len = lws_vfs_get_length(fops_fd);
- *buf = malloc(len);
+ *buf = malloc((size_t)len);
if (!buf)
goto bail;
n = 2;
goto bail;
}
- if (nvs_get_blob(nvh, filename, (char *)*buf, &s) != ESP_OK)
+ if (nvs_get_blob(nvh, filename, (char *)*buf, &s) != ESP_OK) {
+ free(*buf);
n = 1;
+ goto bail;
+ }
*amount = s;
return n;
}
+int alloc_pem_to_der_file(struct lws_context *context, const char *filename, uint8_t **buf,
+ lws_filepos_t *amount)
+{
+ uint8_t *pem, *p, *q, *end;
+ lws_filepos_t len;
+ int n;
+
+ n = alloc_file(context, filename, &pem, &len);
+ if (n)
+ return n;
+
+ /* trim the first line */
+
+ p = pem;
+ end = p + len;
+ if (strncmp((char *)p, "-----", 5))
+ goto bail;
+ p += 5;
+ while (p < end && *p != '\n' && *p != '-')
+ p++;
+
+ if (*p != '-')
+ goto bail;
+
+ while (p < end && *p != '\n')
+ p++;
+
+ if (p >= end)
+ goto bail;
+
+ p++;
+
+ /* trim the last line */
+
+ q = end - 2;
+
+ while (q > pem && *q != '\n')
+ q--;
+
+ if (*q != '\n')
+ goto bail;
+
+ *q = '\0';
+
+ *amount = lws_b64_decode_string((char *)p, (char *)pem, len);
+ *buf = pem;
+
+ return 0;
+
+bail:
+ free(pem);
+
+ return 4;
+}
#endif
int openssl_websocket_private_data_index,
return LWS_SSL_CAPABLE_ERROR;
}
#endif
+#if defined(LWS_WITH_STATS)
+ if (!wsi->seen_rx) {
+ lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_MS_SSL_RX_DELAY,
+ time_in_microseconds() - wsi->accept_start_us);
+ lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_SSL_CONNS_HAD_RX, 1);
+ wsi->seen_rx = 1;
+ }
+#endif
+
lwsl_debug("%p: SSL_read says %d\n", wsi, n);
/* manpage: returning 0 means connection shut down */
if (n < 0) {
n = lws_ssl_get_error(wsi, n);
- lwsl_notice("get_ssl_err result %d\n", n);
+ // lwsl_notice("get_ssl_err result %d\n", n);
if (n == SSL_ERROR_WANT_READ || SSL_want_read(wsi->ssl)) {
lwsl_debug("%s: WANT_READ\n", __func__);
lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi);
struct lws_vhost *v = context->vhost_list;
lwsl_info("gating accepts %d\n", on);
+ context->ssl_gate_accepts = !on;
+#if defined(LWS_WITH_STATS)
+ context->updated = 1;
+#endif
while (v) {
if (v->use_ssl && v->lserv_wsi) /* gate ability to accept incoming connections */
wsi->context->simultaneous_ssl_restriction)
/* we made space and can do an accept */
lws_gate_accepts(wsi->context, 1);
+#if defined(LWS_WITH_STATS)
+ wsi->context->updated = 1;
+#endif
return 1; /* handled */
}
++context->simultaneous_ssl == context->simultaneous_ssl_restriction)
/* that was the last allowed SSL connection */
lws_gate_accepts(context, 0);
+#if defined(LWS_WITH_STATS)
+ context->updated = 1;
+#endif
#if !defined(LWS_WITH_ESP32)
SSL_set_ex_data(wsi->ssl,
lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_C_SSL_CONNECTIONS_ACCEPTED, 1);
#if defined(LWS_WITH_STATS)
lws_stats_atomic_bump(wsi->context, pt, LWSSTATS_MS_SSL_CONNECTIONS_ACCEPTED_DELAY, time_in_microseconds() - wsi->accept_start_us);
+ wsi->accept_start_us = time_in_microseconds();
#endif
/* OK, we are accepted... give him some time to negotiate */