Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/minimal-examples/secure-streams/minimal-secure-streams-policy2c
History
Andy Green 625bade63e ss: static policy: dynamic vhost instantiation 
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.

However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.

This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.

If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.

Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection.  The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time.  It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.

NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-21 12:43:32 +01:00
..
CMakeLists.txt cmake: provide LIBWEBSOCKETS_DEP_LIBS in CONFIG 2020-06-16 19:45:35 +01:00
minimal-secure-streams.c ss: static policy: dynamic vhost instantiation 2020-07-21 12:43:32 +01:00
README.md ss: add static policy as a build option 2020-03-26 06:48:34 +00:00

README.md

lws minimal secure streams policy2c

This application parses a JSON policy passed on stdin and emits the equivalent of it in C structs ready for compilation.

This is useful in the case your platform doesn't use a dynamic JSON policy and is space-constrained, you can still form and maintain the policy in JSON, but with this utility convert it into compileable C.

Notice this depends on LWS_ROLE_H1, LWS_ROLE_H2, LWS_ROLE_WS and LWS_ROLE_MQTT build of lws, since it has to be able to work with any kind of policy content.

build

 $ cmake . && make

usage

Commandline option Meaning
-d Debug verbosity in decimal, eg, -d15 
$ cat mypolicy.json | lws-minimal-secure-streams-policy2c

(on stdout) 

static const uint32_t _rbo_bo_0[] = {
 1000,  2000,  3000,  5000,  10000, 
};
static const lws_retry_bo_t _rbo_0 = {
	.retry_ms_table = _rbo_bo_0,
	.retry_ms_table_count = 5,
	.conceal_count = 5,
	.secs_since_valid_ping = 30,
	.secs_since_valid_hangup = 35,
	.jitter_percent = 20,
};
static const uint8_t _ss_der_amazon_root_ca_1[] = {
	/* 0x  0 */ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 
	/* 0x  8 */ 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x13, 0x06, 
	/* 0x 10 */ 0x6C, 0x9F, 0xCF, 0x99, 0xBF, 0x8C, 0x0A, 0x39, 
	/* 0x 18 */ 0xE2, 0xF0, 0x78, 0x8A, 0x43, 0xE6, 0x96, 0x36, 
	/* 0x 20 */ 0x5B, 0xCA, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 
...