The callback flow is a bit more disruptive than doing the iteration
directly in your function. This helps by passing a user void *
into the callback set as an lws_dll[2]_foreach_safe() arg.
We use POSIX dir scanning apis normally, but for windows, we require libuv
to do it for us.
Formalize that into a wrapper lws_dir() that hides the backend code.
Make it configurable, ON by default and forced on with lejp-conf that
depends on it.
lejp-conf isn't the only user that needs to generate human-readable
JSON parsing error stacks.
Build it in with lejp and introduce an error code -> string api
info.protocols works okay, but it has an annoying problem... you have to know
the type for each protocol's pss at the top level of the code, so you can set
the struct lws_protocols user_data size for it.
Lws already rewrites the protocol tables for a vhost in the case of runtime
protocol plugins... this adapts that already-existing code slightly to give
a new optional way to declare the protocol array.
Everything works as before by default, but now info.protocols may be NULL and
info.pprotocols defined instead (if that's also NULL, as it will be if you
just ignore it after memsetting to 0, then it continues to fall back to the
dummy protocol handler as before).
info.pprotocols is a NULL-termined array of pointers to lws_protocol
structs. This can be composed at the top level of your code without knowing
anything except the name of the externally-defined lws_protocol struct(s).
The minimal example http-server-dynamic is changed to use the new scheme as
an example.
Without this patch, the build will break with gcc 8.2 as bellow.
optee_os/lib/libwebsockets/libwebsockets/lib/core-net/network.c: In function ‘lws_socket_bind’:
optee_os/lib/libwebsockets/libwebsockets/lib/core-net/network.c:347:4: error: ‘memcpy’ forming offset [5, 16] is out of the bounds [0, 4] of object ‘sin’ with type ‘struct sockaddr_storage’ [-Werror=array-bounds]
memcpy(&sain, &sin, sizeof(sain));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/akirat/dev/otrp/aist-tb/optee_os/lib/libwebsockets/libwebsockets/lib/core-net/network.c:224:26: note: ‘sin’ declared here
struct sockaddr_storage sin;
^~~
cc1: all warnings being treated as errors
Signed-off-by: Akira Tsukamoto <akira.tsukamoto@gmail.com>
Until now lws only parses headers it knows at build-time from its
prebuilt lexical analyzer.
This adds an on-by-default cmake option and a couple of apis
to also store and query "custom", ie, unknown-to-lws headers.
A minimal example is also provided.
At the moment it only works on h1, h2 support needs improvements
to the hpack implementation.
Since it bloats ah memory usage compared to without it if custom
headers are present, the related code and ah footprint can be
disabled with the cmake option LWS_WITH_CUSTOM_HEADERS, but it's
on by default normally. ESP32 platform disables it.
https://github.com/warmcat/libwebsockets/pull/1499
!!! WIP
This implements the "genec" layer wrapping mbedtls + openssl
ECDH support.
API tests are added for the parts that are implemented so far.
Stuff related to ec at all, like keys, are prefixed lws_genec_.
Stuff specific to ECDH are prefixed lws_genecdh_.
Although RSA can be used directly for signing / JWS
on large chunks of data since it's only operating on
the hash, when JWE support arrives, which allows bulk
encryption, it's going to be mandatory to support
secondary AES ciphers to use on the bulk data.
This adds generic support for all AES modes that OpenSSL
and mbedTLS have in common, works on both mbedTLS and
OpenSSL the same, and adds unit tests for each mode
in api-test-gencrypto, to run in CI.
Until now the JOSE pieces only had enough support for ACME.
This patch improves the JWK parsing to prepare for more
complete support and for adding JWE, genaes and genec in
later patches.
This provides a way to defer closing if the output buflist has
unsent content for the wsi, until the buflist is drained.
It doesn't make any assumption about the content being related
to http, so you can use it on raw.
It follows the semantics of the http transaction completed, ie
if (lws_raw_transaction_completed(wsi))
return -1
return 0;
Normalize the vhost options around optionally handling noncompliant
traffic at the listening socket for both non-tls and tls cases.
By default everything is as before.
However it's now possible to tell the vhost to allow noncompliant
connects to fall back to a specific role and protocol, both set
by name in the vhost creation info struct.
The original vhost flags allowing http redirect to https and
direct http serving from https server (which is a security
downgrade if enabled) are cleaned up and tested.
A minimal example minimal-raw-fallback-http-server is added with
switches to confirm operation of all the valid possibilities (see
the readme on that).
The retry stuff for bind failures is actually aimed at the scenarios the interface
either doesn't exist yet, or is not configured enough (having an IP) to be bindable yet.
This patch treats EADDRINUSE as fatal at vhost init.
1) update the logos to svg
2) add svg icon for strict security policy where used
3) define new vhost option flag to enforce sending CSP headers
with the result code
4) add vhost option flag to minimal examples to
enforce sending CSP where applicable
5) Go through all the affecting examples confirming they
still work
6) add LWS_RECOMMENDED_MIN_HEADER_SPACE constant (currently
2048) to clarify when we need a buffer to hold headers...
with CSP the headers have become potentially a lot
larger.
https://github.com/warmcat/libwebsockets/issues/1423
If you vhost->options has the flag LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK,
then if the server is sent an upgrade request, the content of the Host: header is
required to match the vhost name + port. The port is set to the well-known values
of 80 and 443 if no :port on the host: value, depending on tls or not on the
connection.
minimal-ws-server can now take a -h flag to set this. lejp-conf (eg, lwsws) can now take
a flag strict-host-check on the vhost to enable it as well.