1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

494 commits

Author SHA1 Message Date
Andy Green
7812ffabcc build: put back -O3 2018-04-19 16:15:10 +08:00
Andy Green
65f87efca9 pipe2 where possible 2018-04-19 16:15:10 +08:00
Andy Green
aa816e98a9 alpn: assemble defaults from roles and allow override
Since new roles may be incompatible with http, add support for
alpn names at the role struct, automatic generation of the
default list of alpn names that servers advertise, and the
ability to override the used alpn names per-vhost and per-
client connection.

This not only lets you modulate visibility or use of h2,
but also enables vhosts that only offer non-http roles,
as well as restricting http role vhosts to only alpn
identifiers related to http roles.
2018-04-19 16:15:10 +08:00
Andy Green
126be3ccf3 refactor role ops
This only refactors internal architecture and representations, the user
api is unaffected.
2018-04-11 13:39:42 +08:00
Andy Green
16e2f09710 refactor mode and states into roles and states 2018-04-06 12:22:19 +08:00
Andy Green
b45956fcb9 client: add alpn processing on mbedtls and openssl
This just supports "http/1.1" alpn and lets the client know it
can use keepalive earlier if it affirmitively negotiated
"http/1.1" on alpn.

mbedTLS wrapper needed a small adaptation to also allow
per-client-ssl control of the alpn negotiation list.
2018-04-06 10:38:03 +08:00
Andy Green
eedee9c0d3 cmake: remove unused check on inttypes.h 2018-04-06 10:38:03 +08:00
Andy Green
a4161780df wss-over-h2: show feedback in test page if active 2018-04-06 10:38:03 +08:00
Andy Green
422cbf24bd align private LWS_NO_EXTENSIONS to be same as public LWS_WITHOUT_EXTENSIONS
This is just an internal mass change of LWS_NO_EXTENSIONS to
LWS_WITHOUT_EXTENSIONS to match the public name and eliminate
all instances of LWS_NO_EXTENSIONS.
2018-04-06 10:38:03 +08:00
Andy Green
e4a3e8c4d4 LWS_WITH_MINIMAL_EXAMPLES: default-off build all minimal samples after lws for QA
This adds an lws cmake option that builds all the minimal examples as part of lws,
it's useful for QA.

It adds a macro to examples that depend on a particular lws configuration to understand
they should just null out their project definition in builds where the lws configuration
requirement is not met, and we are building as part of lws.

It also adapts all the example library additions to select the just-built-but-not-yet-installed
library in the case it is built as part of lws.  If built standalone, it now uses the cmake
platform-abstracted way to add the library requirement too.
2018-04-06 10:38:03 +08:00
Andy Green
1aed8c8127 h1: header parsing optimizations 2018-03-07 18:19:10 +08:00
Andy Green
3de2e9aa8a pthreads: build test server based on pthreads.h availability
... and fix signed / unsigned comparison
2018-03-02 09:01:22 +08:00
Andy Green
ff2f5f601d libev: libevent conflicts at buildtime 2018-02-19 10:42:31 +08:00
Andy Green
73b0147b40 libev: move accept into vh 2018-02-19 10:19:40 +08:00
krismattheus
5366a766f4 windows: add version resource 2018-02-06 07:07:28 +08:00
Andy Green
1d9d04ff9d LWS_WITH_DISTRO_RECOMMENDED
Idea from Per Bothner
https://libwebsockets.org/pipermail/libwebsockets/2018-January/003635.html
2018-01-27 08:01:33 +08:00
Andy Green
1b43ed1cba mbedtls wrapper: check for malloc.h before using
https://github.com/warmcat/libwebsockets/issues/1163
2018-01-26 07:22:35 +08:00
Anzey
08d36dbe43 qnx: add support
https://libwebsockets.org/pipermail/libwebsockets/2018-January/003600.html
2018-01-04 10:43:20 +08:00
Andy Green
350af2394c gencerts: fix install 2017-12-20 10:42:39 +08:00
Alexander Couzens
d7b6c04aaf CMakeLists: build reproducible by default
Using the build user and build hostname as part of the git hash breaks
reproducible builds. Make this part optional, but build reproducible by
default.
2017-12-10 08:48:09 +08:00
Andy Green
8487279e64 plat: remove esp8266
ESP32 module price is now within range of 8266 price.

ESP32 capability and OS support is hugely better than 8266,
we can support mbedtls tls, http/2 etc with ESP32.

I'm no longer testing on ESP8266... there's no more
user traffic... it's time to go.
2017-12-01 11:37:36 +08:00
Alexey Reznichenko
93846135f2 Add a flag to disable CMake exports
Add LWS_EXPORT_LWSTARGETS (defaults to ON) that can be used to disable
  CMake export targets as well as install export for libwebsockets.

AG: add _WITH_
2017-12-01 11:37:35 +08:00
Andy Green
5b74d7108b gcov: add in cmake and adapt defaults
1) Introduce LWS_WITH_GCOV to build with gcc / clang coverage instrumentation.

$ cd build
$ make clean && rm -f `find . -name "*.gcno" -o -name "*.gcda"` && make -j16 && sudo make install && sudo /usr/local/bin/libwebsockets-test-server -s
...
$ gcov `find . -name *.c.gcno | grep -v test-apps` -b | sed "/\.h.\$/,/^$/d"

The above are available in two helper scripts

 - scripts/build-gcov.sh
 - scripts/gcov.sh

2)

CMake defaults changed:

 - LWS_WITH_ZIP_FOPS: OFF
 - LWS_WITH_RANGES: OFF
 - LWS_WITHOUT_EXTENSIONS: ON
 - LWS_WITH_ZLIB: OFF

New CMake controls that default-OFF:

 - LWS_WITH_GENHASH
 - LWS_WITH_GENRSA

these are implied by LWS_WITH_JWS (which is implied by LWS_WITH_ACME)

3) rename ./lib/tls/XXX/server.c and client.c to XXX-server.c / XXX-client.c.

This is because gcov dumps its results using the .c filename part only,
the copies overwrite each other if there are different .c files in the tree
with the same filename part.

4) Add onetime test-client mode and test to ./test-apps/attack.sh

5) Add gcov howto in READMEs/README.build.md using attack.sh
2017-12-01 11:37:35 +08:00
Ben Delarre
dcf5a83ee4 esp32: move check for xxd and genromfs from CMake to esp32.mk 2017-12-01 11:37:35 +08:00
Andy Green
37e8ee2c00 windows: CHECK_FUNCTION_EXISTS workaround 2017-12-01 11:37:35 +08:00
Andy Green
3ec7c1ab21 ACME client plugin
This adds support for a plugin that can be attached to a vhost
to acquire and maintain its TLS cert automatically.

It works the same with both OpenSSL and mbedTLS backends, but
they can't share auth keys, delete the 'auth.jwk' file as it is
in the example JSON when switching between libs
2017-12-01 11:37:35 +08:00
Ralph Lessmann
33b40e0ae4 mingw: fixes 2017-12-01 11:37:33 +08:00
Andy Green
53bbc6be33 cmake: dont build ssh stuff if no SSL enabled 2017-11-28 07:57:36 +08:00
Adam Wolk
2befafca77 cmake: only generate test cert when SERVER and TESTAPPS enabled
apart from LWS_WITHOUT_TEST_SERVER the test server will also not be
built if LWS_WITHOUT_TESTAPPS or LWS_WITHOUT_SERVER is defined,
we update the CMake configuration to skip cert generation and
installation in those cases.

Signed-off-by: Adam Wolk <adam.wolk@koparo.com>
2017-11-26 19:17:06 +08:00
Andy Green
00ffebfd24 tls: add x509 query api
This adds a single api on lws that allows querying elements from the
peer certificate on a connection.

The api works the same regardless of the TLS backend.
2017-11-26 19:16:17 +08:00
Andy Green
41d1326da0 appveyor artifacts debug 2017-11-26 19:16:17 +08:00
Andy Green
97cd393649 cmake: refactor options into groups and move to top of file 2017-11-26 19:16:17 +08:00
Andy Green
278e520479 JWK + JWS: JSON Web Keys RFC7517 + Signatures support RFC7515
This adds some optional apis around JSON Web Keys and JSON Web Signatures.

HMAC SHA256/384/512 and RSA + SHA256/384/512 are supported.

This also add a new "LWS_WITH_SELFTESTS" that enables the selftests.
2017-11-26 19:07:12 +08:00
Andy Green
c32a22c20b lws-genrsa: add resuable backend-independent rsa decrypt in tls/ and migrate sshd to it 2017-11-10 16:56:44 +08:00
Andy Green
dd3e5619cb lws_genhash: add HMAC
Like the simple hashes, these work the same regardless of if the backend is
OpenSSL or mbedTLS.

Also move into ./lib/tls/ and split into two specific to mbedtls or openssl
backends.
2017-11-10 16:56:44 +08:00
Andy Green
46ee0713de hpack: pseudoheader check improvement 2017-11-10 11:01:25 +08:00
Andy Green
5a90bb36d1 lejp: add test app to parse stdin 2017-10-26 18:55:12 +08:00
Andy Green
f9421f084b lejp: integrate header into libwebsockets.h 2017-10-26 18:55:11 +08:00
Andy Green
505a3fc1fc windows: finally fix gzip redefinition warnings 2017-10-26 18:55:11 +08:00
Andy Green
1c70181ca2 build: enable signed vs unsigned warnings on gcc
This enables selected things from -Wextra, can't use -Wextra because it is
fussy enough to complain about unused params on functions... they are
there for a reason.

-Wsign-compare
-Wignored-qualifiers
not -Wimplicit-fallthrough=3 ... only on gcc 7
-Wtype-limits
-Wuninitialized
not -Wclobbered ... only on gcc 7ish

fix the warnings everywhere they were found.
2017-10-25 07:17:29 +08:00
Andy Green
89cb55ea58 tls: split out common, openssl and mbedtls code
- introduce lib/tls/mbedtls lib/tls/openssl
 - move wrapper into lib/tls/mbedtls/wrapper
 - introduce private helpers to hide backend

This patch doesn't replace or remove the wrapper, it moves it
to lib/tls/mbedtls/wrapper.

But it should be now that the ONLY functions directly consuming
wrapper apis are isolated in

  - lib/tls/mbedtls/client.c (180 lines)
  - lib/tls/mbedtls/server.c (317 lines)
  - lib/tls/mbedtls/ssl.c    (325 lines)

In particular there are no uses of openssl or mbedtls-related
constants outside of ./lib/tls any more.
2017-10-25 07:17:29 +08:00
Andy Green
fcf5b2c25a v2.4.0 2017-10-17 13:21:12 +08:00
Andy Green
c83afc66e6 refactor: subdirs for source in lib
Split out some optional code into own sources to
shrink down libwebsockets.c and server.c a bit
2017-10-16 17:28:37 +08:00
Andy Green
904a9c0920 http2: make usable
HTTP/2 support is now able to serve the test server, complete with
websockets, from a single vhost.

 - This works the same with both OpenSSL and mbedTLS.

 - POST is now wired up and works (also for file upload).

 - CGI is wired up and works.

 - Redirect is adapted and works

 - lwsws works.

 - URI urldecode, sanitation and argument parsing wired up for :path

valgrind clean (aside from openssl-style false uninit data usage in mbedtls send occasionally)

h2spec reports:

$ h2spec  -h 127.0.0.1 -p 7681 -t -k -o 1
...
145 tests, 145 passed, 0 skipped, 0 failed"

Incorporates:

 - "https://github.com/warmcat/libwebsockets/pull/1039
	Fixes issue with -Werror=unused-variable flag

 - 2c843a1395
	ssl: fix infinite loop on client cert verification failure

Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>"

Caused and fixes Coverity 184887 - 184892
2017-10-16 17:13:49 +08:00
Andy Green
fc995df480 CMake: convert all LWS_USE_... to LWS_WITH_...
Almost all the CMake options begin with LWS_WITH_..., but many of the
symbols passed to lws are LWS_USE_... , this causes neededless confusion,
compounded by the fact that a few CMake options also begin with
LWS_USE_.

This patch globally converts all LWS_USE_... to LWS_WITH_..., so there
is only one prefix to remember in both CMake and the code.

The affected public CMake options are

LWS_USE_BORINGSSL     ->  LWS_WITH_BORINGSSL
LWS_USE_CYASSL        ->  LWS_WITH_CYASSL
LWS_USE_WOLFSSL       ->  LWS_WITH_WOLFSSL
LWS_USE_MBEDTLS       ->  LWS_WITH_MBEDTLS
LWS_USE_BUNDLED_ZLIB  ->  LWS_WITH_BUNDLED_ZLIB
2017-10-16 17:13:48 +08:00
Andy Green
7597ac3766 Plugins: add ssh-base ssh server plugin 2017-10-16 16:59:57 +08:00
Alexander von Gluck IV
8bea6c144e Subject: Haiku: initial platform support
https://github.com/warmcat/libwebsockets/pull/1033
2017-09-27 08:24:05 +08:00
Andy Green
4f267c515e clean up top level of project 2017-09-27 08:24:05 +08:00
Andy Green
98df6722ea LWS_WITH_PEER_LIMITS
Introduces an optional, settable restriction on the number of
simultaneous wsi connections and ah that a single peer IP can
obtain.

The default is disabled for build, and if enabled, unlimited.

However when enabled at CMake, setting info.ip_limit_ah and / or
info.ip_limit_wsi at context creation time will enforce the limits.

Connections past the info.ip_limit_wsi limit are dropped, and
connections needing an ah are forced to stay in the ah waiting list
even when ah are available, while the peer is at the number of
ah in info.ip_limit_ah.
2017-09-19 12:09:17 +08:00
Andy Green
dee2d68b9c cmake: add confirm_command macro and use for genromfs + xxd on ESP32 build
Solves the exact issue in

https://github.com/warmcat/libwebsockets/issues/1021
2017-09-19 12:09:17 +08:00