Introduces an optional, settable restriction on the number of
simultaneous wsi connections and ah that a single peer IP can
obtain.
The default is disabled for build, and if enabled, unlimited.
However when enabled at CMake, setting info.ip_limit_ah and / or
info.ip_limit_wsi at context creation time will enforce the limits.
Connections past the info.ip_limit_wsi limit are dropped, and
connections needing an ah are forced to stay in the ah waiting list
even when ah are available, while the peer is at the number of
ah in info.ip_limit_ah.
Update test-client from the deprecated server ssl members that still work for
backwards compatibility to the preferred client-specific ones.
Remove .client_ssl_... member dependency on OPENSSL
https://github.com/warmcat/libwebsockets/issues/1022
This gives you a thin api on top of your TLS library digest functions
which abstracts away whether you are using mbedtls apis or openssl
ones. Using lws_genhash... apis the same code works either way and
the dependencies on which TLS lib is hidden.
This defines the OpenSSL X509_CHECK_FLAG_...s and the set/clear
accessors. Since none of them are supported, the set / clear
accessor always does nothing and returns error.
This adds the standard OpenSSL api to get a pointer to the SSL struct's
X509_VERIFY_PARAM. We need this for the OpenSSL api to set the peer
hostname introduced in the next patch.
This a) directly discovers cgi stdout POLLUP and b) modulates rx flow control on CGI STDOUT
according to the outgoing writeable service. When the outgoing writeable service finally sees
0 read() waiting for it even though it was signalled for POLLIN, it knows it is a POLLHUP.
Critically when it sees POLLHUP like that, it leaves the rx flow control defeating any
further stdout POLLIN signalling while the rest of the CGI lifecycle completes, eliminating
busywaiting during the CGI.
On some platforms 'llu' format is needed for uint64_t instead of 'lu'.
PRIu64 format specifier fixes these platform specific issues.
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
Change the last arg of socks_generate_msg() to be ssize_t * to match
signedness of original caller type of int, then convert the caller
type also to ssize_t so the pointer needs no cast.
This keeps stuff in the caller checking for len < 0 happy.
https://github.com/warmcat/libwebsockets/issues/1010
CGI's which don't have content-length nor they are explicitly chunked
are killed immediately after being reaped even if their output has not
being drained. This is fixed by deferring from killing them like those
which are explicitly chunked.
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
In cases when CGI output doesn't contain content-length nor it is
explicitly chunked, do manual chunking of CGI output.
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>
If we complete a transaction but end up keeping the ah, we must force
a timeout on it. Otherwise a bad bot could keep the socket open and
exhaust the ah pool.
