1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

51 commits

Author SHA1 Message Date
Andy Green
2fc35ef6bd stats: move to pt and improve presentation 2019-08-12 06:18:04 +01:00
Andy Green
498a4e2bd7 sul: all timed objects use a single pt sul list
wsi timeout, wsi hrtimer, sequencer timeout and vh-protocol timer
all now participate on a single sorted us list.

The whole idea of polling wakes is thrown out, poll waits ignore the
timeout field and always use infinite timeouts.

Introduce a public api that can schedule its own callback from the event
loop with us resolution (usually ms is all the platform can do).

Upgrade timeouts and sequencer timeouts to also be able to use us resolution.

Introduce a prepared fakewsi in the pt, so we don't have to allocate
one on the heap when we need it.

Directly handle vh-protocol timer if LWS_MAX_SMP == 1
2019-08-09 10:12:09 +01:00
Andy Green
3c12fd72e8 unify us sorted waits
There are quite a few linked-lists of things that want events after
some period.  This introduces a type binding an lws_dll2 for the
list and a lws_usec_t for the duration.

The wsi timeouts, the hrtimer and the sequencer timeouts are converted
to use these, also in the common event wait calculation.
2019-08-08 22:39:47 +01:00
Andy Green
45ec3ce369 lws_dll: upgrade all instances to lws_dll2
lws_dll2 removes the downsides of lws_dll and adds new features like a
running member count and explicit owner type... it's cleaner and more
robust (eg, nodes know their owner, so they can casually switch between
list owners and remove themselves without the code knowing the owner).

This deprecates lws_dll, but since it's public it allows it to continue
to be built for 4.0 release if you give cmake LWS_WITH_DEPRECATED_LWS_DLL.

All remaining internal users of lws_dll are migrated to lws_dll2.
2019-08-08 16:58:55 +01:00
Andy Green
f60db2fff9 openssl: rename internal api for describe error stack and make it destructive again 2019-07-13 13:28:44 -07:00
Andy Green
89fd3d822e openssl: explicitly clear error queue
https://libwebsockets.org/pipermail/libwebsockets/2019-July/008033.html
2019-07-10 20:34:24 +01:00
Andy Green
805c033b6b openssl: client certs: use info.client_ssl_private_key_password
https://github.com/warmcat/libwebsockets/issues/1599
2019-06-21 07:18:48 +01:00
kzhdev
c40394f968 openssl: client: handle no tcr 2019-04-06 05:52:23 +08:00
Andy Green
462847bb6f lws_dll: remove lws_dll_lws and deprecate lws_dll_remove 2019-03-21 06:19:31 +08:00
Andy Green
555c34b044 openssl: reuse client SSL_CTX where possible
If you have multiple vhosts with client contexts enabled, under
OpenSSL each one brings in the system cert bundle.

On libwebsockets.org, there are many vhosts and the waste adds up
to about 9MB of heap.

This patch makes a sha256 from the client context configuration, and
if a suitable client context already exists on another vhost, bumps
a refcount and reuses the client context.

In the case client contexts are configured differently, a new one
is created (and is available for reuse as well).
2019-03-18 06:54:38 +08:00
Andy Green
84a57540ab LWS_WITH_NETWORK: cmake option for no network code 2019-01-13 07:54:57 +08:00
Andy Green
0adc845507 lws-x509: validation functions 2018-12-31 20:35:54 +08:00
Andy Green
eda102e397 jwe 2018-12-27 06:45:32 +08:00
Andy Green
47e14ba34b genrsa: add OAEP and PSS and convert openssl to EVP
Wanting PSS padding on signatures triggers and avalanche of
openssl EVP conversions as the only way to do it with the
openssl public apis.
2018-12-27 06:45:31 +08:00
Andy Green
9bed6d6fc6 clean: general whitespace cleanup 2018-11-23 08:47:56 +08:00
Andy Green
175f2a2d18 tls pending: convert to lws_dll_lws
Also add a check for pending after accept, in case pending was aggregated.
2018-11-05 14:43:50 +08:00
Andy Green
38fe22e4db openssl: info log with cipher details and tls version 2018-10-20 07:54:58 +08:00
Andy Green
da444d04d1 lws_time_in_microseconds: export
Rename time_in_microseconds() and export the internal
api as lws_time_in_microseconds()
2018-10-14 06:15:36 +08:00
Andy Green
d03c57b87f quench logging 2018-10-13 08:16:27 +08:00
Andy Green
33a6034875 codacy: minor fixes 2018-10-13 08:16:27 +08:00
Andy Green
78e6d45f78 openssl: error handling align 2018-09-11 18:27:59 +08:00
Andy Green
95f3eb2980 plat: ENOTCONN 2018-09-11 18:27:59 +08:00
Andy Green
c1a1e38de0 LWS_WITH_STATS: only report ssl accept delay we have a start time for 2018-09-11 18:27:59 +08:00
Andy Green
9ad08ec9c1 LWS_WITH_STATS: clean refactor dust
https://github.com/warmcat/libwebsockets/issues/1383
2018-09-11 18:27:59 +08:00
Rosen Penev
eb4cefceae openssl: Fix compile with 1.1.0 - deprecated APIs
These function have been deprecated. Keep compatibility with OpenSSL 1.0.2 as it is still supported.
2018-06-30 09:42:44 +08:00
Andy Green
de064fd65a refactor: core code in lib/core and private-libwebsockets.h to core/private.h
This commit is coverity-clean as tested

cmake .. -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITHOUT_EXTENSIONS=1 -DLWS_WITH_ACME=1 -DLWS_WITH_LWSWS=1 -DLWS_WITH_LIBUV=1 -DLWS_WITH_HTTP2=1 -DLWS_WITHOUT_CLIENT=0 -DLWS_WITHOUT_SERVER=0 -DLWS_UNIX_SOCK=1 -DLWS_WITH_TLS=0 -DLWS_WITH_MBEDTLS=0 -DLWS_WITH_CGI=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_GENERIC_SESSIONS=1 -DLWS_WITH_RANGES=1 -DLWS_ROLE_WS=1 -DLWS_MAX_SMP=16 -DLWS_ROLE_H1=1 -DLWS_WITH_WOLFSSL=0 -DLWS_WITH_LIBEV=0 -DLWS_WITH_LIBEVENT=1
2018-05-03 10:49:36 +08:00
Andy Green
a01ad0dd20 hrtimer: add support for libevent and libev 2018-05-02 19:27:33 +08:00
Andy Green
bce8cca042 refactor: also migrate tls to the ops struct and private.h pattern
Several new ops are planned for tls... so better to bite the bullet and
clean it out to the same level as roles + event-libs first.

Also adds a new travis target "mbedtls" and all the tests except
autobahn against mbedtls build.
2018-05-02 12:10:36 +08:00
kaleb-himes
65b68bdc70 wolfSSL updates 2018-04-28 07:55:27 +08:00
Andy Green
7ff8f023d1 context info struct: make lws usage all const 2018-04-27 08:37:20 +08:00
Andy Green
27e86e2641 cmake: allow setting LWS_ROLE_WS
You can build lws without support for ws, with -DLWS_ROLE_WS=0.

This is thanks to the role ops isolating all the ws-specific business
in the ws role.

Also retire more test apps replaced by minmal-examples.
2018-04-25 08:42:18 +08:00
Andy Green
8829c2f365 selftests
This converts several of the selftests to return a status in their exit code
about whether they 'worked'.

A small bash script framework is added, with a selftest.sh in the mininmal
example dirs that support it, and a ./minimal-examples/selftests.sh script
that can be run from the build dir with no args that discovers and runs all
the selftest.sh scripts underneath.

That is also integrated into travis and the enabled tests must pass now for
travis to pass.  Travis does not have a modern libuv so it can't run a
couple of tests which are nulled out if it sees it's running in travis env.
2018-04-19 16:16:48 +08:00
Andy Green
16e2f09710 refactor mode and states into roles and states 2018-04-06 12:22:19 +08:00
Andy Green
9a51bd0a63 LWS_TLS_CERT_INFO_OPAQUE_PUBLIC_KEY 2018-04-06 10:38:04 +08:00
Andy Green
2a9b6f54c6 client: h2
This adds h2 http support for the client api.

The public client api requires no changes, it will detect by
ALPN if the server can handle http/2, if so, it will use it.

Multiple client connections using the lws api will be mapped on
to the same single http/2 + tls socket using http/2 streams
that are serviced simultaneously where possible.
2018-04-06 10:38:03 +08:00
Andy Green
865b2439ce mingw: also workaround ENOTCONN 2018-04-06 10:38:03 +08:00
Andy Green
302f8fad82 h2 ws: fixes against chrome 2018-04-06 10:38:02 +08:00
Andy Green
aae2c24678 lws_snprintf 2018-03-12 09:28:42 +08:00
Andy Green
7bc6383759 LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT: fixes after tls refactor
https://github.com/warmcat/libwebsockets/issues/1191
2018-02-27 07:48:25 +08:00
Andy Green
3eae5b1363 openssl: treat SYSCALL at connect as always fatal 2018-01-08 06:35:12 +08:00
Sergio Hernández
f3c6fac3cb Detect dead socket on iOS when server closed connection 2017-12-27 10:02:34 +08:00
Andy Green
e8e448df3e plat optee: updates 2017-12-20 10:44:21 +08:00
Andy Green
d58d749b30 acme: adaptations through plat for esp32 2017-12-11 13:30:12 +08:00
Andy Green
5b74d7108b gcov: add in cmake and adapt defaults
1) Introduce LWS_WITH_GCOV to build with gcc / clang coverage instrumentation.

$ cd build
$ make clean && rm -f `find . -name "*.gcno" -o -name "*.gcda"` && make -j16 && sudo make install && sudo /usr/local/bin/libwebsockets-test-server -s
...
$ gcov `find . -name *.c.gcno | grep -v test-apps` -b | sed "/\.h.\$/,/^$/d"

The above are available in two helper scripts

 - scripts/build-gcov.sh
 - scripts/gcov.sh

2)

CMake defaults changed:

 - LWS_WITH_ZIP_FOPS: OFF
 - LWS_WITH_RANGES: OFF
 - LWS_WITHOUT_EXTENSIONS: ON
 - LWS_WITH_ZLIB: OFF

New CMake controls that default-OFF:

 - LWS_WITH_GENHASH
 - LWS_WITH_GENRSA

these are implied by LWS_WITH_JWS (which is implied by LWS_WITH_ACME)

3) rename ./lib/tls/XXX/server.c and client.c to XXX-server.c / XXX-client.c.

This is because gcov dumps its results using the .c filename part only,
the copies overwrite each other if there are different .c files in the tree
with the same filename part.

4) Add onetime test-client mode and test to ./test-apps/attack.sh

5) Add gcov howto in READMEs/README.build.md using attack.sh
2017-12-01 11:37:35 +08:00
Andy Green
1f37ec0be9 add selfsigned cert generation api 2017-11-26 19:17:11 +08:00
Petar Paradzik
a552de400a ssl: add support for checking cert existance and verification
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
2017-11-26 19:16:17 +08:00
Petar Paradzik
2f7bd10487 Subject: ssl: fix source and destination overlap in strcpy
Use memmove instead...

AG add explanation for union name[] member length.

Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
2017-11-26 19:16:17 +08:00
Petar Paradzik
939436b793 Subject: ssl: fix x509 memory leaks
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
2017-11-26 19:16:17 +08:00
Andy Green
00ffebfd24 tls: add x509 query api
This adds a single api on lws that allows querying elements from the
peer certificate on a connection.

The api works the same regardless of the TLS backend.
2017-11-26 19:16:17 +08:00
Andy Green
be525cb624 appveyor: Enable 64-bit build with OpenSSL and HTTP2
Fix warnings found from that

Introduce lws_ptr_diff(head, tail) helper to normalize
pointers to char *, do the subtraction and cast the
result to int.
2017-11-26 19:16:17 +08:00