Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libwebsockets / 440dacc9928eedfc6806832f114e8ecd97210362
commit440dacc9928eedfc6806832f114e8ecd97210362[log] [tgz]
authorAndy Green <andy@warmcat.com>Tue Nov 27 08:36:08 2018 +0800
committerAndy Green <andy@warmcat.com>Thu Dec 27 06:45:31 2018 +0800
tree78f8ebdc94f1a7f2a7114cc778532a08cbfed634
parent5976e4b33401e473d929e591caba6e0e8f276940 [diff]
JOSE: refactor and prepare for JWE

Until now the JOSE pieces only had enough support for ACME.
This patch improves the JWK parsing to prepare for more
complete support and for adding JWE, genaes and genec in
later patches.
38 files changed
tree: 78f8ebdc94f1a7f2a7114cc778532a08cbfed634
  1. cmake/
  2. contrib/
  3. doc-assets/
  4. include/
  5. lib/
  6. lwsws/
  7. minimal-examples/
  8. plugin-standalone/
  9. plugins/
  10. READMEs/
  11. scripts/
  12. test-apps/
  13. win32port/
  14. .gitignore
  15. .mailmap
  16. .travis.yml
  17. appveyor.yml
  18. changelog
  19. CMakeLists.txt
  20. component.mk
  21. Kconfig
  22. libwebsockets.dox
  23. LICENSE
  24. Makefile.projbuild
  25. README.md
README.md

Travis Build Status Appveyor Build status Coverity Scan Build Status CII Best Practices Codacy Badge

Libwebsockets

Libwebsockets is a simple-to-use, pure C library providing client and server for http/1, http/2, websockets and other protocols in a security-minded, lightweight, configurable, scalable and flexible way. It's easy to build and cross-build via cmake and is suitable for tasks from embedded RTOS through mass cloud serving.

50 minimal examples for various scenarios, CC0-licensed (public domain) for cut-and-paste, allow you to get started quickly.

overview

News

New features on master

  • http fallback support - you can specify a role and protocol to apply if non-http or non-tls packets arrive at an http(s) listen port. For example, you can specify that the new raw proxy role + protocol should be used, to proxy your sshd port over :443 or :80. Without affecting normal http(s) serving on those ports but allowing, eg, ssh -p 443 invalid@libwebsockets.org. http fallback docs

  • raw tcp proxy role and protocol - adding raw tcp proxying is now trivial using the built-in lws implementation. You can control the onward connection using a pvo in the format "ipv4:server.com:port" raw proxy minimal example, raw proxy docs, Cmake config: -DLWS_ROLE_RAW_PROXY=1 -DLWS_WITH_PLUGINS=1

  • deaddrop HTML file upload protocol - protocol and minimal example for file upload and sharing using drag and drop and a file picker. Integrated with basic auth, uploaded files marked with upload user, and files owned by the authenticated user may be deleted via the UI. Supports multiple simultaneous uploads both by drag-and-drop and from the file picker. deaddrop minimal example

  • basic auth for ws(s) - You can apply basic auth credential requirement to ws connections same as on mounts now. Just add a pvo "basic-auth" with the value being the credentials file path when enabling the ws protocol for the vhost.

v3.1 released: new features in v3.1

  • lws threadpool - lightweight pool of pthreads integrated to lws wsi, with all synchronization to event loop handled internally, queue for excess tasks threadpool docs, threadpool minimal example, Cmake config: -DLWS_WITH_THREADPOOL=1

  • libdbus support integrated on lws event loop lws dbus docs, lws dbus client minimal examples, lws dbus server minimal examples, Cmake config: -DLWS_ROLE_DBUS=1

  • lws allocated chunks (lwsac) - helpers for optimized mass allocation of small objects inside a few larger malloc chunks... if you need to allocate a lot of inter-related structs for a limited time, this removes per-struct allocation library overhead completely and removes the need for any destruction handling lwsac docs, lwsac minimal example, Cmake Config: -DLWS_WITH_LWSAC=1

  • lws tokenizer - helper api for robustly tokenizing your own strings without allocating or adding complexity. Configurable by flags for common delimiter sets and comma-separated-lists in the tokenizer. Detects and reports syntax errors. lws_tokenize docs, lws_tokenize minimal example / api test

  • lws full-text search - optimized trie generation, serialization, autocomplete suggestion generation and instant global search support extensible to huge corpuses of UTF-8 text while remaining super lightweight on resources. full-text search docs, full-text search minimal example / api test, demo, demo sources, Cmake config: -DLWS_WITH_FTS=1 -DLWS_WITH_LWSAC=1

  • gzip + brotli http server-side compression - h1 and h2 detection of client support for server compression, and auto-application to files with mimetypes "text/*", "application/javascript" and "image/svg.xml". Cmake config: -DLWS_WITH_HTTP_STREAM_COMPRESSION=1 for gzip, optionally also give -DLWS_WITH_HTTP_BROTLI=1 for preferred br brotli compression

  • managed disk cache - API for managing a directory containing cached files with hashed names, and automatic deletion of LRU files once the cache is above a given limit. lws diskcache docs, Cmake config: -DLWS_WITH_DISKCACHE=1

  • http reverse proxy - lws mounts support proxying h1 or h2 requests to a local or remote IP, or unix domain socket over h1. This allows microservice type architectures where parts of the common URL space are actually handled by external processes which may be remote or on the same machine. lws gitohashi serving is handled this way. unix domain sockets reverse proxy docs, CMake config: -DLWS_WITH_HTTP_PROXY=1 and -DLWS_UNIX_SOCK=1 for Unix Domain Sockets

  • update minimal examples for strict Content Security Policy the minimal examples now show the best practices around Content Security Policy and disabling inline Javascript. Updated examples that are served with the recommended security restrictions show a new "Strict Content Security Policy" graphic. Read how to upgrade your applications to use a strict CSP.

  • release policy docs - unsure what branch, version or tag to use, or how to follow master cleanly? Read the release policy docs which explain how and why lws is developed, released and maintained.

v3.0.1 released

See the git log for the list of fixes.

v3.0.0 released

See the changelog for info https://libwebsockets.org/git/libwebsockets/tree/changelog?h=v3.0-stable

Major CI improvements for QA

The Travis build of lws done on every commit now runs:

TestsCountExplanation
Build / Linux / gcc16-Wall -Werror cmake config variants
Build / Mac / Clang16-Wall -Werror cmake config variants
Build / Windows / MSVC7default
Selftestsopenssl:43, mbedtls:43minimal examples built and run against each other and remote server
attack.sh225Correctness, robustness and security tests for http parser
Autobahn Server480Testing lws ws client, including permessage-deflate
Autobahn Client480Testing lws ws server, including permaessage-deflate
h2specopenssl:146, mbedtls:146Http/2 server compliance suite (in strict mode)
h2loadopenssl:6, mbedtls:6Http/2 server load tool (checks 10K / 100K in h1 and h2, at 1, 10, 100 concurrency)
h2load SMP6Http/2 and http/1.1 server load checks on SMP server build

The over 1,500 tests run on every commit take 1hr 15 of compute time to complete. If any problems are found, it breaks the travis build, generating an email.

Codacy also checks every patch and the information used to keep lws at zero issues.

Current master is checked by Coverity at least daily and kept at zero issues.

Current master passes all the tests and these new CI arrangements will help keep it that way.

Lws has the first official ws-over-h2 server support

wss-over-h2

There's a new RFC that enables multiplexing ws connections over an http/2 link. Compared to making individual tcp and tls connections for each ws link back to the same server, this makes your site start up radically faster, and since all the connections are in one tls tunnel, with considerable memory reduction serverside.

To enable it on master you just need -DLWS_WITH_HTTP2=1 at cmake. No changes to existing code are necessary for either http/2 (if you use the official header creation apis if you return your own headers, as shown in the test apps for several versions) or to take advantage of ws-over-h2. When built with http/2 support, it automatically falls back to http/1 and traditional ws upgrade if that's all the client can handle.

Currently only Chrome Canary v67 supports this ws-over-h2 encapsulation (chrome must be started with --enable-websocket-over-http2 switch to enable it currently), and patches exist for Firefox. Authors of both browser implementations tested against the lws server implementation.

New "minimal examples"

https://libwebsockets.org/git/libwebsockets/tree/minimal-examples

These are like the test apps, but focus on doing one thing, the best way, with the minimum amount of code. For example the minimal-http-server serves the cwd on http/1 or http/2 in 50 LOC. Same thing with tls is just three more lines.

They build standalone, so it's easier to copy them directly to start your own project; they are CC0 licensed (public domain) to facilitate that.

Windows binary builds

32- and 64-bit Windows binary builds are available via Appveyor. Visit lws on Appveyor, click on a build, the ARTIFACTS, and unzip the zip file at C:\Program Files (x86)/libwebsockets.

Support

This is the libwebsockets C library for lightweight websocket clients and servers. For support, visit

https://libwebsockets.org

and consider joining the project mailing list at

https://libwebsockets.org/mailman/listinfo/libwebsockets

You can get the latest version of the library from git:

Doxygen API docs for master: https://libwebsockets.org/lws-api-doc-master/html/index.html