You can build lws without support for ws, with -DLWS_ROLE_WS=0.
This is thanks to the role ops isolating all the ws-specific business
in the ws role.
Also retire more test apps replaced by minmal-examples.
This replaces the old test-app for echo with separate client and server
minimal versions.
The autobahn test script is made more autonomous and tests both
client and server.
Since new roles may be incompatible with http, add support for
alpn names at the role struct, automatic generation of the
default list of alpn names that servers advertise, and the
ability to override the used alpn names per-vhost and per-
client connection.
This not only lets you modulate visibility or use of h2,
but also enables vhosts that only offer non-http roles,
as well as restricting http role vhosts to only alpn
identifiers related to http roles.
This just supports "http/1.1" alpn and lets the client know it
can use keepalive earlier if it affirmitively negotiated
"http/1.1" on alpn.
mbedTLS wrapper needed a small adaptation to also allow
per-client-ssl control of the alpn negotiation list.
This is just an internal mass change of LWS_NO_EXTENSIONS to
LWS_WITHOUT_EXTENSIONS to match the public name and eliminate
all instances of LWS_NO_EXTENSIONS.
This adds an lws cmake option that builds all the minimal examples as part of lws,
it's useful for QA.
It adds a macro to examples that depend on a particular lws configuration to understand
they should just null out their project definition in builds where the lws configuration
requirement is not met, and we are building as part of lws.
It also adapts all the example library additions to select the just-built-but-not-yet-installed
library in the case it is built as part of lws. If built standalone, it now uses the cmake
platform-abstracted way to add the library requirement too.
Using the build user and build hostname as part of the git hash breaks
reproducible builds. Make this part optional, but build reproducible by
default.
ESP32 module price is now within range of 8266 price.
ESP32 capability and OS support is hugely better than 8266,
we can support mbedtls tls, http/2 etc with ESP32.
I'm no longer testing on ESP8266... there's no more
user traffic... it's time to go.
Add LWS_EXPORT_LWSTARGETS (defaults to ON) that can be used to disable
CMake export targets as well as install export for libwebsockets.
AG: add _WITH_
1) Introduce LWS_WITH_GCOV to build with gcc / clang coverage instrumentation.
$ cd build
$ make clean && rm -f `find . -name "*.gcno" -o -name "*.gcda"` && make -j16 && sudo make install && sudo /usr/local/bin/libwebsockets-test-server -s
...
$ gcov `find . -name *.c.gcno | grep -v test-apps` -b | sed "/\.h.\$/,/^$/d"
The above are available in two helper scripts
- scripts/build-gcov.sh
- scripts/gcov.sh
2)
CMake defaults changed:
- LWS_WITH_ZIP_FOPS: OFF
- LWS_WITH_RANGES: OFF
- LWS_WITHOUT_EXTENSIONS: ON
- LWS_WITH_ZLIB: OFF
New CMake controls that default-OFF:
- LWS_WITH_GENHASH
- LWS_WITH_GENRSA
these are implied by LWS_WITH_JWS (which is implied by LWS_WITH_ACME)
3) rename ./lib/tls/XXX/server.c and client.c to XXX-server.c / XXX-client.c.
This is because gcov dumps its results using the .c filename part only,
the copies overwrite each other if there are different .c files in the tree
with the same filename part.
4) Add onetime test-client mode and test to ./test-apps/attack.sh
5) Add gcov howto in READMEs/README.build.md using attack.sh
This adds support for a plugin that can be attached to a vhost
to acquire and maintain its TLS cert automatically.
It works the same with both OpenSSL and mbedTLS backends, but
they can't share auth keys, delete the 'auth.jwk' file as it is
in the example JSON when switching between libs
apart from LWS_WITHOUT_TEST_SERVER the test server will also not be
built if LWS_WITHOUT_TESTAPPS or LWS_WITHOUT_SERVER is defined,
we update the CMake configuration to skip cert generation and
installation in those cases.
Signed-off-by: Adam Wolk <adam.wolk@koparo.com>
This adds a single api on lws that allows querying elements from the
peer certificate on a connection.
The api works the same regardless of the TLS backend.
This adds some optional apis around JSON Web Keys and JSON Web Signatures.
HMAC SHA256/384/512 and RSA + SHA256/384/512 are supported.
This also add a new "LWS_WITH_SELFTESTS" that enables the selftests.
Like the simple hashes, these work the same regardless of if the backend is
OpenSSL or mbedTLS.
Also move into ./lib/tls/ and split into two specific to mbedtls or openssl
backends.
