mbedtls: remove abortive attempt to avoid confusing people
Basically we support openssl api compatibles only. If we ever try something different we need a shim making it openssl api or a proper abstraction layer added first.
This commit is contained in:
Andy Green
parent
0aed7a06d5
commit
a5488f9c27
13 changed files with 21 additions and 466 deletions
|
|
@ -270,19 +270,6 @@ if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
|
||||||
if (LWS_WITH_SSL AND LWS_USE_MBEDTLS)
|
|
||||||
if ("${LWS_MBEDTLS_LIBRARIES}" STREQUAL "" OR "${LWS_MBEDTLS_INCLUDE_DIRS}" STREQUAL "")
|
|
||||||
if (NOT MBEDTLS_FOUND)
|
|
||||||
message(FATAL_ERROR "You must set LWS_MBEDTLS_LIBRARIES and LWS_MBEDTLS_INCLUDE_DIRS when LWS_USE_MBEDTLS is turned on.")
|
|
||||||
endif()
|
|
||||||
else()
|
|
||||||
set(MBEDTLS_LIBRARIES ${LWS_MBEDTLS_LIBRARIES})
|
|
||||||
set(MBEDTLS_INCLUDE_DIRS ${LWS_MBEDTLS_INCLUDE_DIRS})
|
|
||||||
set(MBEDTLS_FOUND 1)
|
|
||||||
endif()
|
|
||||||
set(USE_MBEDTLS 1)
|
|
||||||
endif()
|
|
||||||
|
|
||||||
if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
|
if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
|
||||||
if ("${LWS_ZLIB_LIBRARIES}" STREQUAL "" OR "${LWS_ZLIB_INCLUDE_DIRS}" STREQUAL "")
|
if ("${LWS_ZLIB_LIBRARIES}" STREQUAL "" OR "${LWS_ZLIB_INCLUDE_DIRS}" STREQUAL "")
|
||||||
else()
|
else()
|
||||||
|
|
|
||||||
|
|
@ -186,12 +186,8 @@ struct lws_polarssl_context {
|
||||||
typedef struct lws_polarssl_context SSL_CTX;
|
typedef struct lws_polarssl_context SSL_CTX;
|
||||||
typedef ssl_context SSL;
|
typedef ssl_context SSL;
|
||||||
#else
|
#else
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#include <mbedtls/ssl.h>
|
|
||||||
#else
|
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#endif /* not USE_MBEDTLS */
|
|
||||||
#endif /* not USE_POLARSSL */
|
#endif /* not USE_POLARSSL */
|
||||||
#endif /* not USE_WOLFSSL */
|
#endif /* not USE_WOLFSSL */
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -261,23 +261,6 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen);
|
||||||
#define OPENSSL_NO_TLSEXT
|
#define OPENSSL_NO_TLSEXT
|
||||||
#endif /* not USE_OLD_CYASSL */
|
#endif /* not USE_OLD_CYASSL */
|
||||||
#else
|
#else
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#include <polarssl/ssl.h>
|
|
||||||
#include <polarssl/error.h>
|
|
||||||
#include <polarssl/md5.h>
|
|
||||||
#include <polarssl/sha1.h>
|
|
||||||
#include <polarssl/ecdh.h>
|
|
||||||
#define SSL_ERROR_WANT_READ POLARSSL_ERR_NET_WANT_READ
|
|
||||||
#define SSL_ERROR_WANT_WRITE POLARSSL_ERR_NET_WANT_WRITE
|
|
||||||
#define OPENSSL_VERSION_NUMBER 0x10002000L
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#include <mbedtls/ssl.h>
|
|
||||||
#include <mbedtls/error.h>
|
|
||||||
#include <mbedtls/md5.h>
|
|
||||||
#include <mbedtls/sha1.h>
|
|
||||||
#include <mbedtls/ecdh.h>
|
|
||||||
#else
|
|
||||||
#include <openssl/ssl.h>
|
#include <openssl/ssl.h>
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
@ -295,9 +278,6 @@ lws_plat_get_peer_simple(struct lws *wsi, char *name, int namelen);
|
||||||
*/
|
*/
|
||||||
#define OPENSSL_NO_TLSEXT
|
#define OPENSSL_NO_TLSEXT
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif /* not USE_MBEDTLS */
|
|
||||||
#endif /* not USE_POLARSSL */
|
|
||||||
#endif /* not USE_WOLFSSL */
|
#endif /* not USE_WOLFSSL */
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
@ -1418,9 +1398,7 @@ struct lws {
|
||||||
#endif
|
#endif
|
||||||
#ifdef LWS_OPENSSL_SUPPORT
|
#ifdef LWS_OPENSSL_SUPPORT
|
||||||
SSL *ssl;
|
SSL *ssl;
|
||||||
#if !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS)
|
|
||||||
BIO *client_bio;
|
BIO *client_bio;
|
||||||
#endif
|
|
||||||
struct lws *pending_read_list_prev, *pending_read_list_next;
|
struct lws *pending_read_list_prev, *pending_read_list_next;
|
||||||
#endif
|
#endif
|
||||||
#ifdef LWS_WITH_HTTP_PROXY
|
#ifdef LWS_WITH_HTTP_PROXY
|
||||||
|
|
|
||||||
|
|
@ -29,10 +29,6 @@ lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info
|
||||||
|
|
||||||
extern int lws_ssl_get_error(struct lws *wsi, int n);
|
extern int lws_ssl_get_error(struct lws *wsi, int n);
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#ifdef USE_WOLFSSL
|
#ifdef USE_WOLFSSL
|
||||||
#else
|
#else
|
||||||
|
|
||||||
|
|
@ -93,17 +89,10 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||||
return !n;
|
return !n;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
int
|
int
|
||||||
lws_ssl_client_bio_create(struct lws *wsi)
|
lws_ssl_client_bio_create(struct lws *wsi)
|
||||||
{
|
{
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
return 0;
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
char hostname[128], *p;
|
char hostname[128], *p;
|
||||||
|
|
||||||
if (lws_hdr_copy(wsi, hostname, sizeof(hostname),
|
if (lws_hdr_copy(wsi, hostname, sizeof(hostname),
|
||||||
|
|
@ -212,8 +201,6 @@ lws_ssl_client_bio_create(struct lws *wsi)
|
||||||
wsi);
|
wsi);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|
@ -223,13 +210,8 @@ lws_ssl_client_connect1(struct lws *wsi)
|
||||||
int n = 0;
|
int n = 0;
|
||||||
|
|
||||||
lws_latency_pre(context, wsi);
|
lws_latency_pre(context, wsi);
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
n = SSL_connect(wsi->ssl);
|
n = SSL_connect(wsi->ssl);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
lws_latency(context, wsi,
|
lws_latency(context, wsi,
|
||||||
"SSL_connect LWSCM_WSCL_ISSUE_HANDSHAKE", n, n > 0);
|
"SSL_connect LWSCM_WSCL_ISSUE_HANDSHAKE", n, n > 0);
|
||||||
|
|
@ -279,10 +261,7 @@ some_wait:
|
||||||
* retry if new data comes until we
|
* retry if new data comes until we
|
||||||
* run into the connection timeout or win
|
* run into the connection timeout or win
|
||||||
*/
|
*/
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
unsigned long error = ERR_get_error();
|
unsigned long error = ERR_get_error();
|
||||||
|
|
||||||
if (error != SSL_ERROR_NONE) {
|
if (error != SSL_ERROR_NONE) {
|
||||||
|
|
@ -293,8 +272,6 @@ some_wait:
|
||||||
error, ERR_error_string(error, sb));
|
error, ERR_error_string(error, sb));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
|
|
@ -304,26 +281,14 @@ int
|
||||||
lws_ssl_client_connect2(struct lws *wsi)
|
lws_ssl_client_connect2(struct lws *wsi)
|
||||||
{
|
{
|
||||||
struct lws_context *context = wsi->context;
|
struct lws_context *context = wsi->context;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
|
struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
|
||||||
char *p = (char *)&pt->serv_buf[0];
|
char *p = (char *)&pt->serv_buf[0];
|
||||||
char *sb = p;
|
char *sb = p;
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
int n = 0;
|
int n = 0;
|
||||||
|
|
||||||
if (wsi->mode == LWSCM_WSCL_WAITING_SSL) {
|
if (wsi->mode == LWSCM_WSCL_WAITING_SSL) {
|
||||||
lws_latency_pre(context, wsi);
|
lws_latency_pre(context, wsi);
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
n = SSL_connect(wsi->ssl);
|
n = SSL_connect(wsi->ssl);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
lwsl_notice("%s: SSL_connect says %d\n", __func__, n);
|
lwsl_notice("%s: SSL_connect says %d\n", __func__, n);
|
||||||
|
|
||||||
lws_latency(context, wsi,
|
lws_latency(context, wsi,
|
||||||
|
|
@ -369,25 +334,15 @@ lws_ssl_client_connect2(struct lws *wsi)
|
||||||
* retry if new data comes until we
|
* retry if new data comes until we
|
||||||
* run into the connection timeout or win
|
* run into the connection timeout or win
|
||||||
*/
|
*/
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
unsigned long error = ERR_get_error();
|
unsigned long error = ERR_get_error();
|
||||||
if (error != SSL_ERROR_NONE) {
|
if (error != SSL_ERROR_NONE) {
|
||||||
lwsl_err("SSL connect error %lu: %s\n",
|
lwsl_err("SSL connect error %lu: %s\n",
|
||||||
error, ERR_error_string(error, sb));
|
error, ERR_error_string(error, sb));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#ifndef USE_WOLFSSL
|
#ifndef USE_WOLFSSL
|
||||||
/*
|
/*
|
||||||
* See comment above about wolfSSL certificate
|
* See comment above about wolfSSL certificate
|
||||||
|
|
@ -419,8 +374,6 @@ lws_ssl_client_connect2(struct lws *wsi)
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* USE_WOLFSSL */
|
#endif /* USE_WOLFSSL */
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
@ -429,11 +382,6 @@ lws_ssl_client_connect2(struct lws *wsi)
|
||||||
int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
||||||
struct lws_vhost *vhost)
|
struct lws_vhost *vhost)
|
||||||
{
|
{
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
return 0;
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
SSL_METHOD *method;
|
SSL_METHOD *method;
|
||||||
struct lws wsi;
|
struct lws wsi;
|
||||||
unsigned long error;
|
unsigned long error;
|
||||||
|
|
@ -580,6 +528,4 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
||||||
vhost->ssl_client_ctx, NULL, 0);
|
vhost->ssl_client_ctx, NULL, 0);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -21,11 +21,6 @@
|
||||||
|
|
||||||
#include "private-libwebsockets.h"
|
#include "private-libwebsockets.h"
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
|
|
||||||
extern int openssl_websocket_private_data_index,
|
extern int openssl_websocket_private_data_index,
|
||||||
openssl_SSL_CTX_private_data_index;
|
openssl_SSL_CTX_private_data_index;
|
||||||
|
|
||||||
|
|
@ -186,9 +181,6 @@ lws_ssl_server_name_cb(SSL *ssl, int *ad, void *arg)
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
LWS_VISIBLE int
|
LWS_VISIBLE int
|
||||||
lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
||||||
struct lws_vhost *vhost)
|
struct lws_vhost *vhost)
|
||||||
|
|
@ -226,66 +218,6 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
||||||
(void)n;
|
(void)n;
|
||||||
(void)error;
|
(void)error;
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
lwsl_notice(" Compiled with PolarSSL support\n");
|
|
||||||
|
|
||||||
vhost->ssl_ctx = lws_zalloc(sizeof (*vhost->ssl_ctx));
|
|
||||||
|
|
||||||
/* Load the trusted CA */
|
|
||||||
|
|
||||||
if (info->ssl_ca_filepath) {
|
|
||||||
n = x509_crt_parse_file(&vhost->ssl_ctx->ca,
|
|
||||||
info->ssl_ca_filepath);
|
|
||||||
|
|
||||||
if (n < 0) {
|
|
||||||
// error_strerror(ret, errorbuf, sizeof(errorbuf));
|
|
||||||
lwsl_err("%s: Failed to load ca cert\n", __func__);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Load our cert */
|
|
||||||
|
|
||||||
if (info->ssl_cert_filepath) {
|
|
||||||
n = x509_crt_parse_file(&vhost->ssl_ctx->certificate,
|
|
||||||
info->ssl_cert_filepath);
|
|
||||||
|
|
||||||
if (n < 0) {
|
|
||||||
// error_strerror(ret, errorbuf, sizeof(errorbuf));
|
|
||||||
lwsl_err("%s: Failed to load cert\n", __func__);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Load cert private key */
|
|
||||||
|
|
||||||
if (info->ssl_private_key_filepath) {
|
|
||||||
pk_context pk;
|
|
||||||
pk_init(&pk);
|
|
||||||
n = pk_parse_keyfile(&pk, info->ssl_private_key_filepath,
|
|
||||||
info->ssl_private_key_password);
|
|
||||||
|
|
||||||
if (!n && !pk_can_do(&pk, POLARSSL_PK_RSA))
|
|
||||||
n = POLARSSL_ERR_PK_TYPE_MISMATCH;
|
|
||||||
|
|
||||||
if (!n)
|
|
||||||
rsa_copy(&vhost->ssl_ctx->key, pk_rsa(pk));
|
|
||||||
else
|
|
||||||
rsa_free(&vhost->ssl_ctx->key);
|
|
||||||
pk_free(&pk);
|
|
||||||
|
|
||||||
if (n) {
|
|
||||||
//error_strerror(ret, errorbuf, sizeof(errorbuf));
|
|
||||||
lwsl_err("%s: error reading private key\n", __func__);
|
|
||||||
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
lwsl_notice(" Compiled with mbedTLS support\n");
|
|
||||||
#else
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Firefox insists on SSLv23 not SSLv3
|
* Firefox insists on SSLv23 not SSLv3
|
||||||
* Konq disables SSLv2 by default now, SSLv23 works
|
* Konq disables SSLv2 by default now, SSLv23 works
|
||||||
|
|
@ -447,9 +379,6 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
|
||||||
lws_context_init_http2_ssl(vhost);
|
lws_context_init_http2_ssl(vhost);
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
235
lib/ssl.c
235
lib/ssl.c
|
|
@ -21,56 +21,13 @@
|
||||||
|
|
||||||
#include "private-libwebsockets.h"
|
#include "private-libwebsockets.h"
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
static const int ciphers[] =
|
|
||||||
{
|
|
||||||
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
||||||
0
|
|
||||||
};
|
|
||||||
|
|
||||||
static int urandom_bytes(void *ctx, unsigned char *dest, size_t len)
|
|
||||||
{
|
|
||||||
int cur;
|
|
||||||
int fd = open("/dev/urandom", O_RDONLY);
|
|
||||||
|
|
||||||
if (fd < 0)
|
|
||||||
return -1;
|
|
||||||
|
|
||||||
while (len) {
|
|
||||||
cur = read(fd, dest, len);
|
|
||||||
if (cur < 0)
|
|
||||||
continue;
|
|
||||||
len -= cur;
|
|
||||||
}
|
|
||||||
close(fd);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static void pssl_debug(void *ctx, int level, const char *str)
|
|
||||||
{
|
|
||||||
lwsl_err("PolarSSL [level %d]: %s", level, str);
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
|
|
||||||
int openssl_websocket_private_data_index,
|
int openssl_websocket_private_data_index,
|
||||||
openssl_SSL_CTX_private_data_index;
|
openssl_SSL_CTX_private_data_index;
|
||||||
|
|
||||||
int lws_ssl_get_error(struct lws *wsi, int n)
|
int lws_ssl_get_error(struct lws *wsi, int n)
|
||||||
{
|
{
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#define ERR_error_string(a, b) ""
|
|
||||||
return n;
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
return n;
|
|
||||||
#else
|
|
||||||
return SSL_get_error(wsi->ssl, n);
|
return SSL_get_error(wsi->ssl, n);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Copies a string describing the code returned by lws_ssl_get_error(),
|
/* Copies a string describing the code returned by lws_ssl_get_error(),
|
||||||
|
|
@ -120,11 +77,6 @@ char* lws_ssl_get_error_string(int status, int ret, char *buf, size_t len) {
|
||||||
void
|
void
|
||||||
lws_ssl_elaborate_error(void)
|
lws_ssl_elaborate_error(void)
|
||||||
{
|
{
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
|
|
||||||
char buf[256];
|
char buf[256];
|
||||||
u_long err;
|
u_long err;
|
||||||
|
|
||||||
|
|
@ -132,15 +84,8 @@ lws_ssl_elaborate_error(void)
|
||||||
ERR_error_string_n(err, buf, sizeof(buf));
|
ERR_error_string_n(err, buf, sizeof(buf));
|
||||||
lwsl_err("*** %s\n", buf);
|
lwsl_err("*** %s\n", buf);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
static int
|
static int
|
||||||
lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata)
|
lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata)
|
||||||
{
|
{
|
||||||
|
|
@ -152,18 +97,13 @@ lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userd
|
||||||
|
|
||||||
return strlen(buf);
|
return strlen(buf);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void
|
void
|
||||||
lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info)
|
lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info)
|
||||||
{
|
{
|
||||||
if (!info->ssl_private_key_password)
|
if (!info->ssl_private_key_password)
|
||||||
return;
|
return;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
/*
|
/*
|
||||||
* password provided, set ssl callback and user data
|
* password provided, set ssl callback and user data
|
||||||
* for checking password which will be trigered during
|
* for checking password which will be trigered during
|
||||||
|
|
@ -171,8 +111,6 @@ lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info
|
||||||
*/
|
*/
|
||||||
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info);
|
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info);
|
||||||
SSL_CTX_set_default_passwd_cb(ssl_ctx, lws_context_init_ssl_pem_passwd_cb);
|
SSL_CTX_set_default_passwd_cb(ssl_ctx, lws_context_init_ssl_pem_passwd_cb);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|
@ -185,21 +123,12 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
||||||
lwsl_notice(" Compiled with wolfSSL support\n");
|
lwsl_notice(" Compiled with wolfSSL support\n");
|
||||||
#endif
|
#endif
|
||||||
#else
|
#else
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
lwsl_notice(" Compiled with PolarSSL support\n");
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
lwsl_notice(" Compiled with mbedTLS support\n");
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_BORINGSSL)
|
#if defined(LWS_USE_BORINGSSL)
|
||||||
lwsl_notice(" Compiled with BoringSSL support\n");
|
lwsl_notice(" Compiled with BoringSSL support\n");
|
||||||
#else
|
#else
|
||||||
lwsl_notice(" Compiled with OpenSSL support\n");
|
lwsl_notice(" Compiled with OpenSSL support\n");
|
||||||
#endif
|
#endif
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) {
|
if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) {
|
||||||
lwsl_notice(" SSL disabled: no LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\n");
|
lwsl_notice(" SSL disabled: no LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\n");
|
||||||
return 0;
|
return 0;
|
||||||
|
|
@ -207,11 +136,6 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
||||||
|
|
||||||
/* basic openssl init */
|
/* basic openssl init */
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
|
|
||||||
lwsl_notice("Doing SSL library init\n");
|
lwsl_notice("Doing SSL library init\n");
|
||||||
|
|
||||||
SSL_library_init();
|
SSL_library_init();
|
||||||
|
|
@ -224,8 +148,6 @@ lws_context_init_ssl_library(struct lws_context_creation_info *info)
|
||||||
|
|
||||||
openssl_SSL_CTX_private_data_index = SSL_CTX_get_ex_new_index(0,
|
openssl_SSL_CTX_private_data_index = SSL_CTX_get_ex_new_index(0,
|
||||||
NULL, NULL, NULL, NULL);
|
NULL, NULL, NULL, NULL);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
@ -238,11 +160,6 @@ lws_ssl_destroy(struct lws_vhost *vhost)
|
||||||
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
|
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
|
||||||
return;
|
return;
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
|
|
||||||
if (vhost->ssl_ctx)
|
if (vhost->ssl_ctx)
|
||||||
SSL_CTX_free(vhost->ssl_ctx);
|
SSL_CTX_free(vhost->ssl_ctx);
|
||||||
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
|
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
|
||||||
|
|
@ -266,26 +183,17 @@ lws_ssl_destroy(struct lws_vhost *vhost)
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
CRYPTO_cleanup_all_ex_data();
|
CRYPTO_cleanup_all_ex_data();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
LWS_VISIBLE void
|
LWS_VISIBLE void
|
||||||
lws_decode_ssl_error(void)
|
lws_decode_ssl_error(void)
|
||||||
{
|
{
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
char buf[256];
|
char buf[256];
|
||||||
u_long err;
|
u_long err;
|
||||||
while ((err = ERR_get_error()) != 0) {
|
while ((err = ERR_get_error()) != 0) {
|
||||||
ERR_error_string_n(err, buf, sizeof(buf));
|
ERR_error_string_n(err, buf, sizeof(buf));
|
||||||
lwsl_err("*** %lu %s\n", err, buf);
|
lwsl_err("*** %lu %s\n", err, buf);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
LWS_VISIBLE void
|
LWS_VISIBLE void
|
||||||
|
|
@ -326,19 +234,13 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len)
|
||||||
if (!wsi->ssl)
|
if (!wsi->ssl)
|
||||||
return lws_ssl_capable_read_no_ssl(wsi, buf, len);
|
return lws_ssl_capable_read_no_ssl(wsi, buf, len);
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
n = SSL_read(wsi->ssl, buf, len);
|
n = SSL_read(wsi->ssl, buf, len);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* manpage: returning 0 means connection shut down */
|
/* manpage: returning 0 means connection shut down */
|
||||||
if (!n) {
|
if (!n) {
|
||||||
lwsl_err("%s failed: %s\n",__func__,
|
lwsl_err("%s failed: %s\n",__func__,
|
||||||
ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
|
ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
|
||||||
lws_decode_ssl_error();
|
lws_decode_ssl_error();
|
||||||
|
|
||||||
return LWS_SSL_CAPABLE_ERROR;
|
return LWS_SSL_CAPABLE_ERROR;
|
||||||
}
|
}
|
||||||
|
|
@ -371,16 +273,10 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len)
|
||||||
goto bail;
|
goto bail;
|
||||||
if (!wsi->ssl)
|
if (!wsi->ssl)
|
||||||
goto bail;
|
goto bail;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
if (ssl_get_bytes_avail(wsi->ssl) <= 0)
|
|
||||||
goto bail;
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
if (!SSL_pending(wsi->ssl))
|
if (!SSL_pending(wsi->ssl))
|
||||||
goto bail;
|
goto bail;
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
if (wsi->pending_read_list_next)
|
if (wsi->pending_read_list_next)
|
||||||
return n;
|
return n;
|
||||||
if (wsi->pending_read_list_prev)
|
if (wsi->pending_read_list_prev)
|
||||||
|
|
@ -408,15 +304,8 @@ lws_ssl_pending(struct lws *wsi)
|
||||||
{
|
{
|
||||||
if (!wsi->ssl)
|
if (!wsi->ssl)
|
||||||
return 0;
|
return 0;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
return ssl_get_bytes_avail(wsi->ssl) > 0;
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
return ssl_get_bytes_avail(wsi->ssl) > 0;;
|
|
||||||
#else
|
|
||||||
return SSL_pending(wsi->ssl);
|
return SSL_pending(wsi->ssl);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
LWS_VISIBLE int
|
LWS_VISIBLE int
|
||||||
|
|
@ -427,14 +316,7 @@ lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len)
|
||||||
if (!wsi->ssl)
|
if (!wsi->ssl)
|
||||||
return lws_ssl_capable_write_no_ssl(wsi, buf, len);
|
return lws_ssl_capable_write_no_ssl(wsi, buf, len);
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
n = ssl_write(wsi->ssl, buf, len);
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
n = SSL_write(wsi->ssl, buf, len);
|
n = SSL_write(wsi->ssl, buf, len);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
if (n > 0)
|
if (n > 0)
|
||||||
return n;
|
return n;
|
||||||
|
|
||||||
|
|
@ -460,19 +342,10 @@ lws_ssl_close(struct lws *wsi)
|
||||||
if (!wsi->ssl)
|
if (!wsi->ssl)
|
||||||
return 0; /* not handled */
|
return 0; /* not handled */
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
ssl_close_notify(wsi->ssl);
|
|
||||||
(void)n; /* we need to close the fd? */
|
|
||||||
ssl_free(wsi->ssl);
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
n = SSL_get_fd(wsi->ssl);
|
n = SSL_get_fd(wsi->ssl);
|
||||||
SSL_shutdown(wsi->ssl);
|
SSL_shutdown(wsi->ssl);
|
||||||
compatible_close(n);
|
compatible_close(n);
|
||||||
SSL_free(wsi->ssl);
|
SSL_free(wsi->ssl);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
wsi->ssl = NULL;
|
wsi->ssl = NULL;
|
||||||
|
|
||||||
return 1; /* handled */
|
return 1; /* handled */
|
||||||
|
|
@ -486,7 +359,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
||||||
struct lws_context *context = wsi->context;
|
struct lws_context *context = wsi->context;
|
||||||
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
|
||||||
int n, m;
|
int n, m;
|
||||||
#if !defined(USE_WOLFSSL) && !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS)
|
#if !defined(USE_WOLFSSL)
|
||||||
BIO *bio;
|
BIO *bio;
|
||||||
#endif
|
#endif
|
||||||
char buf[256];
|
char buf[256];
|
||||||
|
|
@ -502,44 +375,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
||||||
if (accept_fd == LWS_SOCK_INVALID)
|
if (accept_fd == LWS_SOCK_INVALID)
|
||||||
assert(0);
|
assert(0);
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
{
|
|
||||||
ssl_session *ssn;
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
wsi->ssl = lws_zalloc(sizeof(ssl_context));
|
|
||||||
ssn = lws_zalloc(sizeof(ssl_session));
|
|
||||||
|
|
||||||
rc = ssl_init(wsi->ssl);
|
|
||||||
if (rc) {
|
|
||||||
lwsl_err("ssl_init failed\n");
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
|
|
||||||
ssl_set_endpoint(wsi->ssl, SSL_IS_SERVER);
|
|
||||||
ssl_set_authmode(wsi->ssl, SSL_VERIFY_OPTIONAL);
|
|
||||||
ssl_set_rng(wsi->ssl, urandom_bytes, NULL);
|
|
||||||
ssl_set_dbg(wsi->ssl, pssl_debug, NULL);
|
|
||||||
ssl_set_bio(wsi->ssl, net_recv, &wsi->sock, net_send, &wsi->sock);
|
|
||||||
|
|
||||||
ssl_set_ciphersuites(wsi->ssl, ciphers);
|
|
||||||
|
|
||||||
ssl_set_session(wsi->ssl, ssn);
|
|
||||||
|
|
||||||
ssl_set_ca_chain(wsi->ssl, &wsi->vhost->ssl_ctx->ca,
|
|
||||||
NULL, NULL);
|
|
||||||
|
|
||||||
ssl_set_own_cert_rsa(wsi->ssl,
|
|
||||||
&wsi->vhost->ssl_ctx->certificate,
|
|
||||||
&wsi->vhost->ssl_ctx->key);
|
|
||||||
|
|
||||||
// ssl_set_dh_param(wsi->ssl, my_dhm_P, my_dhm_G);
|
|
||||||
|
|
||||||
lwsl_err("%s: polarssl init done\n", __func__);
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
wsi->ssl = SSL_new(wsi->vhost->ssl_ctx);
|
wsi->ssl = SSL_new(wsi->vhost->ssl_ctx);
|
||||||
if (wsi->ssl == NULL) {
|
if (wsi->ssl == NULL) {
|
||||||
lwsl_err("SSL_new failed: %s\n",
|
lwsl_err("SSL_new failed: %s\n",
|
||||||
|
|
@ -554,8 +389,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
||||||
openssl_websocket_private_data_index, wsi);
|
openssl_websocket_private_data_index, wsi);
|
||||||
|
|
||||||
SSL_set_fd(wsi->ssl, accept_fd);
|
SSL_set_fd(wsi->ssl, accept_fd);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef USE_WOLFSSL
|
#ifdef USE_WOLFSSL
|
||||||
#ifdef USE_OLD_CYASSL
|
#ifdef USE_OLD_CYASSL
|
||||||
|
|
@ -563,11 +396,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
||||||
#else
|
#else
|
||||||
wolfSSL_set_using_nonblock(wsi->ssl, 1);
|
wolfSSL_set_using_nonblock(wsi->ssl, 1);
|
||||||
#endif
|
#endif
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
#else
|
||||||
SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
|
||||||
bio = SSL_get_rbio(wsi->ssl);
|
bio = SSL_get_rbio(wsi->ssl);
|
||||||
|
|
@ -580,8 +408,6 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
||||||
BIO_set_nbio(bio, 1); /* nonblocking */
|
BIO_set_nbio(bio, 1); /* nonblocking */
|
||||||
else
|
else
|
||||||
lwsl_notice("NULL rbio\n");
|
lwsl_notice("NULL rbio\n");
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
@ -639,16 +465,9 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
||||||
* connection upgrade directly.
|
* connection upgrade directly.
|
||||||
*/
|
*/
|
||||||
wsi->use_ssl = 0;
|
wsi->use_ssl = 0;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
ssl_close_notify(wsi->ssl);
|
|
||||||
ssl_free(wsi->ssl);
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
SSL_shutdown(wsi->ssl);
|
SSL_shutdown(wsi->ssl);
|
||||||
SSL_free(wsi->ssl);
|
SSL_free(wsi->ssl);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
wsi->ssl = NULL;
|
wsi->ssl = NULL;
|
||||||
if (lws_check_opt(context->options,
|
if (lws_check_opt(context->options,
|
||||||
LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS))
|
LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS))
|
||||||
|
|
@ -675,14 +494,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* normal SSL connection processing path */
|
/* normal SSL connection processing path */
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
n = ssl_handshake(wsi->ssl);
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
n = SSL_accept(wsi->ssl);
|
n = SSL_accept(wsi->ssl);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
lws_latency(context, wsi,
|
lws_latency(context, wsi,
|
||||||
"SSL_accept LWSCM_SSL_ACK_PENDING\n", n, n == 1);
|
"SSL_accept LWSCM_SSL_ACK_PENDING\n", n, n == 1);
|
||||||
|
|
||||||
|
|
@ -739,35 +552,16 @@ fail:
|
||||||
void
|
void
|
||||||
lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost)
|
lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost)
|
||||||
{
|
{
|
||||||
if (vhost->ssl_ctx) {
|
if (vhost->ssl_ctx)
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
lws_free(vhost->ssl_ctx);
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
SSL_CTX_free(vhost->ssl_ctx);
|
SSL_CTX_free(vhost->ssl_ctx);
|
||||||
#endif
|
|
||||||
#endif
|
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
|
||||||
}
|
|
||||||
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) {
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
lws_free(vhost->ssl_client_ctx);
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
SSL_CTX_free(vhost->ssl_client_ctx);
|
SSL_CTX_free(vhost->ssl_client_ctx);
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
lws_ssl_context_destroy(struct lws_context *context)
|
lws_ssl_context_destroy(struct lws_context *context)
|
||||||
{
|
{
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
|
|
||||||
// after 1.1.0 no need
|
// after 1.1.0 no need
|
||||||
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
|
#if (OPENSSL_VERSION_NUMBER < 0x10100000)
|
||||||
|
|
@ -787,7 +581,4 @@ lws_ssl_context_destroy(struct lws_context *context)
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
CRYPTO_cleanup_all_ex_data();
|
CRYPTO_cleanup_all_ex_data();
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -43,15 +43,10 @@ static struct lws *wsi_multi[3];
|
||||||
static volatile int force_exit;
|
static volatile int force_exit;
|
||||||
static unsigned int opts, rl_multi[3];
|
static unsigned int opts, rl_multi[3];
|
||||||
static int flag_no_mirror_traffic;
|
static int flag_no_mirror_traffic;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
char crl_path[1024] = "";
|
char crl_path[1024] = "";
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This demo shows how to connect multiple websockets simultaneously to a
|
* This demo shows how to connect multiple websockets simultaneously to a
|
||||||
|
|
@ -235,10 +230,6 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason,
|
||||||
force_exit = 1;
|
force_exit = 1;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
case LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS:
|
case LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS:
|
||||||
if (crl_path[0]) {
|
if (crl_path[0]) {
|
||||||
|
|
@ -258,8 +249,6 @@ callback_dumb_increment(struct lws *wsi, enum lws_callback_reasons reason,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
@ -503,17 +492,12 @@ int main(int argc, char **argv)
|
||||||
strncpy(ca_path, optarg, sizeof(ca_path) - 1);
|
strncpy(ca_path, optarg, sizeof(ca_path) - 1);
|
||||||
ca_path[sizeof(ca_path) - 1] = '\0';
|
ca_path[sizeof(ca_path) - 1] = '\0';
|
||||||
break;
|
break;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
case 'R':
|
case 'R':
|
||||||
strncpy(crl_path, optarg, sizeof(crl_path) - 1);
|
strncpy(crl_path, optarg, sizeof(crl_path) - 1);
|
||||||
crl_path[sizeof(crl_path) - 1] = '\0';
|
crl_path[sizeof(crl_path) - 1] = '\0';
|
||||||
break;
|
break;
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
case 'h':
|
case 'h':
|
||||||
goto usage;
|
goto usage;
|
||||||
|
|
@ -578,15 +562,10 @@ int main(int argc, char **argv)
|
||||||
*/
|
*/
|
||||||
if (ca_path[0])
|
if (ca_path[0])
|
||||||
info.ssl_ca_filepath = ca_path;
|
info.ssl_ca_filepath = ca_path;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
else if (crl_path[0])
|
else if (crl_path[0])
|
||||||
lwsl_notice("WARNING, providing a CRL requires a CA cert!\n");
|
lwsl_notice("WARNING, providing a CRL requires a CA cert!\n");
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -34,16 +34,10 @@
|
||||||
* using this protocol, including the sender
|
* using this protocol, including the sender
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
/* location of the certificate revocation list */
|
/* location of the certificate revocation list */
|
||||||
extern char crl_path[1024];
|
extern char crl_path[1024];
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
extern int debug_level;
|
extern int debug_level;
|
||||||
|
|
||||||
|
|
@ -749,10 +743,6 @@ bail:
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT)
|
#if defined(LWS_OPENSSL_SUPPORT)
|
||||||
case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION:
|
case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION:
|
||||||
/* Verify the client certificate */
|
/* Verify the client certificate */
|
||||||
|
|
@ -784,8 +774,6 @@ bail:
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
|
|
@ -30,15 +30,9 @@ struct lws_plat_file_ops fops_plat;
|
||||||
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
||||||
char *resource_path = LOCAL_RESOURCE_PATH;
|
char *resource_path = LOCAL_RESOURCE_PATH;
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
char crl_path[1024] = "";
|
char crl_path[1024] = "";
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* libev dumps their hygiene problems on their users blaming compiler
|
* libev dumps their hygiene problems on their users blaming compiler
|
||||||
|
|
|
||||||
|
|
@ -32,15 +32,9 @@ struct lws_plat_file_ops fops_plat;
|
||||||
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
||||||
char *resource_path = LOCAL_RESOURCE_PATH;
|
char *resource_path = LOCAL_RESOURCE_PATH;
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
char crl_path[1024] = "";
|
char crl_path[1024] = "";
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* singlethreaded version --> no locks */
|
/* singlethreaded version --> no locks */
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,15 +33,9 @@ int count_pollfds;
|
||||||
volatile int force_exit = 0;
|
volatile int force_exit = 0;
|
||||||
struct lws_context *context;
|
struct lws_context *context;
|
||||||
|
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
char crl_path[1024] = "";
|
char crl_path[1024] = "";
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This mutex lock protects code that changes or relies on wsi list outside of
|
* This mutex lock protects code that changes or relies on wsi list outside of
|
||||||
|
|
|
||||||
|
|
@ -30,15 +30,10 @@ struct lws_context *context;
|
||||||
/* http server gets files from this path */
|
/* http server gets files from this path */
|
||||||
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
||||||
char *resource_path = LOCAL_RESOURCE_PATH;
|
char *resource_path = LOCAL_RESOURCE_PATH;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
char crl_path[1024] = "";
|
char crl_path[1024] = "";
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This test server is ONLY this .c file, it's radically simpler than the
|
* This test server is ONLY this .c file, it's radically simpler than the
|
||||||
|
|
@ -298,18 +293,13 @@ int main(int argc, char **argv)
|
||||||
use_ssl = 1;
|
use_ssl = 1;
|
||||||
opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
|
opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
|
||||||
break;
|
break;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
case 'R':
|
case 'R':
|
||||||
strncpy(crl_path, optarg, sizeof(crl_path) - 1);
|
strncpy(crl_path, optarg, sizeof(crl_path) - 1);
|
||||||
crl_path[sizeof(crl_path) - 1] = '\0';
|
crl_path[sizeof(crl_path) - 1] = '\0';
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
case 'h':
|
case 'h':
|
||||||
fprintf(stderr, "Usage: test-server "
|
fprintf(stderr, "Usage: test-server "
|
||||||
|
|
|
||||||
|
|
@ -36,15 +36,9 @@ struct lws_plat_file_ops fops_plat;
|
||||||
/* http server gets files from this path */
|
/* http server gets files from this path */
|
||||||
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
|
||||||
char *resource_path = LOCAL_RESOURCE_PATH;
|
char *resource_path = LOCAL_RESOURCE_PATH;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
char crl_path[1024] = "";
|
char crl_path[1024] = "";
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* singlethreaded version --> no locks */
|
/* singlethreaded version --> no locks */
|
||||||
|
|
||||||
|
|
@ -292,18 +286,13 @@ int main(int argc, char **argv)
|
||||||
use_ssl = 1;
|
use_ssl = 1;
|
||||||
opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
|
opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
|
||||||
break;
|
break;
|
||||||
#if defined(LWS_USE_POLARSSL)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_USE_MBEDTLS)
|
|
||||||
#else
|
|
||||||
#if defined(LWS_HAVE_SSL_CTX_set1_param)
|
#if defined(LWS_HAVE_SSL_CTX_set1_param)
|
||||||
case 'R':
|
case 'R':
|
||||||
strncpy(crl_path, optarg, sizeof(crl_path) - 1);
|
strncpy(crl_path, optarg, sizeof(crl_path) - 1);
|
||||||
crl_path[sizeof(crl_path) - 1] = '\0';
|
crl_path[sizeof(crl_path) - 1] = '\0';
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
#endif
|
#endif
|
||||||
case 'h':
|
case 'h':
|
||||||
fprintf(stderr, "Usage: test-server "
|
fprintf(stderr, "Usage: test-server "
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue