1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

331 commits

Author SHA1 Message Date
Andy Green
440dacc992 JOSE: refactor and prepare for JWE
Until now the JOSE pieces only had enough support for ACME.
This patch improves the JWK parsing to prepare for more
complete support and for adding JWE, genaes and genec in
later patches.
2018-12-27 06:45:31 +08:00
Andy Green
08b5ad9299 role: raw-proxy 2018-12-01 11:05:59 +08:00
Andy Green
d78457425d lws_raw_transaction_completed
This provides a way to defer closing if the output buflist has
unsent content for the wsi, until the buflist is drained.

It doesn't make any assumption about the content being related
to http, so you can use it on raw.

It follows the semantics of the http transaction completed, ie

     if (lws_raw_transaction_completed(wsi))
	return -1

     return 0;
2018-12-01 11:05:59 +08:00
Andy Green
43cf8bb391 wsi: opaque_user_data and accessors
Under some circumstances it's useful to tag a wsi with user
data, while still having an lws-allocated and destroyed pss.
2018-12-01 11:05:59 +08:00
Andy Green
b318877cd9 adopt: allow associated accepted vhost connections to specific role
Normalize the vhost options around optionally handling noncompliant
traffic at the listening socket for both non-tls and tls cases.

By default everything is as before.

However it's now possible to tell the vhost to allow noncompliant
connects to fall back to a specific role and protocol, both set
by name in the vhost creation info struct.

The original vhost flags allowing http redirect to https and
direct http serving from https server (which is a security
downgrade if enabled) are cleaned up and tested.

A minimal example minimal-raw-fallback-http-server is added with
switches to confirm operation of all the valid possibilities (see
the readme on that).
2018-12-01 11:05:59 +08:00
Andy Green
9bed6d6fc6 clean: general whitespace cleanup 2018-11-23 08:47:56 +08:00
Andy Green
cdd8ad702c bind: treat EADDRINUSE as fatal
The retry stuff for bind failures is actually aimed at the scenarios the interface
either doesn't exist yet, or is not configured enough (having an IP) to be bindable yet.

This patch treats EADDRINUSE as fatal at vhost init.
2018-11-22 17:58:30 +08:00
Andy Green
d9f982a055 minimal examples: update for CSP best practices
1) update the logos to svg

2) add svg icon for strict security policy where used

3) define new vhost option flag to enforce sending CSP headers
   with the result code

4) add vhost option flag to minimal examples to
   enforce sending CSP where applicable

5) Go through all the affecting examples confirming they
   still work

6) add LWS_RECOMMENDED_MIN_HEADER_SPACE constant (currently
   2048) to clarify when we need a buffer to hold headers...
   with CSP the headers have become potentially a lot
   larger.
2018-11-21 17:03:29 +08:00
Andy Green
c4c60fb95e minimal: update copies of test assets to CSP-compatible versions 2018-11-15 17:15:29 +08:00
Andy Green
7d9ff98263 logs: go back to ansi only on tty and add lwsl_emit_stderr_notimestamp 2018-11-13 17:03:33 +08:00
Andy Green
f6ae0edf8d strict host check vhost flag
https://github.com/warmcat/libwebsockets/issues/1423

If you vhost->options has the flag LWS_SERVER_OPTION_VHOST_UPG_STRICT_HOST_CHECK,
then if the server is sent an upgrade request, the content of the Host: header is
required to match the vhost name + port.  The port is set to the well-known values
of 80 and 443 if no :port on the host: value, depending on tls or not on the
connection.

minimal-ws-server can now take a -h flag to set this.  lejp-conf (eg, lwsws) can now take
a flag strict-host-check on the vhost to enable it as well.
2018-11-13 09:55:06 +08:00
Andy Green
97f9af5e3b tokenizer: flags for dot not delim and floats as strings 2018-11-13 09:34:10 +08:00
Andy Green
aa4143aebd lws_diskcache: split generic parts from gitohashi into lws 2018-11-12 15:24:42 +08:00
Andy Green
45c788fecc docs: add ascii-art to lws_write description
https://github.com/warmcat/libwebsockets/issues/736
2018-11-03 09:15:36 +08:00
Andy Green
27ae132e7b http: add callback to allow upgrade reject
https://github.com/warmcat/libwebsockets/issues/1415
2018-10-31 13:45:00 +08:00
Andy Green
93d4e186c2 openssl tls1.3: allow setting ciphersuites at context creation time
https://github.com/warmcat/libwebsockets/issues/1440
2018-10-27 08:05:21 +08:00
Andy Green
20fb55934b client vhost OpenSSL set and clear options
https://github.com/warmcat/libwebsockets/issues/1438
2018-10-26 13:55:36 +08:00
Andy Green
d3bc2c3f4f fulltext search 2018-10-26 13:53:28 +08:00
Andy Green
602b0934c8 fulltext search 2018-10-26 13:50:53 +08:00
Andy Green
a5b2248e72 lwsac
Introduce an api for efficiently dealing with allocations for
large, unknown amounts of objects.
2018-10-16 05:05:56 +08:00
Andy Green
da444d04d1 lws_time_in_microseconds: export
Rename time_in_microseconds() and export the internal
api as lws_time_in_microseconds()
2018-10-14 06:15:36 +08:00
Andy Green
6cd80f9fc7 lws_tokenize 2018-10-13 08:16:27 +08:00
Andy Green
31dfc4aa12 role: dbus
This adds support for the integrating libdbus into the lws event loop.

Unlike the other roles, lws doesn't completely adopt the fd and libdbus insists
to retain control over the fd lifecycle.  However libdbus provides apis for
foreign code (lws) to provide event loop services to libdbus for the fd.

Accordingly, unlike the other roles rx and writeable are not subsumed into
lws callback messages and the events remain the property of libdbus.

A context struct wrapper is provided that is available in the libdbus
callbacks to bridge between the lws and dbus worlds, along with
a minimal example dbus client and server.
2018-10-13 08:16:27 +08:00
Andy Green
96628be371 callbacks: fix reuse of callback 75 2018-10-13 08:16:27 +08:00
Andy Green
a95a76399a threadpool: add return flag for outlive wsi 2018-09-30 07:08:59 +08:00
Fredrik Fornstad
6104a25f1f Fix QTA erase after factory partition update 2018-09-17 07:26:08 +08:00
Andy Green
fd810f198a http proxy: client: unix socket support
This allows the client stuff to understand that addresses beginning with '+'
represent unix sockets.

If the first character after the '+' is '@', it understands that the '@'
should be read as '\0', in order to use Linux "abstract namespace"
sockets.

Further the lws_parse_uri() helper is extended to understand the convention
that an address starting with + is a unix socket, and treats the socket
path as delimited by ':', eg

http://+/var/run/mysocket:/my/path

HTTP Proxy is updated to allow mounts to these unix socket paths.

Proxy connections go out on h1, but are dynamically translated to h1 or h2
on the incoming side.

Proxy usage of libhubbub is separated out... LWS_WITH_HTTP_PROXY is on by
default, and LWS_WITH_HUBBUB is off by default.
2018-09-12 13:58:13 +08:00
Andy Green
ebed5e74cb threadpool 2018-09-11 18:27:59 +08:00
Andy Green
3be0c5dfee genhmac: expose as VISIBLE 2018-09-11 18:27:59 +08:00
Andy Green
60362c727d lejp: always allow an extra byte at the end of the string buffer for NUL 2018-09-11 18:27:59 +08:00
Andy Green
d1f9f0ae2d libwebsockets.h: split out into a dir of sub-includes included by libwebsockets.h
This has no effect on user code or backward compatibility.

It moves the in-tree public api header libwebsockets.h from ./lib
to ./include, and introduces a dir ./include/libwebsockets/

The single public api header is split out into 31 sub-headers
in ./include/libwebsockets.  ./include/libwebsockets.h contains
some core types and platform adaptation code, but the rest of it
is now 31 #include <libwebsockets/...>

At install time, /usr/[local/]include/libwebsockets.h is installed
as before, along now with the 31 sub-headers in ...include/libwebsockets/

There's no net effect on user code.

But the api header is now much easier to maintain and study, with 31
topic-based sub headers.
2018-09-11 18:27:59 +08:00