ss: h2: leave the ss bound to its affiliated wsi until close clears itIn sai, on Xenial (only...) noticed that the wsi is still bound to the ss
handle, and can reference it even after the ss has been destroyed on
ss-testsfail sometimes.
Leave the handle knowing its wsi and able to detach it later during close.
h2: migration: migrate for_ssThe attribute indicating that a wsi belongs to an SS object also must be
migrated when we split out the original transaction wsi into a new nwsi, if we're
not going to lose track of its affiliation.
Likewise if the affiliated SS object points to the original wsi, we have to
migrate his pointer when we migrate the wsi.
Taking care of this book-keeping is necessary to get correct behaviours at
...
ss: avs: let multipart handle content-typeWe added the neccessary return check on set_metadata which is good, but it
doesn't take into account that for LWA, we will normally use the multipart
stuff, that provides its own conflicting content-type.
Currently the lwa streamtype policy doesn't even provide ctype metadata
type, let's just comment it out.
license: fix two old headers from pre-MIT changeThese two headers managed to avoid the global switch from
LGPL2.1 -> MIT back in the day, correct them to be aligned
with the rest of lws' own license, ie, MIT.
cmake: Allow OPENSSL_INCLUDE_DIR to be emptyon some system the include dir is empty, and the detection will miss a lot of functions and fail to compile.
h2: just log nwsi close and pass thruUser reports problems with the close / retry flow not happening if we don't
pass thru the nwsi close... it may be happening before the sid1 migration.
Just log it and don't end the handling before the passthru. Logging it
because there was a reason for the change to not passing it through...
ss: proxy: fix conn deref on onwardTrying to use the opaque pointer in the handle to point to the conn isn't
going to work when we need it to point to the ss handle.
Move it to have its on place in the handle.
client: make sure we get CCE if timeout on server replyIf facing a captive portal, we may seem to get a tcp level connection okay
but find that communication is silently dropped, leading to us timing out
in LRS_WAITING_SERVER_REPLY.
If so, we need to handle it as a connection fail in order to satisfy at
least Captive Portal detection.
client: tls: simplify validation fail reporting at CCEWe have access to a simplified report of the problem name for tls
validation inside the validation cb, let's bring it out and
use it for OpenSSL CCE reporting.
mbedtls: allow central trust store preloadMbedtls does not have the same concept as openssl about preloading the
system trust store into every SSL_CTX.
This patch allows you to simulate the behaviour by passing in a context
creation-time filepath that all client SSL_CTX will be initialized from.
ss: wire up EVENT_WAIT_CANCELLEDCurrently the lws_cancel_service() api only manifests itself at lws level.
This adds a state LWSSSCS_EVENT_WAIT_CANCELLED that is broadcast to all
SS in the event loop getting the cancel service api call, and allows
SS-level user code to pick up handling events from other threads.
There's a new example minimal-secure-streams-threads which shows the
pattern for other threads to communicate with...
ss: add test for OS trust store mdoeIt's already the case that leaving off the "tls_trust_store" member of the
streamtype definition in the policy causes the streamtype to validate its
tls connections via the OS trust store, usually a bundle OpenSSL has been
configured to load at init automagically, but also literally the OS trust
store in windows case.
Add tests to confirm that.
drivers: spi: avoid leaking uninitialized bitsBefore this commit, line 84 read 'u' before it had a value, on 1st for-loop iteration. See comment on line 84 below:
82 for (n = 0; n < 8; n++) {
83 ctx->gpio->set(ctx->clk, inv);
84 u = (u << 1) | !!ctx->gpio->read(ctx->miso); /* <-- u is used uninitialized here */
85 ctx->gpio->set(ctx->mosi, !!(u & 0x80));
86 ctx->gpio->set(ctx->clk, !inv);
87 }
ss: mqtt: Avoid CONNECTING to DISCONNECTED transitionCheck previous states with 'ss_dangling_connected'.
If it did not visit CONNECTED, transit to UNREACHABLE
instead of DISCONNECTED.
http: parser: straighten out %00 legalityhttps://github.com/warmcat/libwebsockets/issues/2262
This adds a README explaining what can be expected if your URLs contain
%00, and adds a safe helper for urlargs-by-name that is length-based.
Contains fix for extra NUL on some headers
https://github.com/warmcat/libwebsockets/issues/2267
ss: metrics: http: just report at wsi closeDefer recording the ss metrics histogram until wsi close, so it has a
chance to collect all the tags that apply.
Defer dumping metrics until the FINALIZE phase of context destroy, so we
had a chance to get any metrics recorded.
ss: proxy: get rx flow control workingThis fixes the proxy rx flow by adding an lws_dsh helper to hide the
off-by-one in the "kind" array (kind 0 is reserved for tracking the
unallocated dsh blocks).
For testing, it adds a --blob option on minimal-secure-streams[-client]
which uses a streamtype "bulkproxflow" from here
https://warmcat.com/policy/minimal-proxy-v4.2-v2.json
"bulkproxflow": {
"endpoint": "warmcat.com",
"por...
ss: policy: atoll needed for 32-bit machinesOn 32-bit Linux compilers, long int == int == 32-bit. So even atol() cannot
handle ints above 0x7fffffff and clips any it finds at that.
There's only one instance in policy-json.c, use atoll() cast to uint64_t
to allow values up to 64-bit INT_MAX even on 32-bit machines.
ss: server: allow bind to existing vhostIf the larger application is defining vhosts using lejp-conf JSON, it's
often more convenient to describe the vhost for ss server binding to
that.
If the server policy endpoint (usually used to describe the server
interface bind) begins with '!', take the remainder of the endpoint
string as the name of a preexisting vhost to bind ss server to at
creation-time.
Andy Green
