HTTP/2 support is now able to serve the test server, complete with
websockets, from a single vhost.
- This works the same with both OpenSSL and mbedTLS.
- POST is now wired up and works (also for file upload).
- CGI is wired up and works.
- Redirect is adapted and works
- lwsws works.
- URI urldecode, sanitation and argument parsing wired up for :path
valgrind clean (aside from openssl-style false uninit data usage in mbedtls send occasionally)
h2spec reports:
$ h2spec -h 127.0.0.1 -p 7681 -t -k -o 1
...
145 tests, 145 passed, 0 skipped, 0 failed"
Incorporates:
- "https://github.com/warmcat/libwebsockets/pull/1039
Fixes issue with -Werror=unused-variable flag
- 2c843a1395
ssl: fix infinite loop on client cert verification failure
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>"
Caused and fixes Coverity 184887 - 184892
The mbedTLS / OpenSSL wrapper spins for the duration of the
handshake, which is a slow 31ms on my x86_64 box (by comparison
it's ~1ms on actual OpenSSL on the same box).
This doesn't change the 31ms but it stops us spinning during the
accept and has us retry on POLLIN instead like OpenSSL.
Note this also fixes the endemic mismatches in returncode
between mbedTLS and OpenSSL semantics...
Almost all the CMake options begin with LWS_WITH_..., but many of the
symbols passed to lws are LWS_USE_... , this causes neededless confusion,
compounded by the fact that a few CMake options also begin with
LWS_USE_.
This patch globally converts all LWS_USE_... to LWS_WITH_..., so there
is only one prefix to remember in both CMake and the code.
The affected public CMake options are
LWS_USE_BORINGSSL -> LWS_WITH_BORINGSSL
LWS_USE_CYASSL -> LWS_WITH_CYASSL
LWS_USE_WOLFSSL -> LWS_WITH_WOLFSSL
LWS_USE_MBEDTLS -> LWS_WITH_MBEDTLS
LWS_USE_BUNDLED_ZLIB -> LWS_WITH_BUNDLED_ZLIB
Introduces an optional, settable restriction on the number of
simultaneous wsi connections and ah that a single peer IP can
obtain.
The default is disabled for build, and if enabled, unlimited.
However when enabled at CMake, setting info.ip_limit_ah and / or
info.ip_limit_wsi at context creation time will enforce the limits.
Connections past the info.ip_limit_wsi limit are dropped, and
connections needing an ah are forced to stay in the ah waiting list
even when ah are available, while the peer is at the number of
ah in info.ip_limit_ah.
Update test-client from the deprecated server ssl members that still work for
backwards compatibility to the preferred client-specific ones.
Remove .client_ssl_... member dependency on OPENSSL
https://github.com/warmcat/libwebsockets/issues/1022
This gives you a thin api on top of your TLS library digest functions
which abstracts away whether you are using mbedtls apis or openssl
ones. Using lws_genhash... apis the same code works either way and
the dependencies on which TLS lib is hidden.
Until now we took the approach if just writing the close notification
broke something, we didn't care because we were closing the connection
anyway.
But with lws_meta, breaking stuff in the parent connection would be a
sticky problem outliving the closing child connection.
So this adds a new wsi state LWSS_WAITING_TO_SEND_CLOSE_NOTIFICATION
and makes the send go via the writable callback mechanism.
Adds a new api lws_vhost_destroy(struct lws_vhost *) which allows dynamic removal of vhosts.
The external api calls two parts of internal helpers that get reused for context destroy.
The second part is called deferred by 5s... this is to ensure that event library objects
composed into structs owned by the vhost all have a chance to complete their close
asynchronously. That should happen immediately, but it requires us to return to the
event loop first.
The vhost being removed is deleted from the context vhost list by the first part, and does
not block further removals or creation during the delay for the deferred freeing of the
vhost memory.
Part 1:
- if the vhost owned a listen socket needed by other vhosts listening on same iface + port, the listen
socket is first handed off to another vhost so it stays alive
- all wsi still open on the vhost are forcibly closed (including any listen socket still attached)
- inform all active protocols on the vhost they should destroy themselves
- remove vhost from context vhost list (can no longer be found by incoming connections)
- add to a "being destroyed" context list and schedule the second part to be called in 5s
Part 2:
- remove us from the being destroyed list
- free all allocations owned by the vhost
- zero down the vhost and free the vhost itself
In libwebsockets-test-server, you can send it a SIGUSR1 to have it toggle the creation and destruction of
a second vhost on port + 1.
AG: move new member to end of info,
allow info member even on nonsupporting platform,
document requires root,
apply only to listen skt before we drop root,
add -k to test server to allow testing
Use LWS_INLINE instead of inline in libwebsockets.h to
make it compatible on both Linux and Windows.
Signed-off-by: Andy Ning <andy.ning@windriver.com>
AG:
- move creation info members to end of struct
- add LWS_WITH_SOCKS5 CMake var, defaults to OFF
- cast away some warnings about signed / unsigned in strncpy
Signed-off-by: Andy Ning <andy.ning@windriver.com>
