Joel Winarske [Tue, 21 Feb 2017 23:28:13 +0000 (07:28 +0800)]
client: allow setting client ssl certs from lwsws and connection info separate from server ssl certs
Joel Winarske [Tue, 21 Feb 2017 04:53:58 +0000 (20:53 -0800)]
ssl config for http client
Martin Milata [Tue, 21 Feb 2017 22:39:59 +0000 (23:39 +0100)]
gcc format strings: couple more
Found on MIPS
Andy Green [Tue, 21 Feb 2017 22:55:12 +0000 (06:55 +0800)]
client: move redirects and c_port out of union
https://github.com/warmcat/libwebsockets/issues/810
Andy Green [Tue, 21 Feb 2017 15:38:40 +0000 (23:38 +0800)]
client connect: oom4 clean up timeout list
https://github.com/warmcat/libwebsockets/issues/810
Andy Green [Tue, 21 Feb 2017 14:59:00 +0000 (22:59 +0800)]
client redirect: choose correct error path after resetting client connection
https://github.com/warmcat/libwebsockets/issues/810
Silas Parker [Tue, 21 Feb 2017 11:27:47 +0000 (19:27 +0800)]
ssl close improvement
Andy Green [Sun, 12 Feb 2017 12:32:49 +0000 (20:32 +0800)]
raw: adoption and processing
Silas Parker [Mon, 20 Feb 2017 23:27:07 +0000 (07:27 +0800)]
url-parser: handle ipv6 [] addresses
Namowen [Sun, 19 Feb 2017 22:20:56 +0000 (06:20 +0800)]
vhost: also free per-vhost protocols list even when no PLUGINS
Andy Green [Sun, 19 Feb 2017 21:44:56 +0000 (05:44 +0800)]
ssl close: do explicit ssl shutdown instead of socket shutdown if ssl mode
Namowen [Sat, 18 Feb 2017 21:35:55 +0000 (05:35 +0800)]
cosmetic CR missing on some errs
Andy Green [Sat, 18 Feb 2017 09:26:40 +0000 (17:26 +0800)]
ESP32 platform
This is enough for all the test app features to work on ESP32 without
SSL.
Yuchen Xie [Sat, 18 Feb 2017 07:51:34 +0000 (15:51 +0800)]
Fix typo
Namowen [Fri, 17 Feb 2017 23:51:27 +0000 (07:51 +0800)]
client: fix X509_V_ERR_CERT_HAS_EXPIRED
Joel Winarske [Thu, 16 Feb 2017 07:29:08 +0000 (15:29 +0800)]
client: direct _APPEND_HANDSHAKE_HEADER at wsi protocol
Yongwen Zhuang [Wed, 15 Feb 2017 09:58:39 +0000 (17:58 +0800)]
Correct Cross compiling commandline
Andy Green [Wed, 15 Feb 2017 01:12:39 +0000 (09:12 +0800)]
client: allow http[s] to select targeted protocol name in vhost
Joel Winarske [Tue, 14 Feb 2017 19:17:09 +0000 (11:17 -0800)]
windows: changes to build with VS2015
Silas Parker [Tue, 14 Feb 2017 15:14:09 +0000 (23:14 +0800)]
fix close packet index coding
https://github.com/warmcat/libwebsockets/issues/792
Silas Parker [Tue, 14 Feb 2017 09:55:13 +0000 (17:55 +0800)]
gcc-format-strings: ipv6
Per Bothner [Tue, 14 Feb 2017 01:44:57 +0000 (09:44 +0800)]
gzip fixes
Andy Green [Tue, 14 Feb 2017 01:26:53 +0000 (09:26 +0800)]
client: close without spinning
https://github.com/warmcat/libwebsockets/issues/789
Andy Green [Sun, 12 Feb 2017 10:15:15 +0000 (18:15 +0800)]
file_ops: add compression flags and convert open flags to pointer
ihttps://libwebsockets.org/pipermail/libwebsockets/2017-February/003127.html
Andy Green [Sun, 12 Feb 2017 10:11:11 +0000 (18:11 +0800)]
file_ops: use wrappers for names
Andy Green [Fri, 10 Feb 2017 03:00:38 +0000 (11:00 +0800)]
client redirect: make sure there is a leading / on path
Andy Green [Thu, 9 Feb 2017 23:37:35 +0000 (07:37 +0800)]
appveyor: make zip artifact
Andy Green [Thu, 9 Feb 2017 07:25:01 +0000 (15:25 +0800)]
client: fix redirects and allow ssl / non-ssl redirects
Andy Green [Thu, 9 Feb 2017 01:10:57 +0000 (09:10 +0800)]
chunked http client: support in test-client and document
This improves the test client to
- dump http content if INFO log level enabled
- handle chunked content correctly
- document lws_http_client_read()
Andy Green [Thu, 9 Feb 2017 01:11:17 +0000 (09:11 +0800)]
lwsl_visible
Johnny [Tue, 7 Feb 2017 19:09:34 +0000 (20:09 +0100)]
test client: some compilers dont accept void * as const char *
This fixes a conversion error from a void pointer to a string.
Andy Green [Mon, 6 Feb 2017 06:35:30 +0000 (14:35 +0800)]
gcc-format-strings: LWS_PLAT_OPTEE
Andy Green [Mon, 30 Jan 2017 07:02:54 +0000 (15:02 +0800)]
LWS_PLAT_OPTEE: Convert to use TEE_Malloc
OPTEE TAs should allocate via TEE_Malloc
Andy Green [Mon, 6 Feb 2017 02:16:45 +0000 (10:16 +0800)]
coverity 175437: forgot to add name to array for new USER log level
Andy Green [Mon, 6 Feb 2017 02:14:47 +0000 (10:14 +0800)]
coverity 175438: server status plugin: off-by-one if you generate 32KB of content
Andy Green [Mon, 6 Feb 2017 02:10:41 +0000 (10:10 +0800)]
coverity 175435: seems bogus
Andy Green [Mon, 6 Feb 2017 02:04:04 +0000 (10:04 +0800)]
coverity 175436: dead cruft
Andy Green [Sun, 5 Feb 2017 14:48:12 +0000 (22:48 +0800)]
gcc format strings: http2
andSpace [Sun, 5 Feb 2017 13:47:08 +0000 (21:47 +0800)]
LWS_FALLBACK_GETHOSTBYNAME
Adapted by AG to not use-after-free and have LWS_FALLBACK_GETHOSTBYNAME
Andy Green [Sun, 5 Feb 2017 14:07:34 +0000 (22:07 +0800)]
gcc- format strings: debug and extra plugins
Martin Milata [Sat, 4 Feb 2017 12:09:00 +0000 (13:09 +0100)]
Subject: gcc format strings: Make GCC check format strings, fix found problems
Martin Milata [Sat, 4 Feb 2017 12:03:26 +0000 (13:03 +0100)]
docs: Correct string
Sven Hoffmann [Sun, 5 Feb 2017 13:25:39 +0000 (21:25 +0800)]
post processing: fix problem where hex cant straddle block correctly
Andy Green [Fri, 3 Feb 2017 12:55:56 +0000 (20:55 +0800)]
remove dump getaddrinfo result
Andy Green [Fri, 3 Feb 2017 02:39:37 +0000 (10:39 +0800)]
client: decruft extensions
https://github.com/warmcat/libwebsockets/issues/770
Andy Green [Tue, 31 Jan 2017 02:50:15 +0000 (10:50 +0800)]
logging: cleanup and introduce LLL_USER
Andy Green [Wed, 25 Jan 2017 23:27:11 +0000 (07:27 +0800)]
http_proxy: deal with redundant protocol leader
https://github.com/warmcat/libwebsockets/issues/764
Denis Osvald [Mon, 23 Jan 2017 11:36:56 +0000 (12:36 +0100)]
wsi remove unused 'upgraded' boolean field
It was introduced in
7df53c555009d599c0474e49c58d3f8a46792382
but was never used...
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Andy Green [Mon, 23 Jan 2017 11:52:27 +0000 (19:52 +0800)]
context new option LWS_SERVER_OPTION_JUST_USE_RAW_ORIGIN
https://github.com/warmcat/libwebsockets/issues/757
Denis Osvald [Mon, 23 Jan 2017 11:35:00 +0000 (19:35 +0800)]
ssl pass real wsi to verify cert cb
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Denis Osvald [Mon, 23 Jan 2017 11:34:46 +0000 (19:34 +0800)]
ssl expose public wsi->ssl getter
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Andy Green [Tue, 17 Jan 2017 23:20:09 +0000 (07:20 +0800)]
windows: reduce C99isms to something MS compiler can understand
Andy Green [Mon, 16 Jan 2017 23:01:02 +0000 (07:01 +0800)]
plat-optee and boringssl adaptations
Andy Green [Mon, 16 Jan 2017 22:51:11 +0000 (06:51 +0800)]
win32 fixes
https://github.com/warmcat/libwebsockets/issues/750
Tobias [Mon, 16 Jan 2017 11:01:25 +0000 (12:01 +0100)]
ignore leading spaces when checking for a suitable subprotocol
My Browsers send as Subprotocols e.g. chat, superchat, mySubprotocol (with spaces after the ,). Libwebsockets now checked if ' mySubprotocol' was equal to 'mySubprotocol' which failed. With this fix the leading space is ignored and uses 'mySubprotocol' for comparision.
Namowen [Tue, 10 Jan 2017 01:31:23 +0000 (09:31 +0800)]
ssl: add LWS_CALLBACK_OPENSSL_PERFORM_SERVER_CERT_VERIFICATION
Andy Green [Tue, 10 Jan 2017 01:14:44 +0000 (09:14 +0800)]
ssl: wolfssl doesn't have clear options
https://github.com/warmcat/libwebsockets/issues/741
Hai Vu [Tue, 10 Jan 2017 01:10:49 +0000 (09:10 +0800)]
ssl-correct-option-clear-availability-version
https://github.com/warmcat/libwebsockets/issues/744
Andy Green [Sat, 7 Jan 2017 03:29:32 +0000 (11:29 +0800)]
ssl: correct version detection
Andy Green [Sat, 7 Jan 2017 02:24:16 +0000 (10:24 +0800)]
polarssl: turn off missing tlsext
Andy Green [Fri, 6 Jan 2017 01:49:28 +0000 (09:49 +0800)]
openssl: deal with missing OPENSSL_NO_TLSEXT on ancient versions
Andy Green [Wed, 4 Jan 2017 12:23:10 +0000 (20:23 +0800)]
cmake: boringssl helper
Andy Green [Wed, 4 Jan 2017 11:59:38 +0000 (19:59 +0800)]
client: MORE_SERVICE is not an error
Andy Green [Tue, 3 Jan 2017 00:18:37 +0000 (08:18 +0800)]
cgi: 5s grace to send buffered if chunked
Denis Osvald [Mon, 2 Jan 2017 16:33:26 +0000 (17:33 +0100)]
server: check listen(2) return value
The `listen` call can fail with EADDRINUSE after bind() succeeds, for
example because another process called listen on that port in the
meantime, or under some circumstances with IPv6-mapped-IPv4. This was
causing EINVAL on accept, with an infinite loop in case of libuv.
A reproducible example was to run nc -l -p 5555 ( OpenBSD netcat (Debian
patchlevel 1)) before starting test-server
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Andy Green [Mon, 2 Jan 2017 11:57:54 +0000 (19:57 +0800)]
lejp-conf: add timeout-secs
Andy Green [Wed, 28 Dec 2016 07:23:34 +0000 (15:23 +0800)]
windows: remove preprocessor business for [v]snprintf
https://github.com/warmcat/libwebsockets/issues/731
namowen [Fri, 23 Dec 2016 23:57:34 +0000 (07:57 +0800)]
lws_plat_service_tsi: accessing context before checking for NULL
https://github.com/warmcat/libwebsockets/issues/730
Andy Green [Fri, 23 Dec 2016 23:37:40 +0000 (07:37 +0800)]
test server: add -P secs to allow pingpong test
Andy Green [Thu, 22 Dec 2016 03:32:34 +0000 (11:32 +0800)]
ESP8266: LWS_POSIX fixes for basic auth and deprecated context
Alan Conway [Wed, 21 Dec 2016 01:32:44 +0000 (09:32 +0800)]
ssl-server: Add CONTEXT_PORT_NO_LISTEN_SERVER
Special port setting to disable listening for a server using socket adoption.
This contrasts with CONTEXT_PORT_NO_LISTEN which does the same for a client.
In particular, server-side SSL is not disabled by CONTEXT_PORT_NO_LISTEN_SERVER
as it is by CONTEXT_PORT_NO_LISTEN.
Alan Conway [Wed, 21 Dec 2016 01:32:25 +0000 (09:32 +0800)]
ssl: improved error reporting for SSL_accept.
The return value from SSL_get_error() is an integer switch value, not an error
code that can be interpreted by ERR_error_string()
Report the error code name, plus errno information if available for
SSL_ERROR_SYSCALL as per man page for SSL_get_error().
Alan Conway [Wed, 21 Dec 2016 01:32:16 +0000 (09:32 +0800)]
server: expose lws_adopt_socket_vhost() as public API
Allows a socket to be adopted and associated with an existing vhost.
Also added corresponding lws_adopt_socket_vhost_readbuf()
Andy Green [Thu, 15 Dec 2016 23:37:43 +0000 (07:37 +0800)]
context deprecation
1) This makes lwsws run a parent process with the original permissions.
But this process is only able to respond to SIGHUP, it doesn't do anything
else.
2) You can send this parent process a SIGHUP now to cause it to
- close listening sockets in existing lwsws processes
- mark those processes as to exit when the number of active connections
on the falls to zero
- spawn a fresh child process from scratch, using latest configuration
file content, latest plugins, etc. It can now reopen listening sockets
if it chooses to, or open different listen ports or whatever.
Notes:
1) lws_context_destroy() has been split into two pieces... the reason for
the split is the first part closes the per-vhost protocols, but since
they may have created libuv objects in the per-vhost protocol storage,
these cannot be freed until after the loop has been run.
That's the purpose of the second part of the context destruction,
lws_context_destroy2().
For compatibility, if you are not using libuv, the first part calls the
second part. However if you are using libuv, you must now call the
second part from your own main.c after the first part.
Andy Green [Fri, 16 Dec 2016 00:41:16 +0000 (08:41 +0800)]
uv: dont try to touch watcher until after loop initialized
Namowen [Thu, 15 Dec 2016 23:02:59 +0000 (07:02 +0800)]
echo: fix debug build
https://github.com/warmcat/libwebsockets/issues/716#issuecomment-
267377856
Andy Green [Thu, 15 Dec 2016 05:22:40 +0000 (13:22 +0800)]
client ssl hostname check: trim any port on host header
Andy Green [Thu, 15 Dec 2016 05:25:25 +0000 (13:25 +0800)]
test-client: fix broken protocol names
Andy Green [Thu, 15 Dec 2016 01:58:20 +0000 (09:58 +0800)]
ipv6-allow-binding-to-ipv6-address-in-iface
ipv4 and ipv6 binding to a named interface works OK. ipv4 binding to an IP also
works, but we need some extra ipv6 magic to identify the ipv6 interface from an
ipv6 address.
This patch based on code from "user3546716" at
http://stackoverflow.com/questions/
13504934/binding-sockets-to-ipv6-addresses
adds the necessary magic.
https://github.com/warmcat/libwebsockets/issues/717
Andy Green [Thu, 15 Dec 2016 00:33:53 +0000 (08:33 +0800)]
client: if NULL protocol vhost same linked list entry
Lws maintains a linked-list of wsi that are on the same vhost protocol...
it walks it to perform ..._all_protocol() type apis.
Client connections also participate in this list, but in the case the
selected protocol is not given during negotation (a legal case where
the server default protocol is selected) we missed adding the new
ws negotiated client wsi to the list.
This patch makes sure we add the wsi to the vhost protocols[0] list
in that case.
https://github.com/warmcat/libwebsockets/issues/716
Andy Green [Mon, 12 Dec 2016 12:37:28 +0000 (20:37 +0800)]
client: avoid possible NULL deref on error path
https://github.com/warmcat/libwebsockets/issues/672
Andy Green [Mon, 12 Dec 2016 05:36:25 +0000 (13:36 +0800)]
RFC7233 HTTP Ranges support for server
This adds a serverside implementation of RFC7233 HTTP ranges.
- LWS_WITH_RANGES is on by default at cmake
- Accept-Ranges: bytes is added if LWS_WITH_RANGES is enabled
- Both single ranges and multipart (2+) ranges are supported
Test with curl like this
Single
$ $ curl -s -r 64-95 http://localhost:7681/libwebsockets.org-logo.png | hexdump -C
00000000 2e 01 fd 9d 12 27 00 00 00 19 74 45 58 74 53 6f |.....'....tEXtSo|
00000010 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 |ftware.www.inksc|
Multipart
$ curl -s -r 64-95,128-143 http://localhost:7681/libwebsockets.org-logo.png | hexdump -C
00000000 5f 6c 77 73 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 |_lws..Content-Ty|
00000010 70 65 3a 20 69 6d 61 67 65 2f 70 6e 67 0d 0a 43 |pe: image/png..C|
00000020 6f 6e 74 65 6e 74 2d 52 61 6e 67 65 3a 20 62 79 |ontent-Range: by|
00000030 74 65 73 20 36 34 2d 39 35 2f 37 30 32 39 0d 0a |tes 64-95/7029..|
00000040 0d 0a 2e 01 fd 9d 12 27 00 00 00 19 74 45 58 74 |.......'....tEXt|
00000050 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b |Software.www.ink|
00000060 73 63 5f 6c 77 73 0d 0a 43 6f 6e 74 65 6e 74 2d |sc_lws..Content-|
00000070 54 79 70 65 3a 20 69 6d 61 67 65 2f 70 6e 67 0d |Type: image/png.|
00000080 0a 43 6f 6e 74 65 6e 74 2d 52 61 6e 67 65 3a 20 |.Content-Range: |
00000090 62 79 74 65 73 20 31 32 38 2d 31 34 33 2f 37 30 |bytes 128-143/70|
000000a0 32 39 0d 0a 0d 0a 05 14 50 40 05 15 a5 c4 60 43 |29......P@....`C|
000000b0 91 c4 4a d4 c4 fc 5f 6c 77 73 0d 00 |..J..._lws..|
The corresponding header part is like this
0x0030: 4854 5450 2f31 2e31 2032 3036 HTTP/1.1.206
0x0040: 200d 0a73 6572 7665 723a 206c 7773 7773 ...server:.lwsws
0x0050: 0d0a 636f 6e74 656e 742d 7479 7065 3a20 ..content-type:.
0x0060: 6d75 6c74 6970 6172 742f 6279 7465 7261 multipart/bytera
0x0070: 6e67 6573 0d0a 6163 6365 7074 2d72 616e nges..accept-ran
0x0080: 6765 733a 2062 7974 6573 0d0a 636f 6e74 ges:.bytes..cont
0x0090: 656e 742d 6c65 6e67 7468 3a20 3138 380d ent-length:.188.
0x00a0: 0a63 6163 6865 2d63 6f6e 7472 6f6c 3a20 .cache-control:.
0x00b0: 7072 6976 6174 6520 6d61 782d 6167 653a private.max-age:
0x00c0: 2036 300d 0a63 6f6e 6e65 6374 696f 6e3a .60..connection:
0x00d0: 206b 6565 702d 616c 6976 650d 0a65 7461 .keep-alive..eta
0x00e0: 673a 2030 3030 3031 4237 3535 3444 3433 g:.
00001B7554D43
0x00f0: 3033 330d 0a0d 0a 033....
Andy Green [Thu, 8 Dec 2016 23:05:03 +0000 (07:05 +0800)]
clean: usused accidental global wsi
https://github.com/warmcat/libwebsockets/issues/708
Andy Green [Thu, 8 Dec 2016 09:32:08 +0000 (17:32 +0800)]
lwsgt: fix check against forgot password flow defeating existing pw check
https://github.com/warmcat/libwebsockets/issues/706
This fixes a problem where the check for the existing pw was
skipped when a logged-in user is changing his password.
It's not good but because the user has to be logged in, it only affected
the situation someone changes his password on his logged in session.
Andy Green [Thu, 8 Dec 2016 00:14:15 +0000 (08:14 +0800)]
token:x-forwarded-for
https://github.com/warmcat/libwebsockets/issues/702
Andy Green [Sat, 3 Dec 2016 23:34:05 +0000 (07:34 +0800)]
context: external_baggage_free_on_destroy
This adds a context creation-time member that points to something
that should be freed when the context is destroyed.
It's in preparation for context deprecation, when a context might
be destroyed asynchronously... a related external with the
lifetime of thee context should also be freed at that time.
Adapt lwsws to use it with the context "strings" (also used for
aligned structs created by the config) allocation.
Andy Green [Sat, 3 Dec 2016 07:13:15 +0000 (15:13 +0800)]
basic-auth
Andy Green [Sat, 3 Dec 2016 07:23:00 +0000 (15:23 +0800)]
just finalize startup once
Bablooos [Tue, 29 Nov 2016 23:05:13 +0000 (07:05 +0800)]
vhost: allow adding vhosts after server init
This should allow adding vhosts "late", ie, after the server is up and
running with its initial vhost(s). The necessary housekeeping is folded
into lws_create_vhost() itself so it should be transparent.
Notice though that at the point the server starts to do service after it
starts initially, if it was requested that the UID / GID change, that
is performed at that point and is not reversible.
So vhosts added "late" find themselves running under the unprivileged
UID / GID from the very start, whereas vhosts added "early" initially
run under the UID / GID the process started with. If protocols the
vhost uses want to, eg, open privileged files at init and then use
them unprivileged, that will fail if the vhost is added late because
the initial privs are already gone.
AG: also deal with lws_protocol_init() on late vhost init (does the
callbacks for per vh protocol creation), add comments
Bablooos [Tue, 29 Nov 2016 12:45:37 +0000 (20:45 +0800)]
Update CMakeLists.txt for BSD + libdl
Fixing build failure of libwebsockets-test-fraggle on FreeBSD when LWS_WITH_PLUGINS.
Solution: FreeBSD has no libdl
Andy Green [Sat, 26 Nov 2016 12:46:04 +0000 (20:46 +0800)]
generic-sessions: move auth level check to after mount protocol selection
Andy Green [Sat, 26 Nov 2016 01:50:40 +0000 (09:50 +0800)]
ws-server: restrict returned Sec-Websocket-Protocol to the chosen name only
https://libwebsockets.org/pipermail/libwebsockets/2016-November/002948.html
Updated to fix a problem with no protocol
https://github.com/warmcat/libwebsockets/issues/705
Iblis Lin [Wed, 23 Nov 2016 15:02:13 +0000 (23:02 +0800)]
server: portable option for setsockopt
From linux ipv6(7) manual (section `Note`):
SOL_IP, SOL_IPV6, SOL_ICMPV6 and other SOL_* socket options are
nonportable variants of IPPROTO_*. See also ip(7).
Ref: http://man7.org/linux/man-pages/man7/ipv6.7.html
sjames1958gm [Mon, 21 Nov 2016 15:23:17 +0000 (09:23 -0600)]
client stash: update path variable to larger size
Andy Green [Wed, 16 Nov 2016 00:59:47 +0000 (08:59 +0800)]
lws_socket_bind: use lws_sockfd_type
Andy Green [Tue, 15 Nov 2016 08:33:18 +0000 (16:33 +0800)]
client: protect againt losing ah by lws_client_connect_2
Andy Green [Mon, 14 Nov 2016 10:13:39 +0000 (18:13 +0800)]
post file upload: dont lose sight of end of upload just because we hit end of incoming post data
Andy Green [Mon, 14 Nov 2016 10:12:31 +0000 (18:12 +0800)]
docs update
Joachim Bauch [Fri, 11 Nov 2016 11:19:53 +0000 (12:19 +0100)]
Added flag to allow expired certificates.
Rainer Poisel [Mon, 7 Nov 2016 20:36:05 +0000 (21:36 +0100)]
Better support for MINW32