mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-16 00:00:07 +01:00
b3131fdfdd
Establish a new distributed CMake architecture with CMake code related to a source directory moving to be in the subdir in its own CMakeLists.txt. In particular, there's now one in ./lib which calls through to ones further down the directory tree like ./lib/plat/xxx, ./lib/roles/xxx etc. This cuts the main CMakelists.txt from 98KB -> 33KB, about a 66% reduction, and it's much easier to maintain sub-CMakeLists.txt that are in the same directory as the sources they manage, and conceal all the details that that level. Child CMakelists.txt become responsible for: - include_directories() definition (this is not supported by CMake directly, it passes it back up via PARENT_SCOPE vars in helper macros) - Addition child CMakeLists.txt inclusion, for example toplevel -> role -> role subdir - Source file addition to the build - Dependent library path resolution... this is now a private thing in the child CMakeLists.txt, it just passes back any adaptations to include_directories() and the LIB_LIST without filling the parent namespace with the details |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| main.c | ||
| README.md | ||
lws minimal example for X509
The example shows how to:
- confirm one PEM cert or chain (-c) was signed by a trusted PEM cert (-t)
- convert a certificate public key to JWK
- convert a certificate public key and its private key PEM to a private JWK
The examples work for EC and RSA certs and on mbedtls and OpenSSL the same.
Notice the logging is on stderr, and only the JWK is output on stdout.
build
$ cmake . && make
usage
| Commandline option | Meaning |
|---|---|
| -d | Debug verbosity in decimal, eg, -d15 |
| -c | Required PEM Certificate(s) to operate on... may be multiple concatednated PEM |
| -t | Single PEM trusted certificate |
| -p | Optional private key matching certificate given in -c. If given, only the private JWK is printed to stdout |
Example for confirming trust relationship. Notice the PEM in -c must contain not only the final certificate but also the certificates for any intermediate CAs.
$ ./lws-crypto-x509 -c ec-cert.pem -t ca-cert.pem
[2019/01/02 20:31:13:2031] USER: LWS X509 api example
[2019/01/02 20:31:13:2032] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
[2019/01/02 20:31:13:2043] NOTICE: main: certs loaded OK
[2019/01/02 20:31:13:2043] NOTICE: main: verified OK <<<<======
[2019/01/02 20:31:13:2045] NOTICE: Cert Public JWK
{"crv":"P-521","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"}
[2019/01/02 20:31:13:2045] NOTICE: main: OK
Example creating JWKs for public and public + private cert + PEM keys:
$ ./lws-crypto-x509 -c ec-cert.pem -p ec-key.pem
[2019/01/02 20:14:43:4966] USER: LWS X509 api example
[2019/01/02 20:14:43:5225] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
[2019/01/02 20:14:43:5707] NOTICE: lws_x509_public_to_jwk: EC key
[2019/01/02 20:24:59:9514] USER: LWS X509 api example
[2019/01/02 20:24:59:9741] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
[2019/01/02 20:25:00:1261] NOTICE: lws_x509_public_to_jwk: key type 408 "id-ecPublicKey"
[2019/01/02 20:25:00:1269] NOTICE: lws_x509_public_to_jwk: EC key
[2019/01/02 20:25:00:2097] NOTICE: Cert + Key Private JWK
{"crv":"P-521","d":"AU3iQSKfPskMTW4ZncrYLhipUYzLYty2XhemTQ_nSuUB1vB76jHmOYUTRXFBLkVCW8cQYyMa5dMa3Bvv-cdvH0IB","kty":"EC","x":"_uRNBbIbm0zhk8v6ujvQX9924264ZkqJhit0qamAoCegzuJbLf434kN7_aFEt6u-QWUu6-N1R8t6OlvrLo2jrNY","y":"AU-29XpNyB7e5e3s5t0ylzGEnF601A8A7Tx8m8xxngARZX_bn22itGJ3Y57BTcclPMoG80KjWAMnRVtrKqrD_aGD"}
[2019/01/02 20:25:00:2207] NOTICE: main: OK