The --blob option requires GENCRYPTO that's not on by default, to handle
the hash checks... that's going to cause a lot of confusion because it
means the simplest ss example won't build by default then.
Let's remove the blob support (and GENCRYPTO dependency) from the simplest
example and make a new minimal-secure-streams-blob example that has --blob
support and the GENCRYPTO dependency as well.
this patch makes ubsan (-fsanitize-undefined-trap-on-error) happy.
let's look at the following scenario:
1. netlink sends RTM_NEWADDR/RTM_DELADDR message
2. rops_handle_POLLIN_netlink() handles message attributes as RTA_*
3. rops_handle_POLLIN_netlink() finds RTA_PRIORITY attribute and
handles it as u32 value, but it's IFA_CACHEINFO attribute in reality
and payload holds another type
4. ubsan throws SIGTRAP
so, don't handle RTM_NEWADDR/RTM_DELADDR attributes as RTA_*
It's open to user state callback to respond to the DISCONNECT we issue on
the proxy link closure by escalating it to a DESTROY_ME... we have to deal
with that if it comes.
At init-time, PROTOCOL_INIT needs to be sent to each vhost-protocol
combination to give them a chance to instantiate themselves.
PROTOCOL_INIT can be deferred a bit, and since its subject is per vhost,
which has no tsi affinity, in SMP case, its current use of context->pt[0]
fakewsi can clash with other stuff happening simultaneously, eg,
CANCEL_SERVICE broadcast, which happens on each pt.
Solve this by changing PROTOCOL_INIT to use an on-stack fakewsi that cannot
clash with any other service loop use of them.
Take care about using a full fake wsi or an lws_a fakewsi if PLAT_FREERTOS.
In sai, on Xenial (only...) noticed that the wsi is still bound to the ss
handle, and can reference it even after the ss has been destroyed on
ss-testsfail sometimes.
Leave the handle knowing its wsi and able to detach it later during close.
The attribute indicating that a wsi belongs to an SS object also must be
migrated when we split out the original transaction wsi into a new nwsi, if we're
not going to lose track of its affiliation.
Likewise if the affiliated SS object points to the original wsi, we have to
migrate his pointer when we migrate the wsi.
Taking care of this book-keeping is necessary to get correct behaviours at
close-time.
We added the neccessary return check on set_metadata which is good, but it
doesn't take into account that for LWA, we will normally use the multipart
stuff, that provides its own conflicting content-type.
Currently the lwa streamtype policy doesn't even provide ctype metadata
type, let's just comment it out.
These two headers managed to avoid the global switch from
LGPL2.1 -> MIT back in the day, correct them to be aligned
with the rest of lws' own license, ie, MIT.
User reports problems with the close / retry flow not happening if we don't
pass thru the nwsi close... it may be happening before the sid1 migration.
Just log it and don't end the handling before the passthru. Logging it
because there was a reason for the change to not passing it through...
Trying to use the opaque pointer in the handle to point to the conn isn't
going to work when we need it to point to the ss handle.
Move it to have its on place in the handle.
If facing a captive portal, we may seem to get a tcp level connection okay
but find that communication is silently dropped, leading to us timing out
in LRS_WAITING_SERVER_REPLY.
If so, we need to handle it as a connection fail in order to satisfy at
least Captive Portal detection.
We have access to a simplified report of the problem name for tls
validation inside the validation cb, let's bring it out and
use it for OpenSSL CCE reporting.
Mbedtls does not have the same concept as openssl about preloading the
system trust store into every SSL_CTX.
This patch allows you to simulate the behaviour by passing in a context
creation-time filepath that all client SSL_CTX will be initialized from.
Currently the lws_cancel_service() api only manifests itself at lws level.
This adds a state LWSSSCS_EVENT_WAIT_CANCELLED that is broadcast to all
SS in the event loop getting the cancel service api call, and allows
SS-level user code to pick up handling events from other threads.
There's a new example minimal-secure-streams-threads which shows the
pattern for other threads to communicate with and trigger the event in the
lws service thread.
