Openssl v1.0.2 and above have support for checking the hostname
the client side connected to against the hostname on the cert the
server presented.
This enables that feature if the necessary API is available in the
openssl version, meaning the connection will fail at ssl negotiation if the
cert isn't for the requested server
It's very easy to test, add a fake entry to /etc/hosts for the server IP with
a different name, using that will fail at ssl but using the correct dns name
matching the certificate will work.
This adds
- simple lws_urlencode()
- simple lws_urldecode()
- simple lws_sql_purify
Those expect the data to all be there and process it up until
the first '\0'.
There is also a larger opaque apis for handling POST_BODY urldecode. To
enable these, you need to give cmake -DLWS_WITH_STATEFUL_URLDECODE=1 (or
arrange any larger feature that relies on it sets that in CMakeLists.txt)
- stateful urldecode with parameter array
These have create / process / destroy semantics on a struct that maintains
decode state.
Stateful urldecode is capable of dealing with large POST data in multiple
POST_BODY callbacks cleanly, eg, file transfer by POST.
Stateful urldecode with parameter array wraps the above with a canned
callback that stores the urldecoded data and indexes them in a pointer
array matching an array of parameter names.
You may also pass it an optional callback when creating it, that will recieve
uploaded file content.
The test html is updated to support both urlencoded and multipart forms,
with some javascript to do clientside validation of an arbitrary 100KB
file size limit (there is no file size limit in the apis).
Signed-off-by: Andy Green <andy@warmcat.com>
This is used to confirm that SSL client connections can coexist with
a vhost doing serving.
To set it up,
/*
* This is a bit fiddly...
*
* 0) If you want the wss:// test to work, make sure the vhost is marked with
* enable-client-ssl if using lwsws, or call lws_init_vhost_client_ssl() on
* the vhost if you're doing it by hand.
*
* 1) enable the protocol on a vhost
*
* "ws-protocols": [{
* "client-loopback-test": {
* "status": "ok"
* }, ...
*
* the vhost should listen on 80 (ws://) or 443 (wss://)
*
* 2) mount the http part of the test one level down on the same vhost, eg
* {
* "mountpoint": "/c",
* "origin": "callback://client-loopback-test"
* }
*
* 3) Use a browser to visit the mountpoint with a URI attached for looping
* back, eg, if testing on localhost
*
* http://localhost/c/ws://localhost
* https://localhost/c/wss://localhost
*
* 4) The HTTP part of this test protocol will try to do the requested
* ws client connection, to the same test protocol on the same
* server.
*/
Results should look like this
lwsws[29938]: client connection to localhost:443 with ssl: 1 started
lwsws[29938]: server part: LWS_CALLBACK_ESTABLISHED
lwsws[29938]: checking client ext permessage-deflate
lwsws[29938]: instantiating client ext permessage-deflate
lwsws[29938]: Client connection established
lwsws[29938]: Client connection received 7 from server 'Made it'
Signed-off-by: Andy Green <andy@warmcat.com>
Actually lwsws doesn't need his own protocol handler even for http
any more. The default http handler in lws should do everything.
Move the cgi routing into lws default http protocol handler, and
delete lwsws one. Remove all protocols from lwsws so the lws
default one gets used.
With this, and the earlier move of lejp into lws, lwsws itself
becomes 15.5KB of x86_64 (mainly conf parsing).
Signed-off-by: Andy Green <andy@warmcat.com>
lejp is already in lws as part of lwsws. However it's too generally useful
to just put directly in lwsws, it will lead to multiple copies of the source
in differet subprojects.
This moves it directly into lws, lwsws now gets it from there.
Like lwsws, by default at cmake it is disabled. Selecting LWS_WITH_LWSWS now
selects LWS_WITH_LEJP and you can set that at cmake individually as well.
Signed-off-by: Andy Green <andy@warmcat.com>
No dependency on test-server.h (just libwebsockets.h and getopt.h / syslog.h)
No need for any user callback code and all in one short file.
Signed-off-by: Andy Green <andy@warmcat.com>
This allows mounts to define the caching policy of the files inside them.
Support is added in lwsws for controlling it from the config files.
The api for serializing a mount struct opaquely is removed and lws_http_mount struct
made public... it was getting out of control trying to hide the options.
Signed-off-by: Andy Green <andy@warmcat.com>
This adds the ability to store apache-compatible logs to a file given at
vhost-creation time.
lwsws conf can set it per-vhost using "access-log": "<filepath>"
The feature defaults to disabled at cmake, it can be set independently but
LWS_WITH_LWSWS set it on.
Signed-off-by: Andy Green <andy@warmcat.com>
After discussion here
https://libwebsockets.org/pipermail/libwebsockets/2016-April/002268.html
scandir usage in
- lwsws conf.c
- lws plugin support
and
- lws plugin apis for dl
are converted to us libuv apis so they can work cross-platform easily.
lws itself remains not requiring libuv, although it's an option.
- LWS_WITH_LWSWS
- LWS_WITH_PLUGINS
now force LWS_WITH_LIBUV if selected... both of these are new features
only in master atm and both are off by default in CMake.
There's a complication libuv can be too old to offer the necessary apis,
this is the case in Travis Trusty instance. In that case, UV_VERSION_MAJOR ==0,
then the unix-only plugin implementation is used instead.
Signed-off-by: Andy Green <andy@warmcat.com>
This adds support for dynamically loaded plugins at runtime, which
can expose their own protocols or extensions transparently.
With these changes lwsws defaults to OFF in cmake, and if enabled it
automatically enables plugins and libuv support.
Signed-off-by: Andy Green <andy@warmcat.com>
polarssl is the old name for mbedtls. Unfortunately the two are confused in eg,
Fedora. For our purposes, polarssl or mbedtls < 2.0 has includes in
/usr/include/polarssl and polarssl_ apis and we call that "polarssl".
polarssl or mbedtls >=2.0 has includes in /usr/include/mbedtls and mbedtls_ apis,
we call that "mbedtls".
This has to be spelled out clearly because eg Fedora has a package "mbedtls" which
is 1.3.x and has the polarssl_ apis and include path. We will deal with that as
"polarssl" despite the package name then.
This patch lets you use LWS_USE_POLARSSL or LWS_USE_MBEDTLS and set the include and
library path like this
cmake .. -DLWS_USE_POLARSSL=1 -DLWS_POLARSSL_INCLUDE_DIRS=/usr/include -DLWS_POLARSSL_LIBRARIES=/usr/lib64/libmbedtls.so.9
This patch adds the cmake support and adapts [private-]libwebsockets.h but doesn't
modify the apis in ssl[-*].c yet.
Signed-off-by: Andy Green <andy@warmcat.com>
Most of ssl.c is under a #ifdef for client or server disabled...
let's get rid of it and have CMake just build the appropriate
files
Signed-off-by: Andy Green <andy@warmcat.com>