1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

ss: hello_world uses default policy

This switches the current hello_world to be hello_world-policy now,
and hello_world is simplified to use the __default policy without any
explicit policy of its own.

Using the default policy means it relies on the system tls library to
validate the tls connections using system trust arrangements, that won't
work in cases where the configured tls library does not have its own trust
store.
This commit is contained in:
Andy Green 2022-02-09 11:08:00 +00:00
parent 91c6667c04
commit dd1e07b28a
9 changed files with 443 additions and 37 deletions

View file

@ -0,0 +1,187 @@
project(lws-minimal-ss-hello_world-policy C)
cmake_minimum_required(VERSION 2.8.12)
find_package(libwebsockets CONFIG REQUIRED)
require_lws_config(LWS_ROLE_H1 1 requirements)
require_lws_config(LWS_WITHOUT_CLIENT 0 requirements)
require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements)
require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements)
require_lws_config(LWS_WITH_TLS 1 requirements)
require_lws_config(LWS_WITH_SYS_FAULT_INJECTION 1 has_fault_injection)
require_lws_config(LWS_WITH_SECURE_STREAMS_PROXY_API 1 has_ss_proxy)
require_lws_config(LWS_WITH_SYS_STATE 1 has_sys_state)
if (requirements)
add_executable(${PROJECT_NAME}
main.c
hello_world-ss.c)
if (websockets_shared)
target_link_libraries(${PROJECT_NAME}
websockets_shared
${LIBWEBSOCKETS_DEP_LIBS})
add_dependencies(${PROJECT_NAME}
websockets_shared)
else()
target_link_libraries(${PROJECT_NAME}
websockets
${LIBWEBSOCKETS_DEP_LIBS})
endif()
### --- this section related to also building example with SSPC / Proxy --->
if (has_ss_proxy OR LWS_WITH_SECURE_STREAMS_PROXY_API)
add_compile_options(-DLWS_SS_USE_SSPC)
add_executable(${PROJECT_NAME}-client
main.c
hello_world-ss.c)
if (websockets_shared)
target_link_libraries(${PROJECT_NAME}-client
websockets_shared
${LIBWEBSOCKETS_DEP_LIBS})
add_dependencies(${PROJECT_NAME}-client
websockets_shared)
else()
target_link_libraries(${PROJECT_NAME}-client
websockets
${LIBWEBSOCKETS_DEP_LIBS})
endif()
endif()
### <--- this section related to building with SSPC / Proxy END
### ---everything else related to ctest / CI ----->
find_program(VALGRIND "valgrind")
if (LWS_CTEST_INTERNET_AVAILABLE AND NOT WIN32)
#
# When running in CI, wait for a lease on the resources
# before starting this test, so the server does not get
# thousands of simultaneous tls connection attempts
#
# sai-resource holds the lease on the resources until
# the time given in seconds or the sai-resource instance
# exits, whichever happens first
#
# If running under Sai, creates a lock test called "res_sspc-${PROJECT_NAME}"
#
sai_resource(warmcat_conns 1 40 sspc-${PROJECT_NAME})
#
# simple test not via proxy
#
if (VALGRIND)
message("testing via valgrind")
add_test(NAME mss-${PROJECT_NAME}-warmcat COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}>)
else()
add_test(NAME mss-${PROJECT_NAME}-warmcat COMMAND ${PROJECT_NAME})
endif()
set_tests_properties(mss-${PROJECT_NAME}-warmcat
PROPERTIES
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/client/hello_world-policy
TIMEOUT 40)
if (DEFINED ENV{SAI_OVN})
set_tests_properties(mss-${PROJECT_NAME}-warmcat PROPERTIES FIXTURES_REQUIRED "res_sspc-${PROJECT_NAME}")
endif()
if (has_fault_injection)
if (VALGRIND)
add_test(NAME mss-#{PROJECT_NAME}-warmcat-fi1 COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}>
--fault-injection "ss/ss_create_destroy_me"
--expected-exit 1)
add_test(NAME mss-#{PROJECT_NAME}-warmcat-fi2 COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}>
--fault-injection "ss/ss_no_streamtype_policy"
--expected-exit 1)
else()
add_test(NAME mss-${PROJECT_NAME}-warmcat-fi1 COMMAND lws-minimal-secure-streams
--fault-injection "ss/ss_create_destroy_me"
--expected-exit 1)
add_test(NAME mss-${PROJECT_NAME}-warmcat-fi2 COMMAND lws-minimal-secure-streams
--fault-injection "ss/ss_no_streamtype_policy"
--expected-exit 1)
endif()
set_tests_properties(mss-${PROJECT_NAME}-warmcat-fi1
mss-${PROJECT_NAME}-warmcat-fi2
PROPERTIES
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/client/hello_world
TIMEOUT 5)
endif()
if (has_sys_state AND
(HAS_LWS_WITH_SECURE_STREAMS_PROXY_API OR LWS_WITH_SECURE_STREAMS_PROXY_API))
#
# Define test dep to bring up and take down the test
# proxy
#
if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
# uds abstract namespace for linux
set(CTEST_SOCKET_PATH "@ctest-mssp-$ENV{SAI_PROJECT}-$ENV{SAI_OVN}")
else()
# filesystem socket for others
set(CTEST_SOCKET_PATH "/tmp/ctest-mssp-$ENV{SAI_PROJECT}-$ENV{SAI_OVN}")
endif()
add_test(NAME st_mss-${PROJECT_NAME}-proxy COMMAND
${CMAKE_SOURCE_DIR}/scripts/ctest-background.sh
mss-${PROJECT_NAME}-proxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
-i ${CTEST_SOCKET_PATH} )
set_tests_properties(st_mss-${PROJECT_NAME}-proxy PROPERTIES WORKING_DIRECTORY . FIXTURES_SETUP mss-${PROJECT_NAME}-proxy TIMEOUT 800)
add_test(NAME ki_mss-${PROJECT_NAME}-proxy COMMAND
${CMAKE_SOURCE_DIR}/scripts/ctest-background-kill.sh
mss-${PROJECT_NAME}-proxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
-i ${CTEST_SOCKET_PATH})
set_tests_properties(ki_mss-${PROJECT_NAME}-proxy PROPERTIES FIXTURES_CLEANUP mss-${PROJECT_NAME}-proxy)
#
# the client part that will connect to the proxy
#
if (VALGRIND)
message("testing via valgrind")
add_test(NAME msspc-${PROJECT_NAME} COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}-client> --ssproxy-iface +${CTEST_SOCKET_PATH})
else()
add_test(NAME msspc-${PROJECT_NAME} COMMAND ${PROJECT_NAME}-client --ssproxy-iface +${CTEST_SOCKET_PATH})
endif()
set(fixlist "mss-${PROJECT_NAME}-proxy")
if (DEFINED ENV{SAI_OVN})
list(APPEND fixlist "res_sspc-${PROJECT_NAME}-proxy")
endif()
set_tests_properties(msspc-${PROJECT_NAME} PROPERTIES
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/client/hello_world
FIXTURES_REQUIRED "${fixlist}"
TIMEOUT 40)
endif()
endif()
### <--- related to ctest / CI END
endif()

View file

@ -0,0 +1,45 @@
# SS Example "hello_world"
This is the simplest example, showing how to do an https
transaction using Secure Streams (SS).
SS' approach is to segregate "policy" (where and how to connect and authenticate
for particular kinds of connection) from payloads that are transferred on the
connection. In this case, all the information about the example's policy is in
`example-policy.json`.
|Source|Purpose|
|---|---|
|main.c|boilerplate to create the lws_context and event loop|
|hello_world-ss.c|the secure stream user code|
|example-policy.json|the example policy|
## Build
You should build and install lws itself first. Then with this directory as the
cwd, you can use `cmake . && make` to build the example. This produces
`./lws-minimal-ss-hello_world`.
If lws was configured to support SS Proxying with
`-DLWS_WITH_SECURE_STREAMS_PROXY_API=1`, then a second executable is also
produced `./lws-minimal-ss-hello_world-client`. This does not try to do its own
networking, but instead wants to connect to an SS Proxy process that will fulfil
connections itself using its own policy.
## Running
You should be able to run `./lws-minimal-ss-hello_world` directly and see it
fetch a webpage (just the start and end of each chunk are logged).
To go via the SS Proxy, run `./lws-minimal-ss-hello_world-client` and an SS
Proxy, eg, the example one found in `./minimal-examples/ssproxy/ssproxy-socket`.
## Options
|Commandline option|Meaning|
|---|---|
|-d \<bitmap\>|Enable logging levels (default 1031 (USER, ERR, WARN, NOTICE), 1039 = +INFO, 1151 = +INFO, DEBUG), `-DCMAKE_BUILD_TYPE=DEBUG` needed for logs more verbose that NOTICE
|--ssproxy-port \<port\>|If going via an SS Proxy, default is Unix Domain Socket @proxy.ss.lws, you can force a different proxy's TCP port with this|
|--ssproxy-ads \<ads\>|Set non-default hostname or IP address proxy is on|
|--ssproxy-iface \<iface\>|Set non-default UDS path if starts with +, else interface to bind TCP connection to for proxy|

View file

@ -0,0 +1,70 @@
/*
* hello_world example
*
* Written in 2010-2021 by Andy Green <andy@warmcat.com>
*
* This file is made available under the Creative Commons CC0 1.0
* Universal Public Domain Dedication.
*
* Demonstrates the simplest example using the LWS high-level SS apis.
*
* - main.c: boilerplate to create the lws_context and event loop
* - hello_world-ss.c: (this file) the secure stream user code
* - example-policy.json: the example policy
*/
#include <libwebsockets.h>
#include <signal.h>
extern int test_result;
LWS_SS_USER_TYPEDEF
/* Your per-stream instantiation members go here */
} hello_world_t;
static lws_ss_state_return_t
hello_world_rx(void *userobj, const uint8_t *in, size_t len, int flags)
{
hello_world_t *g = (hello_world_t *)userobj;
struct lws_ss_handle *h = lws_ss_from_user(g);
lwsl_ss_user(h, "RX %zu, flags 0x%x", len, (unsigned int)flags);
if (len) { /* log the first 16 and last 16 bytes of the chunk */
lwsl_hexdump_ss_info(h, in, len >= 16 ? 16 : len);
if (len >= 16)
lwsl_hexdump_ss_info(h, in + len - 16, 16);
}
if ((flags & LWSSS_FLAG_EOM) == LWSSS_FLAG_EOM) /* had whole message */
test_result &= ~2;
return LWSSSSRET_OK;
}
static lws_ss_state_return_t
hello_world_state(void *userobj, void *h_src, lws_ss_constate_t state,
lws_ss_tx_ordinal_t ack)
{
hello_world_t *g = (hello_world_t *)userobj;
switch ((int)state) {
case LWSSSCS_CREATING: /* start the transaction as soon as we exist */
return lws_ss_request_tx(lws_ss_from_user(g));
case LWSSSCS_QOS_ACK_REMOTE: /* server liked our request */
test_result &= ~1;
break;
case LWSSSCS_DISCONNECTED: /* for our example, disconnect = done */
lws_default_loop_exit(lws_ss_cx_from_user(g));
break;
}
return LWSSSSRET_OK;
}
LWS_SS_INFO("sx-hello_world", hello_world_t)
.rx = hello_world_rx,
.state = hello_world_state,
};

View file

@ -0,0 +1,65 @@
/*
* hello_world-policy example
*
* Written in 2010-2021 by Andy Green <andy@warmcat.com>
*
* This file is made available under the Creative Commons CC0 1.0
* Universal Public Domain Dedication.
*
* Demonstrates the simplest example using the LWS high-level SS apis, doing
* an h1 GET from warmcat.com.
*
* It specifies its own policy and restricts the tls library to validating the
* certificate through a single trusted CA cert defined in the policy.
*
* - main.c: (this file) boilerplate to create the lws_context
* and event loop
* - hello_world-ss.c: the secure stream user code
* - example-policy.json: the example policy
*
* Configure lws with -DCMAKE_BUILD_TYPE=DEBUG to build verbose logs, enable at
* runtime by giving -d 1039 or -d 1151 on this example commandline.
*/
#include <libwebsockets.h>
#include <signal.h>
int test_result = 3; /* b0: clr when peer ACKed request, b1: clr when rx done */
extern const lws_ss_info_t ssi_hello_world_t; /* from hello_world-ss.c */
static struct lws_context *cx; /* so the SIGINT handler below can access it */
static void
sigint_handler(int sig)
{
lws_default_loop_exit(cx);
}
int
main(int argc, const char **argv)
{
struct lws_context_creation_info info;
lws_context_info_defaults(&info, "example-policy.json");
lws_cmdline_option_handle_builtin(argc, argv, &info);
signal(SIGINT, sigint_handler);
cx = lws_create_context(&info);
if (!cx) {
lwsl_err("lws init failed\n");
return 1;
}
lwsl_cx_user(cx, "LWS hello_world example [-d<verb>]\n");
if (lws_ss_create(cx, 0, &ssi_hello_world_t, NULL, NULL, NULL, NULL)) {
lwsl_cx_err(cx, "failed to create SS");
lws_context_destroy(cx);
return 1;
}
lws_context_default_loop_run_destroy(cx);
/* process ret 0 if result is as expected (0, or --expected-exit 123) */
return lws_cmdline_passfail(argc, argv, test_result);
}

View file

@ -7,6 +7,12 @@ require_lws_config(LWS_WITHOUT_CLIENT 0 requirements)
require_lws_config(LWS_WITH_SECURE_STREAMS 1 requirements)
require_lws_config(LWS_WITH_SECURE_STREAMS_STATIC_POLICY_ONLY 0 requirements)
require_lws_config(LWS_WITH_TLS 1 requirements)
require_lws_config(LWS_WITH_SECURE_STREAMS_AUTH_SIGV4 0 requirements)
# uses system trust store
require_lws_config(LWS_WITH_MBEDTLS 0 requirements)
require_lws_config(LWS_WITH_WOLFSSL 0 requirements)
require_lws_config(LWS_WITH_CYASSL 0 requirements)
require_lws_config(LWS_WITH_SYS_FAULT_INJECTION 1 has_fault_injection)
require_lws_config(LWS_WITH_SECURE_STREAMS_PROXY_API 1 has_ss_proxy)
@ -14,7 +20,7 @@ require_lws_config(LWS_WITH_SYS_STATE 1 has_sys_state)
if (requirements)
add_executable(lws-minimal-ss-hello_world
add_executable(${PROJECT_NAME}
main.c
hello_world-ss.c)
@ -71,10 +77,10 @@ if (requirements)
# the time given in seconds or the sai-resource instance
# exits, whichever happens first
#
# If running under Sai, creates a lock test called "res_sspcmin"
# If running under Sai, creates a lock test called "res_sspc-${PROJECT_NAME}"
#
sai_resource(warmcat_conns 1 40 sspcmin-hello-world)
sai_resource(warmcat_conns 1 40 sspc-${PROJECT_NAME})
#
# simple test not via proxy
@ -82,44 +88,44 @@ if (requirements)
if (VALGRIND)
message("testing via valgrind")
add_test(NAME mss-warmcat COMMAND
add_test(NAME mss-${PROJECT_NAME} COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}>)
else()
add_test(NAME mss-warmcat COMMAND ${PROJECT_NAME})
add_test(NAME mss-${PROJECT_NAME} COMMAND ${PROJECT_NAME})
endif()
set_tests_properties(mss-warmcat
set_tests_properties(mss-${PROJECT_NAME}
PROPERTIES
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/client/hello_world
TIMEOUT 40)
if (DEFINED ENV{SAI_OVN})
set_tests_properties(mss-warmcat PROPERTIES FIXTURES_REQUIRED "res_msspcmin")
set_tests_properties(mss-${PROJECT_NAME} PROPERTIES FIXTURES_REQUIRED "resmsspc-${PROJECT_NAME}")
endif()
if (has_fault_injection)
if (VALGRIND)
add_test(NAME mss-warmcat-fi1 COMMAND
add_test(NAME mss-${PROJECT_NAME}-fi1 COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}>
--fault-injection "ss/ss_create_destroy_me"
--expected-exit 1)
add_test(NAME mss-warmcat-fi2 COMMAND
add_test(NAME mss-${PROJECT_NAME}-fi2 COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}>
--fault-injection "ss/ss_no_streamtype_policy"
--expected-exit 1)
else()
add_test(NAME mss-warmcat-fi1 COMMAND lws-minimal-secure-streams
add_test(NAME mss-${PROJECT_NAME}-fi1 COMMAND lws-minimal-secure-streams
--fault-injection "ss/ss_create_destroy_me"
--expected-exit 1)
add_test(NAME mss-warmcat-fi2 COMMAND lws-minimal-secure-streams
add_test(NAME mss-${PROJECT_NAME}-fi2 COMMAND lws-minimal-secure-streams
--fault-injection "ss/ss_no_streamtype_policy"
--expected-exit 1)
endif()
set_tests_properties(mss-warmcat-fi1
mss-warmcat-fi2
set_tests_properties(mss-${PROJECT_NAME}-fi1
mss-${PROJECT_NAME}-fi2
PROPERTIES
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/client/hello_world
TIMEOUT 5)
@ -142,17 +148,17 @@ if (requirements)
# filesystem socket for others
set(CTEST_SOCKET_PATH "/tmp/ctest-mssp-$ENV{SAI_PROJECT}-$ENV{SAI_OVN}")
endif()
add_test(NAME st_mssproxy COMMAND
add_test(NAME st_mss-${PROJECT_NAME}-proxy COMMAND
${CMAKE_SOURCE_DIR}/scripts/ctest-background.sh
mssproxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
mss-${PROJECT_NAME}-proxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
-i ${CTEST_SOCKET_PATH} )
set_tests_properties(st_mssproxy PROPERTIES WORKING_DIRECTORY . FIXTURES_SETUP mssproxy TIMEOUT 800)
set_tests_properties(st_mss-${PROJECT_NAME}-proxy PROPERTIES WORKING_DIRECTORY . FIXTURES_SETUP mss-${PROJECT_NAME}-proxy TIMEOUT 800)
add_test(NAME ki_mssproxy COMMAND
add_test(NAME ki_mss-${PROJECT_NAME}-proxy COMMAND
${CMAKE_SOURCE_DIR}/scripts/ctest-background-kill.sh
mssproxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
mss-${PROJECT_NAME}-proxy $<TARGET_FILE:lws-minimal-secure-streams-proxy>
-i ${CTEST_SOCKET_PATH})
set_tests_properties(ki_mssproxy PROPERTIES FIXTURES_CLEANUP mssproxy)
set_tests_properties(ki_mss-${PROJECT_NAME}-proxy PROPERTIES FIXTURES_CLEANUP mss-${PROJECT_NAME}-proxy)
#
# the client part that will connect to the proxy
@ -160,19 +166,19 @@ if (requirements)
if (VALGRIND)
message("testing via valgrind")
add_test(NAME msspc-minimal COMMAND
add_test(NAME msspc-${PROJECT_NAME} COMMAND
${VALGRIND} --tool=memcheck --leak-check=yes --num-callers=20
$<TARGET_FILE:${PROJECT_NAME}-client> --ssproxy-iface +${CTEST_SOCKET_PATH})
else()
add_test(NAME msspc-minimal COMMAND ${PROJECT_NAME}-client --ssproxy-iface +${CTEST_SOCKET_PATH})
add_test(NAME msspc-${PROJECT_NAME} COMMAND ${PROJECT_NAME}-client --ssproxy-iface +${CTEST_SOCKET_PATH})
endif()
set(fixlist "mssproxy")
set(fixlist "mss-${PROJECT_NAME}-proxy")
if (DEFINED ENV{SAI_OVN})
list(APPEND fixlist "res_mssproxy")
list(APPEND fixlist "res_mss-${PROJECT_NAME}-proxy")
endif()
set_tests_properties(msspc-minimal PROPERTIES
set_tests_properties(msspc-${PROJECT_NAME} PROPERTIES
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/minimal-examples/client/hello_world
FIXTURES_REQUIRED "${fixlist}"
TIMEOUT 40)

View file

@ -1,7 +1,10 @@
# SS Example "hello_world"
This is the simplest example, showing how to do an https
transaction using Secure Streams (SS).
This is the simplest example, showing how to do an https transaction using Secure
Streams (SS) and the default policy. Because it doesn't specify a CA for the
tls library to trust, it only works on systems where the tls library has its own
trust store, like openssl typically. See hello_world-policy for a similar example
that specifies the CA to trust for the connection in the policy.
SS' approach is to segregate "policy" (where and how to connect and authenticate
for particular kinds of connection) from payloads that are transferred on the

View file

@ -1,7 +1,7 @@
/*
* hello_world example
*
* Written in 2010-2021 by Andy Green <andy@warmcat.com>
* Written in 2010-2022 by Andy Green <andy@warmcat.com>
*
* This file is made available under the Creative Commons CC0 1.0
* Universal Public Domain Dedication.
@ -10,7 +10,6 @@
*
* - main.c: boilerplate to create the lws_context and event loop
* - hello_world-ss.c: (this file) the secure stream user code
* - example-policy.json: the example policy
*/
#include <libwebsockets.h>
@ -30,6 +29,18 @@ hello_world_rx(void *userobj, const uint8_t *in, size_t len, int flags)
lwsl_ss_user(h, "RX %zu, flags 0x%x", len, (unsigned int)flags);
#if defined(LWS_WITH_SS_DIRECT_PROTOCOL_STR)
if ((flags & LWSSS_FLAG_SOM) == LWSSS_FLAG_SOM) {
char *md;
size_t md_len;
if (!lws_ss_get_metadata(g->ss, "content-length:", (const void **)&md, &md_len))
lwsl_ss_user(g->ss, "clen %s", md);
else
lwsl_ss_user(g->ss, "Unable to get content length");
}
#endif
if (len) { /* log the first 16 and last 16 bytes of the chunk */
lwsl_hexdump_ss_info(h, in, len >= 16 ? 16 : len);
if (len >= 16)
@ -64,7 +75,7 @@ hello_world_state(void *userobj, void *h_src, lws_ss_constate_t state,
return LWSSSSRET_OK;
}
LWS_SS_INFO("sx-hello_world", hello_world_t)
LWS_SS_INFO("__default", hello_world_t)
.rx = hello_world_rx,
.state = hello_world_state,
};

View file

@ -1,18 +1,21 @@
/*
* hello_world example
*
* Written in 2010-2021 by Andy Green <andy@warmcat.com>
* Written in 2010-2022 by Andy Green <andy@warmcat.com>
*
* This file is made available under the Creative Commons CC0 1.0
* Universal Public Domain Dedication.
*
* Demonstrates the simplest example using the LWS high-level SS apis, doing
* an h1 GET from warmcat.com.
* an h2 GET from warmcat.com.
*
* It uses the default SS policy and relies on the tls library to know what
* CAs are trusted. See hello_world-policy for a version with its own defined
* policy which specifies the CA to trust.
*
* - main.c: (this file) boilerplate to create the lws_context
* and event loop
* - hello_world-ss.c: the secure stream user code
* - example-policy.json: the example policy
*
* Configure lws with -DCMAKE_BUILD_TYPE=DEBUG to build verbose logs, enable at
* runtime by giving -d 1039 or -d 1151 on this example commandline.
@ -34,12 +37,18 @@ sigint_handler(int sig)
int
main(int argc, const char **argv)
{
const char *url = "https://warmcat.com/index.html", *p;
struct lws_context_creation_info info;
struct lws_ss_handle *h;
lws_context_info_defaults(&info, "example-policy.json");
lws_context_info_defaults(&info, NULL /* default policy */);
lws_cmdline_option_handle_builtin(argc, argv, &info);
signal(SIGINT, sigint_handler);
p = lws_cmdline_option(argc, argv, "--url");
if (p)
url = p;
cx = lws_create_context(&info);
if (!cx) {
lwsl_err("lws init failed\n");
@ -48,10 +57,14 @@ main(int argc, const char **argv)
lwsl_cx_user(cx, "LWS hello_world example [-d<verb>]\n");
if (lws_ss_create(cx, 0, &ssi_hello_world_t, NULL, NULL, NULL, NULL)) {
lwsl_cx_err(cx, "failed to create get secure stream");
lws_context_destroy(cx);
return 1;
if (lws_ss_create(cx, 0, &ssi_hello_world_t, NULL, &h, NULL, NULL)) {
lwsl_cx_err(cx, "failed to create SS");
goto bail;
}
if (lws_ss_set_metadata(h, "endpoint", url, strlen(url))) {
lwsl_err("%s: failed to use metadata %s\n", __func__, url);
goto bail;
}
lws_context_default_loop_run_destroy(cx);
@ -59,4 +72,10 @@ main(int argc, const char **argv)
/* process ret 0 if result is as expected (0, or --expected-exit 123) */
return lws_cmdline_passfail(argc, argv, test_result);
bail:
lws_context_destroy(cx);
return 1;
}