1) update the logos to svg
2) add svg icon for strict security policy where used
3) define new vhost option flag to enforce sending CSP headers
with the result code
4) add vhost option flag to minimal examples to
enforce sending CSP where applicable
5) Go through all the affecting examples confirming they
still work
6) add LWS_RECOMMENDED_MIN_HEADER_SPACE constant (currently
2048) to clarify when we need a buffer to hold headers...
with CSP the headers have become potentially a lot
larger.
For h1 / ws, a combination of removing POLLIN wait and
stashing any unused rx lets us immediately respond to
rx flow control requests in a simple and effective way,
because the tcp socket is the stream.
But for muxed protocols like h2, that technique cannot
be used because we cannot silence the whole bundle of
streams because one can't handle any more rx dynamically.
There are control frames and content for other streams
serialized inbetween the flow controlled stream content.
We have no choice but to read to so we can see the other
things. Therefore for muxed protocols like h2 and spdy,
rx flow control boils down to tx credit manipulation
on individual streams to staunch the flow at the peer.
However that requires a round trip to take effect, any
transmitted packets that were in flight before the tx credit
reduction arrives at the remote peer are still going to come
and have to be dealt with by adding them to the stash.
This patch introduces lws_buflist scatter-gather type
buffer management for rxflow handling, so we can append
buffer segments in a linked-list to handle whatever rx
is unavoidably in flight on a stream that is trying to
assert rx flow control.
HTTP/2 support is now able to serve the test server, complete with
websockets, from a single vhost.
- This works the same with both OpenSSL and mbedTLS.
- POST is now wired up and works (also for file upload).
- CGI is wired up and works.
- Redirect is adapted and works
- lwsws works.
- URI urldecode, sanitation and argument parsing wired up for :path
valgrind clean (aside from openssl-style false uninit data usage in mbedtls send occasionally)
h2spec reports:
$ h2spec -h 127.0.0.1 -p 7681 -t -k -o 1
...
145 tests, 145 passed, 0 skipped, 0 failed"
Incorporates:
- "https://github.com/warmcat/libwebsockets/pull/1039
Fixes issue with -Werror=unused-variable flag
- 2c843a1395
ssl: fix infinite loop on client cert verification failure
Signed-off-by: Petar Paradzik <petar.paradzik@sartura.hr>"
Caused and fixes Coverity 184887 - 184892
