diff --git a/CMakeLists.txt b/CMakeLists.txt index 7385b5e5..05f81663 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -170,7 +170,6 @@ endif() if (LWS_WITH_ESP32) set(LWS_WITH_SHARED OFF) - set(LWS_WITH_SSL ON) set(LWS_USE_MBEDTLS ON) # set(LWS_WITHOUT_CLIENT ON) set(LWS_WITHOUT_TESTAPPS ON) @@ -595,22 +594,35 @@ if (NOT LWS_WITHOUT_CLIENT) lib/client-parser.c) endif() -if (LWS_WITH_SSL) - list(APPEND SOURCES - lib/ssl.c) - - if (NOT LWS_WITHOUT_SERVER) - list(APPEND SOURCES - lib/ssl-server.c) - endif() - if (NOT LWS_WITHOUT_CLIENT) - list(APPEND SOURCES - lib/ssl-client.c) - endif() -endif() +if (LWS_USE_MBEDTLS) + set(LWS_WITH_SSL ON) + + list(APPEND HDR_PRIVATE + lib/mbedtls_wrapper/include/internal/ssl3.h + lib/mbedtls_wrapper/include/internal/ssl_cert.h + lib/mbedtls_wrapper/include/internal/ssl_code.h + lib/mbedtls_wrapper/include/internal/ssl_dbg.h + lib/mbedtls_wrapper/include/internal/ssl_lib.h + lib/mbedtls_wrapper/include/internal/ssl_methods.h + lib/mbedtls_wrapper/include/internal/ssl_pkey.h + lib/mbedtls_wrapper/include/internal/ssl_stack.h + lib/mbedtls_wrapper/include/internal/ssl_types.h + lib/mbedtls_wrapper/include/internal/ssl_x509.h + lib/mbedtls_wrapper/include/internal/tls1.h + lib/mbedtls_wrapper/include/internal/x509_vfy.h) + + list(APPEND HDR_PRIVATE + lib/mbedtls_wrapper/include/openssl/ssl.h) + + list(APPEND HDR_PRIVATE + lib/mbedtls_wrapper/include/platform/ssl_pm.h + lib/mbedtls_wrapper/include/platform/ssl_port.h) + + include_directories(lib/mbedtls_wrapper/include) + include_directories(lib/mbedtls_wrapper/include/platform) + include_directories(lib/mbedtls_wrapper/include/internal) + include_directories(lib/mbedtls_wrapper/include/openssl) -if (LWS_WITH_MBEDTLS) - # list(APPEND HDR_PRIVATE) list(APPEND SOURCES lib/mbedtls_wrapper/library/ssl_cert.c lib/mbedtls_wrapper/library/ssl_lib.c @@ -624,6 +636,19 @@ if (LWS_WITH_MBEDTLS) lib/mbedtls_wrapper/platform/ssl_port.c) endif() +if (LWS_WITH_SSL) + list(APPEND SOURCES + lib/ssl.c) + + if (NOT LWS_WITHOUT_SERVER) + list(APPEND SOURCES + lib/ssl-server.c) + endif() + if (NOT LWS_WITHOUT_CLIENT) + list(APPEND SOURCES + lib/ssl-client.c) + endif() +endif() if (NOT LWS_WITHOUT_BUILTIN_SHA1) list(APPEND SOURCES @@ -1087,7 +1112,7 @@ set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIST}) CHECK_FUNCTION_EXISTS(SSL_CTX_set1_param LWS_HAVE_SSL_CTX_set1_param) CHECK_FUNCTION_EXISTS(SSL_set_info_callback LWS_HAVE_SSL_SET_INFO_CALLBACK) CHECK_FUNCTION_EXISTS(X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host) -if (LWS_WITH_ESP32) +if (LWS_USE_MBEDTLS) set(LWS_HAVE_TLS_CLIENT_METHOD 1) else() CHECK_FUNCTION_EXISTS(TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD) diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index d3529371..ba05028d 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -204,7 +204,7 @@ typedef unsigned long long lws_intptr_t; #endif /* not USE_OLD_CYASSL */ #else #include -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) #include #endif #endif /* not USE_WOLFSSL */ diff --git a/lib/mbedtls_wrapper/include/internal/ssl_dbg.h b/lib/mbedtls_wrapper/include/internal/ssl_dbg.h index 12ba25f9..ad32cb92 100644 --- a/lib/mbedtls_wrapper/include/internal/ssl_dbg.h +++ b/lib/mbedtls_wrapper/include/internal/ssl_dbg.h @@ -15,7 +15,6 @@ #ifndef _SSL_DEBUG_H_ #define _SSL_DEBUG_H_ -#include "platform/ssl_opt.h" #include "platform/ssl_port.h" #ifdef __cplusplus diff --git a/lib/mbedtls_wrapper/include/internal/ssl_x509.h b/lib/mbedtls_wrapper/include/internal/ssl_x509.h index 840fbf1e..7594d064 100644 --- a/lib/mbedtls_wrapper/include/internal/ssl_x509.h +++ b/lib/mbedtls_wrapper/include/internal/ssl_x509.h @@ -101,6 +101,8 @@ int SSL_add_client_CA(SSL *ssl, X509 *x); */ int SSL_use_certificate_ASN1(SSL *ssl, int len, const unsigned char *d); +const char *X509_verify_cert_error_string(long n); + #ifdef __cplusplus } #endif diff --git a/lib/mbedtls_wrapper/include/internal/x509_vfy.h b/lib/mbedtls_wrapper/include/internal/x509_vfy.h index d5b0d1a2..e57e42bd 100644 --- a/lib/mbedtls_wrapper/include/internal/x509_vfy.h +++ b/lib/mbedtls_wrapper/include/internal/x509_vfy.h @@ -104,6 +104,11 @@ #define X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION 72 +typedef void X509_STORE_CTX; +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); + + #ifdef __cplusplus } #endif diff --git a/lib/mbedtls_wrapper/include/openssl/ssl.h b/lib/mbedtls_wrapper/include/openssl/ssl.h index 39d4bf73..f33b02d4 100755 --- a/lib/mbedtls_wrapper/include/openssl/ssl.h +++ b/lib/mbedtls_wrapper/include/openssl/ssl.h @@ -19,6 +19,7 @@ extern "C" { #endif +#include #include "internal/ssl_x509.h" #include "internal/ssl_pkey.h" @@ -26,6 +27,7 @@ { */ +#define SSL_CB_ALERT 0x4000 /** * @brief create a SSL context * diff --git a/lib/mbedtls_wrapper/include/platform/ssl_opt.h b/lib/mbedtls_wrapper/include/platform/ssl_opt.h deleted file mode 100644 index a9c55e8c..00000000 --- a/lib/mbedtls_wrapper/include/platform/ssl_opt.h +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#ifndef _SSL_OPT_H_ -#define _SSL_OPT_H_ - -#include "sdkconfig.h" - -#endif diff --git a/lib/mbedtls_wrapper/include/platform/ssl_port.h b/lib/mbedtls_wrapper/include/platform/ssl_port.h index 492ea405..c4c26618 100644 --- a/lib/mbedtls_wrapper/include/platform/ssl_port.h +++ b/lib/mbedtls_wrapper/include/platform/ssl_port.h @@ -19,8 +19,10 @@ extern "C" { #endif +/* #include "esp_types.h" #include "esp_log.h" +*/ #include "string.h" #include "malloc.h" diff --git a/lib/mbedtls_wrapper/library/ssl_lib.c b/lib/mbedtls_wrapper/library/ssl_lib.c index 8b539826..d94b4faa 100644 --- a/lib/mbedtls_wrapper/library/ssl_lib.c +++ b/lib/mbedtls_wrapper/library/ssl_lib.c @@ -1554,3 +1554,26 @@ void SSL_set_verify(SSL *ssl, int mode, int (*verify_callback)(int, X509_STORE_C ssl->verify_mode = mode; ssl->verify_callback = verify_callback; } + +void ERR_error_string_n(unsigned long e, char *buf, size_t len) +{ + strncpy(buf, "unknown", len); +} + +void ERR_free_strings(void) +{ +} + +char *ERR_error_string(unsigned long e, char *buf) +{ + if (buf) { + strcpy(buf, "unknown"); + } + + return "unknown"; +} + +void *SSL_CTX_get_ex_data(const SSL_CTX *ctx, int idx) +{ + return NULL; +} diff --git a/lib/mbedtls_wrapper/library/ssl_x509.c b/lib/mbedtls_wrapper/library/ssl_x509.c index ef0503c0..73f4c16c 100644 --- a/lib/mbedtls_wrapper/library/ssl_x509.c +++ b/lib/mbedtls_wrapper/library/ssl_x509.c @@ -283,3 +283,17 @@ X509 *SSL_get_peer_certificate(const SSL *ssl) return ssl->session->peer; } +int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) +{ + return X509_V_ERR_UNSPECIFIED; +} + +int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) +{ + return 0; +} + +const char *X509_verify_cert_error_string(long n) +{ + return "unknown"; +} diff --git a/lib/mbedtls_wrapper/platform/ssl_pm.c b/lib/mbedtls_wrapper/platform/ssl_pm.c index 711af177..54319d25 100755 --- a/lib/mbedtls_wrapper/platform/ssl_pm.c +++ b/lib/mbedtls_wrapper/platform/ssl_pm.c @@ -18,7 +18,7 @@ /* mbedtls include */ #include "mbedtls/platform.h" -#include "mbedtls/net.h" +#include "mbedtls/net_sockets.h" #include "mbedtls/debug.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index 0aa5410c..e79076cc 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -274,7 +274,7 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen); #endif /* not USE_OLD_CYASSL */ #else #include -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) #include #include #include diff --git a/lib/ssl-client.c b/lib/ssl-client.c index 0c757385..cd5cd9af 100644 --- a/lib/ssl-client.c +++ b/lib/ssl-client.c @@ -35,7 +35,7 @@ extern int lws_ssl_get_error(struct lws *wsi, int n); static int OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) { -#if defined(LWS_WITH_ESP32) +#if defined(LWS_USE_MBEDTLS) // long gvr = ssl_pm_get_verify_result( lwsl_notice("%s\n", __func__); @@ -149,14 +149,14 @@ lws_ssl_client_bio_create(struct lws *wsi) #endif -#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32) +#if !defined(USE_WOLFSSL) && !defined(LWS_USE_MBEDTLS) #ifndef USE_OLD_CYASSL /* OpenSSL_client_verify_callback will be called @ SSL_connect() */ SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback); #endif #endif -#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32) +#if !defined(USE_WOLFSSL) && !defined(LWS_USE_MBEDTLS) SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); #endif /* @@ -174,7 +174,7 @@ lws_ssl_client_bio_create(struct lws *wsi) #endif #endif #else -#if defined(LWS_WITH_ESP32) +#if defined(LWS_USE_MBEDTLS) // esp-idf openssl shim does not seem ready for this // SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, OpenSSL_client_verify_callback); SSL_set_verify(wsi->ssl, SSL_VERIFY_NONE, OpenSSL_client_verify_callback); @@ -203,7 +203,7 @@ lws_ssl_client_bio_create(struct lws *wsi) #endif #endif /* USE_WOLFSSL */ -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) wsi->client_bio = BIO_new_socket(wsi->desc.sockfd, BIO_NOCLOSE); SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio); #else @@ -217,12 +217,12 @@ lws_ssl_client_bio_create(struct lws *wsi) wolfSSL_set_using_nonblock(wsi->ssl, 1); #endif #else -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */ #endif #endif -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) SSL_set_ex_data(wsi->ssl, openssl_websocket_private_data_index, wsi); #endif @@ -230,7 +230,7 @@ lws_ssl_client_bio_create(struct lws *wsi) return 0; } -#if defined(LWS_WITH_ESP32) +#if defined(LWS_USE_MBEDTLS) int ERR_get_error(void) { return 0; @@ -377,7 +377,7 @@ lws_ssl_client_connect2(struct lws *wsi) } } -#if defined(LWS_WITH_ESP32) +#if defined(LWS_USE_MBEDTLS) { X509 *peer = SSL_get_peer_certificate(wsi->ssl); @@ -434,7 +434,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info, SSL_METHOD *method = NULL; struct lws wsi; unsigned long error; -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) const char *cipher_list = info->ssl_cipher_list; const char *ca_filepath = info->ssl_ca_filepath; const char *private_key_filepath = info->ssl_private_key_filepath; @@ -502,7 +502,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info, SSL_CTX_set_options(vhost->ssl_client_ctx, SSL_OP_NO_COMPRESSION); #endif -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) SSL_CTX_set_options(vhost->ssl_client_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); @@ -541,7 +541,7 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info, * callback allowing user code to load extra verification certs * helping the client to verify server identity */ -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) /* support for client-side certificate authentication */ if (cert_filepath) { diff --git a/lib/ssl-server.c b/lib/ssl-server.c index ea87ee56..2a768b2e 100644 --- a/lib/ssl-server.c +++ b/lib/ssl-server.c @@ -27,7 +27,7 @@ extern int openssl_websocket_private_data_index, extern void lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info); -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) static int OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) { @@ -130,7 +130,7 @@ lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info, lwsl_notice(" SSL ECDH curve '%s'\n", ecdh_curve); #else -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) lwsl_notice(" OpenSSL doesn't support ECDH\n"); #endif #endif @@ -230,7 +230,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, * versions", compared to e.g. TLSv1_2_server_method() which only allows * tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options() */ -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) { SSL_METHOD *method; @@ -263,7 +263,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, } #endif -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) /* associate the lws context with the SSL_CTX */ @@ -292,7 +292,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED)) verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) SSL_CTX_set_session_id_context(vhost->ssl_ctx, (unsigned char *)context, sizeof(void *)); @@ -312,7 +312,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, * give user code a chance to load certs into the server * allowing it to verify incoming client certs */ -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) if (info->ssl_ca_filepath && !SSL_CTX_load_verify_locations(vhost->ssl_ctx, info->ssl_ca_filepath, NULL)) { @@ -346,7 +346,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, if (vhost->use_ssl) { /* openssl init for server sockets */ -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) /* set the local certificate from CertFile */ n = SSL_CTX_use_certificate_chain_file(vhost->ssl_ctx, info->ssl_cert_filepath); @@ -377,6 +377,10 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, lwsl_err("Problem loading cert\n"); return 1; } +#if !defined(LWS_WITH_ESP32) + free(p); + p = NULL; +#endif if (alloc_pem_to_der_file(vhost->context, info->ssl_private_key_filepath, &p, &flen)) { @@ -392,10 +396,13 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, return 1; } -// free(p); +#if !defined(LWS_WITH_ESP32) + free(p); + p = NULL; +#endif #endif if (info->ssl_private_key_filepath != NULL) { -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(vhost->ssl_ctx, info->ssl_private_key_filepath, @@ -416,7 +423,7 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info, return 1; } -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) /* verify private key */ if (!SSL_CTX_check_private_key(vhost->ssl_ctx)) { lwsl_err("Private SSL key doesn't match cert\n"); diff --git a/lib/ssl.c b/lib/ssl.c index c5172674..326ef2ce 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -54,6 +54,7 @@ bail: return ret; } +#if defined(LWS_USE_MBEDTLS) #if defined(LWS_WITH_ESP32) int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf, lws_filepos_t *amount) @@ -85,6 +86,56 @@ bail: return n; } +#else +int alloc_file(struct lws_context *context, const char *filename, uint8_t **buf, + lws_filepos_t *amount) +{ + FILE *f; + size_t s; + int n = 0; + + f =fopen(filename, "rb"); + if (f == NULL) { + n = 1; + goto bail; + } + + if (fseek(f, 0, SEEK_END) != 0) { + n = 1; + goto bail; + } + + s = ftell(f); + if (s == -1) { + n = 1; + goto bail; + } + + if (fseek(f, 0, SEEK_SET) != 0) { + n = 1; + goto bail; + } + + *buf = malloc(s); + if (!*buf) { + n = 2; + goto bail; + } + + if (fread(*buf, s, 1, f) != 1) { + free(*buf); + n = 1; + goto bail; + } + + *amount = s; + +bail: + fclose(f); + return n; + +} +#endif int alloc_pem_to_der_file(struct lws_context *context, const char *filename, uint8_t **buf, lws_filepos_t *amount) { @@ -199,7 +250,7 @@ char* lws_ssl_get_error_string(int status, int ret, char *buf, size_t len) { void lws_ssl_elaborate_error(void) { -#if defined(LWS_WITH_ESP32) +#if defined(LWS_USE_MBEDTLS) #else char buf[256]; u_long err; @@ -211,7 +262,7 @@ lws_ssl_elaborate_error(void) #endif } -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) static int lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata) @@ -265,7 +316,7 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info) lwsl_notice("Doing SSL library init\n"); -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); @@ -291,7 +342,7 @@ lws_ssl_destroy(struct lws_vhost *vhost) SSL_CTX_free(vhost->ssl_ctx); if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) SSL_CTX_free(vhost->ssl_client_ctx); -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) // after 1.1.0 no need #if (OPENSSL_VERSION_NUMBER < 0x10100000) @@ -352,7 +403,7 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) struct lws_context *context = wsi->context; struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; int n = 0; -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) int ssl_read_errno = 0; #endif @@ -388,7 +439,7 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len) return LWS_SSL_CAPABLE_ERROR; if (n == SSL_ERROR_SYSCALL) { -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) int err = ERR_get_error(); if (err == 0 && (ssl_read_errno == EPIPE || ssl_read_errno == ECONNABORTED || @@ -483,7 +534,7 @@ LWS_VISIBLE int lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len) { int n; -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) int ssl_read_errno = 0; #endif @@ -506,7 +557,7 @@ lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len) if (n == SSL_ERROR_ZERO_RETURN) return LWS_SSL_CAPABLE_ERROR; -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) if (n == SSL_ERROR_SYSCALL) { int err = ERR_get_error(); @@ -618,7 +669,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) struct lws_context *context = wsi->context; struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi]; int n, m; -#if !defined(USE_WOLFSSL) && !defined(LWS_WITH_ESP32) +#if !defined(USE_WOLFSSL) && !defined(LWS_USE_MBEDTLS) BIO *bio; #endif char buf[256]; @@ -661,7 +712,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) context->updated = 1; #endif -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) SSL_set_ex_data(wsi->ssl, openssl_websocket_private_data_index, wsi); #endif @@ -674,7 +725,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) wolfSSL_set_using_nonblock(wsi->ssl, 1); #endif #else -#if defined(LWS_WITH_ESP32) +#if defined(LWS_USE_MBEDTLS) lws_plat_set_socket_options(wsi->vhost, accept_fd); #else SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); @@ -791,7 +842,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd) m = lws_ssl_get_error(wsi, n); -#if defined(LWS_WITH_ESP32) +#if defined(LWS_USE_MBEDTLS) if (m == 5 && errno == 11) m = SSL_ERROR_WANT_READ; #endif @@ -864,7 +915,7 @@ void lws_ssl_context_destroy(struct lws_context *context) { -#if !defined(LWS_WITH_ESP32) +#if !defined(LWS_USE_MBEDTLS) // after 1.1.0 no need #if (OPENSSL_VERSION_NUMBER < 0x10100000)