It's already the default and no "SSL_set_mode" in CYASSL
Reported by Chris Conlon <chris@wolfssl.com>
Signed-off-by: Andy Green <andy.green@linaro.org>
merged by andy@warmcat.com via https://github.com/gaby64/libwebsockets-libev
To use, you need to both
- cmake ---> -DLWS_USE_LIBEV=1
- info->options must have LWS_SERVER_OPTION_LIBEV set when creating the context
this is so a single library can be built for distros to support apps that use
normal polling and apps that use libev polling.
Add a special implementation with CreateFile(), ReadFile() and CloseFile()
for serving HTTP file request to allow compilation on all Windows platforms.
At the time callback LWS_CALLBACK_FILTER_NETWORK_CONNECTION is called,
there is no client connection information yet, so the parameter wsi
still pointing to the main server connection. Add an description of
this behavior to the documentation.
This provides a single place for pollfd event changing,
external locking for that and extpoll management.
It saves about 85 lines of duplication and simplifies the callers.
Signed-off-by: Andy Green <andy.green@linaro.org>
This adds two new callbacks in protocols[0] that are optional for allowing limited thread
access to libwebsockets, LWS_CALLBACK_LOCK_POLL and LWS_CALLBACK_UNLOCK_POLL.
If you use them, they protect internal and external poll list changes, but if you want to use
external thread access to libwebsocket_callback_on_writable() you have to implement your
locking here even if you don't use external poll support.
If you will use another thread for this, take a lot of care about managing your list of
live wsi by doing it from ESTABLISHED and CLOSED callbacks (with your own locking).
Signed-off-by: Andy Green <andy.green@linaro.org>
If enabled one listening socket will accept both SSL and plain HTTP connections.
Do not enable if you regard SSL handshake as some kind of security, eg, use
client-side certs to restrict access.
AG: changed flag names, added extra comments, changelog, add -a in test server
Signed-off-by: James Devine <fxmulder@gmail.com>
Signed-off-by: Andy Green <andy@warmcat.com>
This patch deploys the truncated send work to buffer output in case
either send() or the SSL send return a temporary "unable to send"
condition even though they signalled as writeable.
I added a by-default #if 0 test jig which enforces only half of what
you want to send is sendable, this is working when enabled.
One subtle change is that the pipe reports choked if there is any
pending remaining truncated send. Otherwise it should be transparent.
Hopefully...
Signed-off-by: Andy Green <andy.green@linaro.org>
The header name buffer and its max length handling has actually
been unused since the minilex parser was introduced. We hold
parsing state in the lex-type parts and don't need to store or
worry about max length, since the parser will let us know as
soon as it can't be a match for the valid header names.
This strips it out reducing the per-connection allocation for
x86_64 with default configure from 224 to 160.
Signed-off-by: Andy Green <andy.green@linaro.org>
If the SSL connection failed before the headers came, we were not
dealing with deallocating the header malloc. This takes care of it.
Using CyaSSL, we are then valgrind-clean for ssl client and server.
With OpenSSL, there is 88 bytes lost at init that never changes or
gets recovered. AFAIK there's nothing to do about that.
OpenSSL also blows these during operation
==1059== Conditional jump or move depends on uninitialised value(s)
==1059== at 0x4A0B131: bcmp (mc_replace_strmem.c:935)
==1059== by 0x3014CDDBA8: ??? (in /usr/lib64/libcrypto.so.1.0.1c)
==1059== by 0x3015430852: tls1_enc (in /usr/lib64/libssl.so.1.0.1c)
==1059== by 0x3015428CEC: ssl3_read_bytes (in /usr/lib64/libssl.so.1.0.1c)
==1059== by 0x30154264C5: ??? (in /usr/lib64/libssl.so.1.0.1c)
==1059== by 0x4C3C596: lws_server_socket_service (server.c:153)
==1059== by 0x4C32C1E: libwebsocket_service_fd (libwebsockets.c:927)
==1059== by 0x4C33270: libwebsocket_service (libwebsockets.c:1225)
==1059== by 0x401C84: main (in /usr/bin/libwebsockets-test-server)
However googling around
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/60021http://www.openssl.org/support/faq.html#PROG13
(also the next FAQ down)
it seems OpenSSL have a relaxed attitude to this and it's expected.
It's interesting CyaSSL works fine but doesn't have that problem...
Signed-off-by: Andy Green <andy.green@linaro.org>
CyaSSL blows (symptomless?) uninitialized memory accesses in
valgrind when using SSL_get_version()... don't need to do it...
Signed-off-by: Andy Green <andy.green@linaro.org>
This brings the library sources into compliance with checkpatch
style except for three or four exceptions like WIN32 related stuff
and one long string constant I don't want to break into multiple
sprintf calls.
There should be no functional or compilability change from all
this (hopefully).
Signed-off-by: Andy Green <andy.green@linaro.org>
This big patch replaces the malloc / realloc per header
approach used until now with a single three-level struct
that gets malloc'd during the header union phase and freed
in one go when we transition to a different union phase.
It's more expensive in that we malloc a bit more than 4Kbytes,
but it's a lot cheaper in terms of malloc, frees, heap fragmentation,
no reallocs, nothing to configure. It also moves from arrays of
pointers (8 bytes on x86_64) to unsigned short offsets into the
data array, (2 bytes on all platforms).
The 3-level thing is all in one struct
- array indexed by the header enum, pointing to first "fragment" index
(ie, header type to fragment lookup, or 0 for none)
- array of fragments indexes, enough for 2 x the number of known headers
(fragment array... note that fragments can point to a "next"
fragment if the same header is spread across multiple entries)
- linear char array where the known header payload gets written
(fragments point into null-terminated strings stored in here,
only the known header content is stored)
http headers can legally be split over multiple headers of the same
name which should be concatenated. This scheme does not linearly
conatenate them but uses a linked list in the fragment structs to
link them. There are apis to get the total length and copy out a
linear, concatenated version to a buffer.
Signed-off-by: Andy Green <andy.green@linaro.org>
A new protocol member is defined that controls the size of rx
buffer allocation per connection. For compatibility 0 size
allocates 4096, but you should adapt your protocol definition
array in the user code to declare an appropriate value.
See the changelog for more detail.
The advantage is the rx frame buffer size is now tailored to
what is expected from the protocol, rather than being fixed
to a default of 4096. If your protocol only sends frames of
a dozen bytes this allows you to only allocate an rx frame
buffer of the same size.
For example the per-connection allocation (excluding headers)
for the test server fell from ~4500 to < 750 bytes with this.
Signed-off-by: Andy Green <andy.green@linaro.org>
This gets rid of the stack buffer while serving files, and the
PATH_MAX char array that used to hold the filepath in the wsi.
It holds an extra file descriptor open while serving the file,
however it attempts to stuff the socket with as much of the
file as it can take. For files of a few KB, that typically
completes (without blocking) in the call to
libwebsockets_serve_http_file() and then closes the file
descriptor before returning.
Signed-off-by: Andy Green <andy.green@linaro.org>
This reduces the size of struct libwebscocket from 4840 to 4552
on x86_64
There are also big benefits on malloc pool fragmentation and
allocation, the header allocations only exist between the first
peer communication and websocket connection establishment for
both server and client.
Signed-off-by: Andy Green <andy.green@linaro.org>
http://www.yassl.com/yaSSL/Products-cyassl.html
- Small Size: 20-100kB
- Runtime Memory: 1-36kB
- 20X smaller than OpenSSL
So far only tested on Linux.
Note that this requires a bugfix in cyassl, otherwise it will crash. Pull request has been made to the official repos, in the meantime the following repos can be used: git://github.com/JoakimSoderberg/cyassl.git
- Finalized CMake support (tested on windows only so far).
- Uses a generated lws_config.h that is included in
private-libwebsocket to pass defines, only used if CMAKE_BUILD is set.
- Support for SSL on Windows.
- Initial support for CyaSSL replacement of OpenSSL (This has been added
to my older CMake-fork but haven't been tested on this version yet).
- Fixed windows build (see below for details).
- Fixed at least the 32-bit Debug build for the existing Visual Studio
Project. (Not to keen fixing all the others when we have CMake support
anyway (which can generate much better project files)...)
- BUGFIXES:
- handshake.c
- used C99 definition of handshake_0405 function
- libwebsocket.c
- syslog not available on windows, put in ifdefs.
- Fixed previous known crash bug on Windows where WSAPoll in
Ws2_32.dll would not be present, causing the poll function pointer
being set to NULL.
- Uninitialized variable context->listen_service_extraseen would
result in stack overflow because of infinite recursion. Fixed by
initializing in libwebsocket_create_context
- SO_REUSADDR means something different on Windows compared to Unix.
- Setting a socket to nonblocking is done differently on Windows.
(This should probably broken out into a helper function instead)
- lwsl_emit_syslog -> lwsl_emit_stderr on Windows.
- private-libwebsocket.h
- PATH_MAX is not available on Windows, define as MAX_PATH
- Always define LWS_NO_DAEMONIZE on windows.
- Don't define lws_latency as inline that does nothing. inline is not
support by the Microsoft compiler, replaced with an empty define
instead. (It's __inline in MSVC)
- server.c
- Fixed nonblock call on windows
- test-ping.c
- Don't use C99 features (Microsoft compiler does not support it).
- Move non-win32 headers into ifdefs.
- Skip use of sighandler on Windows.
- test-server.c
- ifdef syslog parts on Windows.
Libwebsockets is fundamentally singlethreaded... the existence of the
fork and broadcast support, especially in the sample server is
giving the wrong idea about how to use it.
This replaces broadcast in the sample server with
libwebsocket_callback_on_writable_all_protocol(). The whole idea of
'broadcast' is removed.
All of the broadcast proxy stuff is removed: data must now be sent
from the callback only. Doing othherwise is not reliable since the
service loop may close the socket and free the wsi at any time,
invalidating a wsi pointer held by another thread (don't do that!)
Likewise the confirm_legit_wsi api added recently does not help the
other thread case, since if the wsi has been freed dereferencing the
wsi to study if it is legit or not will segfault in that case. So
this is removed too.
The overall effect is to push user code to only operate inside the
protocol callbacks or external poll loops, ie, single thread context.
Signed-off-by: Andy Green <andy.green@linaro.org>
