diff --git a/changelog b/changelog index 6881a5b2c..5e48a24b6 100644 --- a/changelog +++ b/changelog @@ -98,6 +98,12 @@ If you are providing other headers, they must be generated using the new HTTP-version-agnostic APIs, and you must provide the length of them using this additional parameter. +struct lws_context_creation_info now has an additional member +SSL_CTX *provided_client_ssl_ctx you may set to an externally-initialized +SSL_CTX managed outside lws. Defaulting to zero keeps the existing behaviour of +lws managing the context, if you memset the struct to 0 or have as a filescope +initialized struct in bss, no need to change anything. + v1.3-chrome37-firefox30 ======================= diff --git a/lib/context.c b/lib/context.c index 635bb1372..447c96c51 100644 --- a/lib/context.c +++ b/lib/context.c @@ -214,15 +214,24 @@ libwebsocket_create_context(struct lws_context_creation_info *info) sizeof(struct libwebsocket), sizeof(struct allocated_headers)); - if (lws_context_init_server_ssl(info, context)) - goto bail; - if (lws_context_init_client_ssl(info, context)) +#ifdef LWS_OPENSSL_SUPPORT + if (info->provided_client_ssl_ctx){ + //use the provided OpenSSL context if given one + context->ssl_client_ctx = info->provided_client_ssl_ctx; + context->user_supplied_ssl_ctx = 1; //mark to not delet the context on cleanup + } +#endif + if (lws_context_init_server_ssl(info, context)) + goto bail; + if (!context->ssl_client_ctx && lws_context_init_client_ssl(info, context)) goto bail; if (lws_context_init_server(info, context)) goto bail; + lwsl_debug(" client SSL ctx %p\n", context->ssl_client_ctx); + lwsl_debug(" server SSL ctx %p\n", context->ssl_ctx); /* * drop any root privs for this process * to listen on port < 1023 we would have needed root, but now we are diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 30dbd5757..816b1df64 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -86,6 +86,14 @@ extern "C" { #include #endif +#ifdef LWS_OPENSSL_SUPPORT +#ifdef USE_CYASSL +#include +#else +#include +#endif /* not USE_CYASSL */ +#endif + #define CONTEXT_PORT_NO_LISTEN -1 #define MAX_MUX_RECURSION 2 @@ -995,6 +1003,10 @@ struct libwebsocket_extension { * and killing the connection * @ka_interval: if ka_time was nonzero, how long to wait before each ka_probes * attempt + * @provided_client_ssl_ctx: If non-null, swap out libwebsockets ssl + * implementation for the one provided by provided_ssl_ctx. + * Libwebsockets no longer is responsible for freeing the context + * if this option is selected. */ struct lws_context_creation_info { @@ -1017,7 +1029,11 @@ struct lws_context_creation_info { int ka_time; int ka_probes; int ka_interval; - +#ifdef LWS_OPENSSL_SUPPORT + SSL_CTX *provided_client_ssl_ctx; +#else /* maintain structure layout either way */ + void *provided_client_ssl_ctx; +#endif }; LWS_VISIBLE LWS_EXTERN diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index 5946a5ee9..7e01fe7d7 100755 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -462,6 +462,7 @@ struct libwebsocket_context { #ifdef LWS_OPENSSL_SUPPORT int use_ssl; int allow_non_ssl_on_ssl_port; + unsigned int user_supplied_ssl_ctx:1; SSL_CTX *ssl_ctx; SSL_CTX *ssl_client_ctx; unsigned int ssl_flag_buffered_reads:1; diff --git a/lib/ssl.c b/lib/ssl.c index 3cdfdeab5..cc86b8052 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -192,7 +192,7 @@ lws_ssl_destroy(struct libwebsocket_context *context) { if (context->ssl_ctx) SSL_CTX_free(context->ssl_ctx); - if (context->ssl_client_ctx) + if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx) SSL_CTX_free(context->ssl_client_ctx); ERR_remove_state(0); @@ -593,7 +593,7 @@ lws_ssl_context_destroy(struct libwebsocket_context *context) { if (context->ssl_ctx) SSL_CTX_free(context->ssl_ctx); - if (context->ssl_client_ctx) + if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx) SSL_CTX_free(context->ssl_client_ctx); ERR_remove_state(0);