This adds h2 http support for the client api.
The public client api requires no changes, it will detect by
ALPN if the server can handle http/2, if so, it will use it.
Multiple client connections using the lws api will be mapped on
to the same single http/2 + tls socket using http/2 streams
that are serviced simultaneously where possible.
AG: unlike openssl, mbedtls does not load the system trust store.
So this change will make client tls operations that work OK on openssl fail on
mbedtls unless you provide the correct CA cert.
This allows lws to distinguish between untrusted CAs, hostname
mismatches, expired certificates.
NOTE: LCCSCF_ALLOW_SELFSIGNED actually allows for untrusted CAs, and
will also skip hostname verification. This is somewhat a limitiation of
the current lws verification process.
AG: improve error reporting up to the CLIENT_CONNECTION_ERROR argument
and add a note specific to mbedtls in the test client. Adapt the test
client to note the CA requirement if built with mbedTLS. Adapt the
minimal test clients to have the CAs available and use them if mbedTLS.
This is just an internal mass change of LWS_NO_EXTENSIONS to
LWS_WITHOUT_EXTENSIONS to match the public name and eliminate
all instances of LWS_NO_EXTENSIONS.
In the case you are creating a client connection, there may be
no relationship between the ws protocol you want to bind to at
the server, and the local protocol name you want the wsi to
bind to at the client.
This introduces a new client info struct member .local_protocol_name,
if it is NULL then all is as before, otherwise it binds the client
wsi to the named protocol early in the process, and .protocol is used
for the negotiation with the ws server.
This allows you to bind client wsi to local protocol handlers that
don't share the name of the ws protocol the connection will try
to negotiate.
In the case that the connection cannot be established because the caller
is unauthorized, it's likely they have to do something to gain
authorization before retrying. This change introduces a new message that
can be checked for to understand more about why the connection has
failed to establish.
Closes#1200
If the server rejects the attempt to establish a connection by returning
a response status other than 101, then it will not include the
Sec-WebSocket-Accept header. We need to check for 101 status (and return
an appropriate error message) before looking for the accept header.
See #1200
The union used to make a lot of sense to save space between
mutually exclusive modes. But the fact the http2 struct
contains the http1 struct as well as it appearing in the
union means the http1 struct belongs outside the union.
This patch
- eliminates the union
- puts the http_related struct directly in struct lws
- removes http_related from h2
- puts h2 directly in struct lws if enabled for build
- changes ws to be a pointer, allocated if we upgrade to ws
(the ws part contains a 135 byte char array for ping / close)
Again all of this is entirely private / internal and doesn't affect
any apis.
Migrate what used to be in lws_hdr_related into either the ah
or the wsi, and eliminate it along with the three different ways
used to access things inside it.
Eg wsi->u.hdr.ah and wsi->u.http.ah become wsi->ah
These changes are internal-only, in private-libwebsockets.h and lib.
This enables selected things from -Wextra, can't use -Wextra because it is
fussy enough to complain about unused params on functions... they are
there for a reason.
-Wsign-compare
-Wignored-qualifiers
not -Wimplicit-fallthrough=3 ... only on gcc 7
-Wtype-limits
-Wuninitialized
not -Wclobbered ... only on gcc 7ish
fix the warnings everywhere they were found.
- introduce lib/tls/mbedtls lib/tls/openssl
- move wrapper into lib/tls/mbedtls/wrapper
- introduce private helpers to hide backend
This patch doesn't replace or remove the wrapper, it moves it
to lib/tls/mbedtls/wrapper.
But it should be now that the ONLY functions directly consuming
wrapper apis are isolated in
- lib/tls/mbedtls/client.c (180 lines)
- lib/tls/mbedtls/server.c (317 lines)
- lib/tls/mbedtls/ssl.c (325 lines)
In particular there are no uses of openssl or mbedtls-related
constants outside of ./lib/tls any more.
There was not really any "connection failure" with some of these like 404.
They may have body content that is important.
The client should use lws_http_client_http_response(wsi) to discover
the response code the client action received and decide for itself
what to do about that.
