2 * libwebsockets - small server side websockets and web server implementation
4 * Copyright (C) 2010-2014 Andy Green <andy@warmcat.com>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation:
9 * version 2.1 of the License.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
22 #include "private-libwebsockets.h"
24 #include <openssl/err.h>
27 int openssl_websocket_private_data_index;
29 static int lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata)
31 struct lws_context_creation_info * info = (struct lws_context_creation_info *)userdata;
33 strncpy(buf, info->ssl_private_key_password, size);
39 static void lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx,
40 struct lws_context_creation_info *info)
42 if (!info->ssl_private_key_password)
45 * password provided, set ssl callback and user data
46 * for checking password which will be trigered during
47 * SSL_CTX_use_PrivateKey_file function
49 SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info);
50 SSL_CTX_set_default_passwd_cb(ssl_ctx,
51 lws_context_init_ssl_pem_passwd_cb);
56 OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
60 struct libwebsocket_context *context;
62 ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
63 SSL_get_ex_data_X509_STORE_CTX_idx());
66 * !!! nasty openssl requires the index to come as a library-scope
69 context = SSL_get_ex_data(ssl, openssl_websocket_private_data_index);
71 n = context->protocols[0].callback(NULL, NULL,
72 LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION,
73 x509_ctx, ssl, preverify_ok);
75 /* convert return code from 0 = OK to 1 = OK */
80 lws_context_init_server_ssl(struct lws_context_creation_info *info,
81 struct libwebsocket_context *context)
87 if (info->port != CONTEXT_PORT_NO_LISTEN) {
89 context->use_ssl = info->ssl_cert_filepath != NULL;
93 lwsl_notice(" Compiled with CyaSSL support\n");
95 lwsl_notice(" Compiled with wolfSSL support\n");
98 lwsl_notice(" Compiled with OpenSSL support\n");
101 if (info->ssl_cipher_list)
102 lwsl_notice(" SSL ciphers: '%s'\n", info->ssl_cipher_list);
104 if (context->use_ssl)
105 lwsl_notice(" Using SSL mode\n");
107 lwsl_notice(" Using non-SSL mode\n");
110 /* basic openssl init */
114 OpenSSL_add_all_algorithms();
115 SSL_load_error_strings();
117 openssl_websocket_private_data_index =
118 SSL_get_ex_new_index(0, "libwebsockets", NULL, NULL, NULL);
121 * Firefox insists on SSLv23 not SSLv3
122 * Konq disables SSLv2 by default now, SSLv23 works
124 * SSLv23_server_method() is the openssl method for "allow all TLS
125 * versions", compared to e.g. TLSv1_2_server_method() which only allows
126 * tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options()
129 method = (SSL_METHOD *)SSLv23_server_method();
131 error = ERR_get_error();
132 lwsl_err("problem creating ssl method %lu: %s\n",
133 error, ERR_error_string(error,
134 (char *)context->service_buffer));
137 context->ssl_ctx = SSL_CTX_new(method); /* create context */
138 if (!context->ssl_ctx) {
139 error = ERR_get_error();
140 lwsl_err("problem creating ssl context %lu: %s\n",
141 error, ERR_error_string(error,
142 (char *)context->service_buffer));
146 /* Disable SSLv2 and SSLv3 */
147 SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
148 #ifdef SSL_OP_NO_COMPRESSION
149 SSL_CTX_set_options(context->ssl_ctx, SSL_OP_NO_COMPRESSION);
151 SSL_CTX_set_options(context->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
152 if (info->ssl_cipher_list)
153 SSL_CTX_set_cipher_list(context->ssl_ctx,
154 info->ssl_cipher_list);
156 /* as a server, are we requiring clients to identify themselves? */
159 LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT) {
161 int verify_options = SSL_VERIFY_PEER;
163 if (!(info->options & LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
164 verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
166 SSL_CTX_set_session_id_context(context->ssl_ctx,
167 (unsigned char *)context, sizeof(void *));
169 /* absolutely require the client cert */
171 SSL_CTX_set_verify(context->ssl_ctx,
172 verify_options, OpenSSL_verify_callback);
175 * give user code a chance to load certs into the server
176 * allowing it to verify incoming client certs
179 context->protocols[0].callback(context, NULL,
180 LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS,
181 context->ssl_ctx, NULL, 0);
184 if (info->options & LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT) {
185 /* Normally SSL listener rejects non-ssl, optionally allow */
186 context->allow_non_ssl_on_ssl_port = 1;
189 if (context->use_ssl) {
191 /* openssl init for server sockets */
193 /* set the local certificate from CertFile */
194 n = SSL_CTX_use_certificate_chain_file(context->ssl_ctx,
195 info->ssl_cert_filepath);
197 error = ERR_get_error();
198 lwsl_err("problem getting cert '%s' %lu: %s\n",
199 info->ssl_cert_filepath,
201 ERR_error_string(error,
202 (char *)context->service_buffer));
205 lws_ssl_bind_passphrase(context->ssl_ctx, info);
207 if (info->ssl_private_key_filepath != NULL) {
208 /* set the private key from KeyFile */
209 if (SSL_CTX_use_PrivateKey_file(context->ssl_ctx,
210 info->ssl_private_key_filepath,
211 SSL_FILETYPE_PEM) != 1) {
212 error = ERR_get_error();
213 lwsl_err("ssl problem getting key '%s' %lu: %s\n",
214 info->ssl_private_key_filepath,
216 ERR_error_string(error,
217 (char *)context->service_buffer));
222 if (context->protocols[0].callback(context, NULL,
223 LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY,
224 context->ssl_ctx, NULL, 0)) {
225 lwsl_err("ssl private key not set\n");
230 /* verify private key */
231 if (!SSL_CTX_check_private_key(context->ssl_ctx)) {
232 lwsl_err("Private SSL key doesn't match cert\n");
237 * SSL is happy and has a cert it's content with
238 * If we're supporting HTTP2, initialize that
241 lws_context_init_http2_ssl(context);
249 lws_ssl_destroy(struct libwebsocket_context *context)
251 if (context->ssl_ctx)
252 SSL_CTX_free(context->ssl_ctx);
253 if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx)
254 SSL_CTX_free(context->ssl_client_ctx);
256 #if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
259 ERR_remove_thread_state(NULL);
263 CRYPTO_cleanup_all_ex_data();
267 libwebsockets_decode_ssl_error(void)
272 while ((err = ERR_get_error()) != 0) {
273 ERR_error_string_n(err, buf, sizeof(buf));
274 lwsl_err("*** %lu %s\n", err, buf);
278 #ifndef LWS_NO_CLIENT
280 int lws_context_init_client_ssl(struct lws_context_creation_info *info,
281 struct libwebsocket_context *context)
287 if (info->provided_client_ssl_ctx) {
288 /* use the provided OpenSSL context if given one */
289 context->ssl_client_ctx = info->provided_client_ssl_ctx;
290 /* nothing for lib to delete */
291 context->user_supplied_ssl_ctx = 1;
295 if (info->port != CONTEXT_PORT_NO_LISTEN)
298 /* basic openssl init */
302 OpenSSL_add_all_algorithms();
303 SSL_load_error_strings();
305 method = (SSL_METHOD *)SSLv23_client_method();
307 error = ERR_get_error();
308 lwsl_err("problem creating ssl method %lu: %s\n",
309 error, ERR_error_string(error,
310 (char *)context->service_buffer));
314 context->ssl_client_ctx = SSL_CTX_new(method);
315 if (!context->ssl_client_ctx) {
316 error = ERR_get_error();
317 lwsl_err("problem creating ssl context %lu: %s\n",
318 error, ERR_error_string(error,
319 (char *)context->service_buffer));
323 #ifdef SSL_OP_NO_COMPRESSION
324 SSL_CTX_set_options(context->ssl_client_ctx,
325 SSL_OP_NO_COMPRESSION);
327 SSL_CTX_set_options(context->ssl_client_ctx,
328 SSL_OP_CIPHER_SERVER_PREFERENCE);
329 if (info->ssl_cipher_list)
330 SSL_CTX_set_cipher_list(context->ssl_client_ctx,
331 info->ssl_cipher_list);
333 #ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS
334 if (!(info->options & LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS))
335 /* loads OS default CA certs */
336 SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);
339 /* openssl init for cert verification (for client sockets) */
340 if (!info->ssl_ca_filepath) {
341 if (!SSL_CTX_load_verify_locations(
342 context->ssl_client_ctx, NULL,
343 LWS_OPENSSL_CLIENT_CERTS))
345 "Unable to load SSL Client certs from %s "
346 "(set by --with-client-cert-dir= "
347 "in configure) -- client ssl isn't "
348 "going to work", LWS_OPENSSL_CLIENT_CERTS);
350 if (!SSL_CTX_load_verify_locations(
351 context->ssl_client_ctx, info->ssl_ca_filepath,
354 "Unable to load SSL Client certs "
355 "file from %s -- client ssl isn't "
356 "going to work", info->ssl_ca_filepath);
358 lwsl_info("loaded ssl_ca_filepath\n");
361 * callback allowing user code to load extra verification certs
362 * helping the client to verify server identity
365 /* support for client-side certificate authentication */
366 if (info->ssl_cert_filepath) {
367 n = SSL_CTX_use_certificate_chain_file(
368 context->ssl_client_ctx,
369 info->ssl_cert_filepath);
371 lwsl_err("problem getting cert '%s' %lu: %s\n",
372 info->ssl_cert_filepath,
374 ERR_error_string(ERR_get_error(),
375 (char *)context->service_buffer));
379 if (info->ssl_private_key_filepath) {
380 lws_ssl_bind_passphrase(context->ssl_client_ctx, info);
381 /* set the private key from KeyFile */
382 if (SSL_CTX_use_PrivateKey_file(context->ssl_client_ctx,
383 info->ssl_private_key_filepath, SSL_FILETYPE_PEM) != 1) {
384 lwsl_err("use_PrivateKey_file '%s' %lu: %s\n",
385 info->ssl_private_key_filepath,
387 ERR_error_string(ERR_get_error(),
388 (char *)context->service_buffer));
392 /* verify private key */
393 if (!SSL_CTX_check_private_key(
394 context->ssl_client_ctx)) {
395 lwsl_err("Private SSL key doesn't match cert\n");
400 context->protocols[0].callback(context, NULL,
401 LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
402 context->ssl_client_ctx, NULL, 0);
409 lws_ssl_remove_wsi_from_buffered_list(struct libwebsocket_context *context,
410 struct libwebsocket *wsi)
412 if (!wsi->pending_read_list_prev &&
413 !wsi->pending_read_list_next &&
414 context->pending_read_list != wsi)
415 /* we are not on the list */
418 /* point previous guy's next to our next */
419 if (!wsi->pending_read_list_prev)
420 context->pending_read_list = wsi->pending_read_list_next;
422 wsi->pending_read_list_prev->pending_read_list_next =
423 wsi->pending_read_list_next;
425 /* point next guy's previous to our previous */
426 if (wsi->pending_read_list_next)
427 wsi->pending_read_list_next->pending_read_list_prev =
428 wsi->pending_read_list_prev;
430 wsi->pending_read_list_prev = NULL;
431 wsi->pending_read_list_next = NULL;
435 lws_ssl_capable_read(struct libwebsocket_context *context,
436 struct libwebsocket *wsi, unsigned char *buf, int len)
441 return lws_ssl_capable_read_no_ssl(context, wsi, buf, len);
443 n = SSL_read(wsi->ssl, buf, len);
446 * if it was our buffer that limited what we read,
447 * check if SSL has additional data pending inside SSL buffers.
449 * Because these won't signal at the network layer with POLLIN
450 * and if we don't realize, this data will sit there forever
452 if (n == len && wsi->ssl && SSL_pending(wsi->ssl)) {
453 if (!wsi->pending_read_list_next && !wsi->pending_read_list_prev) {
454 if (context->pending_read_list != wsi) {
455 /* add us to the linked list of guys with pending ssl */
456 if (context->pending_read_list)
457 context->pending_read_list->pending_read_list_prev = wsi;
458 wsi->pending_read_list_next = context->pending_read_list;
459 wsi->pending_read_list_prev = NULL;
460 context->pending_read_list = wsi;
464 lws_ssl_remove_wsi_from_buffered_list(context, wsi);
468 n = SSL_get_error(wsi->ssl, n);
469 if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE)
470 return LWS_SSL_CAPABLE_MORE_SERVICE;
472 return LWS_SSL_CAPABLE_ERROR;
476 lws_ssl_pending(struct libwebsocket *wsi)
481 return SSL_pending(wsi->ssl);
485 lws_ssl_capable_write(struct libwebsocket *wsi, unsigned char *buf, int len)
490 return lws_ssl_capable_write_no_ssl(wsi, buf, len);
492 n = SSL_write(wsi->ssl, buf, len);
496 n = SSL_get_error(wsi->ssl, n);
497 if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE) {
498 if (n == SSL_ERROR_WANT_WRITE)
499 lws_set_blocking_send(wsi);
500 return LWS_SSL_CAPABLE_MORE_SERVICE;
503 return LWS_SSL_CAPABLE_ERROR;
507 lws_ssl_close(struct libwebsocket *wsi)
512 return 0; /* not handled */
514 n = SSL_get_fd(wsi->ssl);
515 SSL_shutdown(wsi->ssl);
519 return 1; /* handled */
523 lws_server_socket_service_ssl(struct libwebsocket_context *context,
524 struct libwebsocket **pwsi, struct libwebsocket *new_wsi,
525 int accept_fd, struct libwebsocket_pollfd *pollfd)
528 struct libwebsocket *wsi = *pwsi;
533 if (!LWS_SSL_ENABLED(context))
537 case LWS_CONNMODE_SERVER_LISTENER:
540 lwsl_err("no new_wsi\n");
544 new_wsi->ssl = SSL_new(context->ssl_ctx);
545 if (new_wsi->ssl == NULL) {
546 lwsl_err("SSL_new failed: %s\n",
547 ERR_error_string(SSL_get_error(new_wsi->ssl, 0), NULL));
548 libwebsockets_decode_ssl_error();
550 // TODO: Shouldn't the caller handle this?
551 compatible_close(accept_fd);
555 SSL_set_ex_data(new_wsi->ssl,
556 openssl_websocket_private_data_index, context);
558 SSL_set_fd(new_wsi->ssl, accept_fd);
561 #ifdef USE_OLD_CYASSL
562 CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
564 wolfSSL_set_using_nonblock(new_wsi->ssl, 1);
567 SSL_set_mode(new_wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
568 bio = SSL_get_rbio(new_wsi->ssl);
570 BIO_set_nbio(bio, 1); /* nonblocking */
572 lwsl_notice("NULL rbio\n");
573 bio = SSL_get_wbio(new_wsi->ssl);
575 BIO_set_nbio(bio, 1); /* nonblocking */
577 lwsl_notice("NULL rbio\n");
581 * we are not accepted yet, but we need to enter ourselves
582 * as a live connection. That way we can retry when more
583 * pieces come if we're not sorted yet
588 wsi->mode = LWS_CONNMODE_SSL_ACK_PENDING;
589 if (insert_wsi_socket_into_fds(context, wsi))
592 libwebsocket_set_timeout(wsi, PENDING_TIMEOUT_SSL_ACCEPT,
595 lwsl_info("inserted SSL accept into fds, trying SSL_accept\n");
599 case LWS_CONNMODE_SSL_ACK_PENDING:
601 if (lws_change_pollfd(wsi, LWS_POLLOUT, 0))
604 lws_libev_io(context, wsi, LWS_EV_STOP | LWS_EV_WRITE);
606 lws_latency_pre(context, wsi);
608 n = recv(wsi->sock, (char *)context->service_buffer,
609 sizeof(context->service_buffer), MSG_PEEK);
612 * optionally allow non-SSL connect on SSL listening socket
613 * This is disabled by default, if enabled it goes around any
614 * SSL-level access control (eg, client-side certs) so leave
615 * it disabled unless you know it's not a problem for you
618 if (context->allow_non_ssl_on_ssl_port) {
619 if (n >= 1 && context->service_buffer[0] >= ' ') {
621 * TLS content-type for Handshake is 0x16, and
622 * for ChangeCipherSpec Record, it's 0x14
624 * A non-ssl session will start with the HTTP
625 * method in ASCII. If we see it's not a legit
626 * SSL handshake kill the SSL for this
627 * connection and try to handle as a HTTP
628 * connection upgrade directly.
631 SSL_shutdown(wsi->ssl);
636 if (n == 0 || LWS_ERRNO == LWS_EAGAIN ||
637 LWS_ERRNO == LWS_EWOULDBLOCK) {
639 * well, we get no way to know ssl or not
640 * so go around again waiting for something
641 * to come and give us a hint, or timeout the
644 m = SSL_ERROR_WANT_READ;
649 /* normal SSL connection processing path */
651 n = SSL_accept(wsi->ssl);
652 lws_latency(context, wsi,
653 "SSL_accept LWS_CONNMODE_SSL_ACK_PENDING\n", n, n == 1);
658 m = SSL_get_error(wsi->ssl, n);
659 lwsl_debug("SSL_accept failed %d / %s\n",
660 m, ERR_error_string(m, NULL));
662 if (m == SSL_ERROR_WANT_READ) {
663 if (lws_change_pollfd(wsi, 0, LWS_POLLIN))
666 lws_libev_io(context, wsi, LWS_EV_START | LWS_EV_READ);
668 lwsl_info("SSL_ERROR_WANT_READ\n");
671 if (m == SSL_ERROR_WANT_WRITE) {
672 if (lws_change_pollfd(wsi, 0, LWS_POLLOUT))
675 lws_libev_io(context, wsi, LWS_EV_START | LWS_EV_WRITE);
678 lwsl_debug("SSL_accept failed skt %u: %s\n",
679 pollfd->fd, ERR_error_string(m, NULL));
683 /* OK, we are accepted... give him some time to negotiate */
684 libwebsocket_set_timeout(wsi,
685 PENDING_TIMEOUT_ESTABLISH_WITH_SERVER,
688 wsi->mode = LWS_CONNMODE_HTTP_SERVING;
690 lws_http2_configure_if_upgraded(wsi);
692 lwsl_debug("accepted new SSL conn\n");
703 lws_ssl_context_destroy(struct libwebsocket_context *context)
705 if (context->ssl_ctx)
706 SSL_CTX_free(context->ssl_ctx);
707 if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx)
708 SSL_CTX_free(context->ssl_client_ctx);
710 #if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
713 ERR_remove_thread_state(NULL);
717 CRYPTO_cleanup_all_ex_data();