Added support for CyaSSL replacement of OpenSSL.

http://www.yassl.com/yaSSL/Products-cyassl.html - Small Size: 20-100kB - Runtime Memory: 1-36kB - 20X smaller than OpenSSL So far only tested on Linux. Note that this requires a bugfix in cyassl, otherwise it will crash. Pull request has been made to the official repos, in the meantime the following repos can be used: git://github.com/JoakimSoderberg/cyassl.git
2025-03-09 00:00:04 +01:00 · 2013-02-06 15:29:18 +09:00 · 2013-02-06 15:29:18 +09:00 · b378ce9d18
commit b378ce9d18
parent 4f4a38bae0
3 changed files with 25 additions and 4 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -320,7 +320,7 @@ if (WITH_SSL)
 	if (USE_CYASSL)
 		# Use CyaSSL as OpenSSL replacement.
 		set(OPENSSL_LIBRARIES ${CYASSL_LIB})
-		set(OPENSSL_INCLUDE_DIRS ${CYASSL_INCLUDE_DIRS})
+		set(OPENSSL_INCLUDE_DIR ${CYASSL_INCLUDE_DIRS})
 		set(OPENSSL_FOUND 1)
 	else()
 		# TODO: Add support for STATIC also.
--- a/lib/client.c
+++ b/lib/client.c
@ -114,17 +114,31 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
 		if (wsi->use_ssl && !wsi->ssl) {

 			wsi->ssl = SSL_new(context->ssl_client_ctx);
-			wsi->client_bio = BIO_new_socket(wsi->sock,
-								   BIO_NOCLOSE);
+
+			#ifdef USE_CYASSL
+			/* CyaSSL does certificate verification differently from OpenSSL.
+			 * If we should ignore the certificate, we need to set this before
+			 * SSL_new and SSL_connect is called. Otherwise the connect will
+			 * simply fail with error code -155 */
+			if (wsi->use_ssl == 2) {
+				CyaSSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, NULL);
+			}
+			#endif // USE_CYASSL
+
+			wsi->client_bio = BIO_new_socket(wsi->sock, BIO_NOCLOSE);

 			SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);

+			#ifdef USE_CYASSL
+			CyaSSL_set_using_nonblock(wsi->ssl, 1);
+			#else
 			BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
+			#endif

 			SSL_set_ex_data(wsi->ssl,
 					openssl_websocket_private_data_index,
 								       context);
-		}		
+		}

 		if (wsi->use_ssl) {
 			lws_latency_pre(context, wsi);
@ -167,6 +181,8 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
 				return 0;
 			}

+			#ifndef USE_CYASSL
+			/* See note above about CyaSSL certificate verification */
 			lws_latency_pre(context, wsi);
 			n = SSL_get_verify_result(wsi->ssl);
 			lws_latency(context, wsi, "SSL_get_verify_result LWS_CONNMODE_WS_CLIENT_ISSUE_HANDSHAKE", n, n > 0);
@ -180,6 +196,7 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
 						wsi, LWS_CLOSE_STATUS_NOSTATUS);
 				return 0;
 			}
+			#endif // USE_CYASSL
 		} else
 			wsi->ssl = NULL;
 	#endif
--- a/lib/server.c
+++ b/lib/server.c
@ -291,6 +291,9 @@ int lws_server_socket_service(struct libwebsocket_context *context,

 		SSL_set_fd(new_wsi->ssl, accept_fd);

+		#ifdef USE_CYASSL
+		CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
+		#else
 		bio = SSL_get_rbio(new_wsi->ssl);
 		if (bio)
 			BIO_set_nbio(bio, 1); /* nonblocking */
@ -301,6 +304,7 @@ int lws_server_socket_service(struct libwebsocket_context *context,
 			BIO_set_nbio(bio, 1); /* nonblocking */
 		else
 			lwsl_notice("NULL rbio\n");
+		#endif

 		/* 
 		 * we are not accepted yet, but we need to enter ourselves