Ensure we still work with mbedtls_ssl_conf_verify() as well as
mbedtls_ssl_set_verify() if that's what we have got.
Make sure mbedtls tls validation is noisy and fast.
Disable Xenial + mbedtls in sai, it fails but not when the same
tests are run from the commandline. Very few people will be
using Xenial (2016 Ubuntu release) with mbedtls.
Add a generic struct to manage a buflist with an incrementally-consumable
head, and helpers to deal with retiring the last segment and starting the
new head.
The lws_flow is added to using the buflist member directly, it autohandles
SS window management to try to keep the total buffered at the client to the
window member limit.
This switches the current hello_world to be hello_world-policy now,
and hello_world is simplified to use the __default policy without any
explicit policy of its own.
Using the default policy means it relies on the system tls library to
validate the tls connections using system trust arrangements, that won't
work in cases where the configured tls library does not have its own trust
store.
Just like there is a default protocol provided if none is specified that is
suitable for handling http GET, introduce a default SS policy that is also
suitable for the case of http GET where the user trusts the CA using the
ssl library or system trust store.
This allows handling of the unusal but foreseeable situation were
the client provides a zero length output buffer, for example, if
the input buffer was also zero length.
Leave the http minilex as it is, and add an improved version in lib/misc
- get a list of strings from stdin and emit C header to stdout
- support ambiguous terminals (xxx and xxx-something) correctly regardless
of introduction order
- add generic parser in lib/misc
minilex doesn't build as part of lws since it's only needed by developers,
there's a one-line build documented at a comment at the top of
lib/misc/minilex.c
This patch checks for the env var SSLKEYLOGFILE=path, if present, then
client connection tls secrets are appended into path.vhostname.
This allows decryption of captured encrypted data for debugging purposes.
SSKEYLOGFILE=path env var method is the same as provided by Firefox and
Chrome for this purpose.
