**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIBRARIES` instead.
+Compiling libwebsockets with PolarSSL
+-------------------------------------
+
+Caution... at some point PolarSSL became MbedTLS. But it did not happen all at once.
+The name changed first then at mbedTLS 2.0 the apis changed. So eg in Fedora 22,
+there is an "mbedtls" package which is actually using polarssl for the include dir
+and polarssl apis... this should be treated as polarssl then.
+
+Example config for this case is
+
+cmake .. -DLWS_USE_POLARSSL=1 -DLWS_POLARSSL_LIBRARIES=/usr/lib64/libmbedtls.so \
+ -DLWS_POLARSSL_INCLUDE_DIRS=/usr/include/polarssl/
+
Reproducing HTTP2.0 tests
-------------------------
#else
#if defined(LWS_USE_POLARSSL)
#include <polarssl/ssl.h>
-#define SSL_CTX ssl_context
-#define SSL ssl_session
+struct lws_polarssl_context {
+ x509_crt ca;
+ x509_crt certificate;
+ rsa_context key;
+};
+typedef struct lws_polarssl_context SSL_CTX;
+typedef ssl_context SSL;
#else
#if defined(LWS_USE_MBEDTLS)
#include <mbedtls/ssl.h>
#else
#include <openssl/ssl.h>
+#include <openssl/err.h>
#endif /* not USE_MBEDTLS */
#endif /* not USE_POLARSSL */
#endif /* not USE_WOLFSSL */
#include <polarssl/md5.h>
#include <polarssl/sha1.h>
#include <polarssl/ecdh.h>
+#define SSL_ERROR_WANT_READ POLARSSL_ERR_NET_WANT_READ
+#define SSL_ERROR_WANT_WRITE POLARSSL_ERR_NET_WANT_WRITE
+#define OPENSSL_VERSION_NUMBER 0x10002000L
#else
#if defined(LWS_USE_MBEDTLS)
#include <mbedtls/ssl.h>
/*------------------------------------------------------------*/
static void
-sha1_init(struct sha1_ctxt *ctxt)
+_sha1_init(struct sha1_ctxt *ctxt)
{
bzero(ctxt, sizeof(struct sha1_ctxt));
H(0) = 0x67452301;
{
struct sha1_ctxt ctx;
- sha1_init(&ctx);
+ _sha1_init(&ctx);
sha1_loop(&ctx, d, n);
sha1_result(&ctx, (void *)md);
/*
* libwebsockets - small server side websockets and web server implementation
*
- * Copyright (C) 2010-2014 Andy Green <andy@warmcat.com>
+ * Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
extern void
lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info);
+extern int lws_ssl_get_error(struct lws *wsi, int n);
+
int
lws_ssl_client_bio_create(struct lws *wsi)
{
+#if defined(LWS_USE_POLARSSL)
+ return 0;
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
struct lws_context *context = wsi->context;
#if defined(CYASSL_SNI_HOST_NAME) || defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
const char *hostname = lws_hdr_simple_ptr(wsi, _WSI_TOKEN_CLIENT_HOST);
context);
return 0;
+#endif
+#endif
}
int
lws_ssl_client_connect1(struct lws *wsi)
{
struct lws_context *context = wsi->context;
- struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
- char *p = (char *)&pt->serv_buf[0];
- char *sb = p;
- int n;
+ int n = 0;
lws_latency_pre(context, wsi);
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = SSL_connect(wsi->ssl);
+#endif
+#endif
lws_latency(context, wsi,
"SSL_connect LWSCM_WSCL_ISSUE_HANDSHAKE", n, n > 0);
if (n < 0) {
- n = SSL_get_error(wsi->ssl, n);
+ n = lws_ssl_get_error(wsi, n);
if (n == SSL_ERROR_WANT_READ)
goto some_wait;
* retry if new data comes until we
* run into the connection timeout or win
*/
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = ERR_get_error();
+
if (n != SSL_ERROR_NONE) {
+ struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
+ char *p = (char *)&pt->serv_buf[0];
+ char *sb = p;
lwsl_err("SSL connect error %lu: %s\n",
n, ERR_error_string(n, sb));
return 0;
}
+#endif
+#endif
}
return 1;
lws_ssl_client_connect2(struct lws *wsi)
{
struct lws_context *context = wsi->context;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
struct lws_context_per_thread *pt = &wsi->context->pt[(int)wsi->tsi];
char *p = (char *)&pt->serv_buf[0];
char *sb = p;
- int n;
+#endif
+#endif
+ int n = 0;
if (wsi->mode == LWSCM_WSCL_WAITING_SSL) {
lws_latency_pre(context, wsi);
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = SSL_connect(wsi->ssl);
+#endif
+#endif
lws_latency(context, wsi,
"SSL_connect LWSCM_WSCL_WAITING_SSL", n, n > 0);
if (n < 0) {
- n = SSL_get_error(wsi->ssl, n);
+ n = lws_ssl_get_error(wsi, n);
if (n == SSL_ERROR_WANT_READ) {
wsi->mode = LWSCM_WSCL_WAITING_SSL;
* retry if new data comes until we
* run into the connection timeout or win
*/
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = ERR_get_error();
if (n != SSL_ERROR_NONE) {
lwsl_err("SSL connect error %lu: %s\n",
n, ERR_error_string(n, sb));
return 0;
}
+#endif
+#endif
}
}
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#ifndef USE_WOLFSSL
/*
* See comment above about wolfSSL certificate
}
}
#endif /* USE_WOLFSSL */
+#endif
+#endif
return 1;
}
int lws_context_init_client_ssl(struct lws_context_creation_info *info,
struct lws_vhost *vhost)
{
+#if defined(LWS_USE_POLARSSL)
+ return 0;
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
int error;
int n;
SSL_METHOD *method;
vhost->ssl_client_ctx, NULL, 0);
return 0;
+#endif
+#endif
}
/*
* libwebsockets - small server side websockets and web server implementation
*
- * Copyright (C) 2010-2014 Andy Green <andy@warmcat.com>
+ * Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include "private-libwebsockets.h"
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
+
extern int openssl_websocket_private_data_index,
openssl_SSL_CTX_private_data_index;
}
#endif
+#endif
+#endif
+
LWS_VISIBLE int
lws_context_init_server_ssl(struct lws_context_creation_info *info,
struct lws_vhost *vhost)
{
- SSL_METHOD *method;
struct lws_context *context = vhost->context;
struct lws wsi;
int error;
*/
memset(&wsi, 0, sizeof(wsi));
wsi.vhost = vhost;
- wsi.context = vhost->context;
+ wsi.context = context;
+
+ (void)n;
+ (void)error;
+
+#if defined(LWS_USE_POLARSSL)
+ lwsl_notice(" Compiled with PolarSSL support\n");
+
+ vhost->ssl_ctx = lws_zalloc(sizeof (*vhost->ssl_ctx));
+
+ /* Load the trusted CA */
+
+ if (info->ssl_ca_filepath) {
+ n = x509_crt_parse_file(&vhost->ssl_ctx->ca,
+ info->ssl_ca_filepath);
+
+ if (n < 0) {
+// error_strerror(ret, errorbuf, sizeof(errorbuf));
+ lwsl_err("%s: Failed to load ca cert\n", __func__);
+ return -1;
+ }
+ }
+
+ /* Load our cert */
+
+ if (info->ssl_cert_filepath) {
+ n = x509_crt_parse_file(&vhost->ssl_ctx->certificate,
+ info->ssl_cert_filepath);
+
+ if (n < 0) {
+// error_strerror(ret, errorbuf, sizeof(errorbuf));
+ lwsl_err("%s: Failed to load cert\n", __func__);
+ return -1;
+ }
+ }
+
+ /* Load cert private key */
+
+ if (info->ssl_private_key_filepath) {
+ pk_context pk;
+ pk_init(&pk);
+ n = pk_parse_keyfile(&pk, info->ssl_private_key_filepath,
+ info->ssl_private_key_password);
+
+ if (!n && !pk_can_do(&pk, POLARSSL_PK_RSA))
+ n = POLARSSL_ERR_PK_TYPE_MISMATCH;
+
+ if (!n)
+ rsa_copy(&vhost->ssl_ctx->key, pk_rsa(pk));
+ else
+ rsa_free(&vhost->ssl_ctx->key);
+ pk_free(&pk);
+
+ if (n) {
+ //error_strerror(ret, errorbuf, sizeof(errorbuf));
+ lwsl_err("%s: error reading private key\n", __func__);
+
+ return -1;
+ }
+ }
+#else
+#if defined(LWS_USE_MBEDTLS)
+ lwsl_notice(" Compiled with mbedTLS support\n");
+#else
/*
* Firefox insists on SSLv23 not SSLv3
* tlsv1.2. Unwanted versions must be disabled using SSL_CTX_set_options()
*/
- method = (SSL_METHOD *)SSLv23_server_method();
- if (!method) {
- error = ERR_get_error();
- lwsl_err("problem creating ssl method %lu: %s\n",
- error, ERR_error_string(error,
+ {
+ SSL_METHOD *method;
+
+ method = (SSL_METHOD *)SSLv23_server_method();
+ if (!method) {
+ error = ERR_get_error();
+ lwsl_err("problem creating ssl method %lu: %s\n",
+ error, ERR_error_string(error,
(char *)context->pt[0].serv_buf));
- return 1;
- }
- vhost->ssl_ctx = SSL_CTX_new(method); /* create context */
- if (!vhost->ssl_ctx) {
- error = ERR_get_error();
- lwsl_err("problem creating ssl context %lu: %s\n",
- error, ERR_error_string(error,
+ return 1;
+ }
+ vhost->ssl_ctx = SSL_CTX_new(method); /* create context */
+ if (!vhost->ssl_ctx) {
+ error = ERR_get_error();
+ lwsl_err("problem creating ssl context %lu: %s\n",
+ error, ERR_error_string(error,
(char *)context->pt[0].serv_buf));
- return 1;
+ return 1;
+ }
}
/* associate the lws context with the SSL_CTX */
/* as a server, are we requiring clients to identify themselves? */
- if (lws_check_opt(info->options, LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) {
+ if (lws_check_opt(info->options,
+ LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) {
int verify_options = SSL_VERIFY_PEER;
- if (!lws_check_opt(info->options, LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
+ if (!lws_check_opt(info->options,
+ LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_CTX_set_session_id_context(vhost->ssl_ctx,
lws_context_init_http2_ssl(vhost);
}
+#endif
+#endif
+
return 0;
}
/*
* libwebsockets - small server side websockets and web server implementation
*
- * Copyright (C) 2010-2014 Andy Green <andy@warmcat.com>
+ * Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
#include "private-libwebsockets.h"
+#if defined(LWS_USE_POLARSSL)
+static const int ciphers[] =
+{
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_256_CBC_SHA,
+ TLS_RSA_WITH_AES_128_CBC_SHA,
+ 0
+};
+
+static int urandom_bytes(void *ctx, unsigned char *dest, size_t len)
+{
+ int cur;
+ int fd = open("/dev/urandom", O_RDONLY);
+
+ while (len) {
+ cur = read(fd, dest, len);
+ if (cur < 0)
+ continue;
+ len -= cur;
+ }
+ close(fd);
+
+ return 0;
+}
+
+static void pssl_debug(void *ctx, int level, const char *str)
+{
+ lwsl_err("PolarSSL [level %d]: %s", level, str);
+}
+
+#endif
+
int openssl_websocket_private_data_index,
openssl_SSL_CTX_private_data_index;
+int lws_ssl_get_error(struct lws *wsi, int n)
+{
+#if defined(LWS_USE_POLARSSL)
+#define ERR_error_string(a, b) ""
+ return n;
+#else
+#if defined(LWS_USE_MBEDTLS)
+ return n;
+#else
+ return SSL_get_error(wsi->ssl, n);
+#endif
+#endif
+}
+
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
static int
lws_context_init_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void *userdata)
{
return strlen(buf);
}
+#endif
+#endif
void
lws_ssl_bind_passphrase(SSL_CTX *ssl_ctx, struct lws_context_creation_info *info)
{
if (!info->ssl_private_key_password)
return;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
/*
* password provided, set ssl callback and user data
* for checking password which will be trigered during
*/
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)info);
SSL_CTX_set_default_passwd_cb(ssl_ctx, lws_context_init_ssl_pem_passwd_cb);
+#endif
+#endif
}
int
lwsl_notice(" Compiled with wolfSSL support\n");
#endif
#else
+#if defined(LWS_USE_POLARSSL)
+ lwsl_notice(" Compiled with PolarSSL support\n");
+#else
+#if defined(LWS_USE_MBEDTLS)
+ lwsl_notice(" Compiled with mbedTLS support\n");
+#else
lwsl_notice(" Compiled with OpenSSL support\n");
#endif
+#endif
+#endif
if (!lws_check_opt(info->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT)) {
lwsl_notice(" SSL disabled: no LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT\n");
/* basic openssl init */
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
SSL_library_init();
OpenSSL_add_all_algorithms();
openssl_SSL_CTX_private_data_index = SSL_CTX_get_ex_new_index(0,
NULL, NULL, NULL, NULL);
+#endif
+#endif
return 0;
}
LWS_VISIBLE void
lws_ssl_destroy(struct lws_vhost *vhost)
{
- if (!lws_check_opt(vhost->context->options, LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
+ if (!lws_check_opt(vhost->context->options,
+ LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT))
return;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
+
if (vhost->ssl_ctx)
SSL_CTX_free(vhost->ssl_ctx);
if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
+#endif
+#endif
}
LWS_VISIBLE void
lws_decode_ssl_error(void)
{
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
char buf[256];
u_long err;
-
while ((err = ERR_get_error()) != 0) {
ERR_error_string_n(err, buf, sizeof(buf));
lwsl_err("*** %lu %s\n", err, buf);
}
+#endif
+#endif
}
LWS_VISIBLE void
{
struct lws_context *context = wsi->context;
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
- int n;
+ int n = 0;
if (!wsi->ssl)
return lws_ssl_capable_read_no_ssl(wsi, buf, len);
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = SSL_read(wsi->ssl, buf, len);
+#endif
+#endif
+
/* manpage: returning 0 means connection shut down */
if (!n)
return LWS_SSL_CAPABLE_ERROR;
if (n < 0) {
- n = SSL_get_error(wsi->ssl, n);
+ n = lws_ssl_get_error(wsi, n);
if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE)
return LWS_SSL_CAPABLE_MORE_SERVICE;
goto bail;
if (!wsi->ssl)
goto bail;
+#if defined(LWS_USE_POLARSSL)
+ if (ssl_get_bytes_avail(wsi->ssl) <= 0)
+ goto bail;
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
if (!SSL_pending(wsi->ssl))
goto bail;
+#endif
+#endif
if (wsi->pending_read_list_next)
return n;
if (wsi->pending_read_list_prev)
{
if (!wsi->ssl)
return 0;
-
+#if defined(LWS_USE_POLARSSL)
+ return ssl_get_bytes_avail(wsi->ssl) > 0;
+#else
+#if defined(LWS_USE_MBEDTLS)
+ return ssl_get_bytes_avail(wsi->ssl) > 0;;
+#else
return SSL_pending(wsi->ssl);
+#endif
+#endif
}
LWS_VISIBLE int
if (!wsi->ssl)
return lws_ssl_capable_write_no_ssl(wsi, buf, len);
+#if defined(LWS_USE_POLARSSL)
+ n = ssl_write(wsi->ssl, buf, len);
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = SSL_write(wsi->ssl, buf, len);
+#endif
+#endif
if (n > 0)
return n;
- n = SSL_get_error(wsi->ssl, n);
+ n = lws_ssl_get_error(wsi, n);
if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE) {
if (n == SSL_ERROR_WANT_WRITE)
lws_set_blocking_send(wsi);
if (!wsi->ssl)
return 0; /* not handled */
+#if defined(LWS_USE_POLARSSL)
+ ssl_close_notify(wsi->ssl);
+ (void)n; /* we need to close the fd? */
+ ssl_free(wsi->ssl);
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = SSL_get_fd(wsi->ssl);
SSL_shutdown(wsi->ssl);
compatible_close(n);
SSL_free(wsi->ssl);
+#endif
+#endif
wsi->ssl = NULL;
return 1; /* handled */
struct lws_context *context = wsi->context;
struct lws_context_per_thread *pt = &context->pt[(int)wsi->tsi];
int n, m;
-#ifndef USE_WOLFSSL
+#if !defined(USE_WOLFSSL) && !defined(LWS_USE_POLARSSL) && !defined(LWS_USE_MBEDTLS)
BIO *bio;
#endif
if (accept_fd == LWS_SOCK_INVALID)
assert(0);
+#if defined(LWS_USE_POLARSSL)
+ {
+ ssl_session *ssn;
+ int rc;
+
+ wsi->ssl = lws_zalloc(sizeof(ssl_context));
+ ssn = lws_zalloc(sizeof(ssl_session));
+
+ rc = ssl_init(wsi->ssl);
+ if (rc) {
+ lwsl_err("ssl_init failed\n");
+ goto fail;
+ }
+
+ ssl_set_endpoint(wsi->ssl, SSL_IS_SERVER);
+ ssl_set_authmode(wsi->ssl, SSL_VERIFY_OPTIONAL);
+ ssl_set_rng(wsi->ssl, urandom_bytes, NULL);
+ ssl_set_dbg(wsi->ssl, pssl_debug, NULL);
+ ssl_set_bio(wsi->ssl, net_recv, &wsi->sock, net_send, &wsi->sock);
+
+ ssl_set_ciphersuites(wsi->ssl, ciphers);
+
+ ssl_set_session(wsi->ssl, ssn);
+
+ ssl_set_ca_chain(wsi->ssl, &wsi->vhost->ssl_ctx->ca,
+ NULL, NULL);
+
+ ssl_set_own_cert_rsa(wsi->ssl,
+ &wsi->vhost->ssl_ctx->certificate,
+ &wsi->vhost->ssl_ctx->key);
+
+// ssl_set_dh_param(wsi->ssl, my_dhm_P, my_dhm_G);
+
+ lwsl_err("%s: polarssl init done\n", __func__);
+ }
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
wsi->ssl = SSL_new(wsi->vhost->ssl_ctx);
if (wsi->ssl == NULL) {
lwsl_err("SSL_new failed: %s\n",
- ERR_error_string(SSL_get_error(wsi->ssl, 0), NULL));
+ ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
lws_decode_ssl_error();
if (accept_fd != LWS_SOCK_INVALID)
compatible_close(accept_fd);
openssl_websocket_private_data_index, wsi->vhost);
SSL_set_fd(wsi->ssl, accept_fd);
+#endif
+#endif
#ifdef USE_WOLFSSL
#ifdef USE_OLD_CYASSL
wolfSSL_set_using_nonblock(wsi->ssl, 1);
#endif
#else
+#if defined(LWS_USE_POLARSSL)
+
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
bio = SSL_get_rbio(wsi->ssl);
if (bio)
else
lwsl_notice("NULL rbio\n");
#endif
+#endif
+#endif
/*
* we are not accepted yet, but we need to enter ourselves
* connection upgrade directly.
*/
wsi->use_ssl = 0;
+#if defined(LWS_USE_POLARSSL)
+ ssl_close_notify(wsi->ssl);
+ ssl_free(wsi->ssl);
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
SSL_shutdown(wsi->ssl);
SSL_free(wsi->ssl);
+#endif
+#endif
wsi->ssl = NULL;
if (lws_check_opt(context->options,
LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS))
}
/* normal SSL connection processing path */
-
+#if defined(LWS_USE_POLARSSL)
+ n = ssl_handshake(wsi->ssl);
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
n = SSL_accept(wsi->ssl);
+#endif
+#endif
lws_latency(context, wsi,
"SSL_accept LWSCM_SSL_ACK_PENDING\n", n, n == 1);
if (n == 1)
goto accepted;
- m = SSL_get_error(wsi->ssl, n);
+ m = lws_ssl_get_error(wsi, n);
lwsl_debug("SSL_accept failed %d / %s\n",
m, ERR_error_string(m, NULL));
go_again:
lwsl_err("SSL_accept failed skt %u: %s\n",
wsi->sock, ERR_error_string(m, NULL));
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
{
char buf[256];
u_long err;
lwsl_err("*** %s\n", buf);
}
}
+#endif
+#endif
goto fail;
accepted:
void
lws_ssl_SSL_CTX_destroy(struct lws_vhost *vhost)
{
- if (vhost->ssl_ctx)
+ if (vhost->ssl_ctx) {
+#if defined(LWS_USE_POLARSSL)
+ lws_free(vhost->ssl_ctx);
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
SSL_CTX_free(vhost->ssl_ctx);
- if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx)
+#endif
+#endif
+ }
+ if (!vhost->user_supplied_ssl_ctx && vhost->ssl_client_ctx) {
+#if defined(LWS_USE_POLARSSL)
+ lws_free(vhost->ssl_client_ctx);
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
SSL_CTX_free(vhost->ssl_client_ctx);
+#endif
+#endif
+ }
}
void
lws_ssl_context_destroy(struct lws_context *context)
{
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
ERR_free_strings();
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
+#endif
+#endif
}
*/
#include "../lib/libwebsockets.h"
#include <string.h>
+#include <stdlib.h>
/* lws-mirror_protocol */
*/
#include "../lib/libwebsockets.h"
#include <string.h>
+#include <stdlib.h>
#define LWS_SS_VERSIONS 3
#include "../lib/libwebsockets.h"
-#ifdef LWS_OPENSSL_SUPPORT
-#include <openssl/err.h>
-#endif
-
static int deny_deflate, deny_mux, longlived, mirror_lifetime;
static struct lws *wsi_dumb, *wsi_mirror;
static volatile int force_exit;
static unsigned int opts;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
-static char crl_path[1024] = "";
+char crl_path[1024] = "";
+#endif
+#endif
#endif
/*
force_exit = 1;
break;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
case LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS:
if (crl_path[0]) {
}
break;
#endif
+#endif
+#endif
default:
break;
case 'A':
strncpy(ca_path, optarg, sizeof ca_path);
break;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
case 'R':
strncpy(crl_path, optarg, sizeof crl_path);
break;
#endif
+#endif
+#endif
case 'h':
goto usage;
}
*/
if (ca_path[0])
info.ssl_ca_filepath = ca_path;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
else if (crl_path[0])
lwsl_notice("WARNING, providing a CRL requires a CA cert!\n");
#endif
+#endif
+#endif
}
context = lws_create_context(&info);
* using this protocol, including the sender
*/
-#ifdef LWS_OPENSSL_SUPPORT
-#include <openssl/err.h>
-#endif
-
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
/* location of the certificate revocation list */
-char crl_path[1024] = "";
+extern char crl_path[1024];
+#endif
+#endif
#endif
extern int debug_level;
break;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if defined(LWS_OPENSSL_SUPPORT)
case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION:
/* Verify the client certificate */
break;
#endif
#endif
+#endif
+#endif
default:
break;
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
char *resource_path = LOCAL_RESOURCE_PATH;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
+#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
+char crl_path[1024] = "";
+#endif
+#endif
+#endif
+
/*
* libev dumps their hygiene problems on their users blaming compiler
* http://lists.schmorp.de/pipermail/libev/2008q4/000442.html
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
char *resource_path = LOCAL_RESOURCE_PATH;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
+#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
+char crl_path[1024] = "";
+#endif
+#endif
+#endif
+
/* singlethreaded version --> no locks */
void test_server_lock(int care)
volatile int force_exit = 0;
struct lws_context *context;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
+#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
+char crl_path[1024] = "";
+#endif
+#endif
+#endif
+
/*
* This mutex lock protects code that changes or relies on wsi list outside of
* the service thread. The service thread will acquire it when changing the
/* http server gets files from this path */
#define LOCAL_RESOURCE_PATH INSTALL_DATADIR"/libwebsockets-test-server"
char *resource_path = LOCAL_RESOURCE_PATH;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
+#if defined(LWS_OPENSSL_SUPPORT) && defined(LWS_HAVE_SSL_CTX_set1_param)
+char crl_path[1024] = "";
+#endif
+#endif
+#endif
/* singlethreaded version --> no locks */
use_ssl = 1;
opts |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
break;
+#if defined(LWS_USE_POLARSSL)
+#else
+#if defined(LWS_USE_MBEDTLS)
+#else
#if defined(LWS_HAVE_SSL_CTX_set1_param)
case 'R':
strncpy(crl_path, optarg, sizeof crl_path);
break;
#endif
#endif
+#endif
+#endif
case 'h':
fprintf(stderr, "Usage: test-server "
"[--port=<p>] [--ssl] "