1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

32 commits

Author SHA1 Message Date
Andy Green
39b05e7db3 mbedtls: remove mbedtls_x509_crt_info reference
Nobody uses this from the wrapper... it brings in mbedtls_x509_crt_info()
even if you're using -ffunctionsections for a loss of about 1.7KB on Arm.


Let's chop it out...
2020-03-31 11:36:47 +01:00
Andy Green
be32d0554e mbedtls: attempt to remove dependency on net_sockets.c
The mbedtls openssl wrapper wants to use exports from mbedtls' net_sockets.c,
but this is only supposed to work on *nix and windows.  Typically people
are using mbedtls on RTOS type platforms and to use it, net_sockets.c
needs some hacking.

Try to avoid that situation by porting the two exports we need into the
lws plat code and call from the wrapper.
2020-03-27 13:24:44 +00:00
Andy Green
11837db0e0 mbedtls: support older versions without net_sockets.h 2020-03-19 10:14:25 +00:00
Andy Green
bb1a8d37fb rtos diet: make basic auth support a config option on by default
Remove wrapper content for < tls v1.2
2020-03-04 11:00:04 +00:00
Andy Green
3c663da99e rtos diet: mbedtls: wrapper: delete unused functions
Surprisingly -fdata-sections -ffunction-sections does not remove any string literals and __func__
implicit .rodata generated by the removed function's compilation.

That means potentially considerable deadweight is in the image even if the function is removed
at linktime.
2020-03-04 11:00:04 +00:00
Andy Green
ac1229f2f7 minimal-http-client-multi: add POST
This adds support for POST in both h1 and h2 queues / stream binding.

The previous queueing tried to keep the "leader" wsi who made the
actual connection around and have it act on the transaction queue
tail if it had done its own thing.

This refactors it so instead, who is the "leader" moves down the
queue and the queued guys inherit the fd, SSL * and queue from the
old leader as they take over.

This lets them operate in their own wsi identity directly and gets
rid of all the "effective wsi" checks, which was applied incompletely
and getting out of hand considering the separate lws_mux checks for
h2 and other muxed protocols alongside it.

This change also allows one wsi at a time to own the transaction for
POST.  --post is added as an option to lws-minimal-http-client-multi
and 6 extra selftests with POST on h1/h2, pipelined or not and
staggered or not are added to the CI.
2020-02-21 17:32:41 +00:00
Andy Green
2eeec91d3d tls: lws_system per-connection client certs
Now the generic lws_system blobs can cover client certs + key, let's
add support for applying one of the blob sets to a specific client
connection (rather than doing it via the vhost).
2019-12-09 14:48:54 +00:00
Andy Green
0fa5563d18 freertos: rename esp32 plat to freertos 2019-08-26 09:58:57 +01:00
Andy Green
d7f0521aeb private.h: rename to contain dir
Having unique private header names is a requirement of a particular
platform build system it's desirable to work with
2019-08-15 10:49:52 +01:00
Andy Green
97e9bbbd0b mbedtls: wrapper: avoid redefine forward-typedef of X509_STORE_CTX
Some toolchains are in some C++ version mode that objects to redefinition
of a typedef even to the same thing.

Shift a couple for function declarations in the mbedtls wrapper
part so they can piggyback on just the one typedef for their
args.
2019-07-29 00:37:06 +01:00
Andy Green
0f941152f5 COVA10157: expression is unused 2019-07-13 13:41:24 -07:00
Chen Xi
892cde2c71 rtos: add support for AMAZON_RTOS 2019-06-05 05:04:17 +01:00
Andy Green
75c058e250 mbedtls: handle vhost without valid cert gracefully 2019-03-16 09:54:52 +08:00
Andy Green
c3f30bf1fa vhost info: add memory buffer cert support 2019-03-12 11:57:43 +08:00
Andy Green
2d086db6e8 codacy: fixes for warnings 2019-03-10 08:02:02 +08:00
Andy Green
043700a4b0 optee: remove build system 2019-01-15 06:59:48 +08:00
Andy Green
d2a1bbd8aa optee: other plat fixes 2019-01-11 17:14:14 +08:00
Andy Green
ad9c99a6d3 mbedtls: finer-grained enable checks and OP-TEE 2019-01-11 13:17:06 +08:00
Andy Green
7bced4fac7 LWS_INLINE: replace all inline 2018-05-09 09:28:06 +08:00
Andy Green
aa816e98a9 alpn: assemble defaults from roles and allow override
Since new roles may be incompatible with http, add support for
alpn names at the role struct, automatic generation of the
default list of alpn names that servers advertise, and the
ability to override the used alpn names per-vhost and per-
client connection.

This not only lets you modulate visibility or use of h2,
but also enables vhosts that only offer non-http roles,
as well as restricting http role vhosts to only alpn
identifiers related to http roles.
2018-04-19 16:15:10 +08:00
Andy Green
b45956fcb9 client: add alpn processing on mbedtls and openssl
This just supports "http/1.1" alpn and lets the client know it
can use keepalive earlier if it affirmitively negotiated
"http/1.1" on alpn.

mbedTLS wrapper needed a small adaptation to also allow
per-client-ssl control of the alpn negotiation list.
2018-04-06 10:38:03 +08:00
Fabio Alessandrelli
94f3981bef mbedtls: wrapper: client: Force mbedTLS to attemp to verify cert
AG: unlike openssl, mbedtls does not load the system trust store.
So this change will make client tls operations that work OK on openssl fail on
mbedtls unless you provide the correct CA cert.

This allows lws to distinguish between untrusted CAs, hostname
mismatches, expired certificates.

NOTE: LCCSCF_ALLOW_SELFSIGNED actually allows for untrusted CAs, and
will also skip hostname verification. This is somewhat a limitiation of
the current lws verification process.

AG: improve error reporting up to the CLIENT_CONNECTION_ERROR argument
and add a note specific to mbedtls in the test client.  Adapt the test
client to note the CA requirement if built with mbedTLS.  Adapt the
minimal test clients to have the CAs available and use them if mbedTLS.
2018-04-06 10:38:03 +08:00
Andy Green
3e4a1f3b0e client: choose right vh client ssl_ctx 2018-04-06 10:38:03 +08:00
Andy Green
aae2c24678 lws_snprintf 2018-03-12 09:28:42 +08:00
Andy Green
1b43ed1cba mbedtls wrapper: check for malloc.h before using
https://github.com/warmcat/libwebsockets/issues/1163
2018-01-26 07:22:35 +08:00
Andy Green
d58d749b30 acme: adaptations through plat for esp32 2017-12-11 13:30:12 +08:00
Andy Green
c5f6d180dd mbedtls: handle NET_SEND_FAILED
Under the condition the associated client went away (turn off WLAN at the
client), we can spin forever mistaking NET_SEND_FAILED for WANT_WRITE,
which was also true.  This makes sure we understand that was fatal
immediately.
2017-12-01 11:37:35 +08:00
Andy Green
b06665b851 mbedtls: improve SNI for client certs 2017-12-01 11:37:35 +08:00
Andy Green
0c254aba87 tls: add csr generation 2017-12-01 11:37:35 +08:00
Andy Green
00ffebfd24 tls: add x509 query api
This adds a single api on lws that allows querying elements from the
peer certificate on a connection.

The api works the same regardless of the TLS backend.
2017-11-26 19:16:17 +08:00
Andy Green
6bc92f7592 wrapper: untrash partial sends before WANT
1) The original wrapper logic for accounting for partial
sends on mbedtls is broken... adapt it

2) mbedtls has an additional restriction you MUST come
back to retry with EXACTLY the unsent part that you
originally asked for, or it loses coherency in the TLS
tunnel.

3) the wrapper is inconsistent between read WANT state
dynamically reported from mbedtls apis and the
SSL_want() api results.  Check both on read.
2017-11-10 10:59:58 +08:00
Andy Green
89cb55ea58 tls: split out common, openssl and mbedtls code
- introduce lib/tls/mbedtls lib/tls/openssl
 - move wrapper into lib/tls/mbedtls/wrapper
 - introduce private helpers to hide backend

This patch doesn't replace or remove the wrapper, it moves it
to lib/tls/mbedtls/wrapper.

But it should be now that the ONLY functions directly consuming
wrapper apis are isolated in

  - lib/tls/mbedtls/client.c (180 lines)
  - lib/tls/mbedtls/server.c (317 lines)
  - lib/tls/mbedtls/ssl.c    (325 lines)

In particular there are no uses of openssl or mbedtls-related
constants outside of ./lib/tls any more.
2017-10-25 07:17:29 +08:00