Openssl v1.0.2 and above have support for checking the hostname
the client side connected to against the hostname on the cert the
server presented.
This enables that feature if the necessary API is available in the
openssl version, meaning the connection will fail at ssl negotiation if the
cert isn't for the requested server
It's very easy to test, add a fake entry to /etc/hosts for the server IP with
a different name, using that will fail at ssl but using the correct dns name
matching the certificate will work.
Valgrind caught http/1.1 pipelining using dead user agent alloc
for logging... NULL it when we free it since the wsi can be
reused with keepalive
==16208== Invalid free() / delete / delete[] / realloc()
==16208== at 0x4847ACC: free (vg_replace_malloc.c:530)
==16208== by 0x4888DC3: _realloc (alloc.c:8)
==16208== by 0x4888DFF: lws_realloc (alloc.c:16)
==16208== by 0x487DBCB: lws_access_log (libwebsockets.c:2352)
==16208== by 0x48956DF: lws_http_transaction_completed (server.c:1245)
==16208== by 0x4893757: lws_http_serve (server.c:340)
==16208== by 0x48946EF: lws_http_action (server.c:748)
==16208== by 0x4894CEF: lws_handshake_server (server.c:900)
==16208== by 0x48786BF: lws_read (handshake.c:120)
==16208== by 0x4896103: lws_server_socket_service (server.c:1580)
==16208== by 0x487FB6B: lws_service_fd_tsi (service.c:779)
==16208== by 0x48803B7: lws_service_fd (service.c:1079)
==16208== Address 0x552e5f8 is 0 bytes inside a block of size 86 free'd
==16208== at 0x4847ACC: free (vg_replace_malloc.c:530)
==16208== by 0x4888DC3: _realloc (alloc.c:8)
==16208== by 0x4888DFF: lws_realloc (alloc.c:16)
==16208== by 0x487DBCB: lws_access_log (libwebsockets.c:2352)
==16208== by 0x48956DF: lws_http_transaction_completed (server.c:1245)
==16208== by 0x4893757: lws_http_serve (server.c:340)
==16208== by 0x48946EF: lws_http_action (server.c:748)
==16208== by 0x4894CEF: lws_handshake_server (server.c:900)
==16208== by 0x48786BF: lws_read (handshake.c:120)
==16208== by 0x4896103: lws_server_socket_service (server.c:1580)
==16208== by 0x487FB6B: lws_service_fd_tsi (service.c:779)
==16208== by 0x48803B7: lws_service_fd (service.c:1079)
==16208== Block was alloc'd at
==16208== at 0x4846498: malloc (vg_replace_malloc.c:298)
==16208== by 0x4848D57: realloc (vg_replace_malloc.c:785)
==16208== by 0x4888DA7: _realloc (alloc.c:6)
==16208== by 0x4888DFF: lws_realloc (alloc.c:16)
==16208== by 0x4893EAF: lws_http_action (server.c:565)
==16208== by 0x4894CEF: lws_handshake_server (server.c:900)
==16208== by 0x48786BF: lws_read (handshake.c:120)
==16208== by 0x4896103: lws_server_socket_service (server.c:1580)
==16208== by 0x487FB6B: lws_service_fd_tsi (service.c:779)
==16208== by 0x48803B7: lws_service_fd (service.c:1079)
==16208== by 0x48994B7: lws_io_cb (libuv.c:101)
==16208== by 0x4AE7B1F: ??? (in /usr/lib/libuv.so.1.0.0)
Signed-off-by: Andy Green <andy@warmcat.com>
Until now lws has finished the HTTP transaction when the POST body was
completely received.
However that needlessly makes it impossible to send a HTTP 200 and a
response without a redirect.
This changes lws behaviour after sending the LWS_CALLBACK_HTTP_BODY_COMPLETION
callback to no longer terminate the HTTP transaction.
If you want the old behaviour, you can terminate the transaction with
lws_http_transaction_completed() in the LWS_CALLBACK_HTTP_BODY_COMPLETION
callback.
Otherwise it's now possible to call lws_callback_on_writable() from
LWS_CALLBACK_HTTP_BODY_COMPLETION.
Signed-off-by: Andy Green <andy@warmcat.com>
- libuv socket init binding was missing for client
- failures like no ws protocol match are deferred until the
ah is bound. Check for these failures and make sure we
tell the guy trying to set up the client connection the
wsi is NULL if it has already failed and closed.
- pfd.events was not initialized for the client init path
With this general client function is more robust but also
client connections work properly with libuv.
Signed-off-by: Andy Green <andy@warmcat.com>
If for some reason we exit before the protocol init action
(which is delayed for libuv) we should not send the protocol
destroy messages
Signed-off-by: Andy Green <andy@warmcat.com>
While checking with ab, I found
commit 30cdb3ac8f
Author: Justin Chen <justinchen00@github.invalid.com>
Date: Thu Apr 14 21:40:53 2016 +0800
recv treat zero return as error
https://github.com/warmcat/libwebsockets/issues/475
turned ab performance to crap, reverting it made everything fast again.
recv manpage says there is three ways to get zero returned
1) When a stream socket peer has performed an orderly shutdown, the return value will be 0 (the traditional "end-of-file"
return).
2) Datagram sockets in various domains (e.g., the UNIX and Internet domains) permit zero-length datagrams. When such a
datagram is received, the return value is 0.
3) The value 0 may also be returned if the requested number of bytes to receive from a stream socket was 0.
we can't just assume it means the peer shut down.
If the peer shut down, then the event loop should get an event on the socket like POLLHUP and deal with it that way.
So the patch mentioned above is simply reverted here.
Signed-off-by: Andy Green <andy@warmcat.com>
