I run a web socket server that requires clients to present a certificate.
context_ssl_ = libwebsocket_create_context(wssPort_, wssIpAddr_.c_str(), protocols_ssl,
libwebsocket_internal_extensions,
cert_path.c_str(), key_path.c_str(), -1, -1,
LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT);
I am getting a crash in the OpenSSL_verify_callback().
The SSL_get_ex_data() call is returning NULL
I could not find a call to SSL_set_ex_data() for server mode operation.
Has anyone seen this crash in the newer versions?
Signed-off-by: Larry Hayes <larry.hayes@prodeasystems.com>
Some of the advice in README.rst became deprecated with recent patches,
the (good) advice about http connection close is better demonstrated
in the code and API docs, and the remainder can go in the main README,
which will have to be refactored itself at some point.
Signed-off-by: Andy Green <andy.green@linaro.org>
This patch allows control of the main compiletime constants in libwebsockets
from the configure commandline.
README is updated with documentation on what's available, how to set them
and the defaults.
The constants are logged with "info" severity (not visible by default) at
context create time.
The zlib constant previously exposed like this is moved to private-libwebsockets.h
so it can be printed along with the rest.
Signed-off-by: Andy Green <andy.green@linaro.org>
This reverts the removal of the deflate_frame code that was crashing after porting
David Galeano's code: he pointed out there's a typo in the merged version causing
the crash which is fixed here.
However the fixed code has a problem, there's no limit (other than int size) to the
amount of memory it will try to malloc, which can allow a DoS of the server by the
client sending malicious compression states that inflate to a large amount. I have
added checking for OOM already that will avert the segfault that would otherwise follow
but the server will be unusuable if malicious connections were made repeatedly each
forcing it to allocate large buffers and cause small allocations on other connections
to fail.
The patch changes the code to use realloc(), and introduces a configurable limit
on the amount of memory one connection may need for zlib before the server hangs
up the connection. It defaults to 64KBytes but can be set from ./configure as
described now in the README.
Signed-off-by: Andy Green <andy.green@linaro.org>
David found that uclibc did not provide this slightly esoteric api
and provided one from BSD that can be built by the library internally.
AG: Made contingent on configure option --enable-builtin-getifaddrs
Signed-off-by: David <cymerio@gmail.com>
Signed-off-by: Andy Green <andy.green@linaro.org>
- multiple debug context calls lwsl_ err, warn, debug, parser, ext, client
- api added to set which contexts output to stderr using a bitfield log_level
- --disable-debug on configure removes all code that is not err or warn severity
- err and warn contexts always output to stderr unless disabled by log_level
- err and warn enabled by default in log_level
Signed-off-by: Andy Green <andy@warmcat.com>
Here testing with the test serer and chrome 25, the buffer expansion
code on Rx was triggered by a valid no data output condition and looped
until it exhausted all memory.
This patch adds OOM check to all malloc()s and removes the buffer expansion
code on the rx path... leaving the code on tx path for now.
Signed-off-by: Andy Green <andy.green@linaro.org>
When the output buffer was exhausted the input buffer was discarded
without checking if zlib had actually consumed all the input,
now we copy the remaining input data for the next call.
