mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
Added support for CyaSSL replacement of OpenSSL.
http://www.yassl.com/yaSSL/Products-cyassl.html - Small Size: 20-100kB - Runtime Memory: 1-36kB - 20X smaller than OpenSSL So far only tested on Linux. Note that this requires a bugfix in cyassl, otherwise it will crash. Pull request has been made to the official repos, in the meantime the following repos can be used: git://github.com/JoakimSoderberg/cyassl.git
This commit is contained in:
parent
4f4a38bae0
commit
b378ce9d18
3 changed files with 25 additions and 4 deletions
|
@ -320,7 +320,7 @@ if (WITH_SSL)
|
|||
if (USE_CYASSL)
|
||||
# Use CyaSSL as OpenSSL replacement.
|
||||
set(OPENSSL_LIBRARIES ${CYASSL_LIB})
|
||||
set(OPENSSL_INCLUDE_DIRS ${CYASSL_INCLUDE_DIRS})
|
||||
set(OPENSSL_INCLUDE_DIR ${CYASSL_INCLUDE_DIRS})
|
||||
set(OPENSSL_FOUND 1)
|
||||
else()
|
||||
# TODO: Add support for STATIC also.
|
||||
|
|
23
lib/client.c
23
lib/client.c
|
@ -114,17 +114,31 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
|
|||
if (wsi->use_ssl && !wsi->ssl) {
|
||||
|
||||
wsi->ssl = SSL_new(context->ssl_client_ctx);
|
||||
wsi->client_bio = BIO_new_socket(wsi->sock,
|
||||
BIO_NOCLOSE);
|
||||
|
||||
#ifdef USE_CYASSL
|
||||
/* CyaSSL does certificate verification differently from OpenSSL.
|
||||
* If we should ignore the certificate, we need to set this before
|
||||
* SSL_new and SSL_connect is called. Otherwise the connect will
|
||||
* simply fail with error code -155 */
|
||||
if (wsi->use_ssl == 2) {
|
||||
CyaSSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, NULL);
|
||||
}
|
||||
#endif // USE_CYASSL
|
||||
|
||||
wsi->client_bio = BIO_new_socket(wsi->sock, BIO_NOCLOSE);
|
||||
|
||||
SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);
|
||||
|
||||
#ifdef USE_CYASSL
|
||||
CyaSSL_set_using_nonblock(wsi->ssl, 1);
|
||||
#else
|
||||
BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
|
||||
#endif
|
||||
|
||||
SSL_set_ex_data(wsi->ssl,
|
||||
openssl_websocket_private_data_index,
|
||||
context);
|
||||
}
|
||||
}
|
||||
|
||||
if (wsi->use_ssl) {
|
||||
lws_latency_pre(context, wsi);
|
||||
|
@ -167,6 +181,8 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
|
|||
return 0;
|
||||
}
|
||||
|
||||
#ifndef USE_CYASSL
|
||||
/* See note above about CyaSSL certificate verification */
|
||||
lws_latency_pre(context, wsi);
|
||||
n = SSL_get_verify_result(wsi->ssl);
|
||||
lws_latency(context, wsi, "SSL_get_verify_result LWS_CONNMODE_WS_CLIENT_ISSUE_HANDSHAKE", n, n > 0);
|
||||
|
@ -180,6 +196,7 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
|
|||
wsi, LWS_CLOSE_STATUS_NOSTATUS);
|
||||
return 0;
|
||||
}
|
||||
#endif // USE_CYASSL
|
||||
} else
|
||||
wsi->ssl = NULL;
|
||||
#endif
|
||||
|
|
|
@ -291,6 +291,9 @@ int lws_server_socket_service(struct libwebsocket_context *context,
|
|||
|
||||
SSL_set_fd(new_wsi->ssl, accept_fd);
|
||||
|
||||
#ifdef USE_CYASSL
|
||||
CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
|
||||
#else
|
||||
bio = SSL_get_rbio(new_wsi->ssl);
|
||||
if (bio)
|
||||
BIO_set_nbio(bio, 1); /* nonblocking */
|
||||
|
@ -301,6 +304,7 @@ int lws_server_socket_service(struct libwebsocket_context *context,
|
|||
BIO_set_nbio(bio, 1); /* nonblocking */
|
||||
else
|
||||
lwsl_notice("NULL rbio\n");
|
||||
#endif
|
||||
|
||||
/*
|
||||
* we are not accepted yet, but we need to enter ourselves
|
||||
|
|
Loading…
Add table
Reference in a new issue