LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT: fixes after tls refactor

https://github.com/warmcat/libwebsockets/issues/1191

lib/http2/ssl-http2.c

@@ -103,6 +103,9 @@ int lws_h2_configure_if_upgraded(struct lws *wsi)
 	char cstr[10];
 	unsigned len;
 
+	if (!wsi->ssl)
+		return 0;
+
 	SSL_get0_alpn_selected(wsi->ssl, &name, &len);
 	if (!len) {
 		lwsl_info("no ALPN upgrade\n");

lib/server/ssl-server.c

@@ -207,6 +207,11 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 				wsi->use_ssl = 0;
 
 				lws_tls_server_abort_connection(wsi);
+				/*
+				 * care... this creates wsi with no ssl
+				 * when ssl is enabled and normally
+				 * mandatory
+				 */
 				wsi->ssl = NULL;
 				if (lws_check_opt(context->options,
 				    LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS))
@@ -280,7 +285,7 @@ accepted:
 		/* adapt our vhost to match the SNI SSL_CTX that was chosen */
 		vh = context->vhost_list;
 		while (vh) {
-			if (!vh->being_destroyed &&
+			if (!vh->being_destroyed && wsi->ssl &&
 			    vh->ssl_ctx == lws_tls_ctx_from_wsi(wsi)) {
 				lwsl_info("setting wsi to vh %s\n", vh->name);
 				wsi->vhost = vh;

lib/tls/mbedtls/ssl.c

@@ -295,6 +295,9 @@ lws_ssl_context_destroy(struct lws_context *context)
 lws_tls_ctx *
 lws_tls_ctx_from_wsi(struct lws *wsi)
 {
+	if (!wsi->ssl)
+		return NULL;
+
 	return SSL_get_SSL_CTX(wsi->ssl);
 }
 

lib/tls/openssl/ssl.c

@@ -456,6 +456,9 @@ lws_ssl_context_destroy(struct lws_context *context)
 lws_tls_ctx *
 lws_tls_ctx_from_wsi(struct lws *wsi)
 {
+	if (!wsi->ssl)
+		return NULL;
+
 	return SSL_get_SSL_CTX(wsi->ssl);
 }