stv0g/libwebsockets
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
1196 commits 16 branches 48 tags 17 MiB
Commit graph

42 commits

Author SHA1 Message Date
Andy Green
29ddc84a5c check errno for ssl non ssl 
After thomgree

https://github.com/warmcat/libwebsockets/issues/313

Signed-off-by: Andy Green <andy.green@linaro.org>
 2015-10-22 20:32:55 +08:00
Andy Green
dbbd31141a if ssl and non ssl allowed insist to wait for something to discriminate by 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2015-10-16 11:39:23 +08:00
Andy Green
6d59f59745 LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED 
Requested by Bruce Perens

http://ml.libwebsockets.org/pipermail/libwebsockets/2015-June/001834.html

Signed-off-by: Andy Green <andy.green@linaro.org>
 2015-10-15 09:12:58 +08:00
Andy Green
a739f75ee2 ssl set session id context 
Via Bruce Perens

http://ml.libwebsockets.org/pipermail/libwebsockets/2015-June/001833.html

Signed-off-by: Andy Green <andy.green@linaro.org>
 2015-10-15 09:00:31 +08:00
Andy Green
1963c9aa7f improve callback close checking 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2015-10-15 07:39:33 +08:00
Roger A. Light
b9f28ac8df Attempt to fix server problems receiving large https POSTS. 
Without this change the pending list ends up having
wsi->pending_read_list_next == wsi, which causes a loop in
lws_plat_unix().
 2015-10-12 11:30:37 +08:00
=?UTF-8?q?Joakim=20S=C3=B6derberg?=
8361d34ff9 Bugfix: SSL code should not free wsi 
The SSL code should not do lws_free(new_wsi) here. The caller should clean up the wsi in libwebsocket_close_and_free_session. Instead this can potentially cause a crash during that call.

Also if we fail to create the SSL for hte listener we should indicate failure to the caller.
 2015-10-12 10:03:41 +08:00
ABruines
80a7068ec8 Allow using CyaSSL in stead of wolfSSL 2015-10-12 08:17:55 +08:00
Alexander Bruines
c3bcb89d01 Move from CyaSSL to wolfSSL 
This patch lets libwebsockets use the lastest version of wolfSSL (the new name for CyaSSL).
The reason for the patch is that allthough wolfSSL provides compatibility headers for (old) projects using CyaSSL,
these are incomplete and do not work for libwebsockets.

The patch also fixes a typo in CMakeLists.txt where CYASSL_LIBRARIES was added to include_directories() instead of CYASSL_INCLUDE_DIRS.

Signed-off-by: ABruines <alexander.bruines@gmail.com>
 2015-10-12 08:14:50 +08:00
=?UTF-8?q?Jos=C3=A9=20Luis=20Mill=C3=A1n?=
4c0ba02771 fix #309. Receive large messages over WSS 
Read the full incoming TLS/SSL record at once in libwebsocket_service_fd().

SSL_read() is called until no more pending data for the current record is buffered in SSL.
SSL_read() is never requested more than the pending data size for the current record
to ensure that the fd is not read again for new data, which would be copied in the SSL buffer otherwise.
 2015-10-12 08:07:38 +08:00
Andy Green
413b3a6c55 ssl pendding buffered reads dont dereference first time 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2015-01-30 10:33:00 +08:00
Andy Green
5281560000 ssl pending buffered reads use linked list 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2015-01-29 08:36:18 +08:00
=?UTF-8?q?Christoph=20M=C3=BCllner?=
87840d18e6 Subject: [PATCH] Fix error handling when calling "REQUIRES PRIVATE KEY" 
callback.

A recent patch in ssl.c introduced a callback for setting the
private key of the SSL context. This code contained a bug, which
resulted in lws_context_init_server_ssl() returning always
with a return value of 1, indicating an error.

This patch introduces the missing curly braces to fix the code's
intended behaviour.
 2015-01-26 11:18:30 +08:00
Octav Zlatior
cf5189614a Subject: [PATCH] Adds "REQUIRES PRIVATE KEY" callback 
In some situations the private key is not directly available via
filesystem (for example, when stored on a smartcard). If this is
the case, the user can set the private key filepath to NULL and
expect this callback reason to set the key directly via openSSL
library calls.
 2014-12-16 08:47:37 +08:00
Alejandro Mery
6ff28248aa Subject: [PATCH] Use custom allocator 
Signed-off-by: Alejandro Mery <amery@geeks.cl>
 2014-12-05 07:26:26 +08:00
Andy Green
26193fab34 coverity 83684 let parent close if ssl service fails 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-11-30 12:14:23 +08:00
Andy Green
70b543f7c2 move bind passphrase out of LWS_NO_SERVER 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-11-26 14:29:03 +08:00
Roger A. Light
d893d96f8f Subject: [PATCH] SSL: Disable support for SSLv2 and SSLv3. 2014-11-25 05:55:41 +08:00
Joakim Soderberg
1b97ec2efa Subject: [PATCH] Enable usage of ancient OpenSSL. 
Yes people should be upgrading their OpenSSL, but there are still old versions without Heartbleed out there being used...
 2014-11-25 05:53:31 +08:00
Andy Green
4076a2c8bc ssl fix client and server passphrase handling 
again from "linedot" at

https://github.com/warmcat/libwebsockets/issues/152#issuecomment-63647996

Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-11-20 12:10:40 +08:00
Andy Green
752963da00 test-echo: enable for ssl cert serving and verification 2014-11-18 09:28:35 +08:00
Andy Green
50000a1ac5 ssl also allow passphrase management for server 
Adapted from idea + diff provided by "linedot"
https://github.com/warmcat/libwebsockets/issues/152#issuecomment-63364869

Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-11-18 07:53:20 +08:00
Andy Green
fce6bde622 ssl CYASSL doesnt have new api 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-11-05 15:35:05 +08:00
Andy Green
5db6c0fa01 clean http2 passphrase code 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-11-05 15:32:58 +08:00
Andy Green
040465d082 openssl update deprecated remove_state api 
As suggested by svetlin-mladenov here

https://github.com/warmcat/libwebsockets/issues/186

Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-10-27 11:38:03 +08:00
Andy Green
7df53c5550 http2 alpn npn pollout 
This adds npn / alpn support if your openssl can handle it.
Then, browsers that understand alpn will by default
negotiate http/1.1 and work as normal.

Clients that understand http2.0 can negotiate h2-14 and
use the basic but working http2.0 support automatically

Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-10-22 15:38:12 +08:00
Marek Kochanowicz
b21122994c Subject: [PATCH] Initialize openssl during client initialization. 2014-10-22 15:37:58 +08:00
Andy Green
0c51239023 ssl clean recent external CTX patch so doesnt break build 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-10-17 08:47:51 +08:00
joseph.urciuoli
4d9c8fc01a ssl allow externally managed SSL_CTX 
Signed-off-by: joseph.urciuoli <trac90@UNKNOWN.org>
 2014-10-16 08:53:19 +08:00
Andy Green
609ec85869 ssl optimize poll when buffered ssl read data 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-10-09 08:29:22 +08:00
Andy Green
1f5c9f0c31 ssl_capable_read add context param 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-10-09 08:14:30 +08:00
Andy Green
fe3e3e61ec ssl fix pending reads stuck in ssl layer 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-10-08 12:15:29 +08:00
Andy Green
8721f4f5f1 fix build for NO_SERVER 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-08-27 16:31:20 +08:00
Andy Green
62824f96d4 ssl fix excessive crash workaround 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-08-10 09:50:42 +08:00
Oleh
faeac3c419 ssl allow passing cert passphrase 
https://github.com/warmcat/libwebsockets/issues/152
 2014-07-29 23:18:41 +08:00
Andy Green
f55b2eff0a add runtime context flag to enforce defeat of OS CA CERTS even if build option selected 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-07-06 09:36:44 +08:00
vpeter4
4dd8ada592 Disable compile warning: no newline at end of file 2014-04-27 13:28:22 +02:00
Andy Green
cdb9bf9bdd refactor move ssl server service to ssl.c 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-04-12 10:07:02 +08:00
Andy Green
529d4814d0 fix ssl error reporting 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-04-06 12:41:31 +01:00
Andy Green
02138126f2 refactor add ssl read write single implementation 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-04-06 06:26:35 +01:00
Andy Green
2eedea9884 http2 add initial alpn support 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-04-03 14:33:48 +08:00
Andy Green
c57037a555 refactor ssl related code into ssl.c 
Signed-off-by: Andy Green <andy.green@linaro.org>
 2014-04-03 10:17:00 +08:00