1) update the logos to svg
2) add svg icon for strict security policy where used
3) define new vhost option flag to enforce sending CSP headers
with the result code
4) add vhost option flag to minimal examples to
enforce sending CSP where applicable
5) Go through all the affecting examples confirming they
still work
6) add LWS_RECOMMENDED_MIN_HEADER_SPACE constant (currently
2048) to clarify when we need a buffer to hold headers...
with CSP the headers have become potentially a lot
larger.
Audit all lws_hdr_copy() usages inside lws and make sure we
take care about it failing.
Also since the patch around aggregation of headers by ',',
lws_hdr_copy() needs a little more space in the output buffer,
adjust one place where that caused it to start failing in an
exact-sized buffer.
This allows the client stuff to understand that addresses beginning with '+'
represent unix sockets.
If the first character after the '+' is '@', it understands that the '@'
should be read as '\0', in order to use Linux "abstract namespace"
sockets.
Further the lws_parse_uri() helper is extended to understand the convention
that an address starting with + is a unix socket, and treats the socket
path as delimited by ':', eg
http://+/var/run/mysocket:/my/path
HTTP Proxy is updated to allow mounts to these unix socket paths.
Proxy connections go out on h1, but are dynamically translated to h1 or h2
on the incoming side.
Proxy usage of libhubbub is separated out... LWS_WITH_HTTP_PROXY is on by
default, and LWS_WITH_HUBBUB is off by default.
This has no effect on user code or backward compatibility.
It moves the in-tree public api header libwebsockets.h from ./lib
to ./include, and introduces a dir ./include/libwebsockets/
The single public api header is split out into 31 sub-headers
in ./include/libwebsockets. ./include/libwebsockets.h contains
some core types and platform adaptation code, but the rest of it
is now 31 #include <libwebsockets/...>
At install time, /usr/[local/]include/libwebsockets.h is installed
as before, along now with the 31 sub-headers in ...include/libwebsockets/
There's no net effect on user code.
But the api header is now much easier to maintain and study, with 31
topic-based sub headers.
This adds a plugin that interfaces to libjsongit2
https://warmcat.com/git/libjsongit2
to provide a per-vhost service for presenting bare git repos in a
web interface.
You can build lws without support for ws, with -DLWS_ROLE_WS=0.
This is thanks to the role ops isolating all the ws-specific business
in the ws role.
Also retire more test apps replaced by minmal-examples.
This replaces the old test-app for echo with separate client and server
minimal versions.
The autobahn test script is made more autonomous and tests both
client and server.
1) Remove the whole ah rxbuf and put things on to the wsi buflist
This eliminates the whole detachability thing based on ah rxbuf
state... ah can always be detached.
2) Remove h2 scratch and put it on the wsi buflist
3) Remove preamble_rx and use the wsi buflist
This was used in the case adopted sockets had already been read.
Basically there are now only three forced service scenarios
- something in buflist (and not in state LRS_DEFERRING_ACTION)
- tls layer has buffered rx
- extension has buffered rx
This is a net removal of around 400 lines of special-casing.
For h1 / ws, a combination of removing POLLIN wait and
stashing any unused rx lets us immediately respond to
rx flow control requests in a simple and effective way,
because the tcp socket is the stream.
But for muxed protocols like h2, that technique cannot
be used because we cannot silence the whole bundle of
streams because one can't handle any more rx dynamically.
There are control frames and content for other streams
serialized inbetween the flow controlled stream content.
We have no choice but to read to so we can see the other
things. Therefore for muxed protocols like h2 and spdy,
rx flow control boils down to tx credit manipulation
on individual streams to staunch the flow at the peer.
However that requires a round trip to take effect, any
transmitted packets that were in flight before the tx credit
reduction arrives at the remote peer are still going to come
and have to be dealt with by adding them to the stash.
This patch introduces lws_buflist scatter-gather type
buffer management for rxflow handling, so we can append
buffer segments in a linked-list to handle whatever rx
is unavoidably in flight on a stream that is trying to
assert rx flow control.
This adds h2 http support for the client api.
The public client api requires no changes, it will detect by
ALPN if the server can handle http/2, if so, it will use it.
Multiple client connections using the lws api will be mapped on
to the same single http/2 + tls socket using http/2 streams
that are serviced simultaneously where possible.
This completely removes the loop self-running stuff.
Static allocations (uv_idle, timers etc) are referenced-counted in the context
same as the wsi are. When lws wants to close, he first closes all his wsi, then
when that is completed in the uv close callbacks, he closes all of his static
uv handles. When that is also completed in the uv callbacks, he stops the loop
so the lws context can destroy and exit.
Any direct libuv allocations in protocol handlers must participate in the
reference counting. Two new apis are provided
- lws_libuv_static_refcount_add(handle, context) to mark the handle with
a pointer to the context and increment the global uv object counter
- lws_libuv_static_refcount_del() which should be used as the close callback
for your own libuv objects declared in the protocol scope.
AG: unlike openssl, mbedtls does not load the system trust store.
So this change will make client tls operations that work OK on openssl fail on
mbedtls unless you provide the correct CA cert.
This allows lws to distinguish between untrusted CAs, hostname
mismatches, expired certificates.
NOTE: LCCSCF_ALLOW_SELFSIGNED actually allows for untrusted CAs, and
will also skip hostname verification. This is somewhat a limitiation of
the current lws verification process.
AG: improve error reporting up to the CLIENT_CONNECTION_ERROR argument
and add a note specific to mbedtls in the test client. Adapt the test
client to note the CA requirement if built with mbedTLS. Adapt the
minimal test clients to have the CAs available and use them if mbedTLS.
This replaces the existing, unreleased lws_set_timer(wsi, secs) with
lws_set_timer_usecs(wsi, usecs).
wsi with a timer waiting are added to a linked-list sorted by the
timer trigger time.
1) poll() timeout (ie, poll wait) is trimmed to the nearest ms of the
first waiting timer if the default poll wait is longer than the
interval until the first waiting timer.
The linked-list of waiting timers is checked every entry and exit
from poll()... if no timers waiting or none reached their time
this costs almost nothing.
2) libuv: the earliest hrtimer is checked after every IO, again this
is costing nothing if the list head is NULL. If the case there
are hrtimers on the list, it costs a getimeofday (a VDSO in linux)
and more only if any of the timers have fired.
In addition on entry to libuv idle, if there are any waiting hrtimers
on the list, a libuv timer is used to force a wake in case we stay
idle (the libuv timer has ms resolution).
3) libev: not implemented
4) libevent: not implemented
Warnings are logged in the api is used on an event backend without
support. Patches welcome to add support similarly to libuv.
This is just an internal mass change of LWS_NO_EXTENSIONS to
LWS_WITHOUT_EXTENSIONS to match the public name and eliminate
all instances of LWS_NO_EXTENSIONS.
Everything in lws outside esp32 was changed to use lws_snprintf() a while ago.
This fixes a couple of stragglers and removes the preprocessor mangling.
