Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/lib/secure-streams/protocols
History
Andy Green 625bade63e ss: static policy: dynamic vhost instantiation 
Presently a vh is allocated per trust store at policy parsing-time, this
is no problem on a linux-class device or if you decide you need a dynamic
policy for functionality reasons.

However if you're in a constrained enough situation that the static policy
makes sense, in the case your trust stores do not have 100% duty cycle, ie,
are anyway always in use, the currently-unused vhosts and their x.509 stack
are sitting there taking up heap for no immediate benefit.

This patch modifies behaviour in ..._STATIC_POLICY_ONLY so that vhosts and
associated x.509 tls contexts are not instantiated until a secure stream using
them is created; they are refcounted, and when the last logical secure
stream using a vhost is destroyed, the vhost and its tls context is also
destroyed.

If another ss connection is created that wants to use the trust store, the
vhost and x.509 context is regenerated again as needed.

Currently the refcounting is by ss, it's also possible to move the refcounting
to be by connection.  The choice is between the delay to generate the vh
being visisble at logical ss creation-time, or at connection-time.  It's anyway
not preferable to have ss instantiated and taking up space with no associated
connection or connection attempt underway.

NB you will need to reprocess any static policies after this patch so they
conform to the trust_store changes.
2020-07-21 12:43:32 +01:00
..
README.md client: secure streams 2020-03-04 12:17:49 +00:00
ss-h1.c ss: static policy: dynamic vhost instantiation 2020-07-21 12:43:32 +01:00
ss-h2.c ss: static policy: dynamic vhost instantiation 2020-07-21 12:43:32 +01:00
ss-mqtt.c fakewsi: replace with smaller substructure 2020-07-20 06:28:52 +01:00
ss-raw.c fakewsi: replace with smaller substructure 2020-07-20 06:28:52 +01:00
ss-ws.c fakewsi: replace with smaller substructure 2020-07-20 06:28:52 +01:00

README.md

Lws Protocol bindings for Secure Streams

This directory contains the code wiring up normal lws protocols to Secure Streams.

The lws_protocols callback

This is the normal lws struct lws_protocols callback that handles events and traffic on the lws protocol being supported.

The various events and traffic are converted into calls using the Secure Streams api, and Secure Streams events.

The connect_munge helper

Different protocols have different semantics in the arguments to the client connect function, this protocol-specific helper is called to munge the connect_info struct to match the details of the protocol selected.

The ss->policy->aux string is used to hold protocol-specific information passed in the from the policy, eg, the URL path or websockets subprotocol name.

The (library-private) ss_pcols export

Each protocol binding exports two things to other parts of lws (they are not exported to user code)

  • a struct lws_protocols, including a pointer to the callback

  • a struct ss_pcols describing how secure_streams should use, including a pointer to the related connect_munge helper.

In ./lib/core-net/vhost.c, enabled protocols are added to vhost protcols lists so they may be used. And in ./lib/secure-streams/secure-streams.c, enabled struct ss_pcols are listed and checked for matches when the user creates a new Secure Stream.