1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

Added support for CyaSSL replacement of OpenSSL.

http://www.yassl.com/yaSSL/Products-cyassl.html
- Small Size: 20-100kB
- Runtime Memory:  1-36kB
- 20X smaller than OpenSSL

So far only tested on Linux.

Note that this requires a bugfix in cyassl, otherwise it will crash. Pull request has been made to the official repos, in the meantime the following repos can be used: git://github.com/JoakimSoderberg/cyassl.git
This commit is contained in:
Joakim Soderberg 2013-02-06 15:29:18 +09:00 committed by Andy Green
parent 4f4a38bae0
commit b378ce9d18
3 changed files with 25 additions and 4 deletions

View file

@ -320,7 +320,7 @@ if (WITH_SSL)
if (USE_CYASSL)
# Use CyaSSL as OpenSSL replacement.
set(OPENSSL_LIBRARIES ${CYASSL_LIB})
set(OPENSSL_INCLUDE_DIRS ${CYASSL_INCLUDE_DIRS})
set(OPENSSL_INCLUDE_DIR ${CYASSL_INCLUDE_DIRS})
set(OPENSSL_FOUND 1)
else()
# TODO: Add support for STATIC also.

View file

@ -114,17 +114,31 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
if (wsi->use_ssl && !wsi->ssl) {
wsi->ssl = SSL_new(context->ssl_client_ctx);
wsi->client_bio = BIO_new_socket(wsi->sock,
BIO_NOCLOSE);
#ifdef USE_CYASSL
/* CyaSSL does certificate verification differently from OpenSSL.
* If we should ignore the certificate, we need to set this before
* SSL_new and SSL_connect is called. Otherwise the connect will
* simply fail with error code -155 */
if (wsi->use_ssl == 2) {
CyaSSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, NULL);
}
#endif // USE_CYASSL
wsi->client_bio = BIO_new_socket(wsi->sock, BIO_NOCLOSE);
SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);
#ifdef USE_CYASSL
CyaSSL_set_using_nonblock(wsi->ssl, 1);
#else
BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
#endif
SSL_set_ex_data(wsi->ssl,
openssl_websocket_private_data_index,
context);
}
}
if (wsi->use_ssl) {
lws_latency_pre(context, wsi);
@ -167,6 +181,8 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
return 0;
}
#ifndef USE_CYASSL
/* See note above about CyaSSL certificate verification */
lws_latency_pre(context, wsi);
n = SSL_get_verify_result(wsi->ssl);
lws_latency(context, wsi, "SSL_get_verify_result LWS_CONNMODE_WS_CLIENT_ISSUE_HANDSHAKE", n, n > 0);
@ -180,6 +196,7 @@ int lws_client_socket_service(struct libwebsocket_context *context, struct libwe
wsi, LWS_CLOSE_STATUS_NOSTATUS);
return 0;
}
#endif // USE_CYASSL
} else
wsi->ssl = NULL;
#endif

View file

@ -291,6 +291,9 @@ int lws_server_socket_service(struct libwebsocket_context *context,
SSL_set_fd(new_wsi->ssl, accept_fd);
#ifdef USE_CYASSL
CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
#else
bio = SSL_get_rbio(new_wsi->ssl);
if (bio)
BIO_set_nbio(bio, 1); /* nonblocking */
@ -301,6 +304,7 @@ int lws_server_socket_service(struct libwebsocket_context *context,
BIO_set_nbio(bio, 1); /* nonblocking */
else
lwsl_notice("NULL rbio\n");
#endif
/*
* we are not accepted yet, but we need to enter ourselves