This adds a LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS callback
which offers a chance for the server context to be loaded with additional
certtificates allowing it to verify incoming client certs. The callback
always comes to protocol[0].
It also introduces the context option LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT
which will enforce client cert checking on any ssl connection.
Signed-off-by: Andy Green <andy@warmcat.com>
Doing a client connect was atomic until now, blocking
all the other service while it waited for proxy and / or
server response.
This patch uses the new timeout system and breaks the
client connect sequence into three states handled by
the normal poll() processing. It means that there are
now no blocking network delays and it's all handled
by the main state machine.
Signed-off-by: Andy Green <andy@warmcat.com>
This adds a concept of timeouts for operations enforced by
connection closure if the timeout is reached.
Once a second all sockets are checked for timing out, every time
there is a service call it checks to see if a second has passed since
the last check and checks if so.
You can also call libwebsocket_service_fd() with a NULL fd to give
the timeouts a chance to be detected; if it's less than a second since
the last check it returns immediately.
Signed-off-by: Andy Green <andy@warmcat.com>
Just a quick follow up there is a compile error at the moment, which I
think is resolved as the following?
Signed-off-by: Timothy J Fontaine <tjfontaine@gmail.com>
This patch removes the relationship between position in the
pollfd[] array and any meaning about the type of socket.
It also refactors the service loop so there is a per-fd
function that detects the mode of the connection and services
it accordingly.
The context wsi * array is removed and a hashtable introduced
allowing fast wsi lookup from just the fd that it is
associated with
Signed-off-by: Andy Green <andy@warmcat.com>
This adds 05 support, and -v switches on test-client and test-ping
to allow setting their ietf protocol version to 4 or 5.
It also optimizes the masking to us a function pointer, which
takes some conditionals out of the fast path.
Signed-off-by: Andy Green <andy@warmcat.com>
I?aki pointed out the dummy host field used in client test and ping
is not valid http. This patch changes it to use the actual host
name and adds an api to collect that from the context cheaply.
Reported-by: I?aki Baz Castillo <ibc@aliax.net>
Signed-off-by: Andy Green <andy@warmcat.com>