1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

247 commits

Author SHA1 Message Date
Andy Green
3f4623bb36 lws_metrics
There are a few build options that are trying to keep and report
various statistics

 - DETAILED_LATENCY
 - SERVER_STATUS
 - WITH_STATS

remove all those and establish a generic rplacement, lws_metrics.

lws_metrics makes its stats available via an lws_system ops function
pointer that the user code can set.

Openmetrics export is supported, for, eg, prometheus scraping.
2021-03-08 21:47:28 +00:00
Andy Green
6d0f2500b0 windows: doesnt have #warning 2021-03-05 20:08:49 +00:00
Andy Green
9af105ebf8 sai: xenial 2021-02-28 19:05:25 +00:00
Andy Green
dc051fb2ae OpenBSD: various api ports 2021-02-17 11:39:15 +00:00
Andy Green
8e5f8491db opensslv3: handle deprecation of EC apis
openssl v3-alpha11 has marked EC_KEY pieces as deprecated... we use it in
LWS_WITH_GENCRYPTO but the related RSA etc pieces were already deprecated
for that.  We use EC_KEY pieces in vhost init...

The apis are not removed but deprecated, we should have a way to keep
trucking, but as it is the deprecation warning is promoted to an error.

Let's add LWS_SUPPRESS_DEPRECATED_API_WARNINGS option off by default.  If
enabled at cmake, external deprecated api warnings are suppressed.  This
gives a general workaround for now for opensslv3.

In addition, even if you don't do that, let's notice we are on openssl v3
and don't build the EC curve selection stuff, I don't think anyone is
actually using it anyway.
2021-02-17 11:39:15 +00:00
Andy Green
1f019f99f4 libressl: adapt type rules
Update libressl rules for options api type,
add some docs to build, use CHECK_SYMBOL_EXISTS since
CHECK_FUNCTION_EXISTS is fooled by the conditionals
in the headers
2021-02-17 11:39:15 +00:00
Jed Lu
0a453e3be3 tls: wrapper: make sure alpn freed once 2021-02-03 08:49:59 +00:00
Andy Green
334212ef2e windows: mbedtls: clean warnings 2021-01-29 21:22:35 +00:00
Andy Green
fd24392cd3 tls: add cmake options to dump tls 2021-01-23 20:58:36 +00:00
Andy Green
ffa0a38a1a openssl: acquire ex indexes once for multicontext
https://github.com/warmcat/libwebsockets/issues/2178
2021-01-23 04:55:56 +00:00
Andy Green
d5618f6059 Wconversion: workarounds for CentOS7 2021-01-22 12:25:03 +00:00
Andy Green
50d032c0f5 openssl: client ctx: track tcrs in vh object 2021-01-19 14:13:41 +00:00
Andy Green
e5b191be35 h2: post buflist: track rx_content_length
On h2 server POST, there's a race to see if the POST body is going to be
received coalesced with the headers.

The problem is on h2, we can't action the stream http request or body until
the stream is writeable, since we may start issuing the response right away;
there's already DEFERRING_ACTION state to manage this.  And indeed, the
coalesced, not-immediately-actionable POST body is buflisted properly.

However when we come to action the POST using buflisted data, we don't follow
the same pattern as dealing with the incoming data immediately.

This patch aligns the pattern dumping the buflist content to track
expected rx_content_length and handle BODY_COMPLETION if we got to
the end of it, along with removal from the pt list of wsi with pending
buflists if we used it up.
2021-01-18 19:49:02 +00:00
Andy Green
c403b129ad mbedtls: change cert load semantics to append
Adapt the wrapper for SSL_CTX_add_client_CA_ASN1 to reuse
any existing x.509 chain and just add to it.  Previously it
was replacing it.
2021-01-13 20:05:59 +00:00
Andy Green
a8d6ac8923 netbsdBE: enable ctest and fix test cert generation
NetBSD test server cert gen lacked a CN, add it for localhost

Enable Sai -j6 from -j4 for netbsdBE... it's slow but it is SMP

Add build in sai for secure-streams-proxy scenario
2021-01-05 10:56:38 +00:00
Andy Green
ce3b99cd8f clean: reduce logging and add some conditional debug helpers 2021-01-05 10:56:38 +00:00
Andy Green
c9731c5f17 type comparisons: fixes
This is a huge patch that should be a global NOP.

For unix type platforms it enables -Wconversion to issue warnings (-> error)
for all automatic casts that seem less than ideal but are normally concealed
by the toolchain.

This is things like passing an int to a size_t argument.  Once enabled, I
went through all args on my default build (which build most things) and
tried to make the removed default cast explicit.

With that approach it neither change nor bloat the code, since it compiles
to whatever it was doing before, just with the casts made explicit... in a
few cases I changed some length args from int to size_t but largely left
the causes alone.

From now on, new code that is relying on less than ideal casting
will complain and nudge me to improve it by warnings.
2021-01-05 10:56:38 +00:00
Andy Green
0ceba15d9c lws_lifecycle
This adds some new objects and helpers for keeping and logging
info on grouped allocations, a group is, eg, SS handles or client
wsis.

Allocated objects get a context-unique "tag" string intended to replace
%p / wsi pointers etc.  Pointers quickly become confusing when
allocations are freed and reused, the tag string won't repeat
until you produce 2^64 objects in a context.

In addition the tag string documents the object group, with prefixes
like "wsi-" or "vh-" and contain object-specific additional
information like the vhost name, address / port  or the role of the wsi.
At creation time the lws code can use a format string and args
to add whatever group-specific info makes sense, eg, a wsi bound
to a secure stream can also append the guid of the secure stream,
it's copied into the new object tag and so is still available
cleanly after the stream is destroyed if the wsi outlives it.
2021-01-04 05:26:50 +00:00
Andy Green
eb5f437578 h2: post: add states to wait for body 2020-12-24 16:14:36 +00:00
Andy Green
9b42fc6aae NetBSD: also need two-arg setpgid
Enable sai
2020-12-07 11:31:53 +00:00
Andy Green
8b82560014 cmake: netbsd: no libdl 2020-12-06 19:39:35 +00:00
Andy Green
44e860642b docs: switch to use main 2020-10-19 16:35:03 +01:00
Andy Green
62e566b9de client: move staged connect pieces into core-net
They have been in lib/roles/http for historical reasons, and all
ended up in client-handshake.c that doesn't describe what they
actually do any more.  Separate out the staged client connect
related stage functions into

  lib/core-net/client/client2.c: lws_client_connect_2_dnsreq()
  lib/core-net/client/client3.c: lws_client_connect_3_connect()
  lib/core-net/client/client4.c: lws_client_connect_4_established()

Move a couple of other functions from there that don't belong out to
tls-client.c and client-http.c, which is related to http and remains
in the http role dir.
2020-09-21 12:47:11 +01:00
Orgad Shaneh
471dbf5280 cmake: mingw: fix openssl linkage
ws32 and friends must come after the openssl libs,
and pthread is required for openssl.
2020-09-18 11:37:17 +01:00
Sakthi Kannan
1a8979b68c mbedtls: use lws helper for PEM DER import 2020-09-16 07:07:04 +01:00
Andy Green
5c7b5af92a cmake: disable export visibility when building lws static
This is complicated by the fact extern on a function declaration implies
visibility... we have to make LWS_EXTERN empty when building static.

And, setting target_compile_definitions() doesn't work inside macros,
so it has to be set explicitly for the plugins.

Checking the symbol status needs nm -C -D as per

https://stackoverflow.com/questions/37934388/symbol-visibility-not-working-as-expected

after this patch, libwebsockets.a shows no symbols when checked like that and
the static-linked minimal examples only show -U for their other dynamic
imports.

In a handful of cases we use LWS_EXTERN on extern data declarations,
those then need to change to explicit extern.
2020-09-06 11:46:25 +01:00
Andy Green
008b355166 freertos: fixes for build on atmel xdk 2020-09-03 12:49:54 +01:00
SCRockz
ad7b17f437 cmake: qnx adaptations
https://github.com/warmcat/libwebsockets/issues/2034
2020-09-03 08:18:52 +01:00
Orgad Shaneh
edb7d6ffc1 openssl: allow build with old glibc headers
strnlen requires _GNU_SOURCE prior to glibc 2.10.
2020-08-31 16:51:37 +01:00
Andy Green
fe7fdef9be clean: SSL_accept failure just needs info logging 2020-08-31 16:51:37 +01:00
Andy Green
692f269045 coverity: 62140: if newer mbedtls apis available use and check returns
mbedtls has older and newer hashing apis, if we detected the newer ones
we use them like the older ones since generally, hashing doesn't have a
way to fail for sha and md5 update etc.

Coverity objects... change it to dumbly check the retcode.
2020-08-19 07:46:21 +01:00
Andy Green
cc5fb48598 coverity: 21034: dont bother assigning shutdown api return 2020-08-18 14:00:54 +01:00
Andy Green
520befb554 coverity: 61708: privkey required for mbedtls 2020-08-18 14:00:54 +01:00
Andy Green
7b847f8315 coverity: 62212: coverity says its dead code 2020-08-18 14:00:54 +01:00
Andy Green
4cd381f933 cmake: tls: wolfssl
PARENT_SCOPE needs adjusting in a few places for wolfssl to work, and
we need a second level export of USE_WOLFSSL through lib/CMakeLists.txt

Add noi/f32 Sai build for WOLFSSL + MINIMAL_EXAMPLES
2020-08-10 15:04:10 +01:00
Andy Green
a424623dc6 docs: add README-debugging.md and provide example points for decrypted traffic handling
Some general debugging advice but also really clarify the official way of how to dump
what is going out and coming in directly from the tls tunnel, so you can see the
actual data unencrypted.
2020-07-30 16:23:59 +01:00
Andy Green
7eb36102a9 ss: server: h1, h2, ws basic support
Add initial support for defining servers using Secure Streams
policy and api semantics.

Serving h1, h2 and ws should be functional, the new minimal
example shows a combined http + SS server with an incrementing
ws message shown in the browser over tls, in around 200 lines
of user code.

NOP out anything to do with plugins, they're not currently used.

Update the docs correspondingly.
2020-07-27 12:05:24 +01:00
Andy Green
1a93e73402 fakewsi: replace with smaller substructure
Currently we always reserve a fakewsi per pt so events that don't have a related actual
wsi, like vhost-protocol-init or vhost cert init via protocol callback can make callbacks
that look reasonable to user protocol handler code expecting a valid wsi every time.

This patch splits out stuff that user callbacks often unconditionally expect to be in
a wsi, like context pointer, vhost pointer etc into a substructure, which is composed
into struct lws at the top of it.  Internal references (struct lws is opaque, so there
are only internal references) are all updated to go via the substructre, the compiler
should make that a NOP.

Helpers are added when fakewsi is used and referenced.

If not PLAT_FREERTOS, we continue to provide a full fakewsi in the pt as before,
although the helpers improve consistency by zeroing down the substructure.  There is
a huge amount of user code out there over the last 10 years that did not always have
the minimal examples to follow, some of it does some unexpected things.

If it is PLAT_FREERTOS, that is a newer thing in lws and users have the benefit of
being able to follow the minimal examples' approach.  For PLAT_FREERTOS we don't
reserve the fakewsi in the pt any more, saving around 800 bytes.  The helpers then
create a struct lws_a (the substructure) on the stack, zero it down (but it is only
like 4 pointers) and prepare it with whatever we know like the context.

Then we cast it to a struct lws * and use it in the user protocol handler call.
In this case, the remainder of the struct lws is undefined.  However the amount of
old protocol handlers that might touch things outside of the substructure in
PLAT_FREERTOS is very limited compared to legacy lws user code and the saving is
significant on constrained devices.

User handlers should not be touching everything in a wsi every time anyway, there
are several cases where there is no valid wsi to do the call with.  Dereference of
things outside the substructure should only happen when the callback reason shows
there is a valid wsi bound to the activity (as in all the minimal examples).
2020-07-20 06:28:52 +01:00
Andy Green
6b3221ffc1 mbedtls: only free crt_parse when something came back
Mbedtls mbedtls_x509_crt_parse() returns 0 for success which is good.
But it has a complicated idea about what to return on fail... if it
couldn't make even one cert from the data, then it returns a negative
return indicating the parsing problem and there is nothing to free.

If it managed to parse at least one cert, instead it retuns a positive
number indicating the number of certs it didn't parse successfully,
and there is something to free.

Adapt the code to understand this quirk.
2020-07-09 15:30:34 +01:00
Andy Green
6747ab830e content_info: make members conditional 2020-06-18 08:29:43 +01:00
Andy Green
30e6c22e14 openssl3: migrate genhmac to EVP
The low level apis for HMAC (including those only introduced at 1.1.0...)
are all deprecated in OpenSSL v3.

Let's bite the bullet and migrate to EVP, it's already existing in modern
OpenSSL and we already use it for genhash.

EVP needs a PKEY, sort that out and keep it around until the hmac is
destroyed.
2020-06-16 19:45:35 +01:00
Andy Green
2a772776a9 windows: for data exports use explicit extern
LWS_EXTERN needs to be empty for windows when declaring functions in the
headers.  But for data, it needs the explicit extern otherwise on windows
or mingw based builds, it thinks we are redeclaring the data each time.
2020-06-07 07:53:36 +01:00
Andy Green
f0c1ea801c mingw: fix for different sockfd type in udp example
As found by Sai
2020-06-06 15:53:58 +01:00
alex
5d514b35fc tls: add read client .pem or .der from memory #1941
and added read private key from mem
2020-06-06 13:09:31 +01:00
Andy Green
c0294c3e10 clean: use lws_intptr_t where needed 2020-06-03 06:48:06 +01:00
Andy Green
286cf4357a sul: multiple timer domains
Adapt the pt sul owner list to be an array, and define two different lists,
one that acts like before and is the default for existing users, and another
that has the ability to cooperate with systemwide suspend to restrict the
interval spent suspended so that it will wake in time for the earliest
thing on this wake-suspend sul list.

Clean the api a bit and add lws_sul_cancel() that only needs the sul as the
argument.

Add a flag for client creation info to indicate that this client connection
is important enough that, eg, validity checking it to detect silently dead
connections should go on the wake-suspend sul list.  That flag is exposed in
secure streams policy so it can be added to a streamtype with
"swake_validity": true

Deprecate out the old vhost timer stuff that predates sul.  Add a flag
LWS_WITH_DEPRECATED_THINGS in cmake so users can get it back temporarily
before it will be removed in a v4.2.

Adapt all remaining in-tree users of it to use explicit suls.
2020-06-02 08:37:10 +01:00
Andy Green
d5773c01be openssl-v3: deal with deprecated SSL_CTX_load_verify_locations
Add Sai for openssl-v3 and for boringssl
2020-06-02 08:37:10 +01:00
Andy Green
f98e4a845c sai: add f32 plus openssl-v3 combination 2020-06-02 08:37:10 +01:00
Andy Green
911898ad70 windows: recent win10 support Unix Domain
Allow selection of Unix Domain Sockets on windows since it is supported
for the last couple of years on windows 10

https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/

... if only they could add a full set of posix pieces to go with it
(and abstract namespace UDS which doesn't work apparently) so that
the parts dealing with uid / gid don't have to be disabled.
2020-06-02 08:37:10 +01:00
Seonah Moon
b6e215ee7f openssl: fix improper use of negative value 2020-06-02 08:37:10 +01:00