client fix reaction to tls failure

https://github.com/warmcat/libwebsockets/issues/508

Signed-off-by: Andy Green <andy@warmcat.com>

diff --git a/README.test-apps.md b/README.test-apps.md
index 60308da..5f4d347 100644 (file)
--- a/README.test-apps.md
+++ b/README.test-apps.md
@@ -78,6 +78,16 @@ same time as drawing random circles in the mirror protocol;
 if you connect to the test server using a browser at the
 same time you will be able to see the circles being drawn.
 
+The test client supports SSL too, use
+
+```bash
+$ libwebsockets-test-client localhost --ssl -s
+```
+
+the -s tells it to accept the default selfsigned cert from the server,
+otherwise it will strictly fail the connection if there is no CA cert to
+validate the server's certificate.
+
 
 Testing simple echo
 -------------------

diff --git a/lib/client-handshake.c b/lib/client-handshake.c
index cdc49d5..01a74d7 100644 (file)
--- a/lib/client-handshake.c
+++ b/lib/client-handshake.c
@@ -171,6 +171,9 @@ lws_client_connect_2(struct lws *wsi)
                 * past here, we can't simply free the structs as error
                 * handling as oom4 does.  We have to run the whole close flow.
                 */
+               if (!wsi->protocol)
+                       wsi->protocol = &wsi->context->protocols[0];
+
                wsi->protocol->callback(wsi, LWS_CALLBACK_WSI_CREATE,
                                        wsi->user_space, NULL, 0);
                lws_set_timeout(wsi,

diff --git a/lib/client.c b/lib/client.c
index b4cd336..e8b65ac 100644 (file)
--- a/lib/client.c
+++ b/lib/client.c
@@ -264,7 +264,7 @@ some_wait:
                                if (n != SSL_ERROR_NONE) {
                                        lwsl_err("SSL connect error %lu: %s\n",
                                                n, ERR_error_string(n, sb));
-                                       return 0;
+                                       goto bail3;
                                }
                        }
                } else
@@ -318,7 +318,7 @@ some_wait:
                                        if (n != SSL_ERROR_NONE) {
                                                lwsl_err("SSL connect error %lu: %s\n",
                                                         n, ERR_error_string(n, sb));
-                                               return 0;
+                                               goto bail3;
                                        }
                                }
                        }
@@ -343,7 +343,7 @@ some_wait:
                                                 n, ERR_error_string(n, sb));
                                        lws_close_free_wsi(wsi,
                                                LWS_CLOSE_STATUS_NOSTATUS);
-                                       return 0;
+                                       return -1;
                                }
                        }
 #endif /* USE_WOLFSSL */
@@ -462,6 +462,10 @@ some_wait:
 
 bail3:
                lwsl_info("closing conn at LWS_CONNMODE...SERVER_REPLY\n");
+               wsi->context->protocols[0].callback(wsi,
+                               LWS_CALLBACK_CLIENT_CONNECTION_ERROR,
+                               wsi->user_space, NULL, 0);
+
                lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS);
                return -1;
 

diff --git a/lib/service.c b/lib/service.c
index c0820c6..ceab37a 100644 (file)
--- a/lib/service.c
+++ b/lib/service.c
@@ -325,6 +325,10 @@ lws_service_timeout_check(struct lws *wsi, unsigned int sec)
                 * cleanup like flush partials.
                 */
                wsi->socket_is_permanently_unusable = 1;
+               if (wsi->mode == LWSCM_WSCL_WAITING_SSL)
+                       wsi->context->protocols[0].callback(wsi,
+                                       LWS_CALLBACK_CLIENT_CONNECTION_ERROR,
+                                       wsi->user_space, NULL, 0);
                lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS);
 
                return 1;

diff --git a/test-server/test-client.c b/test-server/test-client.c
index 2f6ea10..c26be7f 100644 (file)
--- a/test-server/test-client.c
+++ b/test-server/test-client.c
@@ -335,7 +335,15 @@ int main(int argc, char **argv)
        if (!strcmp(prot, "http") || !strcmp(prot, "ws"))
                use_ssl = 0;
        if (!strcmp(prot, "https") || !strcmp(prot, "wss"))
-               use_ssl = 1;
+               if (!use_ssl)
+                       use_ssl = 1;
+
+       if (use_ssl) {
+               if (use_ssl == 1)
+                       lwsl_notice(" Cert must validate correctly (use -s to allow selfsigned)\n");
+               else
+                       lwsl_notice(" Selfsigned certs allowed\n");
+       }
 
        /*
         * create the websockets context.  This tracks open connections and