diff --git a/CMakeLists.txt b/CMakeLists.txt index 43630f7e2..270478f53 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -44,8 +44,8 @@ endif() option(LWS_WITH_STATIC "Build the static version of the library" ON) option(LWS_WITH_SHARED "Build the shared version of the library" ON) -option(LWS_WITH_SSL "Include SSL support (default OpenSSL, CyaSSL if LWS_USE_CYASSL is set)" ON) -option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When settings this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF) +option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON) +option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When settings this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF) option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON) option(LWS_WITH_LIBEV "Compile with support for libev" OFF) option(LWS_USE_BUNDLED_ZLIB "Use bundled zlib version (Windows only)" ${LWS_USE_BUNDLED_ZLIB_DEFAULT}) @@ -90,12 +90,12 @@ set(LWS_ZLIB_LIBRARIES CACHE PATH "Path to the zlib library") set(LWS_ZLIB_INCLUDE_DIRS CACHE PATH "Path to the zlib include directory") set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library") set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory") -set(LWS_CYASSL_LIBRARIES CACHE PATH "Path to the CyaSSL library") -set(LWS_CYASSL_INCLUDE_DIRS CACHE PATH "Path to the CyaSSL include directory") +set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library") +set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory") set(LWS_LIBEV_LIBRARIES CACHE PATH "Path to the libev library") set(LWS_LIBEV_INCLUDE_DIRS CACHE PATH "Path to the libev include directory") -if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL) +if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "") else() set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES}) @@ -104,17 +104,17 @@ if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL) endif() endif() -if (LWS_WITH_SSL AND LWS_USE_CYASSL) - if ("${LWS_CYASSL_LIBRARIES}" STREQUAL "" OR "${LWS_CYASSL_INCLUDE_DIRS}" STREQUAL "") - if (NOT CYASSL_FOUND) - message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_USE_CYASSL is turned on.") +if (LWS_WITH_SSL AND LWS_USE_WOLFSSL) + if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "") + if (NOT WOLFSSL_FOUND) + message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.") endif() else() - set(CYASSL_LIBRARIES ${LWS_CYASSL_LIBRARIES}) - set(CYASSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS}) - set(CYASSL_FOUND 1) + set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES}) + set(WOLFSSL_INCLUDE_DIRS ${LWS_WOLFSSL_INCLUDE_DIRS}) + set(WOLFSSL_FOUND 1) endif() - set(USE_CYASSL 1) + set(USE_WOLFSSL 1) endif() if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB) @@ -516,20 +516,20 @@ endif() if (LWS_WITH_SSL) message("Compiling with SSL support") - if (LWS_USE_CYASSL) - # Use CyaSSL as OpenSSL replacement. + if (LWS_USE_WOLFSSL) + # Use wolfSSL as OpenSSL replacement. # TODO: Add a find_package command for this also. - message("CyaSSL include dir: ${CYASSL_INCLUDE_DIRS}") - message("CyaSSL libraries: ${CYASSL_LIBRARIES}") + message("wolfSSL include dir: ${WOLFSSL_INCLUDE_DIRS}") + message("wolfSSL libraries: ${WOLFSSL_LIBRARIES}") # Additional to the root directory we need to include - # the cyassl/ subdirectory which contains the OpenSSL + # the wolfssl/ subdirectory which contains the OpenSSL # compatability layer headers. - foreach(inc ${CYASSL_LIBRARIES}) - include_directories("${inc}" "${inc}/cyassl") + foreach(inc ${WOLFSSL_INCLUDE_DIRS}) + include_directories("${inc}" "${inc}/wolfssl") endforeach() - list(APPEND LIB_LIST "${CYASSL_LIBRARIES}") + list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}") else() if (NOT OPENSSL_FOUND) # TODO: Add support for STATIC also. @@ -636,7 +636,7 @@ if (NOT LWS_WITHOUT_TESTAPPS) list(APPEND TEST_APP_LIST ${TEST_NAME}) endmacro() - if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL) + if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) message("Searching for OpenSSL executable and dlls") find_package(OpenSSLbins) message("OpenSSL executable: ${OPENSSL_EXECUTABLE}") @@ -781,7 +781,7 @@ if (NOT LWS_WITHOUT_TESTAPPS) # Copy OpenSSL dlls to the output directory on Windows. # (Otherwise we'll get an error when trying to run) # - if (WIN32 AND LWS_WITH_SSL AND NOT LWS_USE_CYASSL) + if (WIN32 AND LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL) if(OPENSSL_BIN_FOUND) message("OpenSSL dlls found:") message(" Libeay: ${LIBEAY_BIN}") @@ -933,10 +933,10 @@ message(" Settings: (For more help do cmake -LH )") message("---------------------------------------------------------------------") message(" LWS_WITH_SSL = ${LWS_WITH_SSL} (SSL Support)") message(" LWS_SSL_CLIENT_USE_OS_CA_CERTS = ${LWS_SSL_CLIENT_USE_OS_CA_CERTS}") -message(" LWS_USE_CYASSL = ${LWS_USE_CYASSL} (CyaSSL replacement for OpenSSL)") -if (LWS_USE_CYASSL) - message(" LWS_CYASSL_LIBRARIES = ${LWS_CYASSL_LIBRARIES}") - message(" LWS_CYASSL_INCLUDE_DIRS = ${LWS_CYASSL_INCLUDE_DIRS}") +message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL replacement for OpenSSL)") +if (LWS_USE_WOLFSSL) + message(" LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}") + message(" LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}") endif() message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}") message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}") diff --git a/README.build.md b/README.build.md index 00a2702eb..aca934c68 100644 --- a/README.build.md +++ b/README.build.md @@ -10,7 +10,7 @@ create elaborate clean scripts to get a clean source tree, instead you simply remove your build directory. Libwebsockets has been tested to build successfully on the following platforms -with SSL support (both OpenSSL/CyaSSL): +with SSL support (both OpenSSL/wolfSSL): - Windows - Linux (x86 and ARM) @@ -151,27 +151,27 @@ Windows GUI On windows CMake comes with a gui application: Start -> Programs -> CMake -> CMake (cmake-gui) -CyaSSL replacement for OpenSSL +wolfSSL replacement for OpenSSL ------------------------------ -CyaSSL is a lightweight SSL library targeted at embedded system: -http://www.yassl.com/yaSSL/Products-cyassl.html +wolfSSL is a lightweight SSL library targeted at embedded system: +http://www.yassl.com/yaSSL/Products-wolfssl.html It contains a OpenSSL compatability layer which makes it possible to pretty much link to it instead of OpenSSL, giving a much smaller footprint. -**NOTE**: cyassl needs to be compiled using the `--enable-opensslextra` flag for +**NOTE**: wolfssl needs to be compiled using the `--enable-opensslextra` flag for this to work. -Compiling libwebsockets with CyaSSL +Compiling libwebsockets with wolfSSL ----------------------------------- ```bash -cmake .. -DLWS_USE_CYASSL=1 \ - -DLWS_CYASSL_INCLUDE_DIRS=/path/to/cyassl \ - -DLWS_CYASSL_LIB=/path/to/cyassl/cyassl.a .. +cmake .. -DLWS_USE_WOLFSSL=1 \ + -DLWS_WOLFSSL_INCLUDE_DIRS=/path/to/wolfssl \ + -DLWS_WOLFSSL_LIB=/path/to/wolfssl/wolfssl.a .. ``` -**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIB` instead. +**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIB` instead. Reproducing HTTP2.0 tests diff --git a/cross-openwrt-makefile b/cross-openwrt-makefile index 9f1a0fdb0..2298ffb9c 100644 --- a/cross-openwrt-makefile +++ b/cross-openwrt-makefile @@ -23,11 +23,11 @@ CMAKE_OPTIONS += -DLWS_OPENSSL_SUPPORT=ON CMAKE_OPTIONS += -DLWS_WITH_SSL=ON CMAKE_OPTIONS += -DLWS_WITHOUT_TESTAPPS=$(if $(CONFIG_PACKAGE_libwebsockets-examples),"OFF","ON") -# for cyassl, define these in addition to LWS_OPENSSL_SUPPORT and -# edit package/libs/cyassl/Makefile to include --enable-opensslextra -# CMAKE_OPTIONS += -DLWS_USE_CYASSL=ON -# CMAKE_OPTIONS += -DLWS_CYASSL_LIB=$(STAGING_DIR)/usr/lib/libcyassl.so -# CMAKE_OPTIONS += -DLWS_CYASSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include +# for wolfssl, define these in addition to LWS_OPENSSL_SUPPORT and +# edit package/libs/wolfssl/Makefile to include --enable-opensslextra +# CMAKE_OPTIONS += -DLWS_USE_WOLFSSL=ON +# CMAKE_OPTIONS += -DLWS_WOLFSSL_LIB=$(STAGING_DIR)/usr/lib/libwolfssl.so +# CMAKE_OPTIONS += -DLWS_WOLFSSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include # other options worth noting # CMAKE_OPTIONS += -DLWS_WITHOUT_EXTENSIONS=ON diff --git a/lib/client.c b/lib/client.c index fd65ae8e8..28761cde8 100644 --- a/lib/client.c +++ b/lib/client.c @@ -132,13 +132,13 @@ int lws_client_socket_service(struct libwebsocket_context *context, /* we can retry this... just cook the SSL BIO the first time */ if (wsi->use_ssl && !wsi->ssl) { -#if defined(CYASSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME) +#if defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME) const char *hostname = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_PEER_ADDRESS); #endif wsi->ssl = SSL_new(context->ssl_client_ctx); -#ifndef USE_CYASSL +#ifndef USE_WOLFSSL SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); #endif @@ -146,9 +146,9 @@ int lws_client_socket_service(struct libwebsocket_context *context, * use server name indication (SNI), if supported, * when establishing connection */ -#ifdef USE_CYASSL -#ifdef CYASSL_SNI_HOST_NAME - CyaSSL_UseSNI(wsi->ssl, CYASSL_SNI_HOST_NAME, +#ifdef USE_WOLFSSL +#ifdef WOLFSSL_SNI_HOST_NAME + wolfSSL_UseSNI(wsi->ssl, WOLFSSL_SNI_HOST_NAME, hostname, strlen(hostname)); #endif #else @@ -157,9 +157,9 @@ int lws_client_socket_service(struct libwebsocket_context *context, #endif #endif -#ifdef USE_CYASSL +#ifdef USE_WOLFSSL /* - * CyaSSL does certificate verification differently + * wolfSSL does certificate verification differently * from OpenSSL. * If we should ignore the certificate, we need to set * this before SSL_new and SSL_connect is called. @@ -167,16 +167,16 @@ int lws_client_socket_service(struct libwebsocket_context *context, * code -155 */ if (wsi->use_ssl == 2) - CyaSSL_set_verify(wsi->ssl, + wolfSSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, NULL); -#endif /* USE_CYASSL */ +#endif /* USE_WOLFSSL */ wsi->client_bio = BIO_new_socket(wsi->sock, BIO_NOCLOSE); SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio); -#ifdef USE_CYASSL - CyaSSL_set_using_nonblock(wsi->ssl, 1); +#ifdef USE_WOLFSSL + wolfSSL_set_using_nonblock(wsi->ssl, 1); #else BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */ #endif @@ -300,9 +300,9 @@ int lws_client_socket_service(struct libwebsocket_context *context, } } - #ifndef USE_CYASSL + #ifndef USE_WOLFSSL /* - * See comment above about CyaSSL certificate + * See comment above about wolfSSL certificate * verification */ lws_latency_pre(context, wsi); @@ -323,7 +323,7 @@ int lws_client_socket_service(struct libwebsocket_context *context, return 0; } } -#endif /* USE_CYASSL */ +#endif /* USE_WOLFSSL */ } else wsi->ssl = NULL; #endif diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index b253d9284..fb27f0b20 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -91,11 +91,11 @@ extern "C" { #endif #ifdef LWS_OPENSSL_SUPPORT -#ifdef USE_CYASSL -#include +#ifdef USE_WOLFSSL +#include #else #include -#endif /* not USE_CYASSL */ +#endif /* not USE_WOLFSSL */ #endif #define CONTEXT_PORT_NO_LISTEN -1 diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index a862234ac..cf9e8c5fd 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -149,16 +149,16 @@ #endif #ifdef LWS_OPENSSL_SUPPORT -#ifdef USE_CYASSL -#include -#include +#ifdef USE_WOLFSSL +#include +#include #else #include #include #include #include #include -#endif /* not USE_CYASSL */ +#endif /* not USE_WOLFSSL */ #endif #include "libwebsockets.h" diff --git a/lib/ssl.c b/lib/ssl.c index f6276932f..53ad99486 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -20,7 +20,9 @@ */ #include "private-libwebsockets.h" +#ifndef USE_WOLFSSL #include +#endif int openssl_websocket_private_data_index; @@ -86,8 +88,8 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, context->use_ssl = info->ssl_cert_filepath != NULL; -#ifdef USE_CYASSL - lwsl_notice(" Compiled with CYASSL support\n"); +#ifdef USE_WOLFSSL + lwsl_notice(" Compiled with WOLFSSL support\n"); #else lwsl_notice(" Compiled with OpenSSL support\n"); #endif @@ -240,7 +242,7 @@ lws_ssl_destroy(struct libwebsocket_context *context) if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx) SSL_CTX_free(context->ssl_client_ctx); -#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_CYASSL) +#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL) ERR_remove_state(0); #else ERR_remove_thread_state(NULL); @@ -502,7 +504,7 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context, { int n, m; struct libwebsocket *wsi = *pwsi; -#ifndef USE_CYASSL +#ifndef USE_WOLFSSL BIO *bio; #endif @@ -533,8 +535,8 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context, SSL_set_fd(new_wsi->ssl, accept_fd); -#ifdef USE_CYASSL - CyaSSL_set_using_nonblock(new_wsi->ssl, 1); +#ifdef USE_WOLFSSL + wolfSSL_set_using_nonblock(new_wsi->ssl, 1); #else SSL_set_mode(new_wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); bio = SSL_get_rbio(new_wsi->ssl); @@ -665,7 +667,7 @@ lws_ssl_context_destroy(struct libwebsocket_context *context) if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx) SSL_CTX_free(context->ssl_client_ctx); -#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_CYASSL) +#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL) ERR_remove_state(0); #else ERR_remove_thread_state(NULL); diff --git a/lws_config.h.in b/lws_config.h.in index 251cb18e4..4d66892fe 100644 --- a/lws_config.h.in +++ b/lws_config.h.in @@ -6,9 +6,9 @@ #endif #endif -/* Define to 1 to use CyaSSL as a replacement for OpenSSL. +/* Define to 1 to use wolfSSL as a replacement for OpenSSL. * LWS_OPENSSL_SUPPORT needs to be set also for this to work. */ -#cmakedefine USE_CYASSL +#cmakedefine USE_WOLFSSL /* The Libwebsocket version */ #cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"