diff --git a/lib/roles/http/client/client-handshake.c b/lib/roles/http/client/client-handshake.c index f1f525cda..27408c34b 100644 --- a/lib/roles/http/client/client-handshake.c +++ b/lib/roles/http/client/client-handshake.c @@ -355,10 +355,6 @@ lws_client_conn_wait_timeout(lws_sorted_usec_list_t *sul) * connection before giving up on it and retrying. */ -#if defined(WIN32) - wsi->dns_results_next = wsi->dns_results_next->ai_next; -#endif - lwsl_info("%s: connect wait timeout has fired\n", __func__); lws_client_connect_3_connect(wsi, NULL, NULL, 0, NULL); } diff --git a/minimal-examples/api-tests/api-test-secure-streams/CMakeLists.txt b/minimal-examples/api-tests/api-test-secure-streams/CMakeLists.txt new file mode 100644 index 000000000..998c2c49b --- /dev/null +++ b/minimal-examples/api-tests/api-test-secure-streams/CMakeLists.txt @@ -0,0 +1,28 @@ +project(lws-api-test-secure-streams) +cmake_minimum_required(VERSION 2.8) +include(CheckCSourceCompiles) +include(LwsCheckRequirements) + +set(requirements 1) +require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements) + +if (requirements) + + add_executable(${PROJECT_NAME} main.c) + + if (LWS_CTEST_INTERNET_AVAILABLE) + add_test(NAME api-test-secure-streams COMMAND ${PROJECT_NAME}) + set_tests_properties(api-test-secure-streams + PROPERTIES + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/api-tests/api-test-secure-streams + TIMEOUT 20) + endif() + + if (websockets_shared) + target_link_libraries(${PROJECT_NAME} websockets_shared) + add_dependencies(${PROJECT_NAME} websockets_shared) + else() + target_link_libraries(${PROJECT_NAME} websockets) + endif() + +endif() diff --git a/minimal-examples/api-tests/api-test-secure-streams/README.md b/minimal-examples/api-tests/api-test-secure-streams/README.md new file mode 100644 index 000000000..a5a220a5d --- /dev/null +++ b/minimal-examples/api-tests/api-test-secure-streams/README.md @@ -0,0 +1,21 @@ +# lws api test Secure Streams + +Performs some tests against httpbin.org server +to check Secure Streams client performance + +## build + +``` + $ cmake . && make +``` + +## usage + +Commandline option|Meaning +---|--- +-d |Debug verbosity in decimal, eg, -d15 + +``` + $ ./lws-api-test-secure-streams +``` + diff --git a/minimal-examples/api-tests/api-test-secure-streams/main.c b/minimal-examples/api-tests/api-test-secure-streams/main.c new file mode 100644 index 000000000..7ba0ae1a4 --- /dev/null +++ b/minimal-examples/api-tests/api-test-secure-streams/main.c @@ -0,0 +1,384 @@ +/* + * lws-api-test-secure-streams + * + * Written in 2010-2020 by Andy Green + * + * This file is made available under the Creative Commons CC0 1.0 + * Universal Public Domain Dedication. + * + * Let's exercise some basic SS / h1 functionality against httpbin.org + */ + +#include +#include +#include + +static int interrupted, bad = 1; +static lws_state_notify_link_t nl; +static struct lws_context *context; + +static const char * const default_ss_policy = + "{" + "\"release\":" "\"01234567\"," + "\"product\":" "\"myproduct\"," + "\"schema-version\":" "1," +#if defined(VIA_LOCALHOST_SOCKS) + "\"via-socks5\":" "\"127.0.0.1:1080\"," +#endif + + "\"retry\": [" /* named backoff / retry strategies */ + "{\"default\": {" + "\"backoff\": [" "1000," + "2000," + "3000," + "5000," + "10000" + "]," + "\"conceal\":" "5," + "\"jitterpc\":" "20," + "\"svalidping\":" "30," + "\"svalidhup\":" "35" + "}}" + "]," + "\"certs\": [" /* named individual certificates in BASE64 DER */ + /* + * Let's Encrypt certs for warmcat.com / libwebsockets.org + * + * We fetch the real policy from there using SS and switch to + * using that. + */ + + "{\"amz_root_ca1\": \"" + "MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF" + "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6" + "b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL" + "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv" + "b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj" + "ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM" + "9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw" + "IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6" + "VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L" + "93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm" + "jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC" + "AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA" + "A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI" + "U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs" + "N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv" + "o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU" + "5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy" + "rqXRfboQnoZsG4q5WTP468SQvvG5" + "\"}" + "]," + "\"trust_stores\": [" /* named cert chains */ + "{" + "\"name\": \"amz\"," + "\"stack\": [" + "\"amz_root_ca1\"" + "]" + "}" + "]," + "\"s\": [" + /* + * "fetch_policy" decides from where the real policy + * will be fetched, if present. Otherwise the initial + * policy is treated as the whole, hardcoded, policy. + */ + "{\"httpbin_get\": {" + "\"endpoint\":" "\"httpbin.org\"," + "\"port\":" "443," + "\"protocol\":" "\"h1\"," + "\"http_method\":" "\"GET\"," + "\"http_url\":" "\"/get\"," + "\"tls\":" "true," + "\"opportunistic\":" "true," + "\"retry\":" "\"default\"," + "\"tls_trust_store\":" "\"amz\"" + "}}," + "{\"httpbin_get404\": {" + "\"endpoint\":" "\"httpbin.org\"," + "\"port\":" "443," + "\"protocol\":" "\"h1\"," + "\"http_method\":" "\"GET\"," + "\"http_url\":" "\"/status/404\"," + "\"tls\":" "true," + "\"opportunistic\":" "true," + "\"retry\":" "\"default\"," + "\"tls_trust_store\":" "\"amz\"" + "}}," + "{\"httpbin_post\": {" + "\"endpoint\":" "\"httpbin.org\"," + "\"port\":" "443," + "\"protocol\":" "\"h1\"," + "\"http_method\":" "\"POST\"," + "\"http_url\":" "\"/post\"," + "\"tls\":" "true," + "\"opportunistic\":" "true," + "\"retry\":" "\"default\"," + "\"tls_trust_store\":" "\"amz\"" + "}}" + "}" + "]}" +; + +typedef struct atss { + const lws_ss_info_t *ssi; + size_t send; + char expect_nack; +} atss_t; + +static const atss_t *next_test; + +typedef struct myss { + struct lws_ss_handle *ss; + void *opaque_data; + /* ... application specific state ... */ + lws_sorted_usec_list_t sul; + size_t payload; + size_t sent; + char seen_eom; + char ended_well; +} myss_t; + +/* secure streams payload interface */ + +static int +myss_rx(void *userobj, const uint8_t *buf, size_t len, int flags) +{ + myss_t *m = (myss_t *)userobj; + + lwsl_hexdump_info(buf, len); + + m->payload += len; + + if (!(flags & LWSSS_FLAG_EOM)) + m->seen_eom = 1; + + return 0; +} + +static int +myss_tx_get(void *userobj, lws_ss_tx_ordinal_t ord, uint8_t *buf, size_t *len, + int *flags) +{ + return 1; /* nothing to send */ +} + +static int +myss_tx_post(void *userobj, lws_ss_tx_ordinal_t ord, uint8_t *buf, size_t *len, + int *flags) +{ + myss_t *m = (myss_t *)userobj; + size_t budget = (next_test->send - m->sent); + + if (!budget) + return 1; + + if (*len < budget) + budget = *len; + + if (!m->sent) + *flags |= LWSSS_FLAG_SOM; + + memset(buf, 0x55, budget); + *len = budget; + m->sent += budget; + if (m->sent != next_test->send) + lws_ss_request_tx(m->ss); + else + *flags |= LWSSS_FLAG_EOM; + + return 0; +} + +static int +myss_state(void *userobj, void *sh, lws_ss_constate_t state, + lws_ss_tx_ordinal_t ack) +{ + myss_t *m = (myss_t *)userobj; + + lwsl_notice("%s: %s, ord 0x%x\n", __func__, lws_ss_state_name(state), + (unsigned int)ack); + + switch (state) { + case LWSSSCS_CREATING: + lws_ss_client_connect(m->ss); + if (next_test->send) + lws_ss_request_tx_len(m->ss, (unsigned long)next_test->send); + break; + case LWSSSCS_ALL_RETRIES_FAILED: + lwsl_notice("%s: Connection failed\n", __func__); + interrupted = 1; + break; + case LWSSSCS_QOS_NACK_REMOTE: + if (next_test->expect_nack) + goto happy; + lwsl_notice("%s: remote NACK\n", __func__); + interrupted = 1; + break; + case LWSSSCS_QOS_ACK_REMOTE: + /* + * To be satisfied, we want to see the ACK_REMOTE indicating + * that the transaction went through; that we had the payload + * EOM; and that we saw at least 200 + posted bytes response + */ + + if (!m->seen_eom || m->payload < 200 + next_test->send) { + lwsl_warn("%s: ACK_REMOTE but eom %d, payload %d\n", + __func__, m->seen_eom, (int)m->payload); + interrupted = 1; + return -1; + } + +happy: + /* when we disconnect, we can go happily */ + m->ended_well = 1; + + if (!(++next_test)->ssi) { + lwsl_notice("%s: completed all tests\n", __func__); + bad = 0; + interrupted = 1; + break; + } + if (lws_ss_create(context, 0, next_test->ssi, + NULL, NULL, NULL, NULL)) { + lwsl_err("%s: failed to create secure stream\n", + __func__); + return -1; + } + break; + + case LWSSSCS_DISCONNECTED: + if (!m->ended_well) { + lwsl_warn("%s: DISCONNECTED without good end\n", + __func__); + interrupted = 1; + } + break; + default: + break; + } + + return 0; +} + +static const lws_ss_info_t ssi_get = { + .handle_offset = offsetof(myss_t, ss), + .opaque_user_data_offset = offsetof(myss_t, opaque_data), + .rx = myss_rx, + .tx = myss_tx_get, + .state = myss_state, + .user_alloc = sizeof(myss_t), + .streamtype = "httpbin_get" +}, ssi_get404 = { + .handle_offset = offsetof(myss_t, ss), + .opaque_user_data_offset = offsetof(myss_t, opaque_data), + .rx = myss_rx, + .tx = myss_tx_get, + .state = myss_state, + .user_alloc = sizeof(myss_t), + .streamtype = "httpbin_get404" +}, ssi_post = { + .handle_offset = offsetof(myss_t, ss), + .opaque_user_data_offset = offsetof(myss_t, opaque_data), + .rx = myss_rx, + .tx = myss_tx_post, + .state = myss_state, + .user_alloc = sizeof(myss_t), + .streamtype = "httpbin_post" +}; + +static const atss_t test_list[] = { + { .ssi = &ssi_get }, + { .ssi = &ssi_get404, .expect_nack = 1 }, + { .ssi = &ssi_post, .send = 4096 }, + { .ssi = NULL } +}; + + +static int +app_system_state_nf(lws_state_manager_t *mgr, lws_state_notify_link_t *link, + int current, int target) +{ + struct lws_context *context = lws_system_context_from_system_mgr(mgr); + + /* + * For the things we care about, let's notice if we are trying to get + * past them when we haven't solved them yet, and make the system + * state wait while we trigger the dependent action. + */ + switch (target) { + + case LWS_SYSTATE_OPERATIONAL: + if (current == LWS_SYSTATE_OPERATIONAL) { + + next_test = &test_list[0]; + + if (lws_ss_create(context, 0, next_test->ssi, + NULL, NULL, NULL, NULL)) { + lwsl_err("%s: failed to create secure stream\n", + __func__); + return -1; + } + } + break; + } + + return 0; +} + +static lws_state_notify_link_t * const app_notifier_list[] = { + &nl, NULL +}; + +static void +sigint_handler(int sig) +{ + interrupted = 1; +} + +int main(int argc, const char **argv) +{ + struct lws_context_creation_info info; + int n = 0; + + signal(SIGINT, sigint_handler); + + memset(&info, 0, sizeof info); + lws_cmdline_option_handle_builtin(argc, argv, &info); + + lwsl_user("LWS secure streams test client [-d]\n"); + + /* these options are mutually exclusive if given */ + + info.fd_limit_per_thread = 1 + 6 + 1; + info.port = CONTEXT_PORT_NO_LISTEN; + info.pss_policies_json = default_ss_policy; + info.options = LWS_SERVER_OPTION_EXPLICIT_VHOSTS | + LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT | + LWS_SERVER_OPTION_H2_JUST_FIX_WINDOW_UPDATE_OVERFLOW; + + /* integrate us with lws system state management when context created */ + + nl.name = "app"; + nl.notify_cb = app_system_state_nf; + info.register_notifier_list = app_notifier_list; + + /* create the context */ + + context = lws_create_context(&info); + if (!context) { + lwsl_err("lws init failed\n"); + return 1; + } + + /* the event loop */ + + while (n >= 0 && !interrupted) + n = lws_service(context, 0); + + lws_context_destroy(context); + + lwsl_user("Completed: %s\n", bad ? "failed" : "OK"); + + return bad; +}