /* 0x3c8 */ 0x36, 0x8F, 0x13, 0x7C, 0x44, 0x8F, 0x0B, 0xF5, + /* 0x3d0 */ 0x01, 0x57, 0xAD, 0x68, 0xB8, 0xC5, 0x79, 0xC0, + /* 0x3d8 */ 0xD8, 0x4A, 0x80, 0xD7, 0x4C, 0xA3, 0x1E, 0x24, + /* 0x3e0 */ 0x7A, 0x1F, 0xD7, 0x23, 0xE8, 0xC1, 0x62, 0x3A, + /* 0x3e8 */ 0x76, 0xF9, 0x22, 0x7D, 0x5E, 0x5A, 0xC4, 0x4C, + /* 0x3f0 */ 0x50, 0xCD, 0xAF, 0xDD, 0xEF, 0x6D, 0x36, 0xC0, + /* 0x3f8 */ 0x80, 0x80, 0x1B, 0xA4, 0x3C, 0x70, 0x20, 0xD6, + /* 0x400 */ 0x54, 0x21, 0xD3, 0xBA, 0xEF, 0x14, 0xA9, 0xBF, + /* 0x408 */ 0x07, 0x3F, 0x41, 0x0A, 0x36, 0xB1, 0xA2, 0xB0, + /* 0x410 */ 0x0B, 0x20, 0xD5, 0x1F, 0x67, 0xD0, 0xC3, 0xEB, + /* 0x418 */ 0x88, 0xF6, 0x8A, 0x02, 0xC8, 0xC6, 0x57, 0xB6, + /* 0x420 */ 0x0C, 0xFC, 0x56, 0xF1, 0xD2, 0x3F, 0x17, 0x69, + /* 0x428 */ 0x68, 0x1C, 0xC8, 0xD7, 0x66, 0x3A, 0x86, 0xF1, + /* 0x430 */ 0x19, 0x2A, 0x65, 0x47, 0x68, 0xC6, 0xD2, 0x03, + /* 0x438 */ 0xE7, 0xEF, 0x74, 0x16, 0x0B, 0x06, 0x21, 0xF9, + /* 0x440 */ 0x0C, 0xA6, 0xA8, 0x11, 0x4B, 0x4E, 0x5F, 0xE3, + /* 0x448 */ 0x33, 0xDB, 0x08, 0x41, 0xEA, 0x09, 0x79, 0x75, + /* 0x450 */ 0x78, 0xEE, 0x47, 0xC8, 0x42, 0xD3, 0x81, 0xC5, + /* 0x458 */ 0x65, 0x2D, 0x75, 0xD0, 0x0E, 0x00, 0x16, 0x9D, + /* 0x460 */ 0x1C, 0xEE, 0xB7, 0x58, 0x45, 0x25, 0xE7, 0x33, + /* 0x468 */ 0x63, 0x5B, 0x63, 0x41, 0x09, 0xE8, 0xE9, 0xFE, + /* 0x470 */ 0xAC, 0xFA, 0x73, 0x32, 0x74, 0xB3, 0x76, 0xE9, + /* 0x478 */ 0x6B, 0x94, 0xE2, 0xCD, 0xD4, 0x62, 0xF3, 0xAE, + /* 0x480 */ 0x3A, 0xC5, 0x31, 0x46, 0x52, 0x6E, 0xED, 0x34, + /* 0x488 */ 0x91, 0x1E, 0xA0, 0xC2, 0xDE, 0x54, 0x84, 0xE5, + /* 0x490 */ 0x78, 0x20, 0x56, 0x4C, 0xDD, 0x68, 0xF9, 0x2E, + /* 0x498 */ 0x28, 0x64, 0x1B, 0x1A, 0x99, 0xF2, 0xFB, 0x4D, + /* 0x4a0 */ 0x7F, 0xE3, 0xB8, 0x5F, 0x5D, 0x73, 0x41, 0xEC, + /* 0x4a8 */ 0x79, 0xED, 0x58, 0xD6, 0x7A, 0x37, 0x65, 0x70, + /* 0x4b0 */ 0xA7, 0xB1, 0xBA, 0x39, 0xF6, 0x3E, 0x61, 0x0A, + /* 0x4b8 */ 0xD9, 0xC0, 0x86, 0x90, 0x9A, 0x1A, 0xC8, 0xA8, + /* 0x4c0 */ 0x96, 0x6E, 0x8A, 0x0B, 0x2B, 0x6D, 0xED, 0xD6, + /* 0x4c8 */ 0xFA, 0x07, 0x67, 0xE7, 0x29, 0x04, 0xF7, 0xE2, + /* 0x4d0 */ 0xB2, 0xD1, 0x58, 0x15, 0x52, 0xC7, 0xF1, 0xA3, + /* 0x4d8 */ 0x9D, 0xA6, 0xC0, 0x56, 0x2C, 0xD4, 0x92, 0x98, + /* 0x4e0 */ 0xD8, 0xF1, 0x83, 0xB9, 0x6C, 0x7C, 0x33, 0xA0, + /* 0x4e8 */ 0xE5, 0x4B, 0xAA, 0x90, 0x92, 0xF1, 0xDA, 0x45, + /* 0x4f0 */ 0x4A, 0x34, 0x14, 0xC7, 0x7C, 0x4E, 0xC4, 0xA5, + /* 0x4f8 */ 0x6C, 0x5D, 0x3F, 0xBF, 0xDE, 0xB9, 0xA8, 0x61, + /* 0x500 */ 0x4A, 0x85, 0x20, 0xDE, 0x42, 0x83, 0x29, 0x62, + /* 0x508 */ 0x7C, 0x1C, 0x99, 0x08, 0xA5, 0x46, 0x1F, 0xF4, + /* 0x510 */ 0x6B, 0x22, 0xD3, 0x86, 0x51, 0xCB, 0x37, 0xCD, + /* 0x518 */ 0x60, 0x4A, 0x42, 0x63, 0x56, 0xB3, 0xC8, 0xD1, + /* 0x520 */ 0x8F, 0x31, 0x09, 0x53, 0xC1, 0xE2, 0xDC, 0x1B, + /* 0x528 */ 0xD4, 0xF1, 0x54, 0x77, 0x67, 0xCF, 0x33, 0x7B, + /* 0x530 */ 0x00, 0xD6, 0xD2, 0x7C, 0xDE, 0xC6, 0x79, 0xBF, + /* 0x538 */ 0xCB, 0xE0, 0x16, 0xFD, 0xB2, 0xA1, 0xF2, 0x91, + /* 0x540 */ 0x3C, 0x1D, 0x2D, 0xE8, 0x9C, 0xD4, 0x03, 0xCD, + /* 0x548 */ 0x66, 0x4A, 0xA3, 0x37, 0x93, 0x19, 0x79, 0x7B, + /* 0x550 */ 0xE2, 0x19, 0xC2, 0x16, 0x00, 0xC8, 0xED, 0x0E, + /* 0x558 */ 0x4E, 0x0D, 0xFF, 0x7E, 0xCF, 0x07, 0xA8, 0x64, + /* 0x560 */ 0xCD, 0x29, 0xDF, 0x41, 0xAA, 0x85, 0x30, 0x49, + /* 0x568 */ 0x10, 0x73, 0xA7, 0x4E, 0x89, 0x32, 0x0E, 0x5B, + /* 0x570 */ 0xAD, 0x40, 0x86, 0xC1, 0xB0, 0x94, 0x0C, 0x8D, + /* 0x578 */ 0x26, 0xC5, 0xA7, 0x49, 0xDC, 0x1C, 0xF8, 0x5B, + /* 0x580 */ 0x14, 0x7A, 0x7F, 0x23, 0x69, 0x04, 0xAD, 0xB2, + /* 0x588 */ 0x02, 0x29, 0xD6, 0x12, 0xC8, 0xA4, 0xC6, 0xA1, + /* 0x590 */ 0x2D, +}; +static const lws_ss_x509_t _ss_x509_LEX3_isrg_root_x1 = { + .vhost_name = "LEX3_isrg_root_x1", + .ca_der = _ss_der_LEX3_isrg_root_x1, + .ca_der_len = 1425, +}; +static const lws_ss_trust_store_t _ss_ts_le_via_isrg = { + .name = "le_via_isrg", + .ssx509 = { + &_ss_x509_LEX3_isrg_root_x1, + &_ss_x509_isrg_root_x1, + } +}; + +static const lws_ss_metadata_t _md_mintest_xctype = { + .name = "xctype", + .value = (void *)"X-Content-Type:", + .length = 0, +}, +_md_mintest_ctype = { + .next = (void *)&_md_mintest_xctype, + .name = "ctype", + .value = (void *)"Content-Type:", + .length = 1, +}, +_md_mintest_uptag = { + .next = (void *)&_md_mintest_ctype, + .name = "uptag", + .value = (void *)"X-Upload-Tag:", + .length = 2, +}; + +static const lws_ss_trust_store_t _ss_ts_avs_via_starfield = { + .name = "avs_via_starfield", + .ssx509 = { + &_ss_x509_starfield_services_root_ca, + &_ss_x509_starfield_class_2_ca, + } +}; +static const uint8_t _ss_der_digicert_global_ca_g2[] = { + /* 0x 0 */ 0x30, 0x82, 0x04, 0x8B, 0x30, 0x82, 0x03, 0x73, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x0C, + /* 0x 10 */ 0x8E, 0xE0, 0xC9, 0x0D, 0x6A, 0x89, 0x15, 0x88, + /* 0x 18 */ 0x04, 0x06, 0x1E, 0xE2, 0x41, 0xF9, 0xAF, 0x30, + /* 0x 20 */ 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + /* 0x 28 */ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x61, + /* 0x 30 */ 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + /* 0x 38 */ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, + /* 0x 40 */ 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0C, + /* 0x 48 */ 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, + /* 0x 50 */ 0x20, 0x49, 0x6E, 0x63, 0x31, 0x19, 0x30, 0x17, + /* 0x 58 */ 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x10, 0x77, + /* 0x 60 */ 0x77, 0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, + /* 0x 68 */ 0x65, 0x72, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + /* 0x 70 */ 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03, + /* 0x 78 */ 0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, + /* 0x 80 */ 0x72, 0x74, 0x20, 0x47, 0x6C, 0x6F, 0x62, 0x61, + /* 0x 88 */ 0x6C, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x47, + /* 0x 90 */ 0x32, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, 0x30, + /* 0x 98 */ 0x38, 0x30, 0x31, 0x31, 0x32, 0x30, 0x30, 0x30, + /* 0x a0 */ 0x30, 0x5A, 0x17, 0x0D, 0x32, 0x38, 0x30, 0x38, + /* 0x a8 */ 0x30, 0x31, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, + /* 0x b0 */ 0x5A, 0x30, 0x44, 0x31, 0x0B, 0x30, 0x09, 0x06, + /* 0x b8 */ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + /* 0x c0 */ 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + /* 0x c8 */ 0x0A, 0x13, 0x0C, 0x44, 0x69, 0x67, 0x69, 0x43, + /* 0x d0 */ 0x65, 0x72, 0x74, 0x20, 0x49, 0x6E, 0x63, 0x31, + /* 0x d8 */ 0x1E, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x04, 0x03, + /* 0x e0 */ 0x13, 0x15, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, + /* 0x e8 */ 0x72, 0x74, 0x20, 0x47, 0x6C, 0x6F, 0x62, 0x61, + /* 0x f0 */ 0x6C, 0x20, 0x43, 0x41, 0x20, 0x47, 0x32, 0x30, + /* 0x f8 */ 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, + /* 0x100 */ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, + /* 0x108 */ 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, + /* 0x110 */ 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, + /* 0x118 */ 0xD3, 0x48, 0x7C, 0xBE, 0xF3, 0x05, 0x86, 0x5D, + /* 0x120 */ 0x5B, 0xD5, 0x2F, 0x85, 0x4E, 0x4B, 0xE0, 0x86, + /* 0x128 */ 0xAD, 0x15, 0xAC, 0x61, 0xCF, 0x5B, 0xAF, 0x3E, + /* 0x130 */ 0x6A, 0x0A, 0x47, 0xFB, 0x9A, 0x76, 0x91, 0x60, + /* 0x138 */ 0x0B, 0x8A, 0x6B, 0xCD, 0xCF, 0xDC, 0x57, 0x7E, + /* 0x140 */ 0x60, 0x98, 0x0B, 0xE4, 0x54, 0xD9, 0x56, 0xED, + /* 0x148 */ 0x21, 0xCC, 0x02, 0xB6, 0x5A, 0x81, 0x5F, 0x97, + /* 0x150 */ 0x6A, 0xEE, 0x02, 0x2F, 0x23, 0x27, 0xB8, 0x6D, + /* 0x158 */ 0xD4, 0xB0, 0xE7, 0x06, 0x02, 0x78, 0x0B, 0x1F, + /* 0x160 */ 0x5C, 0xA9, 0x99, 0x36, 0xFE, 0xBB, 0xAC, 0x1B, + /* 0x168 */ 0x05, 0xFA, 0x57, 0xCD, 0x81, 0x10, 0x40, 0x67, + /* 0x170 */ 0xD6, 0x30, 0x8B, 0x58, 0x35, 0xD4, 0x96, 0x61, + /* 0x178 */ 0xBE, 0xD0, 0x8C, 0x7A, 0x97, 0x9F, 0x1A, 0xF9, + /* 0x180 */ 0x22, 0xE6, 0x14, 0x2F, 0xA9, 0xC6, 0xE8, 0x01, + /* 0x188 */ 0x1F, 0xAB, 0xF8, 0x26, 0x0F, 0xAC, 0x8E, 0x4D, + /* 0x190 */ 0x2C, 0x32, 0x39, 0x1D, 0x81, 0x9B, 0x8D, 0x1C, + /* 0x198 */ 0x65, 0xB2, 0x1C, 0xDB, 0x61, 0xA8, 0x89, 0x2F, + /* 0x1a0 */ 0x60, 0xE7, 0xEB, 0xC2, 0x4A, 0x18, 0xC4, 0x6F, + /* 0x1a8 */ 0x2A, 0xE9, 0x10, 0x92, 0x09, 0xED, 0x17, 0xD1, + /* 0x1b0 */ 0x00, 0x2B, 0xE6, 0x7D, 0xEF, 0x04, 0x89, 0x14, + /* 0x1b8 */ 0x4E, 0x33, 0xA1, 0xB2, 0x0F, 0x97, 0x87, 0x9F, + /* 0x1c0 */ 0xB3, 0xA0, 0xCD, 0x2F, 0xBC, 0x2C, 0xEC, 0xB8, + /* 0x1c8 */ 0x83, 0x68, 0x31, 0x3D, 0x1F, 0xD5, 0x4A, 0x90, + /* 0x1d0 */ 0x10, 0x19, 0x0B, 0x81, 0x95, 0xD6, 0x29, 0x76, + /* 0x1d8 */ 0x51, 0xF9, 0x36, 0x76, 0xD0, 0xB7, 0x09, 0x7A, + /* 0x1e0 */ 0x38, 0x4A, 0xD7, 0x6F, 0x8C, 0xBF, 0x13, 0x7C, + /* 0x1e8 */ 0x39, 0xED, 0xBA, 0xAE, 0x90, 0xFC, 0x95, 0xF7, + /* 0x1f0 */ 0x7B, 0x78, 0x09, 0x36, 0x5E, 0x74, 0x93, 0x1E, + /* 0x1f8 */ 0x25, 0xF0, 0xFF, 0xD4, 0xAD, 0xAE, 0x68, 0x6B, + /* 0x200 */ 0xC6, 0xFF, 0x0F, 0xD5, 0x35, 0xF1, 0x55, 0x6E, + /* 0x208 */ 0x48, 0x49, 0xF8, 0xF8, 0xB8, 0xEF, 0x88, 0xF8, + /* 0x210 */ 0xF1, 0x5E, 0x11, 0x77, 0xAA, 0xDF, 0x02, 0xB3, + /* 0x218 */ 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, + /* 0x220 */ 0x5A, 0x30, 0x82, 0x01, 0x56, 0x30, 0x12, 0x06, + /* 0x228 */ 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, + /* 0x230 */ 0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, + /* 0x238 */ 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, + /* 0x240 */ 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, + /* 0x248 */ 0x86, 0x30, 0x34, 0x06, 0x08, 0x2B, 0x06, 0x01, + /* 0x250 */ 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x28, 0x30, + /* 0x258 */ 0x26, 0x30, 0x24, 0x06, 0x08, 0x2B, 0x06, 0x01, + /* 0x260 */ 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x18, 0x68, + /* 0x268 */ 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x6F, 0x63, + /* 0x270 */ 0x73, 0x70, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, + /* 0x278 */ 0x65, 0x72, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x30, + /* 0x280 */ 0x7B, 0x06, 0x03, 0x55, 0x1D, 0x1F, 0x04, 0x74, + /* 0x288 */ 0x30, 0x72, 0x30, 0x37, 0xA0, 0x35, 0xA0, 0x33, + /* 0x290 */ 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, + /* 0x298 */ 0x2F, 0x63, 0x72, 0x6C, 0x34, 0x2E, 0x64, 0x69, + /* 0x2a0 */ 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63, + /* 0x2a8 */ 0x6F, 0x6D, 0x2F, 0x44, 0x69, 0x67, 0x69, 0x43, + /* 0x2b0 */ 0x65, 0x72, 0x74, 0x47, 0x6C, 0x6F, 0x62, 0x61, + /* 0x2b8 */ 0x6C, 0x52, 0x6F, 0x6F, 0x74, 0x47, 0x32, 0x2E, + /* 0x2c0 */ 0x63, 0x72, 0x6C, 0x30, 0x37, 0xA0, 0x35, 0xA0, + /* 0x2c8 */ 0x33, 0x86, 0x31, 0x68, 0x74, 0x74, 0x70, 0x3A, + /* 0x2d0 */ 0x2F, 0x2F, 0x63, 0x72, 0x6C, 0x33, 0x2E, 0x64, + /* 0x2d8 */ 0x69, 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2E, + /* 0x2e0 */ 0x63, 0x6F, 0x6D, 0x2F, 0x44, 0x69, 0x67, 0x69, + /* 0x2e8 */ 0x43, 0x65, 0x72, 0x74, 0x47, 0x6C, 0x6F, 0x62, + /* 0x2f0 */ 0x61, 0x6C, 0x52, 0x6F, 0x6F, 0x74, 0x47, 0x32, + /* 0x2f8 */ 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x3D, 0x06, 0x03, + /* 0x300 */ 0x55, 0x1D, 0x20, 0x04, 0x36, 0x30, 0x34, 0x30, + /* 0x308 */ 0x32, 0x06, 0x04, 0x55, 0x1D, 0x20, 0x00, 0x30, + /* 0x310 */ 0x2A, 0x30, 0x28, 0x06, 0x08, 0x2B, 0x06, 0x01, + /* 0x318 */ 0x05, 0x05, 0x07, 0x02, 0x01, 0x16, 0x1C, 0x68, + /* 0x320 */ 0x74, 0x74, 0x70, 0x73, 0x3A, 0x2F, 0x2F, 0x77, + /* 0x328 */ 0x77, 0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, + /* 0x330 */ 0x65, 0x72, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, + /* 0x338 */ 0x43, 0x50, 0x53, 0x30, 0x1D, 0x06, 0x03, 0x55, + /* 0x340 */ 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x24, 0x6E, + /* 0x348 */ 0x2B, 0x2D, 0xD0, 0x6A, 0x92, 0x51, 0x51, 0x25, + /* 0x350 */ 0x69, 0x01, 0xAA, 0x9A, 0x47, 0xA6, 0x89, 0xE7, + /* 0x358 */ 0x40, 0x20, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, + /* 0x360 */ 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x4E, + /* 0x368 */ 0x22, 0x54, 0x20, 0x18, 0x95, 0xE6, 0xE3, 0x6E, + /* 0x370 */ 0xE6, 0x0F, 0xFA, 0xFA, 0xB9, 0x12, 0xED, 0x06, + /* 0x378 */ 0x17, 0x8F, 0x39, 0x30, 0x0D, 0x06, 0x09, 0x2A, + /* 0x380 */ 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + /* 0x388 */ 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0B, + /* 0x390 */ 0x39, 0x84, 0x91, 0xF9, 0x97, 0xEB, 0xAA, 0x81, + /* 0x398 */ 0xAF, 0x84, 0xE9, 0x5A, 0x38, 0x92, 0xFC, 0xE2, + /* 0x3a0 */ 0x6C, 0x59, 0xBF, 0x36, 0xC8, 0x45, 0xA7, 0x31, + /* 0x3a8 */ 0x03, 0x11, 0xE1, 0x06, 0xC0, 0xAC, 0x32, 0xC7, + /* 0x3b0 */ 0x5A, 0x55, 0x29, 0xDA, 0x4F, 0x40, 0x02, 0xF5, + /* 0x3b8 */ 0xA1, 0xDE, 0xB0, 0xED, 0xDE, 0xC0, 0xF8, 0xF6, + /* 0x3c0 */ 0x75, 0x9D, 0x76, 0xB9, 0x87, 0xFE, 0x41, 0x80, + /* 0x3c8 */ 0x7A, 0xCF, 0x5D, 0xE3, 0x00, 0xC6, 0x5B, 0x02, + /* 0x3d0 */ 0xE6, 0x9B, 0x78, 0x62, 0xC9, 0xDC, 0xB8, 0x62, + /* 0x3d8 */ 0x9A, 0x77, 0xED, 0x89, 0x08, 0xD7, 0x4B, 0xC5, + /* 0x3e0 */ 0xFD, 0x43, 0xD5, 0x62, 0x23, 0x27, 0xC4, 0x04, + /* 0x3e8 */ 0x59, 0x6D, 0x71, 0x3F, 0x23, 0x5B, 0xEA, 0xD9, + /* 0x3f0 */ 0xF2, 0xE7, 0x24, 0x27, 0x6F, 0xF4, 0x95, 0x80, + /* 0x3f8 */ 0xDB, 0x96, 0x2C, 0xE4, 0x54, 0x8B, 0xCF, 0xEA, + /* 0x400 */ 0x19, 0xD9, 0x7F, 0x55, 0x99, 0x51, 0x7A, 0x0E, + /* 0x408 */ 0x2D, 0x18, 0x3D, 0x78, 0x58, 0x52, 0xBC, 0x63, + /* 0x410 */ 0x68, 0x57, 0x0B, 0xDD, 0x44, 0xB3, 0x57, 0x4A, + /* 0x418 */ 0x60, 0xE6, 0xC8, 0x70, 0x70, 0x5B, 0x87, 0x28, + /* 0x420 */ 0x6A, 0xD7, 0x3B, 0x4E, 0x52, 0x45, 0x19, 0xAF, + /* 0x428 */ 0x24, 0x06, 0x92, 0x48, 0x11, 0x1A, 0x8B, 0xAE, + /* 0x430 */ 0xAC, 0x18, 0x12, 0x57, 0xAC, 0x03, 0xCB, 0xB8, + /* 0x438 */ 0xF4, 0xBD, 0xCA, 0x26, 0x0E, 0xA7, 0xC1, 0xDD, + /* 0x440 */ 0xE3, 0x33, 0xEF, 0xC0, 0x55, 0x30, 0x0D, 0x95, + /* 0x448 */ 0x59, 0x4E, 0x9C, 0x03, 0x36, 0x06, 0xF8, 0xC0, + /* 0x450 */ 0x8F, 0x14, 0x99, 0x9C, 0x4D, 0x2A, 0x9E, 0xC1, + /* 0x458 */ 0xE1, 0x7D, 0x3B, 0xAF, 0x72, 0xA7, 0x45, 0xBA, + /* 0x460 */ 0x13, 0x96, 0x29, 0x4E, 0x19, 0xD0, 0x1A, 0x98, + /* 0x468 */ 0x06, 0xF4, 0x37, 0x94, 0x17, 0xAD, 0xA3, 0x18, + /* 0x470 */ 0xBA, 0x3E, 0xB0, 0x01, 0x0C, 0x95, 0xD6, 0x29, + /* 0x478 */ 0x35, 0x20, 0x35, 0x7D, 0xF5, 0x10, 0x60, 0xE4, + /* 0x480 */ 0xF7, 0x68, 0x62, 0x1E, 0xEC, 0x19, 0xE1, 0x24, + /* 0x488 */ 0xF2, 0x87, 0x11, 0xAC, 0xE9, 0x08, 0x80, +}; +static const lws_ss_x509_t _ss_x509_digicert_global_ca_g2 = { + .vhost_name = "digicert_global_ca_g2", + .ca_der = _ss_der_digicert_global_ca_g2, + .ca_der_len = 1167, +}; +static const uint8_t _ss_der_digicert_global_root_g2[] = { + /* 0x 0 */ 0x30, 0x82, 0x03, 0x8E, 0x30, 0x82, 0x02, 0x76, + /* 0x 8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x03, + /* 0x 10 */ 0x3A, 0xF1, 0xE6, 0xA7, 0x11, 0xA9, 0xA0, 0xBB, + /* 0x 18 */ 0x28, 0x64, 0xB1, 0x1D, 0x09, 0xFA, 0xE5, 0x30, + /* 0x 20 */ 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + /* 0x 28 */ 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x61, + /* 0x 30 */ 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + /* 0x 38 */ 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x15, 0x30, + /* 0x 40 */ 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x0C, + /* 0x 48 */ 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, + /* 0x 50 */ 0x20, 0x49, 0x6E, 0x63, 0x31, 0x19, 0x30, 0x17, + /* 0x 58 */ 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x10, 0x77, + /* 0x 60 */ 0x77, 0x77, 0x2E, 0x64, 0x69, 0x67, 0x69, 0x63, + /* 0x 68 */ 0x65, 0x72, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + /* 0x 70 */ 0x20, 0x30, 0x1E, 0x06, 0x03, 0x55, 0x04, 0x03, + /* 0x 78 */ 0x13, 0x17, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, + /* 0x 80 */ 0x72, 0x74, 0x20, 0x47, 0x6C, 0x6F, 0x62, 0x61, + /* 0x 88 */ 0x6C, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x47, + /* 0x 90 */ 0x32, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x33, 0x30, + /* 0x 98 */ 0x38, 0x30, 0x31, 0x31, 0x32, 0x30, 0x30, 0x30, + /* 0x a0 */ 0x30, 0x5A, 0x17, 0x0D, 0x33, 0x38, 0x30, 0x31, + /* 0x a8 */ 0x31, 0x35, 0x31, 0x32, 0x30, 0x30, 0x30, 0x30, + /* 0x b0 */ 0x5A, 0x30, 0x61, 0x31, 0x0B, 0x30, 0x09, 0x06, + /* 0x b8 */ 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + /* 0x c0 */ 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + /* 0x c8 */ 0x0A, 0x13, 0x0C, 0x44, 0x69, 0x67, 0x69, 0x43, + /* 0x d0 */ 0x65, 0x72, 0x74, 0x20, 0x49, 0x6E, 0x63, 0x31, + /* 0x d8 */ 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, + /* 0x e0 */ 0x13, 0x10, 0x77, 0x77, 0x77, 0x2E, 0x64, 0x69, + /* 0x e8 */ 0x67, 0x69, 0x63, 0x65, 0x72, 0x74, 0x2E, 0x63, + /* 0x f0 */ 0x6F, 0x6D, 0x31, 0x20, 0x30, 0x1E, 0x06, 0x03, + /* 0x f8 */ 0x55, 0x04, 0x03, 0x13, 0x17, 0x44, 0x69, 0x67, + /* 0x100 */ 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x47, 0x6C, + /* 0x108 */ 0x6F, 0x62, 0x61, 0x6C, 0x20, 0x52, 0x6F, 0x6F, + /* 0x110 */ 0x74, 0x20, 0x47, 0x32, 0x30, 0x82, 0x01, 0x22, + /* 0x118 */ 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + /* 0x120 */ 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, + /* 0x128 */ 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, + /* 0x130 */ 0x02, 0x82, 0x01, 0x01, 0x00, 0xBB, 0x37, 0xCD, + /* 0x138 */ 0x34, 0xDC, 0x7B, 0x6B, 0xC9, 0xB2, 0x68, 0x90, + /* 0x140 */ 0xAD, 0x4A, 0x75, 0xFF, 0x46, 0xBA, 0x21, 0x0A, + /* 0x148 */ 0x08, 0x8D, 0xF5, 0x19, 0x54, 0xC9, 0xFB, 0x88, + /* 0x150 */ 0xDB, 0xF3, 0xAE, 0xF2, 0x3A, 0x89, 0x91, 0x3C, + /* 0x158 */ 0x7A, 0xE6, 0xAB, 0x06, 0x1A, 0x6B, 0xCF, 0xAC, + /* 0x160 */ 0x2D, 0xE8, 0x5E, 0x09, 0x24, 0x44, 0xBA, 0x62, + /* 0x168 */ 0x9A, 0x7E, 0xD6, 0xA3, 0xA8, 0x7E, 0xE0, 0x54, + /* 0x170 */ 0x75, 0x20, 0x05, 0xAC, 0x50, 0xB7, 0x9C, 0x63, + /* 0x178 */ 0x1A, 0x6C, 0x30, 0xDC, 0xDA, 0x1F, 0x19, 0xB1, + /* 0x180 */ 0xD7, 0x1E, 0xDE, 0xFD, 0xD7, 0xE0, 0xCB, 0x94, + /* 0x188 */ 0x83, 0x37, 0xAE, 0xEC, 0x1F, 0x43, 0x4E, 0xDD, + /* 0x190 */ 0x7B, 0x2C, 0xD2, 0xBD, 0x2E, 0xA5, 0x2F, 0xE4, + /* 0x198 */ 0xA9, 0xB8, 0xAD, 0x3A, 0xD4, 0x99, 0xA4, 0xB6, + /* 0x1a0 */ 0x25, 0xE9, 0x9B, 0x6B, 0x00, 0x60, 0x92, 0x60, + /* 0x1a8 */ 0xFF, 0x4F, 0x21, 0x49, 0x18, 0xF7, 0x67, 0x90, + /* 0x1b0 */ 0xAB, 0x61, 0x06, 0x9C, 0x8F, 0xF2, 0xBA, 0xE9, + /* 0x1b8 */ 0xB4, 0xE9, 0x92, 0x32, 0x6B, 0xB5, 0xF3, 0x57, + /* 0x1c0 */ 0xE8, 0x5D, 0x1B, 0xCD, 0x8C, 0x1D, 0xAB, 0x95, + /* 0x1c8 */ 0x04, 0x95, 0x49, 0xF3, 0x35, 0x2D, 0x96, 0xE3, + /* 0x1d0 */ 0x49, 0x6D, 0xDD, 0x77, 0xE3, 0xFB, 0x49, 0x4B, + /* 0x1d8 */ 0xB4, 0xAC, 0x55, 0x07, 0xA9, 0x8F, 0x95, 0xB3, + /* 0x1e0 */ 0xB4, 0x23, 0xBB, 0x4C, 0x6D, 0x45, 0xF0, 0xF6, + /* 0x1e8 */ 0xA9, 0xB2, 0x95, 0x30, 0xB4, 0xFD, 0x4C, 0x55, + /* 0x1f0 */ 0x8C, 0x27, 0x4A, 0x57, 0x14, 0x7C, 0x82, 0x9D, + /* 0x1f8 */ 0xCD, 0x73, 0x92, 0xD3, 0x16, 0x4A, 0x06, 0x0C, + /* 0x200 */ 0x8C, 0x50, 0xD1, 0x8F, 0x1E, 0x09, 0xBE, 0x17, + /* 0x208 */ 0xA1, 0xE6, 0x21, 0xCA, 0xFD, 0x83, 0xE5, 0x10, + /* 0x210 */ 0xBC, 0x83, 0xA5, 0x0A, 0xC4, 0x67, 0x28, 0xF6, + /* 0x218 */ 0x73, 0x14, 0x14, 0x3D, 0x46, 0x76, 0xC3, 0x87, + /* 0x220 */ 0x14, 0x89, 0x21, 0x34, 0x4D, 0xAF, 0x0F, 0x45, + /* 0x228 */ 0x0C, 0xA6, 0x49, 0xA1, 0xBA, 0xBB, 0x9C, 0xC5, + /* 0x230 */ 0xB1, 0x33, 0x83, 0x29, 0x85, 0x02, 0x03, 0x01, + /* 0x238 */ 0x00, 0x01, 0xA3, 0x42, 0x30, 0x40, 0x30, 0x0F, + /* 0x240 */ 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, + /* 0x248 */ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + /* 0x250 */ 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, + /* 0x258 */ 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, + /* 0x260 */ 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, + /* 0x268 */ 0x04, 0x14, 0x4E, 0x22, 0x54, 0x20, 0x18, 0x95, + /* 0x270 */ 0xE6, 0xE3, 0x6E, 0xE6, 0x0F, 0xFA, 0xFA, 0xB9, + /* 0x278 */ 0x12, 0xED, 0x06, 0x17, 0x8F, 0x39, 0x30, 0x0D, + /* 0x280 */ 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + /* 0x288 */ 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, + /* 0x290 */ 0x01, 0x00, 0x60, 0x67, 0x28, 0x94, 0x6F, 0x0E, + /* 0x298 */ 0x48, 0x63, 0xEB, 0x31, 0xDD, 0xEA, 0x67, 0x18, + /* 0x2a0 */ 0xD5, 0x89, 0x7D, 0x3C, 0xC5, 0x8B, 0x4A, 0x7F, + /* 0x2a8 */ 0xE9, 0xBE, 0xDB, 0x2B, 0x17, 0xDF, 0xB0, 0x5F, + /* 0x2b0 */ 0x73, 0x77, 0x2A, 0x32, 0x13, 0x39, 0x81, 0x67, + /* 0x2b8 */ 0x42, 0x84, 0x23, 0xF2, 0x45, 0x67, 0x35, 0xEC, + /* 0x2c0 */ 0x88, 0xBF, 0xF8, 0x8F, 0xB0, 0x61, 0x0C, 0x34, + /* 0x2c8 */ 0xA4, 0xAE, 0x20, 0x4C, 0x84, 0xC6, 0xDB, 0xF8, + /* 0x2d0 */ 0x35, 0xE1, 0x76, 0xD9, 0xDF, 0xA6, 0x42, 0xBB, + /* 0x2d8 */ 0xC7, 0x44, 0x08, 0x86, 0x7F, 0x36, 0x74, 0x24, + /* 0x2e0 */ 0x5A, 0xDA, 0x6C, 0x0D, 0x14, 0x59, 0x35, 0xBD, + /* 0x2e8 */ 0xF2, 0x49, 0xDD, 0xB6, 0x1F, 0xC9, 0xB3, 0x0D, + /* 0x2f0 */ 0x47, 0x2A, 0x3D, 0x99, 0x2F, 0xBB, 0x5C, 0xBB, + /* 0x2f8 */ 0xB5, 0xD4, 0x20, 0xE1, 0x99, 0x5F, 0x53, 0x46, + /* 0x300 */ 0x15, 0xDB, 0x68, 0x9B, 0xF0, 0xF3, 0x30, 0xD5, + /* 0x308 */ 0x3E, 0x31, 0xE2, 0x8D, 0x84, 0x9E, 0xE3, 0x8A, + /* 0x310 */ 0xDA, 0xDA, 0x96, 0x3E, 0x35, 0x13, 0xA5, 0x5F, + /* 0x318 */ 0xF0, 0xF9, 0x70, 0x50, 0x70, 0x47, 0x41, 0x11, + /* 0x320 */ 0x57, 0x19, 0x4E, 0xC0, 0x8F, 0xAE, 0x06, 0xC4, + /* 0x328 */ 0x95, 0x13, 0x17, 0x2F, 0x1B, 0x25, 0x9F, 0x75, + /* 0x330 */ 0xF2, 0xB1, 0x8E, 0x99, 0xA1, 0x6F, 0x13, 0xB1, + /* 0x338 */ 0x41, 0x71, 0xFE, 0x88, 0x2A, 0xC8, 0x4F, 0x10, + /* 0x340 */ 0x20, 0x55, 0xD7, 0xF3, 0x14, 0x45, 0xE5, 0xE0, + /* 0x348 */ 0x44, 0xF4, 0xEA, 0x87, 0x95, 0x32, 0x93, 0x0E, + /* 0x350 */ 0xFE, 0x53, 0x46, 0xFA, 0x2C, 0x9D, 0xFF, 0x8B, + /* 0x358 */ 0x22, 0xB9, 0x4B, 0xD9, 0x09, 0x45, 0xA4, 0xDE, + /* 0x360 */ 0xA4, 0xB8, 0x9A, 0x58, 0xDD, 0x1B, 0x7D, 0x52, + /* 0x368 */ 0x9F, 0x8E, 0x59, 0x43, 0x88, 0x81, 0xA4, 0x9E, + /* 0x370 */ 0x26, 0xD5, 0x6F, 0xAD, 0xDD, 0x0D, 0xC6, 0x37, + /* 0x378 */ 0x7D, 0xED, 0x03, 0x92, 0x1B, 0xE5, 0x77, 0x5F, + /* 0x380 */ 0x76, 0xEE, 0x3C, 0x8D, 0xC4, 0x5D, 0x56, 0x5B, + /* 0x388 */ 0xA2, 0xD9, 0x66, 0x6E, 0xB3, 0x35, 0x37, 0xE5, + /* 0x390 */ 0x32, 0xB6, +}; +static const lws_ss_x509_t _ss_x509_digicert_global_root_g2 = { + .vhost_name = "digicert_global_root_g2", + .ca_der = _ss_der_digicert_global_root_g2, + .ca_der_len = 914, +}; +static const lws_ss_trust_store_t _ss_ts_api_amazon_com = { + .name = "api_amazon_com", + .ssx509 = { + &_ss_x509_digicert_global_root_g2, + &_ss_x509_digicert_global_ca_g2, + } +}; + +static const lws_ss_policy_t _ssp_captive_portal_detect = { + .streamtype = "captive_portal_detect", + .endpoint = "connectivitycheck.android.com", + .u = { + .http = { + .method = "GET", + .url = "generate_204", + .resp_expect = 204, + .fail_redirect = 1, + } + }, + .flags = 0x1, + .port = 80, + .protocol = 0, +}, +_ssp_mqtt_test1 = { + .next = (void *)&_ssp_captive_portal_detect, + .streamtype = "mqtt_test1", + .endpoint = "a1ygonr3im5cv2-ats.iot.us-west-2.amazonaws.com", + .u = { + .mqtt = { + .topic = "test/topic1", + .subscribe = "test/topic1", + .qos = 1, + } + }, + .retry_bo = &_rbo_0, + .flags = 0x10, + .port = 443, + .protocol = 3, + .client_cert = 1, + .trust_store = &_ss_ts_mqtt_amz_iot, +}, +_ssp_mqtt_test = { + .next = (void *)&_ssp_mqtt_test1, + .streamtype = "mqtt_test", + .endpoint = "a1ygonr3im5cv2-ats.iot.us-west-2.amazonaws.com", + .u = { + .mqtt = { + .topic = "test/topic0", + .subscribe = "test/topic0", + } + }, + .retry_bo = &_rbo_0, + .flags = 0x10, + .port = 443, + .protocol = 3, + .client_cert = 1, + .trust_store = &_ss_ts_mqtt_amz_iot, +}, +_ssp_minpost = { + .next = (void *)&_ssp_mqtt_test, + .streamtype = "minpost", + .endpoint = "warmcat.com", + .u = { + .http = { + .method = "POST", + .url = "testserver/formtest", + } + }, + .retry_bo = &_rbo_0, + .flags = 0x11, + .port = 443, + .protocol = 0, + .trust_store = &_ss_ts_le_via_isrg, +}, +_ssp_mintest_fail = { + .next = (void *)&_ssp_minpost, + .streamtype = "mintest-fail", + .endpoint = "warmcat.com", + .u = { + .http = { + .method = "GET", + .url = "index.html", + } + }, + .retry_bo = &_rbo_0, + .flags = 0x11, + .port = 22, + .protocol = 0, + .trust_store = &_ss_ts_le_via_isrg, +}, +_ssp_h2longpolltest = { + .next = (void *)&_ssp_mintest_fail, + .streamtype = "h2longpolltest", + .endpoint = "warmcat.com", + .u = { + .http = { + .method = "GET", + .url = "index.html", + } + }, + .retry_bo = &_rbo_0, + .flags = 0x32, + .port = 443, + .protocol = 1, + .trust_store = &_ss_ts_le_via_isrg, +}, +_ssp_mintest = { + .next = (void *)&_ssp_h2longpolltest, + .streamtype = "mintest", + .endpoint = "warmcat.com", + .metadata = (void *)&_md_mintest_uptag, + .u = { + .http = { + .method = "GET", + .url = "index.html?uptag=${uptag}", + } + }, + .retry_bo = &_rbo_0, + .flags = 0x11, + .port = 443, + .metadata_count = 3, + .protocol = 0, + .trust_store = &_ss_ts_le_via_isrg, +}, +_ssp_avs_audio = { + .next = (void *)&_ssp_mintest, + .streamtype = "avs_audio", + .endpoint = "alexa.na.gateway.devices.a2z.com", + .u = { + .http = { + .method = "POST", + .url = "v20160207/events", + .multipart_name = "audio", + .multipart_content_type = "application/octet-stream", + .auth_preamble = "Bearer ", + .blob_header = { + "authorization:", + }, + } + }, + .retry_bo = &_rbo_0, + .flags = 0xa90, + .port = 443, + .protocol = 1, + .trust_store = &_ss_ts_avs_via_starfield, +}, +_ssp_avs_metadata = { + .next = (void *)&_ssp_avs_audio, + .streamtype = "avs_metadata", + .endpoint = "alexa.na.gateway.devices.a2z.com", + .rideshare_streamtype = "avs_audio", + .u = { + .http = { + .method = "POST", + .url = "v20160207/events", + .multipart_name = "metadata", + .multipart_content_type = "application/json; charset=UTF-8", + .auth_preamble = "Bearer ", + .blob_header = { + "authorization:", + }, + } + }, + .retry_bo = &_rbo_0, + .flags = 0xa91, + .port = 443, + .protocol = 1, + .trust_store = &_ss_ts_avs_via_starfield, +}, +_ssp_avs_event = { + .next = (void *)&_ssp_avs_metadata, + .streamtype = "avs_event", + .endpoint = "alexa.na.gateway.devices.a2z.com", + .u = { + .http = { + .method = "GET", + .url = "v20160207/directives", + .auth_preamble = "Bearer ", + .blob_header = { + "authorization:", + }, + } + }, + .retry_bo = &_rbo_0, + .flags = 0x2b2, + .port = 443, + .protocol = 1, + .trust_store = &_ss_ts_avs_via_starfield, +}, +_ssp_api_amazon_com_auth = { + .next = (void *)&_ssp_avs_event, + .streamtype = "api_amazon_com_auth", + .endpoint = "api.amazon.com", + .u = { + .http = { + .method = "POST", + .url = "auth/o2/token", + } + }, + .retry_bo = &_rbo_0, + .flags = 0x1291, + .port = 443, + .protocol = 0, + .trust_store = &_ss_ts_api_amazon_com, +}; +#define _ss_static_policy_entry _ssp_api_amazon_com_auth +/* estimated footprint 10928 (when sizeof void * = 8) */ diff --git a/minimal-examples/secure-streams/minimal-secure-streams/CMakeLists.txt b/minimal-examples/secure-streams/minimal-secure-streams/CMakeLists.txt index 675e52388..f24d2a874 100644 --- a/minimal-examples/secure-streams/minimal-secure-streams/CMakeLists.txt +++ b/minimal-examples/secure-streams/minimal-secure-streams/CMakeLists.txt @@ -65,6 +65,7 @@ set(requirements 1) require_lws_config(LWS_ROLE_H1 1 requirements) require_lws_config(LWS_WITHOUT_CLIENT 0 requirements) require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) +require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements) if (requirements) add_executable(${SAMP} minimal-secure-streams.c)