This adds a new api lws_set_timer(wsi, secs), which schedules
a callback LWS_CALLBACK_TIMER secs seconds into the future.
The timer can be continuously deferred by calling lws_set_timer()
again before it expires.
Calling lws_set_timer(wsi, -1) cancels any pending timer.
ESP32 module price is now within range of 8266 price.
ESP32 capability and OS support is hugely better than 8266,
we can support mbedtls tls, http/2 etc with ESP32.
I'm no longer testing on ESP8266... there's no more
user traffic... it's time to go.
LWIP_SOCKET_OFFSET is now nonzero, which I handled a while back.
But the C api support for it is broken in esp-idf.
select() takes unmodified fds, but FD_SET / FD_ISSET etc must have the
offset subtracted on their args.
With this we are working on current HEAD esp-idf.
This provides platform-independent support for time discontiguities.
On embedded without battery RTC, commonly we only get time after
NTP completes. This makes the cert checking happen when we have
a reasonable time and introduces lws_compare_time_t() to correctly
compare time_t s that may sit on either side of a time discontiguity.
This adds support for a plugin that can be attached to a vhost
to acquire and maintain its TLS cert automatically.
It works the same with both OpenSSL and mbedTLS backends, but
they can't share auth keys, delete the 'auth.jwk' file as it is
in the example JSON when switching between libs
After startup, and once per day, check the validity dates on our ssl certs,
and broadcast callbacks with the information so interested plugins can
know.
If our clock is < May 2016, we don't try to judge the certs, because clearly
we don't know what time it is.
This adds a single api on lws that allows querying elements from the
peer certificate on a connection.
The api works the same regardless of the TLS backend.
- Add platform helpers for pipe creation.
- Change the direct-to-fds implementation to create a wsi for each
pt and use the normal apis to bind it to the event loop.
- Modifiy context creation and destroy to create and remove the
event pipe wsis.
- Create the event pipe wsis during context create if using the
default poll() event loop, or when the other event loops start
otherwise.
- Add handler that calls back user code with
LWS_CALLBACK_EVENT_WAIT_CANCELLED
This patch allows you to call `lws_cancel_service(struct lws_context *context)`
from another thread.
It's very cheap for the other thread to call and is safe without
locking.
Every use protocol receives a LWS_CALLBACK_EVENT_WAIT_CANCELLED from
the main thread serialized normally in the event loop.
This adds some optional apis around JSON Web Keys and JSON Web Signatures.
HMAC SHA256/384/512 and RSA + SHA256/384/512 are supported.
This also add a new "LWS_WITH_SELFTESTS" that enables the selftests.
Like the simple hashes, these work the same regardless of if the backend is
OpenSSL or mbedTLS.
Also move into ./lib/tls/ and split into two specific to mbedtls or openssl
backends.
The URL encode variant is the same, except + is coded as -, and / is coded as _
to avoid urlencoding when the base64 is used in situations that are urlencoded.
- introduce lib/tls/mbedtls lib/tls/openssl
- move wrapper into lib/tls/mbedtls/wrapper
- introduce private helpers to hide backend
This patch doesn't replace or remove the wrapper, it moves it
to lib/tls/mbedtls/wrapper.
But it should be now that the ONLY functions directly consuming
wrapper apis are isolated in
- lib/tls/mbedtls/client.c (180 lines)
- lib/tls/mbedtls/server.c (317 lines)
- lib/tls/mbedtls/ssl.c (325 lines)
In particular there are no uses of openssl or mbedtls-related
constants outside of ./lib/tls any more.
HTTP/2 support is now able to serve the test server, complete with
websockets, from a single vhost.
- This works the same with both OpenSSL and mbedTLS.
- POST is now wired up and works (also for file upload).
- CGI is wired up and works.
- Redirect is adapted and works
- lwsws works.
- URI urldecode, sanitation and argument parsing wired up for :path
valgrind clean (aside from openssl-style false uninit data usage in mbedtls send occasionally)
h2spec reports:
$ h2spec -h 127.0.0.1 -p 7681 -t -k -o 1
...
145 tests, 145 passed, 0 skipped, 0 failed"
Incorporates:
- "https://github.com/warmcat/libwebsockets/pull/1039
Fixes issue with -Werror=unused-variable flag
- 2c843a1395
ssl: fix infinite loop on client cert verification failure
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>"
Caused and fixes Coverity 184887 - 184892
The mbedTLS / OpenSSL wrapper spins for the duration of the
handshake, which is a slow 31ms on my x86_64 box (by comparison
it's ~1ms on actual OpenSSL on the same box).
This doesn't change the 31ms but it stops us spinning during the
accept and has us retry on POLLIN instead like OpenSSL.
Note this also fixes the endemic mismatches in returncode
between mbedTLS and OpenSSL semantics...
Almost all the CMake options begin with LWS_WITH_..., but many of the
symbols passed to lws are LWS_USE_... , this causes neededless confusion,
compounded by the fact that a few CMake options also begin with
LWS_USE_.
This patch globally converts all LWS_USE_... to LWS_WITH_..., so there
is only one prefix to remember in both CMake and the code.
The affected public CMake options are
LWS_USE_BORINGSSL -> LWS_WITH_BORINGSSL
LWS_USE_CYASSL -> LWS_WITH_CYASSL
LWS_USE_WOLFSSL -> LWS_WITH_WOLFSSL
LWS_USE_MBEDTLS -> LWS_WITH_MBEDTLS
LWS_USE_BUNDLED_ZLIB -> LWS_WITH_BUNDLED_ZLIB
