mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-30 00:00:16 +01:00
b318877cd9
Normalize the vhost options around optionally handling noncompliant traffic at the listening socket for both non-tls and tls cases. By default everything is as before. However it's now possible to tell the vhost to allow noncompliant connects to fall back to a specific role and protocol, both set by name in the vhost creation info struct. The original vhost flags allowing http redirect to https and direct http serving from https server (which is a security downgrade if enabled) are cleaned up and tested. A minimal example minimal-raw-fallback-http-server is added with switches to confirm operation of all the valid possibilities (see the readme on that). |
||
|---|---|---|
| .. | ||
| mainpage.md | ||
| README-plugin-sshd-base.md | ||
| README.build.md | ||
| README.ci.md | ||
| README.coding.md | ||
| README.content-security-policy.md | ||
| README.contributing.md | ||
| README.esp32.md | ||
| README.generic-sessions.md | ||
| README.generic-table.md | ||
| README.lwsws.md | ||
| README.plugin-acme.md | ||
| README.problems.md | ||
| README.release-policy.md | ||
| README.test-apps.md | ||
| README.unix-domain-reverse-proxy.md | ||
| README.vulnerability-reporting.md | ||
| release-checklist | ||
Vulnerability Reporting
If you become aware of an issue with lws that has a security
dimension for users, please contact andy@warmcat.com by
direct email.
Procedure for announcing vulnerability fixes
The problem and fixed versions will be announced on the libwebsockets mailing list and a note added to the master README.md.