Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/minimal-examples/secure-streams/minimal-secure-streams-sigv4
History
Andy Green 06662a64fa LE-root-cert-update 
warmcat.com and libwebsockets.org use Let's Encrypt certificates... LE
have changed their CA signing arrangements and after 2021-01-12 (the
point I renewed the LE server certs and received one signed using the
new arrangements) it's required to trust new root certs for the examples
to connect to warmcat.com and libwebsockets.org.

https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html

This updates the in-tree CA copies, the remote policies on warmcat.com
have also been updated.

Just goes to show for real client infrastructure, you need to run your own
CA (that doesn't have to be trusted by anything outside the clients)
where you can control the CA lifetime.
2021-01-13 04:32:13 +00:00
..
CMakeLists.txt LE-root-cert-update 2021-01-13 04:32:13 +00:00
README.md ss: auth: sigv4 2021-01-05 10:56:38 +00:00
ss-s3-main.c ss: auth: sigv4 2021-01-05 10:56:38 +00:00
ss-s3-put.h ss: auth: sigv4 2021-01-05 10:56:38 +00:00
ss-s3-ss.c ss: auth: sigv4 2021-01-05 10:56:38 +00:00

README.md

lws minimal secure streams sigv4

The application put a test file to AWS S3, using sigv4 auth.

It does it using Secure Streams... the streamtype is "s3PutObj", along with main are in ss-s3-main.c

The handler for state changes and payloads for "s3PutObj" is in ss-s3-ss.c

metadata

"aws_region" and "aws_service" are configured through metadata. Also, at least "x-amz-content-sha256:" and ""x-amz-date:" headers need to be in metadata.

credentials

credentials are read from ~/.aws/credentials, make sure you have valid keyid and key. One need to call lws_ss_sigv4_set_aws_key() to plug in aws credentials into Secure Streams and the index need to be match of the "blob_index" in entry of "auth" the policy. In addition, you need to change the S3 bucket name to your own, as bucket name is unique globally in S3.

build

 $ cmake . && make

usage

[2020/12/19 15:25:06:9763] U: LWS minimal secure streams sigv4
[2020/12/19 15:25:07:0768] U: ss_s3_state: LWSSSCS_CREATING, ord 0x0
[2020/12/19 15:25:07:0769] U: ss_s3_state: LWSSSCS_POLL, ord 0x0
[2020/12/19 15:25:07:0770] U: ss_s3_state: LWSSSCS_CONNECTING, ord 0x0
[2020/12/19 15:25:07:2317] U: SS / TX Payload
[2020/12/19 15:25:07:2317] U: SS / TX Payload Total = 1024, Pos = 0
[2020/12/19 15:25:07:3267] U: ss_s3_state: LWSSSCS_CONNECTED, ord 0x0
[2020/12/19 15:25:07:3267] U: ss_s3_state: LWSSSCS_QOS_ACK_REMOTE, ord 0x0
[2020/12/19 15:25:07:3267] U: ss_s3_state: LWSSSCS_DISCONNECTED, ord 0x0
[2020/12/19 15:25:07:3268] U: ss_s3_state: LWSSSCS_DESTROYING, ord 0x0
[2020/12/19 15:25:07:3269] U: Completed: OK