!!! WIP
This implements the "genec" layer wrapping mbedtls + openssl
ECDH support.
API tests are added for the parts that are implemented so far.
Stuff related to ec at all, like keys, are prefixed lws_genec_.
Stuff specific to ECDH are prefixed lws_genecdh_.
Although RSA can be used directly for signing / JWS
on large chunks of data since it's only operating on
the hash, when JWE support arrives, which allows bulk
encryption, it's going to be mandatory to support
secondary AES ciphers to use on the bulk data.
This adds generic support for all AES modes that OpenSSL
and mbedTLS have in common, works on both mbedTLS and
OpenSSL the same, and adds unit tests for each mode
in api-test-gencrypto, to run in CI.
Until now the JOSE pieces only had enough support for ACME.
This patch improves the JWK parsing to prepare for more
complete support and for adding JWE, genaes and genec in
later patches.
Normalize the vhost options around optionally handling noncompliant
traffic at the listening socket for both non-tls and tls cases.
By default everything is as before.
However it's now possible to tell the vhost to allow noncompliant
connects to fall back to a specific role and protocol, both set
by name in the vhost creation info struct.
The original vhost flags allowing http redirect to https and
direct http serving from https server (which is a security
downgrade if enabled) are cleaned up and tested.
A minimal example minimal-raw-fallback-http-server is added with
switches to confirm operation of all the valid possibilities (see
the readme on that).
Audit all lws_hdr_copy() usages inside lws and make sure we
take care about it failing.
Also since the patch around aggregation of headers by ',',
lws_hdr_copy() needs a little more space in the output buffer,
adjust one place where that caused it to start failing in an
exact-sized buffer.
This has no effect on user code or backward compatibility.
It moves the in-tree public api header libwebsockets.h from ./lib
to ./include, and introduces a dir ./include/libwebsockets/
The single public api header is split out into 31 sub-headers
in ./include/libwebsockets. ./include/libwebsockets.h contains
some core types and platform adaptation code, but the rest of it
is now 31 #include <libwebsockets/...>
At install time, /usr/[local/]include/libwebsockets.h is installed
as before, along now with the 31 sub-headers in ...include/libwebsockets/
There's no net effect on user code.
But the api header is now much easier to maintain and study, with 31
topic-based sub headers.
This adds a plugin that interfaces to libjsongit2
https://warmcat.com/git/libjsongit2
to provide a per-vhost service for presenting bare git repos in a
web interface.
Several new ops are planned for tls... so better to bite the bullet and
clean it out to the same level as roles + event-libs first.
Also adds a new travis target "mbedtls" and all the tests except
autobahn against mbedtls build.
You can build lws without support for ws, with -DLWS_ROLE_WS=0.
This is thanks to the role ops isolating all the ws-specific business
in the ws role.
Also retire more test apps replaced by minmal-examples.
This completely removes the loop self-running stuff.
Static allocations (uv_idle, timers etc) are referenced-counted in the context
same as the wsi are. When lws wants to close, he first closes all his wsi, then
when that is completed in the uv close callbacks, he closes all of his static
uv handles. When that is also completed in the uv callbacks, he stops the loop
so the lws context can destroy and exit.
Any direct libuv allocations in protocol handlers must participate in the
reference counting. Two new apis are provided
- lws_libuv_static_refcount_add(handle, context) to mark the handle with
a pointer to the context and increment the global uv object counter
- lws_libuv_static_refcount_del() which should be used as the close callback
for your own libuv objects declared in the protocol scope.
This replaces the existing, unreleased lws_set_timer(wsi, secs) with
lws_set_timer_usecs(wsi, usecs).
wsi with a timer waiting are added to a linked-list sorted by the
timer trigger time.
1) poll() timeout (ie, poll wait) is trimmed to the nearest ms of the
first waiting timer if the default poll wait is longer than the
interval until the first waiting timer.
The linked-list of waiting timers is checked every entry and exit
from poll()... if no timers waiting or none reached their time
this costs almost nothing.
2) libuv: the earliest hrtimer is checked after every IO, again this
is costing nothing if the list head is NULL. If the case there
are hrtimers on the list, it costs a getimeofday (a VDSO in linux)
and more only if any of the timers have fired.
In addition on entry to libuv idle, if there are any waiting hrtimers
on the list, a libuv timer is used to force a wake in case we stay
idle (the libuv timer has ms resolution).
3) libev: not implemented
4) libevent: not implemented
Warnings are logged in the api is used on an event backend without
support. Patches welcome to add support similarly to libuv.
