1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

32 commits

Author SHA1 Message Date
Andy Green
2fc35ef6bd stats: move to pt and improve presentation 2019-08-12 06:18:04 +01:00
Andy Green
498a4e2bd7 sul: all timed objects use a single pt sul list
wsi timeout, wsi hrtimer, sequencer timeout and vh-protocol timer
all now participate on a single sorted us list.

The whole idea of polling wakes is thrown out, poll waits ignore the
timeout field and always use infinite timeouts.

Introduce a public api that can schedule its own callback from the event
loop with us resolution (usually ms is all the platform can do).

Upgrade timeouts and sequencer timeouts to also be able to use us resolution.

Introduce a prepared fakewsi in the pt, so we don't have to allocate
one on the heap when we need it.

Directly handle vh-protocol timer if LWS_MAX_SMP == 1
2019-08-09 10:12:09 +01:00
Andy Green
3c12fd72e8 unify us sorted waits
There are quite a few linked-lists of things that want events after
some period.  This introduces a type binding an lws_dll2 for the
list and a lws_usec_t for the duration.

The wsi timeouts, the hrtimer and the sequencer timeouts are converted
to use these, also in the common event wait calculation.
2019-08-08 22:39:47 +01:00
Andy Green
45ec3ce369 lws_dll: upgrade all instances to lws_dll2
lws_dll2 removes the downsides of lws_dll and adds new features like a
running member count and explicit owner type... it's cleaner and more
robust (eg, nodes know their owner, so they can casually switch between
list owners and remove themselves without the code knowing the owner).

This deprecates lws_dll, but since it's public it allows it to continue
to be built for 4.0 release if you give cmake LWS_WITH_DEPRECATED_LWS_DLL.

All remaining internal users of lws_dll are migrated to lws_dll2.
2019-08-08 16:58:55 +01:00
Andy Green
462847bb6f lws_dll: remove lws_dll_lws and deprecate lws_dll_remove 2019-03-21 06:19:31 +08:00
Santeri Hernejärvi
5d1cd3cb4b mbedtls: Fix reads getting stuck when the socket has disconnected
We've seen this behaviour when iOS resumes from sleep:

dbg> 0x11cd03750: ssl err dbg> lws_ssl_capable_read: WANT_READ
dbg> 0x11cd03750: LWS_SSL_CAPABLE_MORE_SERVICE
dbg> SSL Capable more service
dbg> 0x11cd03750: SSL_read says -1
dbg> 0x11cd03750: ssl err 2 errno 57
dbg> lws_ssl_capable_read: WANT_READ
dbg> 0x11cd0375dbg> SSL Capable more service
dbg> 0x11cd03750: SSL_read says -1
dbg> 0x11cd03750: ssl err 2 errno 57
dbg> lws_ssl_capable_read: WANT_READ
2019-03-14 19:09:33 +08:00
Andy Green
84a57540ab LWS_WITH_NETWORK: cmake option for no network code 2019-01-13 07:54:57 +08:00
Andy Green
0adc845507 lws-x509: validation functions 2018-12-31 20:35:54 +08:00
Andy Green
a3dcc95471 genec: generic ECDH crypto layer
!!! WIP

This implements the "genec" layer wrapping mbedtls + openssl
ECDH support.

API tests are added for the parts that are implemented so far.

Stuff related to ec at all, like keys, are prefixed lws_genec_.
Stuff specific to ECDH are prefixed lws_genecdh_.
2018-12-27 06:45:31 +08:00
Andy Green
9bed6d6fc6 clean: general whitespace cleanup 2018-11-23 08:47:56 +08:00
Andy Green
175f2a2d18 tls pending: convert to lws_dll_lws
Also add a check for pending after accept, in case pending was aggregated.
2018-11-05 14:43:50 +08:00
Andy Green
da444d04d1 lws_time_in_microseconds: export
Rename time_in_microseconds() and export the internal
api as lws_time_in_microseconds()
2018-10-14 06:15:36 +08:00
Andy Green
95f3eb2980 plat: ENOTCONN 2018-09-11 18:27:59 +08:00
Andy Green
c1a1e38de0 LWS_WITH_STATS: only report ssl accept delay we have a start time for 2018-09-11 18:27:59 +08:00
Andy Green
d58828692e http: compression methods
Add generic http compression layer eanbled at cmake with LWS_WITH_HTTP_STREAM_COMPRESSION.

This is wholly a feature of the HTTP role (used by h1 and h2 roles) and doesn't exist
outside that context.

Currently provides 'deflate' and 'br' compression methods for server side only.

'br' requires also -DLWS_WITH_HTTP_BROTLI=1 at cmake and the brotli libraries (available in
your distro already) and dev package.

Other compression methods can be added nicely using an ops struct.

The built-in file serving stuff will use this is the client says he can handle it, and the
mimetype of the file either starts with "text/" (html and css etc) or is the mimetype of
Javascript.

zlib allocates quite a bit while in use, it seems to be around 256KiB per stream.  So this
is only useful on relatively strong servers with lots of memory.  However for some usecases
where you are serving a lot of css and js assets, it's a nice help.

The patch performs special treatment for http/1.1 pipelining, since the compression is
performed on the fly the compressed content-length is not known until the end.  So for h1
only, chunked transfer-encoding is automatically added so pipelining can continue of the
connection.

For h2 the chunking is neither supported nor required, so it "just works".

User code can also request to add a compression transform before the reply headers were
sent using the new api

LWS_VISIBLE int
lws_http_compression_apply(struct lws *wsi, const char *name,
			   unsigned char **p, unsigned char *end, char decomp);

... this allows transparent compression of dynamically generated HTTP.  The requested
compression (eg, "deflate") is only applied if the client headers indicated it was
supported, otherwise it's a NOP.

Name may be NULL in which case the first compression method in the internal table at
stream.c that is mentioned as acceptable by the client will be used.

NOTE: the compression translation, same as h2 support, relies on the user code using
LWS_WRITE_HTTP and then LWS_WRITE_HTTP_FINAL on the last part written.  The internal
lws fileserving code already does this.
2018-09-02 14:43:05 +08:00
Andy Green
290e4f1e44 mbedtls: allow build with LWS_ROLE_WS=0 2018-05-11 16:41:34 +08:00
Andy Green
de064fd65a refactor: core code in lib/core and private-libwebsockets.h to core/private.h
This commit is coverity-clean as tested

cmake .. -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITHOUT_EXTENSIONS=1 -DLWS_WITH_ACME=1 -DLWS_WITH_LWSWS=1 -DLWS_WITH_LIBUV=1 -DLWS_WITH_HTTP2=1 -DLWS_WITHOUT_CLIENT=0 -DLWS_WITHOUT_SERVER=0 -DLWS_UNIX_SOCK=1 -DLWS_WITH_TLS=0 -DLWS_WITH_MBEDTLS=0 -DLWS_WITH_CGI=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_GENERIC_SESSIONS=1 -DLWS_WITH_RANGES=1 -DLWS_ROLE_WS=1 -DLWS_MAX_SMP=16 -DLWS_ROLE_H1=1 -DLWS_WITH_WOLFSSL=0 -DLWS_WITH_LIBEV=0 -DLWS_WITH_LIBEVENT=1
2018-05-03 10:49:36 +08:00
Andy Green
a01ad0dd20 hrtimer: add support for libevent and libev 2018-05-02 19:27:33 +08:00
Andy Green
bce8cca042 refactor: also migrate tls to the ops struct and private.h pattern
Several new ops are planned for tls... so better to bite the bullet and
clean it out to the same level as roles + event-libs first.

Also adds a new travis target "mbedtls" and all the tests except
autobahn against mbedtls build.
2018-05-02 12:10:36 +08:00
Andy Green
7ff8f023d1 context info struct: make lws usage all const 2018-04-27 08:37:20 +08:00
Andy Green
16e2f09710 refactor mode and states into roles and states 2018-04-06 12:22:19 +08:00
Andy Green
9a51bd0a63 LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY 2018-04-06 10:38:04 +08:00
Andy Green
302f8fad82 h2 ws: fixes against chrome 2018-04-06 10:38:02 +08:00
Andy Green
7bc6383759 LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT: fixes after tls refactor
https://github.com/warmcat/libwebsockets/issues/1191
2018-02-27 07:48:25 +08:00
Andy Green
d58d749b30 acme: adaptations through plat for esp32 2017-12-11 13:30:12 +08:00
Andy Green
91a821c793 esp32: align with esp-idf changes
LWIP_SOCKET_OFFSET is now nonzero, which I handled a while back.

But the C api support for it is broken in esp-idf.

select() takes unmodified fds, but FD_SET / FD_ISSET etc must have the
offset subtracted on their args.

With this we are working on current HEAD esp-idf.
2017-12-01 11:37:36 +08:00
Andy Green
5b74d7108b gcov: add in cmake and adapt defaults
1) Introduce LWS_WITH_GCOV to build with gcc / clang coverage instrumentation.

$ cd build
$ make clean && rm -f `find . -name "*.gcno" -o -name "*.gcda"` && make -j16 && sudo make install && sudo /usr/local/bin/libwebsockets-test-server -s
...
$ gcov `find . -name *.c.gcno | grep -v test-apps` -b | sed "/\.h.\$/,/^$/d"

The above are available in two helper scripts

 - scripts/build-gcov.sh
 - scripts/gcov.sh

2)

CMake defaults changed:

 - LWS_WITH_ZIP_FOPS: OFF
 - LWS_WITH_RANGES: OFF
 - LWS_WITHOUT_EXTENSIONS: ON
 - LWS_WITH_ZLIB: OFF

New CMake controls that default-OFF:

 - LWS_WITH_GENHASH
 - LWS_WITH_GENRSA

these are implied by LWS_WITH_JWS (which is implied by LWS_WITH_ACME)

3) rename ./lib/tls/XXX/server.c and client.c to XXX-server.c / XXX-client.c.

This is because gcov dumps its results using the .c filename part only,
the copies overwrite each other if there are different .c files in the tree
with the same filename part.

4) Add onetime test-client mode and test to ./test-apps/attack.sh

5) Add gcov howto in READMEs/README.build.md using attack.sh
2017-12-01 11:37:35 +08:00
Andy Green
1f37ec0be9 add selfsigned cert generation api 2017-11-26 19:17:11 +08:00
Petar Paradzik
a552de400a ssl: add support for checking cert existance and verification
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
2017-11-26 19:16:17 +08:00
Andy Green
00ffebfd24 tls: add x509 query api
This adds a single api on lws that allows querying elements from the
peer certificate on a connection.

The api works the same regardless of the TLS backend.
2017-11-26 19:16:17 +08:00
Andy Green
6bc92f7592 wrapper: untrash partial sends before WANT
1) The original wrapper logic for accounting for partial
sends on mbedtls is broken... adapt it

2) mbedtls has an additional restriction you MUST come
back to retry with EXACTLY the unsent part that you
originally asked for, or it loses coherency in the TLS
tunnel.

3) the wrapper is inconsistent between read WANT state
dynamically reported from mbedtls apis and the
SSL_want() api results.  Check both on read.
2017-11-10 10:59:58 +08:00
Andy Green
89cb55ea58 tls: split out common, openssl and mbedtls code
- introduce lib/tls/mbedtls lib/tls/openssl
 - move wrapper into lib/tls/mbedtls/wrapper
 - introduce private helpers to hide backend

This patch doesn't replace or remove the wrapper, it moves it
to lib/tls/mbedtls/wrapper.

But it should be now that the ONLY functions directly consuming
wrapper apis are isolated in

  - lib/tls/mbedtls/client.c (180 lines)
  - lib/tls/mbedtls/server.c (317 lines)
  - lib/tls/mbedtls/ssl.c    (325 lines)

In particular there are no uses of openssl or mbedtls-related
constants outside of ./lib/tls any more.
2017-10-25 07:17:29 +08:00