The SSL code should not do lws_free(new_wsi) here. The caller should clean up the wsi in libwebsocket_close_and_free_session. Instead this can potentially cause a crash during that call.
Also if we fail to create the SSL for hte listener we should indicate failure to the caller.
This patch lets libwebsockets use the lastest version of wolfSSL (the new name for CyaSSL).
The reason for the patch is that allthough wolfSSL provides compatibility headers for (old) projects using CyaSSL,
these are incomplete and do not work for libwebsockets.
The patch also fixes a typo in CMakeLists.txt where CYASSL_LIBRARIES was added to include_directories() instead of CYASSL_INCLUDE_DIRS.
Signed-off-by: ABruines <alexander.bruines@gmail.com>
Read the full incoming TLS/SSL record at once in libwebsocket_service_fd().
SSL_read() is called until no more pending data for the current record is buffered in SSL.
SSL_read() is never requested more than the pending data size for the current record
to ensure that the fd is not read again for new data, which would be copied in the SSL buffer otherwise.
callback.
A recent patch in ssl.c introduced a callback for setting the
private key of the SSL context. This code contained a bug, which
resulted in lws_context_init_server_ssl() returning always
with a return value of 1, indicating an error.
This patch introduces the missing curly braces to fix the code's
intended behaviour.
In some situations the private key is not directly available via
filesystem (for example, when stored on a smartcard). If this is
the case, the user can set the private key filepath to NULL and
expect this callback reason to set the key directly via openSSL
library calls.
This adds npn / alpn support if your openssl can handle it.
Then, browsers that understand alpn will by default
negotiate http/1.1 and work as normal.
Clients that understand http2.0 can negotiate h2-14 and
use the basic but working http2.0 support automatically
Signed-off-by: Andy Green <andy.green@linaro.org>
