mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-16 00:00:07 +01:00
30e6c22e14
The low level apis for HMAC (including those only introduced at 1.1.0...) are all deprecated in OpenSSL v3. Let's bite the bullet and migrate to EVP, it's already existing in modern OpenSSL and we already use it for genhash. EVP needs a PKEY, sort that out and keep it around until the hmac is destroyed.
475 lines
18 KiB
CMake
475 lines
18 KiB
CMake
#
|
|
# libwebsockets - small server side websockets and web server implementation
|
|
#
|
|
# Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com>
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
# of this software and associated documentation files (the "Software"), to
|
|
# deal in the Software without restriction, including without limitation the
|
|
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
# sell copies of the Software, and to permit persons to whom the Software is
|
|
# furnished to do so, subject to the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included in
|
|
# all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
# IN THE SOFTWARE.
|
|
#
|
|
#
|
|
# This converts everything about the tls support into
|
|
#
|
|
# - entries on SOURCES (modifications set back in PARENT_SCOPE)
|
|
# - entries on LIB_LIST (modifications set back in PARENT_SCOPE)
|
|
# - include_directories()
|
|
# - Api build-time discovery results set in PARENT_SCOPE
|
|
#
|
|
# Everything else is handled privately here.
|
|
|
|
include_directories(.)
|
|
|
|
# Allow the user to use the old CyaSSL options/library in stead of wolfSSL
|
|
if (LWS_WITH_CYASSL AND LWS_WITH_WOLFSSL)
|
|
message(FATAL_ERROR "LWS_WITH_CYASSL and LWS_WITH_WOLFSSL are mutually exclusive!")
|
|
endif()
|
|
|
|
if (LWS_WITH_CYASSL)
|
|
# Copy CyaSSL options to the wolfSSL options
|
|
set(LWS_WITH_WOLFSSL ${LWS_WITH_CYASSL} CACHE BOOL "Use wolfSSL/CyaSSL instead of OpenSSL" FORCE PARENT_SCOPE)
|
|
set(LWS_WOLFSSL_LIBRARIES ${LWS_CYASSL_LIBRARIES} CACHE PATH "Path to wolfSSL/CyaSSL libraries" FORCE PARENT_SCOPE)
|
|
set(LWS_WOLFSSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS} CACHE PATH "Path to wolfSSL/CyaSSL header files" FORCE PARENT_SCOPE)
|
|
endif()
|
|
|
|
set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library")
|
|
set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory")
|
|
set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library")
|
|
set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory")
|
|
|
|
|
|
if (LWS_WITH_BORINGSSL)
|
|
# boringssl deprecated EVP_PKEY
|
|
set (LWS_WITH_GENHASH OFF PARENT_SCOPE)
|
|
endif()
|
|
|
|
if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL AND NOT LWS_WITH_MBEDTLS)
|
|
if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "")
|
|
else()
|
|
if (NOT LWS_PLAT_FREERTOS)
|
|
set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES})
|
|
endif()
|
|
set(OPENSSL_INCLUDE_DIRS ${LWS_OPENSSL_INCLUDE_DIRS})
|
|
set(OPENSSL_FOUND 1)
|
|
endif()
|
|
endif()
|
|
|
|
if (LWS_WITH_SSL AND LWS_WITH_WOLFSSL)
|
|
if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "")
|
|
if (NOT WOLFSSL_FOUND)
|
|
if (LWS_WITH_CYASSL)
|
|
message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_WITH_CYASSL is turned on.")
|
|
else()
|
|
message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_WITH_WOLFSSL is turned on.")
|
|
endif()
|
|
endif()
|
|
else()
|
|
set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES} PARENT_SCOPE)
|
|
set(WOLFSSL_INCLUDE_DIRS ${LWS_WOLFSSL_INCLUDE_DIRS} PARENT_SCOPE)
|
|
set(WOLFSSL_FOUND 1 PARENT_SCOPE)
|
|
endif()
|
|
set(USE_WOLFSSL 1 PARENT_SCOPE)
|
|
set(LWS_WITH_TLS 1 PARENT_SCOPE)
|
|
if (LWS_WITH_CYASSL)
|
|
set(USE_OLD_CYASSL 1 PARENT_SCOPE)
|
|
endif()
|
|
endif()
|
|
|
|
if (LWS_SSL_CLIENT_USE_OS_CA_CERTS)
|
|
set(LWS_SSL_CLIENT_USE_OS_CA_CERTS 1 PARENT_SCOPE)
|
|
endif()
|
|
|
|
if (LWS_WITH_MBEDTLS)
|
|
add_subdirectory(mbedtls)
|
|
include_directories(${_CMAKE_INC_LIST})
|
|
endif()
|
|
|
|
# The base dir where the test-apps look for the SSL certs.
|
|
set(LWS_OPENSSL_CLIENT_CERTS ../share CACHE PATH "Server SSL certificate directory")
|
|
if (WIN32)
|
|
set(LWS_OPENSSL_CLIENT_CERTS . CACHE PATH "Client SSL certificate directory" PARENT_SCOPE)
|
|
else()
|
|
set(LWS_OPENSSL_CLIENT_CERTS /etc/pki/tls/certs/ CACHE PATH "Client SSL certificate directory")
|
|
endif()
|
|
|
|
if (LWS_WITH_SSL)
|
|
list(APPEND SOURCES
|
|
tls/tls.c)
|
|
if (LWS_WITH_NETWORK)
|
|
list(APPEND SOURCES
|
|
tls/tls-network.c)
|
|
endif()
|
|
|
|
if (LWS_WITH_MBEDTLS)
|
|
list(APPEND SOURCES
|
|
tls/mbedtls/mbedtls-tls.c
|
|
tls/mbedtls/mbedtls-x509.c)
|
|
if (LWS_WITH_NETWORK)
|
|
list(APPEND SOURCES
|
|
tls/mbedtls/mbedtls-ssl.c)
|
|
endif()
|
|
if (LWS_WITH_GENCRYPTO)
|
|
list(APPEND SOURCES
|
|
tls/mbedtls/lws-genhash.c
|
|
tls/mbedtls/lws-genrsa.c
|
|
tls/mbedtls/lws-genaes.c
|
|
tls/lws-genec-common.c
|
|
tls/mbedtls/lws-genec.c
|
|
tls/mbedtls/lws-gencrypto.c)
|
|
endif()
|
|
else()
|
|
list(APPEND SOURCES
|
|
tls/openssl/openssl-tls.c
|
|
tls/openssl/openssl-x509.c)
|
|
if (LWS_WITH_NETWORK)
|
|
list(APPEND SOURCES
|
|
tls/openssl/openssl-ssl.c)
|
|
endif()
|
|
if (LWS_WITH_GENCRYPTO)
|
|
list(APPEND SOURCES
|
|
tls/openssl/lws-genhash.c
|
|
tls/openssl/lws-genrsa.c
|
|
tls/openssl/lws-genaes.c
|
|
tls/lws-genec-common.c
|
|
tls/openssl/lws-genec.c
|
|
tls/openssl/lws-gencrypto.c)
|
|
endif()
|
|
endif()
|
|
|
|
if (NOT LWS_WITHOUT_SERVER)
|
|
list(APPEND SOURCES
|
|
tls/tls-server.c)
|
|
if (LWS_WITH_MBEDTLS)
|
|
list(APPEND SOURCES
|
|
tls/mbedtls/mbedtls-server.c)
|
|
else()
|
|
list(APPEND SOURCES
|
|
tls/openssl/openssl-server.c)
|
|
endif()
|
|
endif()
|
|
if (NOT LWS_WITHOUT_CLIENT)
|
|
list(APPEND SOURCES
|
|
tls/tls-client.c)
|
|
if (LWS_WITH_MBEDTLS)
|
|
list(APPEND SOURCES
|
|
tls/mbedtls/mbedtls-client.c)
|
|
else()
|
|
list(APPEND SOURCES
|
|
tls/openssl/openssl-client.c)
|
|
endif()
|
|
|
|
endif()
|
|
endif()
|
|
|
|
set(SOURCES ${SOURCES} PARENT_SCOPE)
|
|
|
|
#
|
|
# OpenSSL
|
|
#
|
|
if (LWS_WITH_SSL)
|
|
message("Compiling with SSL support")
|
|
set(chose_ssl 0)
|
|
if (LWS_WITH_WOLFSSL)
|
|
# Use wolfSSL as OpenSSL replacement.
|
|
# TODO: Add a find_package command for this also.
|
|
message("wolfSSL include dir: ${WOLFSSL_INCLUDE_DIRS}")
|
|
message("wolfSSL libraries: ${WOLFSSL_LIBRARIES}")
|
|
|
|
# Additional to the root directory we need to include
|
|
# the wolfssl/ subdirectory which contains the OpenSSL
|
|
# compatibility layer headers.
|
|
|
|
if (LWS_WITH_CYASSL)
|
|
foreach(inc ${WOLFSSL_INCLUDE_DIRS})
|
|
set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} ${inc} ${inc}/cyassl PARENT_SCOPE)
|
|
include_directories("${inc}" "${inc}/cyassl")
|
|
endforeach()
|
|
else()
|
|
foreach(inc ${WOLFSSL_INCLUDE_DIRS})
|
|
set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} ${inc} ${inc}/wolfssl PARENT_SCOPE)
|
|
include_directories("${inc}" "${inc}/wolfssl")
|
|
endforeach()
|
|
endif()
|
|
set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${OPENSSL_INCLUDE_DIRS} PARENT_SCOPE)
|
|
set(VARIA wolfSSL_)
|
|
|
|
list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}")
|
|
set(chose_ssl 1)
|
|
endif()
|
|
|
|
if (LWS_WITH_MBEDTLS AND DEFINED MBEDTLS_INCLUDE_DIRS AND DEFINED MBEDTLS_LIBRARIES)
|
|
message("MBEDTLS include dir: ${MBEDTLS_INCLUDE_DIRS}")
|
|
message("MBEDTLS libraries: ${MBEDTLS_LIBRARIES}")
|
|
|
|
foreach(inc ${MBEDTLS_INCLUDE_DIRS})
|
|
include_directories("${inc}" "${inc}/mbedtls")
|
|
endforeach()
|
|
|
|
list(APPEND LIB_LIST "${MBEDTLS_LIBRARIES}")
|
|
endif()
|
|
|
|
if (LWS_WITH_MBEDTLS)
|
|
set(chose_ssl 1)
|
|
endif()
|
|
|
|
if (NOT chose_ssl)
|
|
if (NOT OPENSSL_FOUND AND NOT LWS_WITH_BORINGSSL)
|
|
# TODO: Add support for STATIC also.
|
|
if (NOT LWS_PLAT_FREERTOS)
|
|
find_package(PkgConfig QUIET)
|
|
pkg_check_modules(PC_OPENSSL openssl QUIET)
|
|
find_package(OpenSSL REQUIRED)
|
|
list(APPEND OPENSSL_LIBRARIES ${PC_OPENSSL_LIBRARIES})
|
|
set(OPENSSL_LIBRARIES ${OPENSSL_LIBRARIES} PARENT_SCOPE)
|
|
endif()
|
|
set(OPENSSL_INCLUDE_DIRS "${OPENSSL_INCLUDE_DIR}")
|
|
endif()
|
|
|
|
message("OpenSSL include dir: ${OPENSSL_INCLUDE_DIRS}")
|
|
if (NOT LWS_PLAT_FREERTOS)
|
|
message("OpenSSL libraries: ${OPENSSL_LIBRARIES}")
|
|
endif()
|
|
|
|
if (OPENSSL_INCLUDE_DIRS)
|
|
include_directories("${OPENSSL_INCLUDE_DIRS}")
|
|
if (NOT LWS_PLAT_FREERTOS)
|
|
list(APPEND LIB_LIST ${OPENSSL_LIBRARIES})
|
|
endif()
|
|
|
|
if (NOT LWS_WITH_MBEDTLS)
|
|
# older (0.98) Openssl lacks this
|
|
set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${OPENSSL_INCLUDE_DIRS} PARENT_SCOPE)
|
|
check_include_file(openssl/ecdh.h LWS_HAVE_OPENSSL_ECDH_H)
|
|
|
|
if (LWS_SSL_SERVER_WITH_ECDH_CERT AND NOT LWS_HAVE_OPENSSL_ECDH_H)
|
|
message(FATAL_ERROR "Missing openssl/ecdh.h, so cannot use LWS_SSL_SERVER_WITH_ECDH_CERT")
|
|
endif()
|
|
else()
|
|
unset(LWS_HAVE_OPENSSL_ECDH_H PARENT_SCOPE)
|
|
endif(NOT LWS_WITH_MBEDTLS)
|
|
endif()
|
|
endif()
|
|
|
|
endif(LWS_WITH_SSL)
|
|
|
|
if (DEFINED OPENSSL_INCLUDE_DIRS)
|
|
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
|
|
endif()
|
|
if (DEFINED LIB_LIST)
|
|
set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIST})
|
|
endif()
|
|
if (UNIX)
|
|
set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} dl)
|
|
endif()
|
|
|
|
if (NOT VARIA)
|
|
set(VARIA "")
|
|
endif()
|
|
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_set1_param LWS_HAVE_SSL_CTX_set1_param PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_set_info_callback LWS_HAVE_SSL_SET_INFO_CALLBACK PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}RSA_set0_key LWS_HAVE_RSA_SET0_KEY PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}X509_get_key_usage LWS_HAVE_X509_get_key_usage PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_SSL_CTX_EVP_PKEY_new_raw_private_key PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_get0_certificate LWS_HAVE_SSL_CTX_get0_certificate PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_get0_alpn_selected LWS_HAVE_SSL_get0_alpn_selected PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_set_alpn_protos LWS_HAVE_SSL_set_alpn_protos PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_cfb8 LWS_HAVE_EVP_aes_128_cfb8 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_cfb128 LWS_HAVE_EVP_aes_128_cfb128 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_192_cfb8 LWS_HAVE_EVP_aes_192_cfb8 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_192_cfb128 LWS_HAVE_EVP_aes_192_cfb128 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_256_cfb8 LWS_HAVE_EVP_aes_256_cfb8 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_256_cfb128 LWS_HAVE_EVP_aes_256_cfb128 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}RSA_verify_pss_mgf1 LWS_HAVE_RSA_verify_pss_mgf1 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}HMAC_CTX_new LWS_HAVE_HMAC_CTX_new PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_EVP_PKEY_new_raw_private_key PARENT_SCOPE)
|
|
|
|
if (LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS)
|
|
# we don't want to confuse what's in or out of the wrapper with
|
|
# what's in an openssl also installed on the build host
|
|
CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { STACK_OF(X509) *c = NULL; SSL_CTX *ctx = NULL; return (int)SSL_CTX_get_extra_chain_certs_only(ctx, &c); }\n" LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)
|
|
CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { EVP_MD_CTX *md_ctx = NULL; EVP_MD_CTX_free(md_ctx); return 0; }\n" LWS_HAVE_EVP_MD_CTX_free)
|
|
set(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS ${LWS_HAVE_SSL_EXTRA_CHAIN_CERTS} PARENT_SCOPE)
|
|
set(LWS_HAVE_EVP_MD_CTX_free ${LWS_HAVE_EVP_MD_CTX_free} PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}ECDSA_SIG_set0 LWS_HAVE_ECDSA_SIG_set0 PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}BN_bn2binpad LWS_HAVE_BN_bn2binpad PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_wrap LWS_HAVE_EVP_aes_128_wrap PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}EC_POINT_get_affine_coordinates LWS_HAVE_EC_POINT_get_affine_coordinates PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_load_verify_file LWS_HAVE_SSL_CTX_load_verify_file PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_load_verify_dir LWS_HAVE_SSL_CTX_load_verify_dir PARENT_SCOPE)
|
|
endif()
|
|
|
|
if (LWS_WITH_MBEDTLS)
|
|
set(LWS_HAVE_TLS_CLIENT_METHOD 1 PARENT_SCOPE)
|
|
if (NOT LWS_PLAT_FREERTOS)
|
|
# not supported in esp-idf openssl wrapper yet, but is in our version
|
|
set(LWS_HAVE_X509_VERIFY_PARAM_set1_host 1 PARENT_SCOPE)
|
|
endif()
|
|
|
|
CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_alpn_protocols LWS_HAVE_mbedtls_ssl_conf_alpn_protocols PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(mbedtls_ssl_get_alpn_protocol LWS_HAVE_mbedtls_ssl_get_alpn_protocol PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_sni LWS_HAVE_mbedtls_ssl_conf_sni PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_ca_chain LWS_HAVE_mbedtls_ssl_set_hs_ca_chain PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_own_cert LWS_HAVE_mbedtls_ssl_set_hs_own_cert PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_authmode LWS_HAVE_mbedtls_ssl_set_hs_authmode PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(mbedtls_net_init LWS_HAVE_mbedtls_net_init PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(mbedtls_md_setup LWS_HAVE_mbedtls_md_setup PARENT_SCOPE) # not on xenial 2.2
|
|
CHECK_FUNCTION_EXISTS(mbedtls_rsa_complete LWS_HAVE_mbedtls_rsa_complete PARENT_SCOPE) # not on xenial 2.2
|
|
CHECK_FUNCTION_EXISTS(mbedtls_internal_aes_encrypt LWS_HAVE_mbedtls_internal_aes_encrypt PARENT_SCOPE) # not on xenial 2.2
|
|
else()
|
|
CHECK_FUNCTION_EXISTS(${VARIA}TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD PARENT_SCOPE)
|
|
CHECK_FUNCTION_EXISTS(${VARIA}TLSv1_2_client_method LWS_HAVE_TLSV1_2_CLIENT_METHOD PARENT_SCOPE)
|
|
endif()
|
|
|
|
# Generate self-signed SSL certs for the test-server.
|
|
|
|
if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL)
|
|
message("Searching for OpenSSL executable and dlls")
|
|
find_package(OpenSSLbins)
|
|
if (DEFINED OPENSSL_EXECUTABLE)
|
|
message("OpenSSL executable: ${OPENSSL_EXECUTABLE}")
|
|
|
|
if (OPENSSL_EXECUTABLE MATCHES "^$")
|
|
set(OPENSSL_EXECUTABLE openssl)
|
|
endif()
|
|
endif()
|
|
if (NOT DEFINED OPENSSL_EXECUTABLE)
|
|
set(OPENSSL_EXECUTABLE openssl)
|
|
endif()
|
|
|
|
endif()
|
|
|
|
set(GENCERTS 0)
|
|
|
|
if (LWS_WITH_SSL AND OPENSSL_EXECUTABLE AND NOT LWS_WITHOUT_TEST_SERVER AND NOT LWS_WITHOUT_SERVER AND NOT LWS_WITHOUT_TESTAPPS)
|
|
set(GENCERTS 1)
|
|
endif()
|
|
if (LWS_PLAT_FREERTOS)
|
|
set(GENCERTS 1)
|
|
endif()
|
|
message(" GENCERTS = ${GENCERTS}")
|
|
if (GENCERTS)
|
|
message("Generating SSL Certificates for the test-server...")
|
|
|
|
set(TEST_SERVER_SSL_KEY "${PROJECT_BINARY_DIR}/libwebsockets-test-server.key.pem")
|
|
set(TEST_SERVER_SSL_CERT "${PROJECT_BINARY_DIR}/libwebsockets-test-server.pem")
|
|
|
|
if (WIN32)
|
|
if (MINGW)
|
|
message("cmd = \"${OPENSSL_EXECUTABLE}\" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj \"/C=GB/ST=Erewhon/L=All around/O=libwebsockets-test/CN=localhost\" -keyout \"${TEST_SERVER_SSL_KEY}\" -out \"${TEST_SERVER_SSL_CERT}\"")
|
|
execute_process(
|
|
COMMAND "${OPENSSL_EXECUTABLE}" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj "/C=GB/ST=Erewhon/L=All around/O=libwebsockets-test/CN=localhost" -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
|
|
RESULT_VARIABLE OPENSSL_RETURN_CODE)
|
|
else()
|
|
file(WRITE "${PROJECT_BINARY_DIR}/openssl_input.txt"
|
|
"GB\n"
|
|
"Erewhon\n"
|
|
"All around\n"
|
|
"libwebsockets-test\n"
|
|
"localhost\n"
|
|
"none@invalid.org\n\n"
|
|
)
|
|
|
|
# The "type" command is a bit picky with paths.
|
|
file(TO_NATIVE_PATH "${PROJECT_BINARY_DIR}/openssl_input.txt" OPENSSL_INPUT_WIN_PATH)
|
|
message("OPENSSL_INPUT_WIN_PATH = ${OPENSSL_INPUT_WIN_PATH}")
|
|
message("cmd = \"${OPENSSL_EXECUTABLE}\" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout \"${TEST_SERVER_SSL_KEY}\" -out \"${TEST_SERVER_SSL_CERT}\"")
|
|
|
|
execute_process(
|
|
COMMAND cmd /c type "${OPENSSL_INPUT_WIN_PATH}"
|
|
COMMAND "${OPENSSL_EXECUTABLE}" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
|
|
RESULT_VARIABLE OPENSSL_RETURN_CODE
|
|
OUTPUT_QUIET ERROR_QUIET)
|
|
|
|
message("\n")
|
|
endif()
|
|
|
|
if (OPENSSL_RETURN_CODE)
|
|
message(WARNING "!!! Failed to generate SSL certificate for Test Server using cmd.exe !!!:\nOpenSSL return code = ${OPENSSL_RETURN_CODE}")
|
|
else()
|
|
message("SUCCSESFULLY generated SSL certificate")
|
|
endif()
|
|
else()
|
|
# Unix.
|
|
execute_process(
|
|
COMMAND printf "GB\\nErewhon\\nAll around\\nlibwebsockets-test\\n\\nlocalhost\\nnone@invalid.org\\n"
|
|
COMMAND "${OPENSSL_EXECUTABLE}"
|
|
req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
|
|
RESULT_VARIABLE OPENSSL_RETURN_CODE
|
|
# OUTPUT_QUIET ERROR_QUIET
|
|
)
|
|
|
|
if (OPENSSL_RETURN_CODE)
|
|
message(WARNING "!!! Failed to generate SSL certificate for Test Server!!!:\nOpenSSL return code = ${OPENSSL_RETURN_CODE}")
|
|
else()
|
|
message("SUCCESSFULLY generated SSL certificate")
|
|
endif()
|
|
endif()
|
|
|
|
list(APPEND TEST_SERVER_DATA
|
|
"${TEST_SERVER_SSL_KEY}"
|
|
"${TEST_SERVER_SSL_CERT}")
|
|
endif()
|
|
|
|
#
|
|
# Copy OpenSSL dlls to the output directory on Windows.
|
|
# (Otherwise we'll get an error when trying to run)
|
|
#
|
|
if (MSVC AND LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL)
|
|
if(OPENSSL_BIN_FOUND)
|
|
message("OpenSSL dlls found:")
|
|
message(" Libeay: ${LIBEAY_BIN}")
|
|
message(" SSLeay: ${SSLEAY_BIN}")
|
|
|
|
foreach(TARGET_BIN ${TEST_APP_LIST})
|
|
add_custom_command(TARGET ${TARGET_BIN}
|
|
POST_BUILD
|
|
COMMAND "${CMAKE_COMMAND}" -E copy "${LIBEAY_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM)
|
|
add_custom_command(TARGET ${TARGET_BIN}
|
|
POST_BUILD
|
|
COMMAND "${CMAKE_COMMAND}" -E copy "${SSLEAY_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM)
|
|
|
|
#
|
|
# Win32: if we are using libuv, also need to copy it in the output dir
|
|
#
|
|
if (MSVC AND LWS_WITH_LIBUV)
|
|
STRING(REPLACE ".lib" ".dll" LIBUV_BIN ${LIBUV_LIBRARIES})
|
|
add_custom_command(TARGET ${TARGET_BIN}
|
|
POST_BUILD
|
|
COMMAND "${CMAKE_COMMAND}" -E copy "${LIBUV_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM)
|
|
endif()
|
|
endforeach()
|
|
endif()
|
|
endif()
|
|
|
|
if (LWS_WITH_TLS AND (LWS_WITH_JOSE OR LWS_WITH_GENCRYPTO))
|
|
list(APPEND SOURCES
|
|
tls/lws-gencrypto-common.c)
|
|
endif()
|
|
|
|
#
|
|
# Keep explicit parent scope exports at end
|
|
#
|
|
|
|
exports_to_parent_scope()
|
|
set(LWS_HAVE_MBEDTLS_NET_SOCKETS ${LWS_HAVE_MBEDTLS_NET_SOCKETS} PARENT_SCOPE)
|
|
set(TEST_SERVER_SSL_KEY "${TEST_SERVER_SSL_KEY}" PARENT_SCOPE)
|
|
set(TEST_SERVER_SSL_CERT "${TEST_SERVER_SSL_CERT}" PARENT_SCOPE)
|
|
set(TEST_SERVER_DATA ${TEST_SERVER_DATA} PARENT_SCOPE)
|
|
|