Allow using CyaSSL in stead of wolfSSL

This commit is contained in:
ABruines 2015-08-09 22:56:32 +02:00 committed by Andy Green
parent cb2ca08f5d
commit 80a7068ec8
8 changed files with 96 additions and 16 deletions

View file

@ -45,6 +45,7 @@ endif()
option(LWS_WITH_STATIC "Build the static version of the library" ON)
option(LWS_WITH_SHARED "Build the shared version of the library" ON)
option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON)
option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When settings this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF)
option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When settings this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF)
option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON)
option(LWS_WITH_LIBEV "Compile with support for libev" OFF)
@ -72,6 +73,17 @@ set(LWS_INSTALL_BIN_DIR bin CACHE PATH "Installation directory for executa
set(LWS_INSTALL_INCLUDE_DIR include CACHE PATH "Installation directory for header files")
set(LWS_INSTALL_EXAMPLES_DIR bin CACHE PATH "Installation directory for example files")
# Allow the user to use the old CyaSSL options/library in stead of wolfSSL
if (LWS_USE_CYASSL AND LWS_USE_WOLFSSL)
message(FATAL_ERROR "LWS_USE_CYASSL and LWS_USE_WOLFSSL are mutually exclusive!")
endif()
if (LWS_USE_CYASSL)
# Copy CyaSSL options to the wolfSSL options
set(LWS_USE_WOLFSSL ${LWS_USE_CYASSL} CACHE BOOL "Use wolfSSL/CyaSSL instead of OpenSSL" FORCE)
set(LWS_WOLFSSL_LIBRARIES ${LWS_CYASSL_LIBRARIES} CACHE PATH "Path to wolfSSL/CyaSSL libraries" FORCE)
set(LWS_WOLFSSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS} CACHE PATH "Path to wolfSSL/CyaSSL header files" FORCE)
endif()
if (LWS_WITHOUT_CLIENT AND LWS_WITHOUT_SERVER)
message(FATAL_ERROR "Makes no sense to compile without both client or server.")
endif()
@ -107,7 +119,11 @@ endif()
if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "")
if (NOT WOLFSSL_FOUND)
message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.")
if (LWS_USE_CYASSL)
message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_USE_CYASSL is turned on.")
else()
message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.")
endif()
endif()
else()
set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES})
@ -115,6 +131,9 @@ if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
set(WOLFSSL_FOUND 1)
endif()
set(USE_WOLFSSL 1)
if (LWS_USE_CYASSL)
set(USE_OLD_CYASSL 1)
endif()
endif()
if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
@ -525,9 +544,15 @@ if (LWS_WITH_SSL)
# Additional to the root directory we need to include
# the wolfssl/ subdirectory which contains the OpenSSL
# compatability layer headers.
foreach(inc ${WOLFSSL_INCLUDE_DIRS})
include_directories("${inc}" "${inc}/wolfssl")
endforeach()
if (LWS_USE_CYASSL)
foreach(inc ${WOLFSSL_INCLUDE_DIRS})
include_directories("${inc}" "${inc}/cyassl")
endforeach()
else()
foreach(inc ${WOLFSSL_INCLUDE_DIRS})
include_directories("${inc}" "${inc}/wolfssl")
endforeach()
endif()
list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}")
else()
@ -933,7 +958,7 @@ message(" Settings: (For more help do cmake -LH <srcpath>)")
message("---------------------------------------------------------------------")
message(" LWS_WITH_SSL = ${LWS_WITH_SSL} (SSL Support)")
message(" LWS_SSL_CLIENT_USE_OS_CA_CERTS = ${LWS_SSL_CLIENT_USE_OS_CA_CERTS}")
message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL replacement for OpenSSL)")
message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL/CyaSSL replacement for OpenSSL)")
if (LWS_USE_WOLFSSL)
message(" LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}")
message(" LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}")

View file

@ -151,9 +151,9 @@ Windows GUI
On windows CMake comes with a gui application:
Start -> Programs -> CMake -> CMake (cmake-gui)
wolfSSL replacement for OpenSSL
------------------------------
wolfSSL is a lightweight SSL library targeted at embedded systems:
wolfSSL/CyaSSL replacement for OpenSSL
--------------------------------------
wolfSSL/CyaSSL is a lightweight SSL library targeted at embedded systems:
https://www.wolfssl.com/wolfSSL/Products-wolfssl.html
It contains a OpenSSL compatability layer which makes it possible to pretty
@ -163,15 +163,26 @@ much link to it instead of OpenSSL, giving a much smaller footprint.
this to work.
Compiling libwebsockets with wolfSSL
-----------------------------------
------------------------------------
```bash
cmake .. -DLWS_USE_WOLFSSL=1 \
-DLWS_WOLFSSL_INCLUDE_DIRS=/path/to/wolfssl \
-DLWS_WOLFSSL_LIB=/path/to/wolfssl/wolfssl.a ..
-DLWS_WOLFSSL_LIBRARIES=/path/to/wolfssl/wolfssl.a ..
```
**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIB` instead.
**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIBRARIES` instead.
Compiling libwebsockets with CyaSSL
-----------------------------------
```bash
cmake .. -DLWS_USE_CYASSL=1 \
-DLWS_CYASSL_INCLUDE_DIRS=/path/to/cyassl \
-DLWS_CYASSL_LIBRARIES=/path/to/wolfssl/cyassl.a ..
```
**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIBRARIES` instead.
Reproducing HTTP2.0 tests

View file

@ -26,9 +26,15 @@ CMAKE_OPTIONS += -DLWS_WITHOUT_TESTAPPS=$(if $(CONFIG_PACKAGE_libwebsockets-exam
# for wolfssl, define these in addition to LWS_OPENSSL_SUPPORT and
# edit package/libs/wolfssl/Makefile to include --enable-opensslextra
# CMAKE_OPTIONS += -DLWS_USE_WOLFSSL=ON
# CMAKE_OPTIONS += -DLWS_WOLFSSL_LIB=$(STAGING_DIR)/usr/lib/libwolfssl.so
# CMAKE_OPTIONS += -DLWS_WOLFSSL_LIBRARIES=$(STAGING_DIR)/usr/lib/libwolfssl.so
# CMAKE_OPTIONS += -DLWS_WOLFSSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
# for cyassl, define these in addition to LWS_OPENSSL_SUPPORT and
# edit package/libs/wolfssl/Makefile to include --enable-opensslextra
# CMAKE_OPTIONS += -DLWS_USE_CYASSL=ON
# CMAKE_OPTIONS += -DLWS_CYASSL_LIBRARIES=$(STAGING_DIR)/usr/lib/libcyassl.so
# CMAKE_OPTIONS += -DLWS_CYASSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
# other options worth noting
# CMAKE_OPTIONS += -DLWS_WITHOUT_EXTENSIONS=ON
# CMAKE_OPTIONS += -DLWS_WITHOUT_DAEMONIZE=ON

View file

@ -132,7 +132,7 @@ int lws_client_socket_service(struct libwebsocket_context *context,
/* we can retry this... just cook the SSL BIO the first time */
if (wsi->use_ssl && !wsi->ssl) {
#if defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
#if defined(CYASSL_SNI_HOST_NAME) || defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
const char *hostname = lws_hdr_simple_ptr(wsi,
_WSI_TOKEN_CLIENT_PEER_ADDRESS);
#endif
@ -147,10 +147,17 @@ int lws_client_socket_service(struct libwebsocket_context *context,
* when establishing connection
*/
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
#ifdef CYASSL_SNI_HOST_NAME
CyaSSL_UseSNI(wsi->ssl, CYASSL_SNI_HOST_NAME,
hostname, strlen(hostname));
#endif
#else
#ifdef WOLFSSL_SNI_HOST_NAME
wolfSSL_UseSNI(wsi->ssl, WOLFSSL_SNI_HOST_NAME,
hostname, strlen(hostname));
#endif
#endif
#else
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_set_tlsext_host_name(wsi->ssl, hostname);
@ -159,16 +166,22 @@ int lws_client_socket_service(struct libwebsocket_context *context,
#ifdef USE_WOLFSSL
/*
* wolfSSL does certificate verification differently
* wolfSSL/CyaSSL does certificate verification differently
* from OpenSSL.
* If we should ignore the certificate, we need to set
* this before SSL_new and SSL_connect is called.
* Otherwise the connect will simply fail with error
* code -155
*/
#ifdef USE_OLD_CYASSL
if (wsi->use_ssl == 2)
CyaSSL_set_verify(wsi->ssl,
SSL_VERIFY_NONE, NULL);
#else
if (wsi->use_ssl == 2)
wolfSSL_set_verify(wsi->ssl,
SSL_VERIFY_NONE, NULL);
#endif
#endif /* USE_WOLFSSL */
wsi->client_bio =
@ -176,7 +189,11 @@ int lws_client_socket_service(struct libwebsocket_context *context,
SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
CyaSSL_set_using_nonblock(wsi->ssl, 1);
#else
wolfSSL_set_using_nonblock(wsi->ssl, 1);
#endif
#else
BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
#endif

View file

@ -92,7 +92,11 @@ extern "C" {
#ifdef LWS_OPENSSL_SUPPORT
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
#include <cyassl/openssl/ssl.h>
#else
#include <wolfssl/openssl/ssl.h>
#endif /* not USE_OLD_CYASSL */
#else
#include <openssl/ssl.h>
#endif /* not USE_WOLFSSL */

View file

@ -150,8 +150,13 @@
#ifdef LWS_OPENSSL_SUPPORT
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
#include <cyassl/openssl/ssl.h>
#include <cyassl/error-ssl.h>
#else
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/error-ssl.h>
#endif /* not USE_OLD_CYASSL */
#else
#include <openssl/ssl.h>
#include <openssl/evp.h>

View file

@ -89,7 +89,11 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
context->use_ssl = info->ssl_cert_filepath != NULL;
#ifdef USE_WOLFSSL
lwsl_notice(" Compiled with WOLFSSL support\n");
#ifdef USE_OLD_CYASSL
lwsl_notice(" Compiled with CyaSSL support\n");
#else
lwsl_notice(" Compiled with wolfSSL support\n");
#endif
#else
lwsl_notice(" Compiled with OpenSSL support\n");
#endif
@ -545,7 +549,11 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context,
SSL_set_fd(new_wsi->ssl, accept_fd);
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
#else
wolfSSL_set_using_nonblock(new_wsi->ssl, 1);
#endif
#else
SSL_set_mode(new_wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
bio = SSL_get_rbio(new_wsi->ssl);

View file

@ -6,10 +6,14 @@
#endif
#endif
/* Define to 1 to use wolfSSL as a replacement for OpenSSL.
/* Define to 1 to use wolfSSL/CyaSSL as a replacement for OpenSSL.
* LWS_OPENSSL_SUPPORT needs to be set also for this to work. */
#cmakedefine USE_WOLFSSL
/* Also define to 1 (in addition to USE_WOLFSSL) when using the
(older) CyaSSL library */
#cmakedefine USE_OLD_CYASSL
/* The Libwebsocket version */
#cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"