Commit graph

89 commits

Author SHA1 Message Date
Peter Pentchev
939bb7f6e9 Remove the cleanup functions with OpenSSL 1.1.
The thread support in OpenSSL has been rewritten almost completely
and the cleanup functions are now executed automatically.
2016-10-04 08:26:13 +08:00
Andy Green
f32d25051c ws ping pong on idle connections
This adds a new member to the context creation info struct "ws_ping_pong_interval".

If nonzero, it sets the number of seconds that established ws connections are
allowed to be idle before a PING is forced to be sent.  If zero (the default) then
tracking of idle connection is disabled for backwards compatibility.

Timeouts cover both the period between decision to send the ping and it being
sent (because it needs the socket to become writeable), and the period between
the ping being sent and the PONG coming back.

INFO debug logs are issues when the timeout stuff is operating.

You can test the server side by running the test server hacked to set ws_ping_pong_interval
and debug log mask of 15.  Both the mirror protocol and the server-status protocol are
idle if nothing is happening and will trigger the PING / PONG testing.  (You can also
test using lwsws and /etc/lwsws/conf with "ws-pingpong-secs": "20" in the global section)

For client, run the test client with -n -P 20 for 20s interval.  -n stops the test client
writing using the mirror protocol, so it will be idle and trigger the PING / PONGs.

The timeout interval may be up to +10s late, as lws checks for affected connections every
10s.
2016-08-10 21:20:23 +08:00
Andy Green
e7c1c757cd replace LWS_MAX_SOCKET_IO_BUF with context creation info pt_serv_buf_size
This makes it easy for user code to choose the size of the per-thread
buffer used by various things in lws, including file transfer chunking.

Previously it was 4096, if you leave info.pt_serv_buf_size as zero that
is still the default.

With some caveats, you can increase transfer efficiency by increasing it
to, eg, 128KiB, if that makes sense for your memory situation.

Signed-off-by: Andy Green <andy@warmcat.com>
2016-05-19 12:34:35 +08:00
Enno Boland
7731a3e575 lib/ssl.c: fix libre- and boringssl 2016-05-06 07:46:26 +08:00
Andy Green
f1fd882d57 client fix reaction to tls failure
https://github.com/warmcat/libwebsockets/issues/508

Signed-off-by: Andy Green <andy@warmcat.com>
2016-05-03 07:26:10 +08:00
Andy Green
451cee5d47 polarssl implementation
Signed-off-by: Andy Green <andy@warmcat.com>
2016-04-18 20:05:43 +08:00
Andy Green
57f2007105 vhost collect rx tx stats
Signed-off-by: Andy Green <andy@warmcat.com>
2016-04-15 13:57:20 +08:00
Andy Green
5b95081000 ssl server init failure info
Signed-off-by: Andy Green <andy@warmcat.com>
2016-04-14 20:59:16 +08:00
Andy Green
5e799a45cc ssl store vhost in ssl private data not context
Only used by the ssl verify callback

Signed-off-by: Andy Green <andy@warmcat.com>
2016-04-14 20:59:16 +08:00
Andy Green
22d6f39e7f http2 update integration
https://github.com/warmcat/libwebsockets/issues/489

This

1) fixes the vhost changes on master

2) works around the ah pool changes

3) fixes some other build problems that appeared

4) hacks out physical flow control for internal streams

5) updates the advertised protocol to h2 needed by, eg, chrome 51

That gets it able to serve small (<4K, ie, one packet) files over http2

Signed-off-by: Andy Green <andy@warmcat.com>
2016-04-13 11:53:40 +08:00
Andy Green
1a3f17700e mbedtls and polarssl first part
polarssl is the old name for mbedtls.  Unfortunately the two are confused in eg,
Fedora.  For our purposes, polarssl or mbedtls < 2.0 has includes in
/usr/include/polarssl and polarssl_ apis and we call that "polarssl".

polarssl or mbedtls >=2.0 has includes in /usr/include/mbedtls and mbedtls_ apis,
we call that "mbedtls".

This has to be spelled out clearly because eg Fedora has a package "mbedtls" which
is 1.3.x and has the polarssl_ apis and include path.  We will deal with that as
"polarssl" despite the package name then.

This patch lets you use LWS_USE_POLARSSL or LWS_USE_MBEDTLS and set the include and
library path like this

cmake .. -DLWS_USE_POLARSSL=1 -DLWS_POLARSSL_INCLUDE_DIRS=/usr/include -DLWS_POLARSSL_LIBRARIES=/usr/lib64/libmbedtls.so.9

This patch adds the cmake support and adapts [private-]libwebsockets.h but doesn't
modify the apis in ssl[-*].c yet.

Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 21:49:18 +08:00
Andy Green
7fe02e3af5 ssl split out common server and client ssl sources
Most of ssl.c is under a #ifdef for client or server disabled...
let's get rid of it and have CMake just build the appropriate
files

Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-29 08:51:42 +08:00
Andy Green
eefb13a0a7 ssl migrate client pieces to ssl.c
Some ssl-specific code was still hiding out in client.c instead of
going in ssl.c

Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-28 12:43:55 +08:00
Andy Green
d526c50c22 introduce vhosts
This patch splits out some lws_context members into a new lws_vhost struct.

 - ssl state and options per vhost
 - SSL_CTX for serving and client per vhost
 - protocols[] per vhost
 - extensions[] per vhost

lws_context maintains a linked list of lws_vhosts.

The same lws_context_creation_info struct is used to regulate both the
context creation and to create vhosts: for backward compatibility if you
didn't provide the new LWS_SERVER_OPTION_EXPLICIT_VHOSTS option, then
a default vhost is created at context creation time using the same info
data as the context itself.

If you will have multiple vhosts though, you should give the
LWS_SERVER_OPTION_EXPLICIT_VHOSTS option at context creation time,
create the context first and then the vhosts afterwards using

  lws_create_vhost(contest, &info);

Although there is a lot of housekeeping to implement this change, there
is almost no additional overhead if you don't use multiple vhosts and
very little api impact (no changes to test apps).

Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-28 10:15:25 +08:00
Andy Green
e2cf3e1cc0 SNI for server side: receive callback
This takes tha callback and binds the lws_context to the SSL_CTX so we can
get the lws_context in the callback.

It just logs the incoming hostname atm.

Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-26 09:27:34 +08:00
Andy Green
c6fd360160 LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT to default to runtime ssl disable
https://github.com/warmcat/libwebsockets/issues/468

Adds lws_check_opt() to regularize multibit flag checking.

There's a new context creation flag LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT,
this is included automatically if you give any other SSL-related option flag.
If you give no SSL-related option flag, nor this one directly, then even
though SSL support may be compiled in, it is never initialized nor used for the
whole lifetime of the lws context.

Conversely in order to prepare the context to use SSL, even though, eg, you
are not listening on SSL but will use SSL client connections later, you can
give this flag explicitly to make sure SSL is initialized.

Signed-off-by: Andy Green <andy@warmcat.com>
2016-03-23 09:22:11 +08:00
Andy Green
0f9904fedf ssl option for auto redir to https
Signed-off-by: Andy Green <andy.green@linaro.org>
2016-03-17 15:27:18 +08:00
Joakim Soderberg
9a720bbb50 ssl ecdh adapt if missing ecdh.h include
https://github.com/warmcat/libwebsockets/issues/457
2016-03-12 08:48:41 +08:00
Andy Green
0a3d31b8a6 ssl get rid of build_cert_chain
It's not supported on major distro SSL (Fedora is 1.1) and
libressl (on 2.x) doesn't have it either.

https://github.com/warmcat/libwebsockets/issues/435

Signed-off-by: Andy Green <andy.green@linaro.org>
2016-02-21 07:08:28 +08:00
Andy Green
d7fddadaec context creation info add ecdh_curve
Signed-off-by: Andy Green <andy.green@linaro.org>
2016-02-18 20:36:55 +08:00
Andy Green
78773b6da0 ssl add server ecdh curve init
Using "real" SSL certs requires some init for openssl ECDH
curve.  Add a default curve "prime256v1" and allow overriding it
at context creation time.

Signed-off-by: Andy Green <andy.green@linaro.org>
2016-02-18 20:36:09 +08:00
Andy Green
a0ca2d098b ssl ecdh check errors properly
Signed-off-by: Andy Green <andy.green@linaro.org>
2016-02-17 11:09:58 +08:00
Andy Green
200a6a296e timeout settable from info
This adds an info member that allows the user code to
set the library's network action timeout in seconds.

If left at the default 0, the build-time default
AWAITING_TIMEOUT continues to be used.

As suggested

https://github.com/warmcat/libwebsockets/issues/427

Signed-off-by: Andy Green <andy.green@linaro.org>
2016-02-15 20:39:07 +08:00
Andy Green
86ed65ff00 libuv integration
This gets the libuv stuff plumbed in and working.

Currently it's only workable for some service thread, and there
is an isolated valgrind problem left

==28425== 128 bytes in 1 blocks are definitely lost in loss record 3 of 3
==28425==    at 0x4C28C50: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==28425==    by 0x4C2AB1E: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==28425==    by 0x58BBB27: maybe_resize (core.c:748)
==28425==    by 0x58BBB27: uv__io_start (core.c:787)
==28425==    by 0x58C1B80: uv__signal_loop_once_init (signal.c:225)
==28425==    by 0x58C1B80: uv_signal_init (signal.c:260)
==28425==    by 0x58BF7A6: uv_loop_init (loop.c:66)
==28425==    by 0x4157F5: lws_uv_initloop (libuv.c:89)
==28425==    by 0x405536: main (test-server-libuv.c:284)

libuv wants to sign off on all libuv 'handles' that will close, and
callback to do the close confirmation asynchronously.  The wsi close function
is adapted when libuv is in use to work with libuv accordingly and exit the uv
loop the number of remaining wsi is zero.

Signed-off-by: Andy Green <andy.green@linaro.org>
2016-02-14 09:31:13 +08:00
Andy Green
e6dbaa236a coverity 157402 explicitly disallow handling invalid sockfd
Signed-off-by: Andy Green <andy.green@linaro.org>
2016-01-29 15:40:08 +08:00
Andy Green
b39a151c9c coverity 157404 get rid of needless NULL check
Signed-off-by: Andy Green <andy.green@linaro.org>
2016-01-29 15:30:05 +08:00
Andy Green
8c1f6026a7 multithread stability
Signed-off-by: Andy Green <andy.green@linaro.org>
2016-01-26 20:56:56 +08:00
Andy Green
d3a5505542 multithreaded service
This adds support for multithreaded service to lws without adding any
threading or locking code in the library.

At context creation time you can request split the service part of the
context into n service domains, which are load-balanced so that the most
idle one gets the next listen socket accept.

There's a single listen socket on one port still.

User code may then spawn n threads doing n service loops / poll()s
simultaneously.  Locking is only required (I think) in the existing
FD lock callbacks already handled by the pthreads server example,
and that locking takes place in user code.  So the library remains
completely agnostic about the threading / locking scheme.

And by default, it's completely compatible with one service thread
so no changes are required by people uninterested in multithreaded
service.

However for people interested in extremely lightweight mass http[s]/
ws[s] service with minimum provisioning, the library can now do
everything out of the box.

To test it, just try

$ libwebsockets-test-server-pthreads -j 8

where -j controls the number of service threads

Signed-off-by: Andy Green <andy.green@linaro.org>
2016-01-19 20:02:36 +08:00
Vijay Khurdiya
e73d446461 ssl add ECDH server support
(AG clean style add option flag and docs)
2016-01-15 16:21:51 +08:00
Andy Green
6d64539fcb lws_get_context not _ctx
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-17 18:25:25 +08:00
Andy Green
54806b1541 clean internal refactor
- Mainly symbol length reduction
 - Whitespace clean
 - Code refactor for linear flow
 - Audit @Context for API docs vs changes

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-17 17:03:59 +08:00
Andy Green
00c6d1579c public api remove context from user callback API BREAK
Since struct lws (wsi) now has his own context pointer,
we were able to remove the need for passing context
almost everywhere in the apis.

In turn, that means there's no real use for context being
passed to every callback; in the rare cases context is
needed user code can get it with lws_get_ctx(wsi)

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-17 07:54:44 +08:00
Andy Green
11c05bfa09 public api remove superfluous context params API BREAK
Extend the cleanout caused by wsi having a context pointer
into the public api.

There's no point keeping the 1.5 compatibility work,
we have changed the api in several places and
rebuilt wasn't going to be enough a while ago.

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-16 18:19:08 +08:00
Andy Green
6b5de70f4f refactor needless context with wsi paramater passing
Now we bit the bullet and gave each wsi an lws_context *, many
internal apis that take both a context and wsi parameter only
need the wsi.

Also simplify parser code by making a temp var for
allocated_headers * instead of the longwinded
dereference chain everywhere.

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-15 21:15:58 +08:00
Andy Green
40110e84ab whitespace trailing mass cleanout
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-14 08:52:03 +08:00
Andy Green
1cc03887f4 clean reduce windows build warnings
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-06 08:00:03 +08:00
Andy Green
6ab6ee2c0f more server close processing error handling precisions
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-06 06:39:51 +08:00
Andy Green
5c9660da61 clean tidy the worst whitespace alignment probs due to mass token name length changes
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-04 11:30:53 +08:00
Andy Green
4b85c1d4ac api rationalization: eliminate all libwebsocket[s]_ prefixes
This nukes all the oldstyle prefixes except in the compatibility code.

struct libwebsockets becomes struct lws too.

The api docs are updated accordingly as are the READMEs that mention
those apis.

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-04 11:08:32 +08:00
Andy Green
3ef579b4f9 api rationalization eliminate oldstyle internal api names
Between changing to lws_ a few years ago and the previous two
patches migrating the public apis, there are only a few
internal functions left using libwebsocket_*.

Change those to also use lws_ without regard to compatibility
since they were never visible outside the library.

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-04 09:23:56 +08:00
Andy Green
6230476455 api rationalization use new names internally
Change all internal uses of rationalized public apis to reflect the
new names.

Theer are a few things that got changed as side effect of search/replace
matches, but these are almost all internal.  I added a compatibility define
for the public enum that got renamed.

Theoretically existing code should not notice the difference from these
two patches.  And new code will find the new names.

https://github.com/warmcat/libwebsockets/issues/357

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-04 08:43:54 +08:00
Andy Green
972eaf91a0 ssl zero return indicates shutdown
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-12-03 21:37:34 +08:00
Andrew Canaday
ad2248a207 ssl set ssl to NULL on close 2015-12-03 09:44:15 +08:00
Andy Green
11f27345d2 mbed3 workable plus or minus mbed3 net stack bug
https://github.com/ARMmbed/sockets/issues/35

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-11-14 16:33:21 +08:00
Andy Green
79a3c5d425 non ssl on ssl port zero recv ambiguous
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-11-06 08:23:05 +08:00
Andy Green
cc64fb535b non ssl on ssl port fixes
As found by 'github user 7'

https://github.com/warmcat/libwebsockets/issues/338

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-10-31 06:49:05 +08:00
Stephan Eberle
b820e2c2cc Implemented fixes allowing libwebsockets to be built under Windows using MinGM/MSYS
Improvemed patches to address travis and appveyor build errors

Reduced WINVER and _WIN32_WINNT to 0x0501 to be less restrictive

Refined CMakeLists.txt to allow for normal Windows and MinGW-specific OpenSSL certificate generation

Simplified include path to gettimeofday.h

Removed unnecessary list(APPEND LWS_LIBRARIES zlib_internal) export

Added back #include <windows.h> to gettimeofday.c to fix build for normal Windows

Made sure that pollfd gets defined on libwebsockets side when _WIN32_WINNT < 0x0600

Made sure that WINVER and _WIN32_WINNT don't get overridden by libwebsockets headers when already set to something greater than 0x0501

Added missing declaration of WSAPoll function for WINVER < 0x0600 in libwebsockets.h, eliminated invalid usages of pollfd instead of libwebsocket_pollfd in test-server.c

Cleaned up duplicate content in gettimeofday.c, removed header inclusions from gettimeofday.h and fixed include order in test-echo.c, test-ping.c and test-server.c to enable build with normal Windows and MinGW

Re-enabled debug_level in test-echo.c and made sure that the call to lws_set_log_level() is also active under Windows (just like in test-server.c); replaced all WIN32 occurrences by _WIN32 in test-echo.c, test-ping.c, and test-server.c

Removed build-msys.sh and added new section about how to build libwebsockets using MinGW to README.build.md
2015-10-30 00:16:40 +01:00
Andy Green
29ddc84a5c check errno for ssl non ssl
After thomgree

https://github.com/warmcat/libwebsockets/issues/313

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-10-22 20:32:55 +08:00
Andy Green
dbbd31141a if ssl and non ssl allowed insist to wait for something to discriminate by
Signed-off-by: Andy Green <andy.green@linaro.org>
2015-10-16 11:39:23 +08:00
Andy Green
6d59f59745 LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED
Requested by Bruce Perens

http://ml.libwebsockets.org/pipermail/libwebsockets/2015-June/001834.html

Signed-off-by: Andy Green <andy.green@linaro.org>
2015-10-15 09:12:58 +08:00