1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

93 commits

Author SHA1 Message Date
Fabio Alessandrelli
94f3981bef mbedtls: wrapper: client: Force mbedTLS to attemp to verify cert
AG: unlike openssl, mbedtls does not load the system trust store.
So this change will make client tls operations that work OK on openssl fail on
mbedtls unless you provide the correct CA cert.

This allows lws to distinguish between untrusted CAs, hostname
mismatches, expired certificates.

NOTE: LCCSCF_ALLOW_SELFSIGNED actually allows for untrusted CAs, and
will also skip hostname verification. This is somewhat a limitiation of
the current lws verification process.

AG: improve error reporting up to the CLIENT_CONNECTION_ERROR argument
and add a note specific to mbedtls in the test client.  Adapt the test
client to note the CA requirement if built with mbedTLS.  Adapt the
minimal test clients to have the CAs available and use them if mbedTLS.
2018-04-06 10:38:03 +08:00
Andy Green
1820212724 lws_set_timer_usecs: change to usec resolution
This replaces the existing, unreleased lws_set_timer(wsi, secs) with
lws_set_timer_usecs(wsi, usecs).

wsi with a timer waiting are added to a linked-list sorted by the
timer trigger time.

1) poll() timeout (ie, poll wait) is trimmed to the nearest ms of the
first waiting timer if the default poll wait is longer than the
interval until the first waiting timer.

The linked-list of waiting timers is checked every entry and exit
from poll()... if no timers waiting or none reached their time
this costs almost nothing.

2) libuv: the earliest hrtimer is checked after every IO, again this
is costing nothing if the list head is NULL.  If the case there
are hrtimers on the list, it costs a getimeofday (a VDSO in linux)
and more only if any of the timers have fired.

In addition on entry to libuv idle, if there are any waiting hrtimers
on the list, a libuv timer is used to force a wake in case we stay
idle (the libuv timer has ms resolution).

3) libev: not implemented

4) libevent: not implemented

Warnings are logged in the api is used on an event backend without
support.  Patches welcome to add support similarly to libuv.
2018-04-06 10:38:03 +08:00
Andy Green
a4161780df wss-over-h2: show feedback in test page if active 2018-04-06 10:38:03 +08:00
Andy Green
5acbb04b51 unixskt: add test server support and cleanup inode on exit 2018-04-06 10:38:03 +08:00
Andy Green
422cbf24bd align private LWS_NO_EXTENSIONS to be same as public LWS_WITHOUT_EXTENSIONS
This is just an internal mass change of LWS_NO_EXTENSIONS to
LWS_WITHOUT_EXTENSIONS to match the public name and eliminate
all instances of LWS_NO_EXTENSIONS.
2018-04-06 10:38:03 +08:00
Andy Green
302f8fad82 h2 ws: fixes against chrome 2018-04-06 10:38:02 +08:00
Peter Pentchev
1b5d772c4a Subject: echo client: Fix an off-by-one error in --times handling 2018-04-06 10:38:02 +08:00
Peter Pentchev
2c93b25c73 Subject: echo: exit if --times is specified 2018-04-06 10:38:02 +08:00
Andy Green
aae2c24678 lws_snprintf 2018-03-12 09:28:42 +08:00
Andy Green
cb70b6e633 win32: remove snprintf mangling
Everything in lws outside esp32 was changed to use lws_snprintf() a while ago.

This fixes a couple of stragglers and removes the preprocessor mangling.
2018-03-09 08:49:59 +08:00
Andy Green
b49630e515 minimal: add Wall and cleanups 2018-03-07 07:05:39 +08:00
Andy Green
0d5ca2d87b pthreads: more locking 2018-03-05 16:49:28 +08:00
Andy Green
d39ecd814a smp: fixes 2018-03-02 19:19:36 +08:00
Andy Green
3de2e9aa8a pthreads: build test server based on pthreads.h availability
... and fix signed / unsigned comparison
2018-03-02 09:01:22 +08:00
Martin Milata
27115c3258 Subject: [PATCH] do not pass AI_CANONNAME to getaddrinfo()
In some cases this flag causes libc to do reverse DNS lookup the result
of which is not used.
2018-02-23 07:49:05 +08:00
Andy Green
ff2f5f601d libev: libevent conflicts at buildtime 2018-02-19 10:42:31 +08:00
Andy Green
73b0147b40 libev: move accept into vh 2018-02-19 10:19:40 +08:00
Andy Green
a663aefebd test-server-v2.0: remove comment about now filescope init memset 2018-02-14 08:44:58 +08:00
Andy Green
673e3aa549 attack.sh fixes 2018-01-14 11:32:45 +08:00
Andy Green
93bc409ca1 POST: handle http/1 pipelined after body
Re-use wsi->preamble_rx to also hold leftover rx after dealing with POST
body.  Ensure ah->rx is always big enough to cope with what may have
been read into the pt->serv_buf.

Update the check for forced needed to also accept non-NULL wsi->preamble
as well as ah->rxpos != ah->rxlen as indication forced needed.

Disable autoservice on ah reset during transaction completed... it may
close the wsi underneath us when it sees and processes the pending
wsi->preamble_rx recursively otherwise.
2018-01-14 10:25:43 +08:00
Andy Green
5494128faf test-echo: handle WRITABLE callback when nothing to send 2018-01-12 09:52:14 +08:00
Andy Green
0c40f0b7bd ev: signed-unsigned warning in test app 2018-01-08 06:17:12 +08:00
Anzey
08d36dbe43 qnx: add support
https://libwebsockets.org/pipermail/libwebsockets/2018-January/003600.html
2018-01-04 10:43:20 +08:00
Andy Green
2e4ac9defe lejp: fix float
https://libwebsockets.org/pipermail/libwebsockets/2018-January/003599.html
2018-01-04 10:28:06 +08:00
Andy Green
f95f689146 libevent test server Werror sign-compare
https://github.com/warmcat/libwebsockets/issues/1131
2017-12-30 08:47:16 +08:00
Andy Green
b94091130b sshd: support async exec or shell close 2017-12-27 10:02:34 +08:00
Andy Green
1da0197798 truncated: detect and flag any write on a wsi that could have pending truncated 2017-12-07 10:19:48 +08:00
Andy Green
7d59122b5f lws_set_timer
This adds a new api lws_set_timer(wsi, secs), which schedules
a callback LWS_CALLBACK_TIMER secs seconds into the future.

The timer can be continuously deferred by calling lws_set_timer()
again before it expires.

Calling lws_set_timer(wsi, -1) cancels any pending timer.
2017-12-05 20:14:00 +08:00
Andy Green
5b74d7108b gcov: add in cmake and adapt defaults
1) Introduce LWS_WITH_GCOV to build with gcc / clang coverage instrumentation.

$ cd build
$ make clean && rm -f `find . -name "*.gcno" -o -name "*.gcda"` && make -j16 && sudo make install && sudo /usr/local/bin/libwebsockets-test-server -s
...
$ gcov `find . -name *.c.gcno | grep -v test-apps` -b | sed "/\.h.\$/,/^$/d"

The above are available in two helper scripts

 - scripts/build-gcov.sh
 - scripts/gcov.sh

2)

CMake defaults changed:

 - LWS_WITH_ZIP_FOPS: OFF
 - LWS_WITH_RANGES: OFF
 - LWS_WITHOUT_EXTENSIONS: ON
 - LWS_WITH_ZLIB: OFF

New CMake controls that default-OFF:

 - LWS_WITH_GENHASH
 - LWS_WITH_GENRSA

these are implied by LWS_WITH_JWS (which is implied by LWS_WITH_ACME)

3) rename ./lib/tls/XXX/server.c and client.c to XXX-server.c / XXX-client.c.

This is because gcov dumps its results using the .c filename part only,
the copies overwrite each other if there are different .c files in the tree
with the same filename part.

4) Add onetime test-client mode and test to ./test-apps/attack.sh

5) Add gcov howto in READMEs/README.build.md using attack.sh
2017-12-01 11:37:35 +08:00
Andy Green
ad07d95026 cleanups 2017-12-01 11:37:35 +08:00
Ralph Lessmann
33b40e0ae4 mingw: fixes 2017-12-01 11:37:33 +08:00
Andy Green
be525cb624 appveyor: Enable 64-bit build with OpenSSL and HTTP2
Fix warnings found from that

Introduce lws_ptr_diff(head, tail) helper to normalize
pointers to char *, do the subtraction and cast the
result to int.
2017-11-26 19:16:17 +08:00
Andy Green
74fddbc09e cancel_service: change to event-loop agnostic implementation
- Add platform helpers for pipe creation.

 - Change the direct-to-fds implementation to create a wsi for each
   pt and use the normal apis to bind it to the event loop.

 - Modifiy context creation and destroy to create and remove the
   event pipe wsis.

 - Create the event pipe wsis during context create if using the
   default poll() event loop, or when the other event loops start
   otherwise.

 - Add handler that calls back user code with
   LWS_CALLBACK_EVENT_WAIT_CANCELLED

This patch allows you to call `lws_cancel_service(struct lws_context *context)`
from another thread.

It's very cheap for the other thread to call and is safe without
locking.

Every use protocol receives a LWS_CALLBACK_EVENT_WAIT_CANCELLED from
the main thread serialized normally in the event loop.
2017-11-26 19:16:17 +08:00
Andy Green
8c35e14965 test-apps: mirror echo mode 2017-11-05 07:09:06 +08:00
Andy Green
5a90bb36d1 lejp: add test app to parse stdin 2017-10-26 18:55:12 +08:00
Andy Green
1c70181ca2 build: enable signed vs unsigned warnings on gcc
This enables selected things from -Wextra, can't use -Wextra because it is
fussy enough to complain about unused params on functions... they are
there for a reason.

-Wsign-compare
-Wignored-qualifiers
not -Wimplicit-fallthrough=3 ... only on gcc 7
-Wtype-limits
-Wuninitialized
not -Wclobbered ... only on gcc 7ish

fix the warnings everywhere they were found.
2017-10-25 07:17:29 +08:00
Andy Green
89cb55ea58 tls: split out common, openssl and mbedtls code
- introduce lib/tls/mbedtls lib/tls/openssl
 - move wrapper into lib/tls/mbedtls/wrapper
 - introduce private helpers to hide backend

This patch doesn't replace or remove the wrapper, it moves it
to lib/tls/mbedtls/wrapper.

But it should be now that the ONLY functions directly consuming
wrapper apis are isolated in

  - lib/tls/mbedtls/client.c (180 lines)
  - lib/tls/mbedtls/server.c (317 lines)
  - lib/tls/mbedtls/ssl.c    (325 lines)

In particular there are no uses of openssl or mbedtls-related
constants outside of ./lib/tls any more.
2017-10-25 07:17:29 +08:00
Andy Green
904a9c0920 http2: make usable
HTTP/2 support is now able to serve the test server, complete with
websockets, from a single vhost.

 - This works the same with both OpenSSL and mbedTLS.

 - POST is now wired up and works (also for file upload).

 - CGI is wired up and works.

 - Redirect is adapted and works

 - lwsws works.

 - URI urldecode, sanitation and argument parsing wired up for :path

valgrind clean (aside from openssl-style false uninit data usage in mbedtls send occasionally)

h2spec reports:

$ h2spec  -h 127.0.0.1 -p 7681 -t -k -o 1
...
145 tests, 145 passed, 0 skipped, 0 failed"

Incorporates:

 - "https://github.com/warmcat/libwebsockets/pull/1039
	Fixes issue with -Werror=unused-variable flag

 - 2c843a1395
	ssl: fix infinite loop on client cert verification failure

Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>"

Caused and fixes Coverity 184887 - 184892
2017-10-16 17:13:49 +08:00
Andy Green
fc995df480 CMake: convert all LWS_USE_... to LWS_WITH_...
Almost all the CMake options begin with LWS_WITH_..., but many of the
symbols passed to lws are LWS_USE_... , this causes neededless confusion,
compounded by the fact that a few CMake options also begin with
LWS_USE_.

This patch globally converts all LWS_USE_... to LWS_WITH_..., so there
is only one prefix to remember in both CMake and the code.

The affected public CMake options are

LWS_USE_BORINGSSL     ->  LWS_WITH_BORINGSSL
LWS_USE_CYASSL        ->  LWS_WITH_CYASSL
LWS_USE_WOLFSSL       ->  LWS_WITH_WOLFSSL
LWS_USE_MBEDTLS       ->  LWS_WITH_MBEDTLS
LWS_USE_BUNDLED_ZLIB  ->  LWS_WITH_BUNDLED_ZLIB
2017-10-16 17:13:48 +08:00
Andy Green
7597ac3766 Plugins: add ssh-base ssh server plugin 2017-10-16 16:59:57 +08:00
Andy Green
bc451afb30 lws-meta: add var in js to enable and disable by default 2017-09-27 08:24:05 +08:00
Andy Green
93f05d6eff test-client: add justmirror flag 2017-09-27 08:24:05 +08:00
Andy Green
4f267c515e clean up top level of project 2017-09-27 08:24:05 +08:00