diff --git a/CMakeLists.txt b/CMakeLists.txt index 8971759a9..bb1b61345 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -270,19 +270,6 @@ if (LWS_WITH_SSL AND LWS_USE_WOLFSSL) endif() endif() -if (LWS_WITH_SSL AND LWS_USE_MBEDTLS) - if ("${LWS_MBEDTLS_LIBRARIES}" STREQUAL "" OR "${LWS_MBEDTLS_INCLUDE_DIRS}" STREQUAL "") - if (NOT MBEDTLS_FOUND) - message(FATAL_ERROR "You must set LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS when LWS_USE_MBEDTLS is turned on.") - endif() - else() - set(MBEDTLS_LIBRARIES ${LWS_MBEDTLS_LIBRARIES}) - set(MBEDTLS_INCLUDE_DIRS ${LWS_MBEDTLS_INCLUDE_DIRS}) - set(MBEDTLS_FOUND 1) - endif() - set(USE_MBEDTLS 1) -endif() - if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB) if ("${LWS_ZLIB_LIBRARIES}" STREQUAL "" OR "${LWS_ZLIB_INCLUDE_DIRS}" STREQUAL "") else() diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index a1871b702..b3a3d4e0c 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -186,12 +186,8 @@ struct lws_polarssl_context { typedef struct lws_polarssl_context SSL_CTX; typedef ssl_context SSL; #else -#if defined(LWS_USE_MBEDTLS) -#include -#else #include #include -#endif /* not USE_MBEDTLS */ #endif /* not USE_POLARSSL */ #endif /* not USE_WOLFSSL */ #endif diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index 55dd09d30..640e56a8b 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -261,23 +261,6 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen); #define OPENSSL_NO_TLSEXT #endif /* not USE_OLD_CYASSL */ #else -#if defined(LWS_USE_POLARSSL) -#include -#include -#include -#include -#include -#define SSL_ERROR_WANT_READ POLARSSL_ERR_NET_WANT_READ -#define SSL_ERROR_WANT_WRITE POLARSSL_ERR_NET_WANT_WRITE -#define OPENSSL_VERSION_NUMBER 0x10002000L -#else -#if defined(LWS_USE_MBEDTLS) -#include -#include -#include -#include -#include -#else #include #include #include @@ -295,9 +278,6 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen); */ #define OPENSSL_NO_TLSEXT #endif - -#endif /* not USE_MBEDTLS */ -#endif /* not USE_POLARSSL */ #endif /* not USE_WOLFSSL */ #endif @@ -1418,9 +1398,7 @@ struct lws { #endif #ifdef LWS_OPENSSL_SUPPORT SSL *ssl; -#if !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS) BIO *client_bio; -#endif struct lws *pending_read_list_prev, *pending_read_list_next; #endif #ifdef LWS_WITH_HTTP_PROXY diff --git a/lib/ssl-client.c b/lib/ssl-client.c index f65dbde07..b204495b3 100644 --- a/lib/ssl-client.c +++ b/lib/ssl-client.c @@ -29,10 +29,6 @@ lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info extern int lws_ssl_get_error(struct lws *wsi, int n); -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #ifdef USE_WOLFSSL #else @@ -93,17 +89,10 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) return !n; } #endif -#endif -#endif int lws_ssl_client_bio_create(struct lws *wsi) { -#if defined(LWS_USE_POLARSSL) - return 0; -#else -#if defined(LWS_USE_MBEDTLS) -#else char hostname[128], *p; if (lws_hdr_copy(wsi, hostname, sizeof(hostname), @@ -212,8 +201,6 @@ lws_ssl_client_bio_create(struct lws *wsi) wsi); return 0; -#endif -#endif } int @@ -223,13 +210,8 @@ lws_ssl_client_connect1(struct lws *wsi) int n = 0; lws_latency_pre(context, wsi); -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + n = SSL_connect(wsi->ssl); -#endif -#endif lws_latency(context, wsi, "SSL_connect LWSCM_WSCL_ISSUE_HANDSHAKE", n, n > 0); @@ -279,10 +261,7 @@ some_wait: * retry if new data comes until we * run into the connection timeout or win */ -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + unsigned long error = ERR_get_error(); if (error != SSL_ERROR_NONE) { @@ -293,8 +272,6 @@ some_wait: error, ERR_error_string(error, sb)); return -1; } -#endif -#endif } return 1; @@ -304,26 +281,14 @@ int lws_ssl_client_connect2(struct lws *wsi) { struct lws_context *context = wsi->context; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi]; char *p = (char *)&pt->serv_buf[0]; char *sb = p; -#endif -#endif int n = 0; if (wsi->mode == LWSCM_WSCL_WAITING_SSL) { lws_latency_pre(context, wsi); -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else n = SSL_connect(wsi->ssl); -#endif -#endif lwsl_notice("%s: SSL_connect says %d\n", __func__, n); lws_latency(context, wsi, @@ -369,25 +334,15 @@ lws_ssl_client_connect2(struct lws *wsi) * retry if new data comes until we * run into the connection timeout or win */ -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else unsigned long error = ERR_get_error(); if (error != SSL_ERROR_NONE) { lwsl_err("SSL connect error %lu: %s\n", error, ERR_error_string(error, sb)); return -1; } -#endif -#endif } } -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #ifndef USE_WOLFSSL /* * See comment above about wolfSSL certificate @@ -419,8 +374,6 @@ lws_ssl_client_connect2(struct lws *wsi) } #endif /* USE_WOLFSSL */ -#endif -#endif return 1; } @@ -429,11 +382,6 @@ lws_ssl_client_connect2(struct lws *wsi) int lws_context_init_client_ssl(struct lws_context_creation_info *info, struct lws_vhost *vhost) { -#if defined(LWS_USE_POLARSSL) - return 0; -#else -#if defined(LWS_USE_MBEDTLS) -#else SSL_METHOD *method; struct lws wsi; unsigned long error; @@ -580,6 +528,4 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info, vhost->ssl_client_ctx, NULL, 0); return 0; -#endif -#endif } diff --git a/lib/ssl-server.c b/lib/ssl-server.c index 10fee9fbf..91e3b5866 100644 --- a/lib/ssl-server.c +++ b/lib/ssl-server.c @@ -21,11 +21,6 @@ #include "private-libwebsockets.h" -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else - extern int openssl_websocket_private_data_index, openssl_SSL_CTX_private_data_index; @@ -186,9 +181,6 @@ lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg) } #endif -#endif -#endif - LWS_VISIBLE int lws_context_init_server_ssl(struct lws_context_creation_info *info, struct lws_vhost *vhost) @@ -226,66 +218,6 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, (void)n; (void)error; -#if defined(LWS_USE_POLARSSL) - lwsl_notice(" Compiled with PolarSSL support\n"); - - vhost->ssl_ctx = lws_zalloc(sizeof (*vhost->ssl_ctx)); - - /* Load the trusted CA */ - - if (info->ssl_ca_filepath) { - n = x509_crt_parse_file(&vhost->ssl_ctx->ca, - info->ssl_ca_filepath); - - if (n < 0) { -// error_strerror(ret, errorbuf, sizeof(errorbuf)); - lwsl_err("%s: Failed to load ca cert\n", __func__); - return -1; - } - } - - /* Load our cert */ - - if (info->ssl_cert_filepath) { - n = x509_crt_parse_file(&vhost->ssl_ctx->certificate, - info->ssl_cert_filepath); - - if (n < 0) { -// error_strerror(ret, errorbuf, sizeof(errorbuf)); - lwsl_err("%s: Failed to load cert\n", __func__); - return -1; - } - } - - /* Load cert private key */ - - if (info->ssl_private_key_filepath) { - pk_context pk; - pk_init(&pk); - n = pk_parse_keyfile(&pk, info->ssl_private_key_filepath, - info->ssl_private_key_password); - - if (!n && !pk_can_do(&pk, POLARSSL_PK_RSA)) - n = POLARSSL_ERR_PK_TYPE_MISMATCH; - - if (!n) - rsa_copy(&vhost->ssl_ctx->key, pk_rsa(pk)); - else - rsa_free(&vhost->ssl_ctx->key); - pk_free(&pk); - - if (n) { - //error_strerror(ret, errorbuf, sizeof(errorbuf)); - lwsl_err("%s: error reading private key\n", __func__); - - return -1; - } - } -#else -#if defined(LWS_USE_MBEDTLS) - lwsl_notice(" Compiled with mbedTLS support\n"); -#else - /* * Firefox insists on SSLv23 not SSLv3 * Konq disables SSLv2 by default now, SSLv23 works @@ -447,9 +379,6 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, lws_context_init_http2_ssl(vhost); } -#endif -#endif - return 0; } diff --git a/lib/ssl.c b/lib/ssl.c index 1a49e0a84..8c0d92b6f 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -21,56 +21,13 @@ #include "private-libwebsockets.h" -#if defined(LWS_USE_POLARSSL) -static const int ciphers[] = -{ - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_128_CBC_SHA, - 0 -}; - -static int urandom_bytes(void *ctx, unsigned char *dest, size_t len) -{ - int cur; - int fd = open("/dev/urandom", O_RDONLY); - - if (fd < 0) - return -1; - - while (len) { - cur = read(fd, dest, len); - if (cur < 0) - continue; - len -= cur; - } - close(fd); - - return 0; -} - -static void pssl_debug(void *ctx, int level, const char *str) -{ - lwsl_err("PolarSSL [level %d]: %s", level, str); -} - -#endif int openssl_websocket_private_data_index, openssl_SSL_CTX_private_data_index; int lws_ssl_get_error(struct lws *wsi, int n) { -#if defined(LWS_USE_POLARSSL) -#define ERR_error_string(a, b) "" - return n; -#else -#if defined(LWS_USE_MBEDTLS) - return n; -#else return SSL_get_error(wsi->ssl, n); -#endif -#endif } /* Copies a string describing the code returned by lws_ssl_get_error(), @@ -120,11 +77,6 @@ char* lws_ssl_get_error_string(int status, int ret, char *buf, size_t len) { void lws_ssl_elaborate_error(void) { -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else - char buf[256]; u_long err; @@ -132,15 +84,8 @@ lws_ssl_elaborate_error(void) ERR_error_string_n(err, buf, sizeof(buf)); lwsl_err("*** %s\n", buf); } -#endif -#endif } - -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else static int lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata) { @@ -152,18 +97,13 @@ lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userd return strlen(buf); } -#endif -#endif void lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info) { if (!info->ssl_private_key_password) return; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + /* * password provided, set ssl callback and user data * for checking password which will be trigered during @@ -171,8 +111,6 @@ lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info */ SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info); SSL_CTX_set_default_passwd_cb(ssl_ctx, lws_context_init_ssl_pem_passwd_cb); -#endif -#endif } int @@ -185,21 +123,12 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info) lwsl_notice(" Compiled with wolfSSL support\n"); #endif #else -#if defined(LWS_USE_POLARSSL) - lwsl_notice(" Compiled with PolarSSL support\n"); -#else -#if defined(LWS_USE_MBEDTLS) - lwsl_notice(" Compiled with mbedTLS support\n"); -#else #if defined(LWS_USE_BORINGSSL) lwsl_notice(" Compiled with BoringSSL support\n"); #else lwsl_notice(" Compiled with OpenSSL support\n"); #endif #endif -#endif -#endif - if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) { lwsl_notice(" SSL disabled: no LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\n"); return 0; @@ -207,11 +136,6 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info) /* basic openssl init */ -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else - lwsl_notice("Doing SSL library init\n"); SSL_library_init(); @@ -224,8 +148,6 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info) openssl_SSL_CTX_private_data_index = SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL); -#endif -#endif return 0; } @@ -238,11 +160,6 @@ lws_ssl_destroy(struct lws_vhost *vhost) LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) return; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else - if (vhost->ssl_ctx) SSL_CTX_free(vhost->ssl_ctx); if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) @@ -266,26 +183,17 @@ lws_ssl_destroy(struct lws_vhost *vhost) EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); #endif - -#endif -#endif } LWS_VISIBLE void lws_decode_ssl_error(void) { -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else char buf[256]; u_long err; while ((err = ERR_get_error()) != 0) { ERR_error_string_n(err, buf, sizeof(buf)); lwsl_err("*** %lu %s\n", err, buf); } -#endif -#endif } LWS_VISIBLE void @@ -326,19 +234,13 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) if (!wsi->ssl) return lws_ssl_capable_read_no_ssl(wsi, buf, len); -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else n = SSL_read(wsi->ssl, buf, len); -#endif -#endif /* manpage: returning 0 means connection shut down */ if (!n) { - lwsl_err("%s failed: %s\n",__func__, - ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); - lws_decode_ssl_error(); + lwsl_err("%s failed: %s\n",__func__, + ERR_error_string(lws_ssl_get_error(wsi, 0), NULL)); + lws_decode_ssl_error(); return LWS_SSL_CAPABLE_ERROR; } @@ -371,16 +273,10 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) goto bail; if (!wsi->ssl) goto bail; -#if defined(LWS_USE_POLARSSL) - if (ssl_get_bytes_avail(wsi->ssl) <= 0) - goto bail; -#else -#if defined(LWS_USE_MBEDTLS) -#else + if (!SSL_pending(wsi->ssl)) goto bail; -#endif -#endif + if (wsi->pending_read_list_next) return n; if (wsi->pending_read_list_prev) @@ -408,15 +304,8 @@ lws_ssl_pending(struct lws *wsi) { if (!wsi->ssl) return 0; -#if defined(LWS_USE_POLARSSL) - return ssl_get_bytes_avail(wsi->ssl) > 0; -#else -#if defined(LWS_USE_MBEDTLS) - return ssl_get_bytes_avail(wsi->ssl) > 0;; -#else + return SSL_pending(wsi->ssl); -#endif -#endif } LWS_VISIBLE int @@ -427,14 +316,7 @@ lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len) if (!wsi->ssl) return lws_ssl_capable_write_no_ssl(wsi, buf, len); -#if defined(LWS_USE_POLARSSL) - n = ssl_write(wsi->ssl, buf, len); -#else -#if defined(LWS_USE_MBEDTLS) -#else n = SSL_write(wsi->ssl, buf, len); -#endif -#endif if (n > 0) return n; @@ -460,19 +342,10 @@ lws_ssl_close(struct lws *wsi) if (!wsi->ssl) return 0; /* not handled */ -#if defined(LWS_USE_POLARSSL) - ssl_close_notify(wsi->ssl); - (void)n; /* we need to close the fd? */ - ssl_free(wsi->ssl); -#else -#if defined(LWS_USE_MBEDTLS) -#else n = SSL_get_fd(wsi->ssl); SSL_shutdown(wsi->ssl); compatible_close(n); SSL_free(wsi->ssl); -#endif -#endif wsi->ssl = NULL; return 1; /* handled */ @@ -486,7 +359,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) struct lws_context *context = wsi->context; struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; int n, m; -#if !defined(USE_WOLFSSL) && !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS) +#if !defined(USE_WOLFSSL) BIO *bio; #endif char buf[256]; @@ -502,44 +375,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) if (accept_fd == LWS_SOCK_INVALID) assert(0); -#if defined(LWS_USE_POLARSSL) - { - ssl_session *ssn; - int rc; - - wsi->ssl = lws_zalloc(sizeof(ssl_context)); - ssn = lws_zalloc(sizeof(ssl_session)); - - rc = ssl_init(wsi->ssl); - if (rc) { - lwsl_err("ssl_init failed\n"); - goto fail; - } - - ssl_set_endpoint(wsi->ssl, SSL_IS_SERVER); - ssl_set_authmode(wsi->ssl, SSL_VERIFY_OPTIONAL); - ssl_set_rng(wsi->ssl, urandom_bytes, NULL); - ssl_set_dbg(wsi->ssl, pssl_debug, NULL); - ssl_set_bio(wsi->ssl, net_recv, &wsi->sock, net_send, &wsi->sock); - - ssl_set_ciphersuites(wsi->ssl, ciphers); - - ssl_set_session(wsi->ssl, ssn); - - ssl_set_ca_chain(wsi->ssl, &wsi->vhost->ssl_ctx->ca, - NULL, NULL); - - ssl_set_own_cert_rsa(wsi->ssl, - &wsi->vhost->ssl_ctx->certificate, - &wsi->vhost->ssl_ctx->key); - -// ssl_set_dh_param(wsi->ssl, my_dhm_P, my_dhm_G); - - lwsl_err("%s: polarssl init done\n", __func__); - } -#else -#if defined(LWS_USE_MBEDTLS) -#else wsi->ssl = SSL_new(wsi->vhost->ssl_ctx); if (wsi->ssl == NULL) { lwsl_err("SSL_new failed: %s\n", @@ -554,8 +389,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) openssl_websocket_private_data_index, wsi); SSL_set_fd(wsi->ssl, accept_fd); -#endif -#endif #ifdef USE_WOLFSSL #ifdef USE_OLD_CYASSL @@ -563,11 +396,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) #else wolfSSL_set_using_nonblock(wsi->ssl, 1); #endif -#else -#if defined(LWS_USE_POLARSSL) - -#else -#if defined(LWS_USE_MBEDTLS) #else SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); bio = SSL_get_rbio(wsi->ssl); @@ -580,8 +408,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) BIO_set_nbio(bio, 1); /* nonblocking */ else lwsl_notice("NULL rbio\n"); -#endif -#endif #endif /* @@ -639,16 +465,9 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) * connection upgrade directly. */ wsi->use_ssl = 0; -#if defined(LWS_USE_POLARSSL) - ssl_close_notify(wsi->ssl); - ssl_free(wsi->ssl); -#else -#if defined(LWS_USE_MBEDTLS) -#else + SSL_shutdown(wsi->ssl); SSL_free(wsi->ssl); -#endif -#endif wsi->ssl = NULL; if (lws_check_opt(context->options, LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS)) @@ -675,14 +494,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) } /* normal SSL connection processing path */ -#if defined(LWS_USE_POLARSSL) - n = ssl_handshake(wsi->ssl); -#else -#if defined(LWS_USE_MBEDTLS) -#else + n = SSL_accept(wsi->ssl); -#endif -#endif lws_latency(context, wsi, "SSL_accept LWSCM_SSL_ACK_PENDING\n", n, n == 1); @@ -739,35 +552,16 @@ fail: void lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost) { - if (vhost->ssl_ctx) { -#if defined(LWS_USE_POLARSSL) - lws_free(vhost->ssl_ctx); -#else -#if defined(LWS_USE_MBEDTLS) -#else + if (vhost->ssl_ctx) SSL_CTX_free(vhost->ssl_ctx); -#endif -#endif - } - if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) { -#if defined(LWS_USE_POLARSSL) - lws_free(vhost->ssl_client_ctx); -#else -#if defined(LWS_USE_MBEDTLS) -#else + + if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) SSL_CTX_free(vhost->ssl_client_ctx); -#endif -#endif - } } void lws_ssl_context_destroy(struct lws_context *context) { -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else // after 1.1.0 no need #if (OPENSSL_VERSION_NUMBER < 0x10100000) @@ -787,7 +581,4 @@ lws_ssl_context_destroy(struct lws_context *context) EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); #endif - -#endif -#endif } diff --git a/test-server/test-client.c b/test-server/test-client.c index b90a388e8..fd0a724f5 100644 --- a/test-server/test-client.c +++ b/test-server/test-client.c @@ -43,15 +43,10 @@ static struct lws *wsi_multi[3]; static volatile int force_exit; static unsigned int opts, rl_multi[3]; static int flag_no_mirror_traffic; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) char crl_path[1024] = ""; #endif -#endif -#endif /* * This demo shows how to connect multiple websockets simultaneously to a @@ -235,10 +230,6 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason, force_exit = 1; break; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) case LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS: if (crl_path[0]) { @@ -258,8 +249,6 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason, } } break; -#endif -#endif #endif default: @@ -503,17 +492,12 @@ int main(int argc, char **argv) strncpy(ca_path, optarg, sizeof(ca_path) - 1); ca_path[sizeof(ca_path) - 1] = '\0'; break; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) case 'R': strncpy(crl_path, optarg, sizeof(crl_path) - 1); crl_path[sizeof(crl_path) - 1] = '\0'; break; -#endif -#endif #endif case 'h': goto usage; @@ -578,15 +562,10 @@ int main(int argc, char **argv) */ if (ca_path[0]) info.ssl_ca_filepath = ca_path; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) else if (crl_path[0]) lwsl_notice("WARNING, providing a CRL requires a CA cert!\n"); -#endif -#endif #endif } diff --git a/test-server/test-server-http.c b/test-server/test-server-http.c index 272ef9459..f2e575d7d 100644 --- a/test-server/test-server-http.c +++ b/test-server/test-server-http.c @@ -34,16 +34,10 @@ * using this protocol, including the sender */ -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) /* location of the certificate revocation list */ extern char crl_path[1024]; #endif -#endif -#endif extern int debug_level; @@ -749,10 +743,6 @@ bail: break; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #if defined(LWS_OPENSSL_SUPPORT) case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION: /* Verify the client certificate */ @@ -784,8 +774,6 @@ bail: } break; #endif -#endif -#endif #endif default: diff --git a/test-server/test-server-libev.c b/test-server/test-server-libev.c index 5dc25edb2..7646ac499 100644 --- a/test-server/test-server-libev.c +++ b/test-server/test-server-libev.c @@ -30,15 +30,9 @@ struct lws_plat_file_ops fops_plat; #define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server" char *resource_path = LOCAL_RESOURCE_PATH; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) char crl_path[1024] = ""; #endif -#endif -#endif /* * libev dumps their hygiene problems on their users blaming compiler diff --git a/test-server/test-server-libuv.c b/test-server/test-server-libuv.c index 986a3d85a..3e1b27128 100644 --- a/test-server/test-server-libuv.c +++ b/test-server/test-server-libuv.c @@ -32,15 +32,9 @@ struct lws_plat_file_ops fops_plat; #define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server" char *resource_path = LOCAL_RESOURCE_PATH; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) char crl_path[1024] = ""; #endif -#endif -#endif /* singlethreaded version --> no locks */ diff --git a/test-server/test-server-pthreads.c b/test-server/test-server-pthreads.c index 45d178649..b1b1f6dc1 100644 --- a/test-server/test-server-pthreads.c +++ b/test-server/test-server-pthreads.c @@ -33,15 +33,9 @@ int count_pollfds; volatile int force_exit = 0; struct lws_context *context; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) char crl_path[1024] = ""; #endif -#endif -#endif /* * This mutex lock protects code that changes or relies on wsi list outside of diff --git a/test-server/test-server-v2.0.c b/test-server/test-server-v2.0.c index 87118e682..7e5a559db 100644 --- a/test-server/test-server-v2.0.c +++ b/test-server/test-server-v2.0.c @@ -30,15 +30,10 @@ struct lws_context *context; /* http server gets files from this path */ #define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server" char *resource_path = LOCAL_RESOURCE_PATH; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) char crl_path[1024] = ""; #endif -#endif -#endif /* * This test server is ONLY this .c file, it's radically simpler than the @@ -298,18 +293,13 @@ int main(int argc, char **argv) use_ssl = 1; opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT; break; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + #if defined(LWS_HAVE_SSL_CTX_set1_param) case 'R': strncpy(crl_path, optarg, sizeof(crl_path) - 1); crl_path[sizeof(crl_path) - 1] = '\0'; break; #endif -#endif -#endif #endif case 'h': fprintf(stderr, "Usage: test-server " diff --git a/test-server/test-server.c b/test-server/test-server.c index af28e7e22..4049541c7 100644 --- a/test-server/test-server.c +++ b/test-server/test-server.c @@ -36,15 +36,9 @@ struct lws_plat_file_ops fops_plat; /* http server gets files from this path */ #define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server" char *resource_path = LOCAL_RESOURCE_PATH; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else #if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param) char crl_path[1024] = ""; #endif -#endif -#endif /* singlethreaded version --> no locks */ @@ -292,18 +286,13 @@ int main(int argc, char **argv) use_ssl = 1; opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT; break; -#if defined(LWS_USE_POLARSSL) -#else -#if defined(LWS_USE_MBEDTLS) -#else + #if defined(LWS_HAVE_SSL_CTX_set1_param) case 'R': strncpy(crl_path, optarg, sizeof(crl_path) - 1); crl_path[sizeof(crl_path) - 1] = '\0'; break; #endif -#endif -#endif #endif case 'h': fprintf(stderr, "Usage: test-server "