Everything in lws outside esp32 was changed to use lws_snprintf() a while ago.
This fixes a couple of stragglers and removes the preprocessor mangling.
This allows mirror protocol to work in the case of multiple
service threads. If LWS_MAX_SMP == 1 though, the additional
lock members and locking code reduces to nothing.
This adds a new api lws_set_timer(wsi, secs), which schedules
a callback LWS_CALLBACK_TIMER secs seconds into the future.
The timer can be continuously deferred by calling lws_set_timer()
again before it expires.
Calling lws_set_timer(wsi, -1) cancels any pending timer.
ESP32 module price is now within range of 8266 price.
ESP32 capability and OS support is hugely better than 8266,
we can support mbedtls tls, http/2 etc with ESP32.
I'm no longer testing on ESP8266... there's no more
user traffic... it's time to go.
LWIP_SOCKET_OFFSET is now nonzero, which I handled a while back.
But the C api support for it is broken in esp-idf.
select() takes unmodified fds, but FD_SET / FD_ISSET etc must have the
offset subtracted on their args.
With this we are working on current HEAD esp-idf.
This adds support for a plugin that can be attached to a vhost
to acquire and maintain its TLS cert automatically.
It works the same with both OpenSSL and mbedTLS backends, but
they can't share auth keys, delete the 'auth.jwk' file as it is
in the example JSON when switching between libs
After startup, and once per day, check the validity dates on our ssl certs,
and broadcast callbacks with the information so interested plugins can
know.
If our clock is < May 2016, we don't try to judge the certs, because clearly
we don't know what time it is.
- Add platform helpers for pipe creation.
- Change the direct-to-fds implementation to create a wsi for each
pt and use the normal apis to bind it to the event loop.
- Modifiy context creation and destroy to create and remove the
event pipe wsis.
- Create the event pipe wsis during context create if using the
default poll() event loop, or when the other event loops start
otherwise.
- Add handler that calls back user code with
LWS_CALLBACK_EVENT_WAIT_CANCELLED
This patch allows you to call `lws_cancel_service(struct lws_context *context)`
from another thread.
It's very cheap for the other thread to call and is safe without
locking.
Every use protocol receives a LWS_CALLBACK_EVENT_WAIT_CANCELLED from
the main thread serialized normally in the event loop.
This enables selected things from -Wextra, can't use -Wextra because it is
fussy enough to complain about unused params on functions... they are
there for a reason.
-Wsign-compare
-Wignored-qualifiers
not -Wimplicit-fallthrough=3 ... only on gcc 7
-Wtype-limits
-Wuninitialized
not -Wclobbered ... only on gcc 7ish
fix the warnings everywhere they were found.
- introduce lib/tls/mbedtls lib/tls/openssl
- move wrapper into lib/tls/mbedtls/wrapper
- introduce private helpers to hide backend
This patch doesn't replace or remove the wrapper, it moves it
to lib/tls/mbedtls/wrapper.
But it should be now that the ONLY functions directly consuming
wrapper apis are isolated in
- lib/tls/mbedtls/client.c (180 lines)
- lib/tls/mbedtls/server.c (317 lines)
- lib/tls/mbedtls/ssl.c (325 lines)
In particular there are no uses of openssl or mbedtls-related
constants outside of ./lib/tls any more.
HTTP/2 support is now able to serve the test server, complete with
websockets, from a single vhost.
- This works the same with both OpenSSL and mbedTLS.
- POST is now wired up and works (also for file upload).
- CGI is wired up and works.
- Redirect is adapted and works
- lwsws works.
- URI urldecode, sanitation and argument parsing wired up for :path
valgrind clean (aside from openssl-style false uninit data usage in mbedtls send occasionally)
h2spec reports:
$ h2spec -h 127.0.0.1 -p 7681 -t -k -o 1
...
145 tests, 145 passed, 0 skipped, 0 failed"
Incorporates:
- "https://github.com/warmcat/libwebsockets/pull/1039
Fixes issue with -Werror=unused-variable flag
- 2c843a1395
ssl: fix infinite loop on client cert verification failure
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>"
Caused and fixes Coverity 184887 - 184892
Almost all the CMake options begin with LWS_WITH_..., but many of the
symbols passed to lws are LWS_USE_... , this causes neededless confusion,
compounded by the fact that a few CMake options also begin with
LWS_USE_.
This patch globally converts all LWS_USE_... to LWS_WITH_..., so there
is only one prefix to remember in both CMake and the code.
The affected public CMake options are
LWS_USE_BORINGSSL -> LWS_WITH_BORINGSSL
LWS_USE_CYASSL -> LWS_WITH_CYASSL
LWS_USE_WOLFSSL -> LWS_WITH_WOLFSSL
LWS_USE_MBEDTLS -> LWS_WITH_MBEDTLS
LWS_USE_BUNDLED_ZLIB -> LWS_WITH_BUNDLED_ZLIB
Adds a new api lws_vhost_destroy(struct lws_vhost *) which allows dynamic removal of vhosts.
The external api calls two parts of internal helpers that get reused for context destroy.
The second part is called deferred by 5s... this is to ensure that event library objects
composed into structs owned by the vhost all have a chance to complete their close
asynchronously. That should happen immediately, but it requires us to return to the
event loop first.
The vhost being removed is deleted from the context vhost list by the first part, and does
not block further removals or creation during the delay for the deferred freeing of the
vhost memory.
Part 1:
- if the vhost owned a listen socket needed by other vhosts listening on same iface + port, the listen
socket is first handed off to another vhost so it stays alive
- all wsi still open on the vhost are forcibly closed (including any listen socket still attached)
- inform all active protocols on the vhost they should destroy themselves
- remove vhost from context vhost list (can no longer be found by incoming connections)
- add to a "being destroyed" context list and schedule the second part to be called in 5s
Part 2:
- remove us from the being destroyed list
- free all allocations owned by the vhost
- zero down the vhost and free the vhost itself
In libwebsockets-test-server, you can send it a SIGUSR1 to have it toggle the creation and destruction of
a second vhost on port + 1.
By default mirror acts the same as before.
However if you access the test server with a url containing "?mirror=<name>", the session will bind to
a mirror instance private to "?mirror=<name>". Only sessions that used the same 'mirror=' name can
share the drawings, mirror instances with a different name (including the default "" name) are unaffected.
