polarssl implementation
Signed-off-by: Andy Green <andy@warmcat.com>
This commit is contained in:
parent
19f61e59b0
commit
451cee5d47
15 changed files with 494 additions and 53 deletions
|
@ -327,6 +327,19 @@ cmake .. -DLWS_USE_CYASSL=1 \
|
|||
|
||||
**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIBRARIES` instead.
|
||||
|
||||
Compiling libwebsockets with PolarSSL
|
||||
-------------------------------------
|
||||
|
||||
Caution... at some point PolarSSL became MbedTLS. But it did not happen all at once.
|
||||
The name changed first then at mbedTLS 2.0 the apis changed. So eg in Fedora 22,
|
||||
there is an "mbedtls" package which is actually using polarssl for the include dir
|
||||
and polarssl apis... this should be treated as polarssl then.
|
||||
|
||||
Example config for this case is
|
||||
|
||||
cmake .. -DLWS_USE_POLARSSL=1 -DLWS_POLARSSL_LIBRARIES=/usr/lib64/libmbedtls.so \
|
||||
-DLWS_POLARSSL_INCLUDE_DIRS=/usr/include/polarssl/
|
||||
|
||||
Reproducing HTTP2.0 tests
|
||||
-------------------------
|
||||
|
||||
|
|
|
@ -215,13 +215,19 @@ struct sockaddr_in;
|
|||
#else
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#include <polarssl/ssl.h>
|
||||
#define SSL_CTX ssl_context
|
||||
#define SSL ssl_session
|
||||
struct lws_polarssl_context {
|
||||
x509_crt ca;
|
||||
x509_crt certificate;
|
||||
rsa_context key;
|
||||
};
|
||||
typedef struct lws_polarssl_context SSL_CTX;
|
||||
typedef ssl_context SSL;
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#include <mbedtls/ssl.h>
|
||||
#else
|
||||
#include <openssl/ssl.h>
|
||||
#include <openssl/err.h>
|
||||
#endif /* not USE_MBEDTLS */
|
||||
#endif /* not USE_POLARSSL */
|
||||
#endif /* not USE_WOLFSSL */
|
||||
|
|
|
@ -200,6 +200,9 @@ static inline int compatible_close(int fd) { return close(fd); }
|
|||
#include <polarssl/md5.h>
|
||||
#include <polarssl/sha1.h>
|
||||
#include <polarssl/ecdh.h>
|
||||
#define SSL_ERROR_WANT_READ POLARSSL_ERR_NET_WANT_READ
|
||||
#define SSL_ERROR_WANT_WRITE POLARSSL_ERR_NET_WANT_WRITE
|
||||
#define OPENSSL_VERSION_NUMBER 0x10002000L
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#include <mbedtls/ssl.h>
|
||||
|
|
|
@ -189,7 +189,7 @@ sha1_step(struct sha1_ctxt *ctxt)
|
|||
/*------------------------------------------------------------*/
|
||||
|
||||
static void
|
||||
sha1_init(struct sha1_ctxt *ctxt)
|
||||
_sha1_init(struct sha1_ctxt *ctxt)
|
||||
{
|
||||
bzero(ctxt, sizeof(struct sha1_ctxt));
|
||||
H(0) = 0x67452301;
|
||||
|
@ -290,7 +290,7 @@ lws_SHA1(const unsigned char *d, size_t n, unsigned char *md)
|
|||
{
|
||||
struct sha1_ctxt ctx;
|
||||
|
||||
sha1_init(&ctx);
|
||||
_sha1_init(&ctx);
|
||||
sha1_loop(&ctx, d, n);
|
||||
sha1_result(&ctx, (void *)md);
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* libwebsockets - small server side websockets and web server implementation
|
||||
*
|
||||
* Copyright (C) 2010-2014 Andy Green <andy@warmcat.com>
|
||||
* Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -27,9 +27,16 @@ extern int openssl_websocket_private_data_index,
|
|||
extern void
|
||||
lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info);
|
||||
|
||||
extern int lws_ssl_get_error(struct lws *wsi, int n);
|
||||
|
||||
int
|
||||
lws_ssl_client_bio_create(struct lws *wsi)
|
||||
{
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
return 0;
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
struct lws_context *context = wsi->context;
|
||||
#if defined(CYASSL_SNI_HOST_NAME) || defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
||||
const char *hostname = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST);
|
||||
|
@ -93,24 +100,29 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
|||
context);
|
||||
|
||||
return 0;
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
int
|
||||
lws_ssl_client_connect1(struct lws *wsi)
|
||||
{
|
||||
struct lws_context *context = wsi->context;
|
||||
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
||||
char *p = (char *)&pt->serv_buf[0];
|
||||
char *sb = p;
|
||||
int n;
|
||||
int n = 0;
|
||||
|
||||
lws_latency_pre(context, wsi);
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = SSL_connect(wsi->ssl);
|
||||
#endif
|
||||
#endif
|
||||
lws_latency(context, wsi,
|
||||
"SSL_connect LWSCM_WSCL_ISSUE_HANDSHAKE", n, n > 0);
|
||||
|
||||
if (n < 0) {
|
||||
n = SSL_get_error(wsi->ssl, n);
|
||||
n = lws_ssl_get_error(wsi, n);
|
||||
|
||||
if (n == SSL_ERROR_WANT_READ)
|
||||
goto some_wait;
|
||||
|
@ -143,12 +155,22 @@ some_wait:
|
|||
* retry if new data comes until we
|
||||
* run into the connection timeout or win
|
||||
*/
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = ERR_get_error();
|
||||
|
||||
if (n != SSL_ERROR_NONE) {
|
||||
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
||||
char *p = (char *)&pt->serv_buf[0];
|
||||
char *sb = p;
|
||||
lwsl_err("SSL connect error %lu: %s\n",
|
||||
n, ERR_error_string(n, sb));
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
return 1;
|
||||
|
@ -158,19 +180,31 @@ int
|
|||
lws_ssl_client_connect2(struct lws *wsi)
|
||||
{
|
||||
struct lws_context *context = wsi->context;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
|
||||
char *p = (char *)&pt->serv_buf[0];
|
||||
char *sb = p;
|
||||
int n;
|
||||
#endif
|
||||
#endif
|
||||
int n = 0;
|
||||
|
||||
if (wsi->mode == LWSCM_WSCL_WAITING_SSL) {
|
||||
lws_latency_pre(context, wsi);
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = SSL_connect(wsi->ssl);
|
||||
#endif
|
||||
#endif
|
||||
lws_latency(context, wsi,
|
||||
"SSL_connect LWSCM_WSCL_WAITING_SSL", n, n > 0);
|
||||
|
||||
if (n < 0) {
|
||||
n = SSL_get_error(wsi->ssl, n);
|
||||
n = lws_ssl_get_error(wsi, n);
|
||||
|
||||
if (n == SSL_ERROR_WANT_READ) {
|
||||
wsi->mode = LWSCM_WSCL_WAITING_SSL;
|
||||
|
@ -206,15 +240,25 @@ lws_ssl_client_connect2(struct lws *wsi)
|
|||
* retry if new data comes until we
|
||||
* run into the connection timeout or win
|
||||
*/
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = ERR_get_error();
|
||||
if (n != SSL_ERROR_NONE) {
|
||||
lwsl_err("SSL connect error %lu: %s\n",
|
||||
n, ERR_error_string(n, sb));
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#ifndef USE_WOLFSSL
|
||||
/*
|
||||
* See comment above about wolfSSL certificate
|
||||
|
@ -239,6 +283,8 @@ lws_ssl_client_connect2(struct lws *wsi)
|
|||
}
|
||||
}
|
||||
#endif /* USE_WOLFSSL */
|
||||
#endif
|
||||
#endif
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
@ -247,6 +293,11 @@ lws_ssl_client_connect2(struct lws *wsi)
|
|||
int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
||||
struct lws_vhost *vhost)
|
||||
{
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
return 0;
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
int error;
|
||||
int n;
|
||||
SSL_METHOD *method;
|
||||
|
@ -379,4 +430,6 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
|||
vhost->ssl_client_ctx, NULL, 0);
|
||||
|
||||
return 0;
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
|
115
lib/ssl-server.c
115
lib/ssl-server.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* libwebsockets - small server side websockets and web server implementation
|
||||
*
|
||||
* Copyright (C) 2010-2014 Andy Green <andy@warmcat.com>
|
||||
* Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -21,6 +21,11 @@
|
|||
|
||||
#include "private-libwebsockets.h"
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
|
||||
extern int openssl_websocket_private_data_index,
|
||||
openssl_SSL_CTX_private_data_index;
|
||||
|
||||
|
@ -190,11 +195,13 @@ lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg)
|
|||
}
|
||||
#endif
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
LWS_VISIBLE int
|
||||
lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
||||
struct lws_vhost *vhost)
|
||||
{
|
||||
SSL_METHOD *method;
|
||||
struct lws_context *context = vhost->context;
|
||||
struct lws wsi;
|
||||
int error;
|
||||
|
@ -224,7 +231,70 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
*/
|
||||
memset(&wsi, 0, sizeof(wsi));
|
||||
wsi.vhost = vhost;
|
||||
wsi.context = vhost->context;
|
||||
wsi.context = context;
|
||||
|
||||
(void)n;
|
||||
(void)error;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
lwsl_notice(" Compiled with PolarSSL support\n");
|
||||
|
||||
vhost->ssl_ctx = lws_zalloc(sizeof (*vhost->ssl_ctx));
|
||||
|
||||
/* Load the trusted CA */
|
||||
|
||||
if (info->ssl_ca_filepath) {
|
||||
n = x509_crt_parse_file(&vhost->ssl_ctx->ca,
|
||||
info->ssl_ca_filepath);
|
||||
|
||||
if (n < 0) {
|
||||
// error_strerror(ret, errorbuf, sizeof(errorbuf));
|
||||
lwsl_err("%s: Failed to load ca cert\n", __func__);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Load our cert */
|
||||
|
||||
if (info->ssl_cert_filepath) {
|
||||
n = x509_crt_parse_file(&vhost->ssl_ctx->certificate,
|
||||
info->ssl_cert_filepath);
|
||||
|
||||
if (n < 0) {
|
||||
// error_strerror(ret, errorbuf, sizeof(errorbuf));
|
||||
lwsl_err("%s: Failed to load cert\n", __func__);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/* Load cert private key */
|
||||
|
||||
if (info->ssl_private_key_filepath) {
|
||||
pk_context pk;
|
||||
pk_init(&pk);
|
||||
n = pk_parse_keyfile(&pk, info->ssl_private_key_filepath,
|
||||
info->ssl_private_key_password);
|
||||
|
||||
if (!n && !pk_can_do(&pk, POLARSSL_PK_RSA))
|
||||
n = POLARSSL_ERR_PK_TYPE_MISMATCH;
|
||||
|
||||
if (!n)
|
||||
rsa_copy(&vhost->ssl_ctx->key, pk_rsa(pk));
|
||||
else
|
||||
rsa_free(&vhost->ssl_ctx->key);
|
||||
pk_free(&pk);
|
||||
|
||||
if (n) {
|
||||
//error_strerror(ret, errorbuf, sizeof(errorbuf));
|
||||
lwsl_err("%s: error reading private key\n", __func__);
|
||||
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
lwsl_notice(" Compiled with mbedTLS support\n");
|
||||
#else
|
||||
|
||||
/*
|
||||
* Firefox insists on SSLv23 not SSLv3
|
||||
|
@ -235,21 +305,25 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
* tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options()
|
||||
*/
|
||||
|
||||
method = (SSL_METHOD *)SSLv23_server_method();
|
||||
if (!method) {
|
||||
error = ERR_get_error();
|
||||
lwsl_err("problem creating ssl method %lu: %s\n",
|
||||
error, ERR_error_string(error,
|
||||
{
|
||||
SSL_METHOD *method;
|
||||
|
||||
method = (SSL_METHOD *)SSLv23_server_method();
|
||||
if (!method) {
|
||||
error = ERR_get_error();
|
||||
lwsl_err("problem creating ssl method %lu: %s\n",
|
||||
error, ERR_error_string(error,
|
||||
(char *)context->pt[0].serv_buf));
|
||||
return 1;
|
||||
}
|
||||
vhost->ssl_ctx = SSL_CTX_new(method); /* create context */
|
||||
if (!vhost->ssl_ctx) {
|
||||
error = ERR_get_error();
|
||||
lwsl_err("problem creating ssl context %lu: %s\n",
|
||||
error, ERR_error_string(error,
|
||||
return 1;
|
||||
}
|
||||
vhost->ssl_ctx = SSL_CTX_new(method); /* create context */
|
||||
if (!vhost->ssl_ctx) {
|
||||
error = ERR_get_error();
|
||||
lwsl_err("problem creating ssl context %lu: %s\n",
|
||||
error, ERR_error_string(error,
|
||||
(char *)context->pt[0].serv_buf));
|
||||
return 1;
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
||||
/* associate the lws context with the SSL_CTX */
|
||||
|
@ -270,10 +344,12 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
|
||||
/* as a server, are we requiring clients to identify themselves? */
|
||||
|
||||
if (lws_check_opt(info->options, LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) {
|
||||
if (lws_check_opt(info->options,
|
||||
LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) {
|
||||
int verify_options = SSL_VERIFY_PEER;
|
||||
|
||||
if (!lws_check_opt(info->options, LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
|
||||
if (!lws_check_opt(info->options,
|
||||
LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
|
||||
verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
||||
|
||||
SSL_CTX_set_session_id_context(vhost->ssl_ctx,
|
||||
|
@ -369,6 +445,9 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
|||
lws_context_init_http2_ssl(vhost);
|
||||
}
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
238
lib/ssl.c
238
lib/ssl.c
|
@ -1,7 +1,7 @@
|
|||
/*
|
||||
* libwebsockets - small server side websockets and web server implementation
|
||||
*
|
||||
* Copyright (C) 2010-2014 Andy Green <andy@warmcat.com>
|
||||
* Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
|
@ -21,9 +21,59 @@
|
|||
|
||||
#include "private-libwebsockets.h"
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
static const int ciphers[] =
|
||||
{
|
||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
0
|
||||
};
|
||||
|
||||
static int urandom_bytes(void *ctx, unsigned char *dest, size_t len)
|
||||
{
|
||||
int cur;
|
||||
int fd = open("/dev/urandom", O_RDONLY);
|
||||
|
||||
while (len) {
|
||||
cur = read(fd, dest, len);
|
||||
if (cur < 0)
|
||||
continue;
|
||||
len -= cur;
|
||||
}
|
||||
close(fd);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void pssl_debug(void *ctx, int level, const char *str)
|
||||
{
|
||||
lwsl_err("PolarSSL [level %d]: %s", level, str);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
int openssl_websocket_private_data_index,
|
||||
openssl_SSL_CTX_private_data_index;
|
||||
|
||||
int lws_ssl_get_error(struct lws *wsi, int n)
|
||||
{
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#define ERR_error_string(a, b) ""
|
||||
return n;
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
return n;
|
||||
#else
|
||||
return SSL_get_error(wsi->ssl, n);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
static int
|
||||
lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata)
|
||||
{
|
||||
|
@ -35,12 +85,18 @@ lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userd
|
|||
|
||||
return strlen(buf);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
|
||||
void
|
||||
lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info)
|
||||
{
|
||||
if (!info->ssl_private_key_password)
|
||||
return;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
/*
|
||||
* password provided, set ssl callback and user data
|
||||
* for checking password which will be trigered during
|
||||
|
@ -48,6 +104,8 @@ lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info
|
|||
*/
|
||||
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info);
|
||||
SSL_CTX_set_default_passwd_cb(ssl_ctx, lws_context_init_ssl_pem_passwd_cb);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -59,8 +117,16 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
|||
#else
|
||||
lwsl_notice(" Compiled with wolfSSL support\n");
|
||||
#endif
|
||||
#else
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
lwsl_notice(" Compiled with PolarSSL support\n");
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
lwsl_notice(" Compiled with mbedTLS support\n");
|
||||
#else
|
||||
lwsl_notice(" Compiled with OpenSSL support\n");
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) {
|
||||
|
@ -70,6 +136,10 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
|||
|
||||
/* basic openssl init */
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
SSL_library_init();
|
||||
|
||||
OpenSSL_add_all_algorithms();
|
||||
|
@ -80,6 +150,8 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
|||
|
||||
openssl_SSL_CTX_private_data_index = SSL_CTX_get_ex_new_index(0,
|
||||
NULL, NULL, NULL, NULL);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -88,9 +160,15 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
|||
LWS_VISIBLE void
|
||||
lws_ssl_destroy(struct lws_vhost *vhost)
|
||||
{
|
||||
if (!lws_check_opt(vhost->context->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
|
||||
if (!lws_check_opt(vhost->context->options,
|
||||
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
|
||||
return;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
|
||||
if (vhost->ssl_ctx)
|
||||
SSL_CTX_free(vhost->ssl_ctx);
|
||||
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
|
||||
|
@ -108,18 +186,25 @@ lws_ssl_destroy(struct lws_vhost *vhost)
|
|||
ERR_free_strings();
|
||||
EVP_cleanup();
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
LWS_VISIBLE void
|
||||
lws_decode_ssl_error(void)
|
||||
{
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
char buf[256];
|
||||
u_long err;
|
||||
|
||||
while ((err = ERR_get_error()) != 0) {
|
||||
ERR_error_string_n(err, buf, sizeof(buf));
|
||||
lwsl_err("*** %lu %s\n", err, buf);
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
LWS_VISIBLE void
|
||||
|
@ -155,18 +240,25 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len)
|
|||
{
|
||||
struct lws_context *context = wsi->context;
|
||||
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
||||
int n;
|
||||
int n = 0;
|
||||
|
||||
if (!wsi->ssl)
|
||||
return lws_ssl_capable_read_no_ssl(wsi, buf, len);
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = SSL_read(wsi->ssl, buf, len);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* manpage: returning 0 means connection shut down */
|
||||
if (!n)
|
||||
return LWS_SSL_CAPABLE_ERROR;
|
||||
|
||||
if (n < 0) {
|
||||
n = SSL_get_error(wsi->ssl, n);
|
||||
n = lws_ssl_get_error(wsi, n);
|
||||
if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE)
|
||||
return LWS_SSL_CAPABLE_MORE_SERVICE;
|
||||
|
||||
|
@ -187,8 +279,16 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len)
|
|||
goto bail;
|
||||
if (!wsi->ssl)
|
||||
goto bail;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
if (ssl_get_bytes_avail(wsi->ssl) <= 0)
|
||||
goto bail;
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
if (!SSL_pending(wsi->ssl))
|
||||
goto bail;
|
||||
#endif
|
||||
#endif
|
||||
if (wsi->pending_read_list_next)
|
||||
return n;
|
||||
if (wsi->pending_read_list_prev)
|
||||
|
@ -216,8 +316,15 @@ lws_ssl_pending(struct lws *wsi)
|
|||
{
|
||||
if (!wsi->ssl)
|
||||
return 0;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
return ssl_get_bytes_avail(wsi->ssl) > 0;
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
return ssl_get_bytes_avail(wsi->ssl) > 0;;
|
||||
#else
|
||||
return SSL_pending(wsi->ssl);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
LWS_VISIBLE int
|
||||
|
@ -228,11 +335,18 @@ lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len)
|
|||
if (!wsi->ssl)
|
||||
return lws_ssl_capable_write_no_ssl(wsi, buf, len);
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
n = ssl_write(wsi->ssl, buf, len);
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = SSL_write(wsi->ssl, buf, len);
|
||||
#endif
|
||||
#endif
|
||||
if (n > 0)
|
||||
return n;
|
||||
|
||||
n = SSL_get_error(wsi->ssl, n);
|
||||
n = lws_ssl_get_error(wsi, n);
|
||||
if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE) {
|
||||
if (n == SSL_ERROR_WANT_WRITE)
|
||||
lws_set_blocking_send(wsi);
|
||||
|
@ -250,10 +364,19 @@ lws_ssl_close(struct lws *wsi)
|
|||
if (!wsi->ssl)
|
||||
return 0; /* not handled */
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
ssl_close_notify(wsi->ssl);
|
||||
(void)n; /* we need to close the fd? */
|
||||
ssl_free(wsi->ssl);
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = SSL_get_fd(wsi->ssl);
|
||||
SSL_shutdown(wsi->ssl);
|
||||
compatible_close(n);
|
||||
SSL_free(wsi->ssl);
|
||||
#endif
|
||||
#endif
|
||||
wsi->ssl = NULL;
|
||||
|
||||
return 1; /* handled */
|
||||
|
@ -267,7 +390,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
struct lws_context *context = wsi->context;
|
||||
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
||||
int n, m;
|
||||
#ifndef USE_WOLFSSL
|
||||
#if !defined(USE_WOLFSSL) && !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS)
|
||||
BIO *bio;
|
||||
#endif
|
||||
|
||||
|
@ -282,10 +405,48 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
if (accept_fd == LWS_SOCK_INVALID)
|
||||
assert(0);
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
{
|
||||
ssl_session *ssn;
|
||||
int rc;
|
||||
|
||||
wsi->ssl = lws_zalloc(sizeof(ssl_context));
|
||||
ssn = lws_zalloc(sizeof(ssl_session));
|
||||
|
||||
rc = ssl_init(wsi->ssl);
|
||||
if (rc) {
|
||||
lwsl_err("ssl_init failed\n");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
ssl_set_endpoint(wsi->ssl, SSL_IS_SERVER);
|
||||
ssl_set_authmode(wsi->ssl, SSL_VERIFY_OPTIONAL);
|
||||
ssl_set_rng(wsi->ssl, urandom_bytes, NULL);
|
||||
ssl_set_dbg(wsi->ssl, pssl_debug, NULL);
|
||||
ssl_set_bio(wsi->ssl, net_recv, &wsi->sock, net_send, &wsi->sock);
|
||||
|
||||
ssl_set_ciphersuites(wsi->ssl, ciphers);
|
||||
|
||||
ssl_set_session(wsi->ssl, ssn);
|
||||
|
||||
ssl_set_ca_chain(wsi->ssl, &wsi->vhost->ssl_ctx->ca,
|
||||
NULL, NULL);
|
||||
|
||||
ssl_set_own_cert_rsa(wsi->ssl,
|
||||
&wsi->vhost->ssl_ctx->certificate,
|
||||
&wsi->vhost->ssl_ctx->key);
|
||||
|
||||
// ssl_set_dh_param(wsi->ssl, my_dhm_P, my_dhm_G);
|
||||
|
||||
lwsl_err("%s: polarssl init done\n", __func__);
|
||||
}
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
wsi->ssl = SSL_new(wsi->vhost->ssl_ctx);
|
||||
if (wsi->ssl == NULL) {
|
||||
lwsl_err("SSL_new failed: %s\n",
|
||||
ERR_error_string(SSL_get_error(wsi->ssl, 0), NULL));
|
||||
ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
|
||||
lws_decode_ssl_error();
|
||||
if (accept_fd != LWS_SOCK_INVALID)
|
||||
compatible_close(accept_fd);
|
||||
|
@ -296,6 +457,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
openssl_websocket_private_data_index, wsi->vhost);
|
||||
|
||||
SSL_set_fd(wsi->ssl, accept_fd);
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef USE_WOLFSSL
|
||||
#ifdef USE_OLD_CYASSL
|
||||
|
@ -303,6 +466,11 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
#else
|
||||
wolfSSL_set_using_nonblock(wsi->ssl, 1);
|
||||
#endif
|
||||
#else
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||
bio = SSL_get_rbio(wsi->ssl);
|
||||
|
@ -315,6 +483,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
BIO_set_nbio(bio, 1); /* nonblocking */
|
||||
else
|
||||
lwsl_notice("NULL rbio\n");
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -368,8 +538,16 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
* connection upgrade directly.
|
||||
*/
|
||||
wsi->use_ssl = 0;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
ssl_close_notify(wsi->ssl);
|
||||
ssl_free(wsi->ssl);
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
SSL_shutdown(wsi->ssl);
|
||||
SSL_free(wsi->ssl);
|
||||
#endif
|
||||
#endif
|
||||
wsi->ssl = NULL;
|
||||
if (lws_check_opt(context->options,
|
||||
LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS))
|
||||
|
@ -396,15 +574,21 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
|||
}
|
||||
|
||||
/* normal SSL connection processing path */
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
n = ssl_handshake(wsi->ssl);
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
n = SSL_accept(wsi->ssl);
|
||||
#endif
|
||||
#endif
|
||||
lws_latency(context, wsi,
|
||||
"SSL_accept LWSCM_SSL_ACK_PENDING\n", n, n == 1);
|
||||
|
||||
if (n == 1)
|
||||
goto accepted;
|
||||
|
||||
m = SSL_get_error(wsi->ssl, n);
|
||||
m = lws_ssl_get_error(wsi, n);
|
||||
lwsl_debug("SSL_accept failed %d / %s\n",
|
||||
m, ERR_error_string(m, NULL));
|
||||
go_again:
|
||||
|
@ -428,6 +612,10 @@ go_again:
|
|||
lwsl_err("SSL_accept failed skt %u: %s\n",
|
||||
wsi->sock, ERR_error_string(m, NULL));
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
{
|
||||
char buf[256];
|
||||
u_long err;
|
||||
|
@ -437,6 +625,8 @@ go_again:
|
|||
lwsl_err("*** %s\n", buf);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
#endif
|
||||
goto fail;
|
||||
|
||||
accepted:
|
||||
|
@ -461,15 +651,35 @@ fail:
|
|||
void
|
||||
lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost)
|
||||
{
|
||||
if (vhost->ssl_ctx)
|
||||
if (vhost->ssl_ctx) {
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
lws_free(vhost->ssl_ctx);
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
SSL_CTX_free(vhost->ssl_ctx);
|
||||
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) {
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
lws_free(vhost->ssl_client_ctx);
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
SSL_CTX_free(vhost->ssl_client_ctx);
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
lws_ssl_context_destroy(struct lws_context *context)
|
||||
{
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
|
||||
ERR_remove_state(0);
|
||||
#else
|
||||
|
@ -482,4 +692,6 @@ lws_ssl_context_destroy(struct lws_context *context)
|
|||
ERR_free_strings();
|
||||
EVP_cleanup();
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
*/
|
||||
#include "../lib/libwebsockets.h"
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
/* lws-mirror_protocol */
|
||||
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
*/
|
||||
#include "../lib/libwebsockets.h"
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
#define LWS_SS_VERSIONS 3
|
||||
|
||||
|
|
|
@ -35,16 +35,18 @@
|
|||
|
||||
#include "../lib/libwebsockets.h"
|
||||
|
||||
#ifdef LWS_OPENSSL_SUPPORT
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
|
||||
static int deny_deflate, deny_mux, longlived, mirror_lifetime;
|
||||
static struct lws *wsi_dumb, *wsi_mirror;
|
||||
static volatile int force_exit;
|
||||
static unsigned int opts;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
static char crl_path[1024] = "";
|
||||
char crl_path[1024] = "";
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
|
@ -133,6 +135,10 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason,
|
|||
force_exit = 1;
|
||||
break;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
case LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS:
|
||||
if (crl_path[0]) {
|
||||
|
@ -152,6 +158,8 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason,
|
|||
}
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
default:
|
||||
|
@ -368,10 +376,16 @@ int main(int argc, char **argv)
|
|||
case 'A':
|
||||
strncpy(ca_path, optarg, sizeof ca_path);
|
||||
break;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
case 'R':
|
||||
strncpy(crl_path, optarg, sizeof crl_path);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
case 'h':
|
||||
goto usage;
|
||||
|
@ -431,9 +445,15 @@ int main(int argc, char **argv)
|
|||
*/
|
||||
if (ca_path[0])
|
||||
info.ssl_ca_filepath = ca_path;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
else if (crl_path[0])
|
||||
lwsl_notice("WARNING, providing a CRL requires a CA cert!\n");
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
|
|
|
@ -34,13 +34,15 @@
|
|||
* using this protocol, including the sender
|
||||
*/
|
||||
|
||||
#ifdef LWS_OPENSSL_SUPPORT
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
/* location of the certificate revocation list */
|
||||
char crl_path[1024] = "";
|
||||
extern char crl_path[1024];
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
extern int debug_level;
|
||||
|
@ -629,6 +631,10 @@ bail:
|
|||
|
||||
break;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT)
|
||||
case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION:
|
||||
/* Verify the client certificate */
|
||||
|
@ -660,6 +666,8 @@ bail:
|
|||
}
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
default:
|
||||
|
|
|
@ -30,6 +30,16 @@ struct lws_plat_file_ops fops_plat;
|
|||
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
||||
char *resource_path = LOCAL_RESOURCE_PATH;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
char crl_path[1024] = "";
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* libev dumps their hygiene problems on their users blaming compiler
|
||||
* http://lists.schmorp.de/pipermail/libev/2008q4/000442.html
|
||||
|
|
|
@ -31,6 +31,16 @@ struct lws_plat_file_ops fops_plat;
|
|||
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
||||
char *resource_path = LOCAL_RESOURCE_PATH;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
char crl_path[1024] = "";
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* singlethreaded version --> no locks */
|
||||
|
||||
void test_server_lock(int care)
|
||||
|
|
|
@ -33,6 +33,16 @@ int count_pollfds;
|
|||
volatile int force_exit = 0;
|
||||
struct lws_context *context;
|
||||
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
char crl_path[1024] = "";
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This mutex lock protects code that changes or relies on wsi list outside of
|
||||
* the service thread. The service thread will acquire it when changing the
|
||||
|
|
|
@ -36,6 +36,15 @@ struct lws_plat_file_ops fops_plat;
|
|||
/* http server gets files from this path */
|
||||
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
||||
char *resource_path = LOCAL_RESOURCE_PATH;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
char crl_path[1024] = "";
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* singlethreaded version --> no locks */
|
||||
|
||||
|
@ -269,11 +278,17 @@ int main(int argc, char **argv)
|
|||
use_ssl = 1;
|
||||
opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
|
||||
break;
|
||||
#if defined(LWS_USE_POLARSSL)
|
||||
#else
|
||||
#if defined(LWS_USE_MBEDTLS)
|
||||
#else
|
||||
#if defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||
case 'R':
|
||||
strncpy(crl_path, optarg, sizeof crl_path);
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
case 'h':
|
||||
fprintf(stderr, "Usage: test-server "
|
||||
|
|
Loading…
Add table
Reference in a new issue