From f3daaad8495f9bedb26134ce42b45f8fd53f0c0a Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Sat, 6 Jan 2024 14:19:56 +0800 Subject: [PATCH 01/14] add websocket ssl code Signed-off-by: liuxiyao223 --- include/libwebsockets/lws-context-vhost.h | 2 ++ lib/tls/openssl/openssl-client.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) mode change 100644 => 100755 include/libwebsockets/lws-context-vhost.h mode change 100644 => 100755 lib/tls/openssl/openssl-client.c diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h old mode 100644 new mode 100755 index b3de140b..aa65a84a --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -502,6 +502,8 @@ struct lws_context_creation_info { * NULL... use this to load client key from memory instead of file */ const char *client_ssl_ca_filepath; /**< VHOST: Client SSL context init: CA certificate filepath or NULL */ + const char *client_ssl_ca_dirs[10]; + /**< VHOST: Client SSL context init: CA certificate path or NULL */ const void *client_ssl_ca_mem; /**< VHOST: Client SSL context init: CA certificate memory buffer or * NULL... use this to load CA cert from memory instead of file */ diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c old mode 100644 new mode 100755 index d8c56c51..3600f547 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -958,8 +958,9 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, if (!SSL_CTX_load_verify_dir( vh->tls.ssl_client_ctx, LWS_OPENSSL_CLIENT_CERTS)) #else - if (!SSL_CTX_load_verify_locations( - vh->tls.ssl_client_ctx, NULL, LWS_OPENSSL_CLIENT_CERTS)) + if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[0]) || + !SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[1])) + #endif lwsl_err("Unable to load SSL Client certs from %s " "(set by LWS_OPENSSL_CLIENT_CERTS) -- " -- Gitee From 09ccbad5775addcc986f7916b5d66b9c5d0a3c6b Mon Sep 17 00:00:00 2001 From: Aurora Date: Sat, 6 Jan 2024 08:05:32 +0000 Subject: [PATCH 02/14] update include/libwebsockets/lws-context-vhost.h. Signed-off-by: Aurora --- include/libwebsockets/lws-context-vhost.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index aa65a84a..9c09df10 100755 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -502,7 +502,7 @@ struct lws_context_creation_info { * NULL... use this to load client key from memory instead of file */ const char *client_ssl_ca_filepath; /**< VHOST: Client SSL context init: CA certificate filepath or NULL */ - const char *client_ssl_ca_dirs[10]; + const char *client_ssl_ca_dirs[10]; /**< VHOST: Client SSL context init: CA certificate path or NULL */ const void *client_ssl_ca_mem; /**< VHOST: Client SSL context init: CA certificate memory buffer or -- Gitee From 8b22df578b96a708abbd670821ae23b7d212d627 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Sat, 6 Jan 2024 17:23:47 +0800 Subject: [PATCH 03/14] add websocket code Signed-off-by: liuxiyao223 --- lib/tls/openssl/openssl-client.c | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c index 3600f547..e845527a 100755 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -952,15 +952,29 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, SSL_CTX_set_default_verify_paths(vh->tls.ssl_client_ctx); #endif - /* openssl init for cert verification (for client sockets) */ - if (!ca_filepath && (!ca_mem || !ca_mem_len)) { + /* openssl init for cert verification (for client sockets) */ + if (!ca_mem || !ca_mem_len) + { + for (size_t i = 0; i < 9; i++) + { + if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[i])) + { + lwsl_err( + "Unable to load SSL Client certs from %s " + "(set by info->client_ssl_ca_dirs[%d]) -- " + "client ssl isn't going to work\n", + info->client_ssl_ca_dirs[i],i); + } + } + } + + if (!ca_filepath && (!ca_mem || !ca_mem_len)) { #if defined(LWS_HAVE_SSL_CTX_load_verify_dir) if (!SSL_CTX_load_verify_dir( vh->tls.ssl_client_ctx, LWS_OPENSSL_CLIENT_CERTS)) #else - if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[0]) || - !SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[1])) - + if (!SSL_CTX_load_verify_locations( + vh->tls.ssl_client_ctx, NULL, LWS_OPENSSL_CLIENT_CERTS)) #endif lwsl_err("Unable to load SSL Client certs from %s " "(set by LWS_OPENSSL_CLIENT_CERTS) -- " -- Gitee From 4af6279bbc4b0f3c5a1d4fe7e5ff2b7a097ae403 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Sat, 6 Jan 2024 17:26:51 +0800 Subject: [PATCH 04/14] add websocket code Signed-off-by: liuxiyao223 --- lib/tls/openssl/openssl-client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c index e845527a..2591f042 100755 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -952,7 +952,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, SSL_CTX_set_default_verify_paths(vh->tls.ssl_client_ctx); #endif - /* openssl init for cert verification (for client sockets) */ + /* openssl init for cert verification (for client sockets) */ if (!ca_mem || !ca_mem_len) { for (size_t i = 0; i < 9; i++) @@ -968,7 +968,7 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, } } - if (!ca_filepath && (!ca_mem || !ca_mem_len)) { + if (!ca_filepath && (!ca_mem || !ca_mem_len)) { #if defined(LWS_HAVE_SSL_CTX_load_verify_dir) if (!SSL_CTX_load_verify_dir( vh->tls.ssl_client_ctx, LWS_OPENSSL_CLIENT_CERTS)) -- Gitee From 80e68e313ce96aba1968f107f5d7bbe307c40691 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Sat, 6 Jan 2024 17:32:15 +0800 Subject: [PATCH 05/14] add websocket code Signed-off-by: liuxiyao223 --- lib/tls/openssl/openssl-client.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c index 2591f042..a19ff003 100755 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -953,20 +953,18 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, #endif /* openssl init for cert verification (for client sockets) */ - if (!ca_mem || !ca_mem_len) - { - for (size_t i = 0; i < 9; i++) - { - if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[i])) - { - lwsl_err( - "Unable to load SSL Client certs from %s " - "(set by info->client_ssl_ca_dirs[%d]) -- " - "client ssl isn't going to work\n", - info->client_ssl_ca_dirs[i],i); - } - } - } + if (!ca_mem || !ca_mem_len) { + for (size_t i = 0; i < 9; i++) { + if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[i])) { + lwsl_err( + "Unable to load SSL Client certs from %s " + "(set by info->client_ssl_ca_dirs[%d]) -- " + "client ssl isn't going to work\n", + info->client_ssl_ca_dirs[i], i); + } + } + } + if (!ca_filepath && (!ca_mem || !ca_mem_len)) { #if defined(LWS_HAVE_SSL_CTX_load_verify_dir) -- Gitee From 28f506bd7a1f6516906d9084eed122410a981aed Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Sat, 6 Jan 2024 17:33:42 +0800 Subject: [PATCH 06/14] add websocket code Signed-off-by: liuxiyao223 --- lib/tls/openssl/openssl-client.c | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c index a19ff003..f01b3009 100755 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -965,7 +965,6 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, } } - if (!ca_filepath && (!ca_mem || !ca_mem_len)) { #if defined(LWS_HAVE_SSL_CTX_load_verify_dir) if (!SSL_CTX_load_verify_dir( -- Gitee From e44953960aebabcc45da4589c4abaf53eec322fe Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Sat, 6 Jan 2024 19:28:23 +0800 Subject: [PATCH 07/14] add websocket code Signed-off-by: liuxiyao223 --- lib/tls/openssl/openssl-client.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c index f01b3009..83a3a5dd 100755 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -34,6 +34,8 @@ #include "private-lib-core.h" #include "private-lib-tls-openssl.h" +static const int MAX_CLIENT_SSL_CA_NUMBER = 10; + /* * Care: many openssl apis return 1 for success. These are translated to the * lws convention of 0 for success. @@ -954,13 +956,15 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, /* openssl init for cert verification (for client sockets) */ if (!ca_mem || !ca_mem_len) { - for (size_t i = 0; i < 9; i++) { - if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[i])) { - lwsl_err( - "Unable to load SSL Client certs from %s " - "(set by info->client_ssl_ca_dirs[%d]) -- " - "client ssl isn't going to work\n", - info->client_ssl_ca_dirs[i], i); + for (size_t i = 0; i < MAX_CLIENT_SSL_CA_NUMBER; i++) { + if (info->client_ssl_ca_dirs[i] != NULL) { + if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[i])) { + lwsl_err( + "Unable to load SSL Client certs from %s " + "(set by info->client_ssl_ca_dirs[%d]) -- " + "client ssl isn't going to work\n", + info->client_ssl_ca_dirs[i], i); + } } } } -- Gitee From ee32f65137faace506567eebf9abfe257bf44869 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 9 Jan 2024 10:51:38 +0800 Subject: [PATCH 08/14] add websocket code Signed-off-by: liuxiyao223 --- lib/tls/openssl/openssl-client.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/lib/tls/openssl/openssl-client.c b/lib/tls/openssl/openssl-client.c index 83a3a5dd..ca76727f 100755 --- a/lib/tls/openssl/openssl-client.c +++ b/lib/tls/openssl/openssl-client.c @@ -957,14 +957,13 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, /* openssl init for cert verification (for client sockets) */ if (!ca_mem || !ca_mem_len) { for (size_t i = 0; i < MAX_CLIENT_SSL_CA_NUMBER; i++) { - if (info->client_ssl_ca_dirs[i] != NULL) { - if (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[i])) { - lwsl_err( - "Unable to load SSL Client certs from %s " - "(set by info->client_ssl_ca_dirs[%d]) -- " - "client ssl isn't going to work\n", - info->client_ssl_ca_dirs[i], i); - } + if ((info->client_ssl_ca_dirs[i] != NULL) && + (!SSL_CTX_load_verify_locations(vh->tls.ssl_client_ctx, NULL, info->client_ssl_ca_dirs[i]))) { + lwsl_err( + "Unable to load SSL Client certs from %s " + "(set by info->client_ssl_ca_dirs[%d]) -- " + "client ssl isn't going to work\n", + info->client_ssl_ca_dirs[i], i); } } } -- Gitee From 36bda256a0d2b2ac13489ee08e67bdac66fd170e Mon Sep 17 00:00:00 2001 From: Aurora Date: Tue, 9 Jan 2024 03:49:08 +0000 Subject: [PATCH 09/14] update include/libwebsockets/lws-context-vhost.h. Signed-off-by: Aurora --- include/libwebsockets/lws-context-vhost.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index 9c09df10..e32479b4 100755 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -507,7 +507,6 @@ struct lws_context_creation_info { const void *client_ssl_ca_mem; /**< VHOST: Client SSL context init: CA certificate memory buffer or * NULL... use this to load CA cert from memory instead of file */ - const char *client_ssl_cipher_list; /**< VHOST: Client SSL context init: List of valid ciphers to use (eg, * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL" -- Gitee From bce192f65a828cf164d091b1f2704302bddb887d Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 9 Jan 2024 11:54:38 +0800 Subject: [PATCH 10/14] add websocket code Signed-off-by: liuxiyao223 --- include/libwebsockets/lws-context-vhost.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index e32479b4..a6345506 100755 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -503,7 +503,7 @@ struct lws_context_creation_info { const char *client_ssl_ca_filepath; /**< VHOST: Client SSL context init: CA certificate filepath or NULL */ const char *client_ssl_ca_dirs[10]; - /**< VHOST: Client SSL context init: CA certificate path or NULL */ + /**< VHOST: Client SSL context init: CA certificate path */ const void *client_ssl_ca_mem; /**< VHOST: Client SSL context init: CA certificate memory buffer or * NULL... use this to load CA cert from memory instead of file */ -- Gitee From 847493668efa77c7ec0bc39a01689d99c75e39f1 Mon Sep 17 00:00:00 2001 From: Aurora Date: Tue, 9 Jan 2024 03:55:20 +0000 Subject: [PATCH 11/14] update include/libwebsockets/lws-context-vhost.h. Signed-off-by: Aurora --- include/libwebsockets/lws-context-vhost.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index a6345506..49ecb77a 100755 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -502,7 +502,7 @@ struct lws_context_creation_info { * NULL... use this to load client key from memory instead of file */ const char *client_ssl_ca_filepath; /**< VHOST: Client SSL context init: CA certificate filepath or NULL */ - const char *client_ssl_ca_dirs[10]; + const char *client_ssl_ca_dirs[10]; /**< VHOST: Client SSL context init: CA certificate path */ const void *client_ssl_ca_mem; /**< VHOST: Client SSL context init: CA certificate memory buffer or -- Gitee From d7cdb9ecb05b7d25d38ea4bc758a3286e635a87d Mon Sep 17 00:00:00 2001 From: Aurora Date: Tue, 9 Jan 2024 03:56:11 +0000 Subject: [PATCH 12/14] update include/libwebsockets/lws-context-vhost.h. Signed-off-by: Aurora --- include/libwebsockets/lws-context-vhost.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index 49ecb77a..df8bf919 100755 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -505,7 +505,8 @@ struct lws_context_creation_info { const char *client_ssl_ca_dirs[10]; /**< VHOST: Client SSL context init: CA certificate path */ const void *client_ssl_ca_mem; - /**< VHOST: Client SSL context init: CA certificate memory buffer or + + /**< VHOST: Client SSL context init: CA certificate memory buffer or * NULL... use this to load CA cert from memory instead of file */ const char *client_ssl_cipher_list; /**< VHOST: Client SSL context init: List of valid ciphers to use (eg, -- Gitee From 205b096aaba6f961e0c596ce0725659d174b85a8 Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 9 Jan 2024 11:58:50 +0800 Subject: [PATCH 13/14] add websocket code Signed-off-by: liuxiyao223 --- include/libwebsockets/lws-context-vhost.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index df8bf919..40194971 100755 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -505,9 +505,9 @@ struct lws_context_creation_info { const char *client_ssl_ca_dirs[10]; /**< VHOST: Client SSL context init: CA certificate path */ const void *client_ssl_ca_mem; - - /**< VHOST: Client SSL context init: CA certificate memory buffer or + /**< VHOST: Client SSL context init: CA certificate memory buffer or * NULL... use this to load CA cert from memory instead of file */ + const char *client_ssl_cipher_list; /**< VHOST: Client SSL context init: List of valid ciphers to use (eg, * "RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL" -- Gitee From 14096b25e1ee26949a3cfdfb1cd5709592a557eb Mon Sep 17 00:00:00 2001 From: liuxiyao223 Date: Tue, 9 Jan 2024 12:01:03 +0800 Subject: [PATCH 14/14] add websocket code Signed-off-by: liuxiyao223 --- include/libwebsockets/lws-context-vhost.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h index 40194971..93972b42 100755 --- a/include/libwebsockets/lws-context-vhost.h +++ b/include/libwebsockets/lws-context-vhost.h @@ -503,7 +503,7 @@ struct lws_context_creation_info { const char *client_ssl_ca_filepath; /**< VHOST: Client SSL context init: CA certificate filepath or NULL */ const char *client_ssl_ca_dirs[10]; - /**< VHOST: Client SSL context init: CA certificate path */ + /**< VHOST: Client SSL context init: CA certificate path or NULL */ const void *client_ssl_ca_mem; /**< VHOST: Client SSL context init: CA certificate memory buffer or * NULL... use this to load CA cert from memory instead of file */ -- Gitee