From de34b2088dc531989370be98b30794f75a593535 Mon Sep 17 00:00:00 2001 From: Habbus Date: Wed, 23 Oct 2024 15:41:32 +0200 Subject: [PATCH 1/9] added option to use an OEM root certificate (this not something standard in ocpp1.6, but will be standard in later ocpp versions to support installing these types of certificates to set up mutual tls with an ev --- .../DefaultChargePointEventsHandler.cpp | 40 ++++++++++++++----- .../common/DefaultChargePointEventsHandler.h | 2 + .../interface/IChargePointEventsHandler.h | 2 + src/chargepoint/iso15118/Iso15118Manager.cpp | 7 +++- src/types/Enums.h | 8 +++- tests/deploy/main.cpp | 2 + tests/stubs/ChargePointEventsHandlerStub.cpp | 5 ++- tests/stubs/ChargePointEventsHandlerStub.h | 2 + 8 files changed, 53 insertions(+), 15 deletions(-) diff --git a/examples/common/DefaultChargePointEventsHandler.cpp b/examples/common/DefaultChargePointEventsHandler.cpp index 369039b0..fd6e1e8d 100644 --- a/examples/common/DefaultChargePointEventsHandler.cpp +++ b/examples/common/DefaultChargePointEventsHandler.cpp @@ -786,17 +786,20 @@ ocpp::types::DeleteCertificateStatusEnumType DefaultChargePointEventsHandler::is bool, bool, bool, + bool, std::vector>>&) */ void DefaultChargePointEventsHandler::iso15118GetInstalledCertificates( bool v2g_root_certificate, bool mo_root_certificate, bool v2g_certificate_chain, + bool oem_root_certificate, std::vector>>& certificates) { cout << "ISO15118 get installed certificates requested : v2g_root_certificate = " << (v2g_root_certificate ? "yes" : "no") << " - mo_root_certificate = " << (mo_root_certificate ? "yes" : "no") - << " - v2g_certificate_chain = " << (v2g_certificate_chain ? "yes" : "no") << endl; + << " - v2g_certificate_chain = " << (v2g_certificate_chain ? "yes" : "no") + << " - oem_root_certificate = " << (oem_root_certificate ? "yes" : "no") << endl; for (auto const& dir_entry : std::filesystem::directory_iterator{m_working_dir}) { @@ -833,6 +836,16 @@ void DefaultChargePointEventsHandler::iso15118GetInstalledCertificates( certificates.emplace_back(std::move(tuple)); } } + if (oem_root_certificate) + { + if (ocpp::helpers::startsWith(filename, "iso_oem_root_") && ocpp::helpers::endsWith(filename, ".pem")) + { + auto tuple = std::make_tuple(GetCertificateIdUseEnumType::OEMRootCertificate, + Certificate(dir_entry.path()), + std::vector()); + certificates.emplace_back(std::move(tuple)); + } + } } } } @@ -856,18 +869,23 @@ ocpp::types::InstallCertificateStatusEnumType DefaultChargePointEventsHandler::i Sha2 sha256; sha256.compute(certificate.pem().c_str(), certificate.pem().size()); - if (type == InstallCertificateUseEnumType::V2GRootCertificate) - { - // V2 root certificate - std::stringstream name; - name << "iso_v2g_root_" << sha256.resultString() << ".pem"; - cert_filename = (m_working_dir / name.str()).string(); - } - else { - // MO root certificate std::stringstream name; - name << "iso_mo_root_" << sha256.resultString() << ".pem"; + switch (type) + { + case InstallCertificateUseEnumType::V2GRootCertificate: + name << "iso_v2g_root_"; + break; + case InstallCertificateUseEnumType::MORootCertificate: + name << "iso_mo_root_"; + break; + case InstallCertificateUseEnumType::OEMRootCertificate: + // Intended fallthrough + default: + name << "iso_oem_root_"; + break; + } + name << sha256.resultString() << ".pem"; cert_filename = (m_working_dir / name.str()).string(); } diff --git a/examples/common/DefaultChargePointEventsHandler.h b/examples/common/DefaultChargePointEventsHandler.h index cc23c18d..6e40d6cf 100644 --- a/examples/common/DefaultChargePointEventsHandler.h +++ b/examples/common/DefaultChargePointEventsHandler.h @@ -186,11 +186,13 @@ class DefaultChargePointEventsHandler : public ocpp::chargepoint::IChargePointEv bool, bool, bool, + bool, std::vector>>&) */ void iso15118GetInstalledCertificates( bool v2g_root_certificate, bool mo_root_certificate, bool v2g_certificate_chain, + bool oem_root_certificate, std::vector>>& certificates) override; diff --git a/src/chargepoint/interface/IChargePointEventsHandler.h b/src/chargepoint/interface/IChargePointEventsHandler.h index f8faed84..e8b22e25 100644 --- a/src/chargepoint/interface/IChargePointEventsHandler.h +++ b/src/chargepoint/interface/IChargePointEventsHandler.h @@ -324,12 +324,14 @@ class IChargePointEventsHandler * @param v2g_root_certificate Indicate if V2G root certificates must be listed * @param mo_root_certificate Indicate if MO root certificates must be listed * @param v2g_certificate_chain Indicate if V2G certificate chains must be listed + * @param oem_root_certificate Indicate if OEM root certificates must be listed * @param certificates Installed certificates with their type */ virtual void iso15118GetInstalledCertificates( bool v2g_root_certificate, bool mo_root_certificate, bool v2g_certificate_chain, + bool oem_root_certificate, std::vector>>& certificates) = 0; diff --git a/src/chargepoint/iso15118/Iso15118Manager.cpp b/src/chargepoint/iso15118/Iso15118Manager.cpp index 923fd620..14aeb522 100644 --- a/src/chargepoint/iso15118/Iso15118Manager.cpp +++ b/src/chargepoint/iso15118/Iso15118Manager.cpp @@ -339,12 +339,14 @@ void Iso15118Manager::handle(const ocpp::messages::Iso15118GetInstalledCertifica bool v2g_root_certificate = false; bool mo_root_certificate = false; bool v2g_certificate_chain = false; + bool oem_root_certificate = false; if (request.certificateType.empty()) { // All types requested v2g_root_certificate = true; mo_root_certificate = true; v2g_certificate_chain = true; + oem_root_certificate = true; } else { @@ -359,6 +361,9 @@ void Iso15118Manager::handle(const ocpp::messages::Iso15118GetInstalledCertifica case GetCertificateIdUseEnumType::MORootCertificate: mo_root_certificate = true; break; + case GetCertificateIdUseEnumType::OEMRootCertificate: + oem_root_certificate = true; + break; case GetCertificateIdUseEnumType::V2GCertificateChain: // Intended fallthrough default: @@ -370,7 +375,7 @@ void Iso15118Manager::handle(const ocpp::messages::Iso15118GetInstalledCertifica // Notify handler to get the list of installed certificates std::vector>> certificates; - m_events_handler.iso15118GetInstalledCertificates(v2g_root_certificate, mo_root_certificate, v2g_certificate_chain, certificates); + m_events_handler.iso15118GetInstalledCertificates(v2g_root_certificate, mo_root_certificate, v2g_certificate_chain, oem_root_certificate, certificates); if (!certificates.empty()) { // Compute hashes for each certificate diff --git a/src/types/Enums.h b/src/types/Enums.h index 815ec2c9..c67bc70e 100644 --- a/src/types/Enums.h +++ b/src/types/Enums.h @@ -1025,7 +1025,9 @@ enum class GetCertificateIdUseEnumType their certificates from the V2G root */ MORootCertificate, /** @brief ISO 15118 V2G certificate chain (excluding the V2GRootCertificate) */ - V2GCertificateChain + V2GCertificateChain, + /** @brief ISO 15118-20 OEM root certificates */ + OEMRootCertificate }; /** @brief Helper to convert a GetCertificateIdUseEnumType enum to string */ @@ -1064,7 +1066,9 @@ enum class InstallCertificateUseEnumType certificates */ V2GRootCertificate, /** @brief Use for certificate from an eMobility Service */ - MORootCertificate + MORootCertificate, + /** @brief Use for certificate from an OEM (Vehicle Manufacturer used for bi-directional TLS connection between Secc and EV */ + OEMRootCertificate }; /** @brief Helper to convert a InstallCertificateUseEnumType enum to string */ diff --git a/tests/deploy/main.cpp b/tests/deploy/main.cpp index 529eda5d..40df9f6b 100644 --- a/tests/deploy/main.cpp +++ b/tests/deploy/main.cpp @@ -923,12 +923,14 @@ class ChargePointEventsHandler : public IChargePointEventsHandler bool v2g_root_certificate, bool mo_root_certificate, bool v2g_certificate_chain, + bool oem_root_certificate, std::vector>>& certificates) override { (void)v2g_root_certificate; (void)mo_root_certificate; (void)v2g_certificate_chain; + (void)oem_root_certificate; (void)certificates; } diff --git a/tests/stubs/ChargePointEventsHandlerStub.cpp b/tests/stubs/ChargePointEventsHandlerStub.cpp index ce30bedf..64e88762 100755 --- a/tests/stubs/ChargePointEventsHandlerStub.cpp +++ b/tests/stubs/ChargePointEventsHandlerStub.cpp @@ -339,18 +339,21 @@ ocpp::types::DeleteCertificateStatusEnumType ChargePointEventsHandlerStub::iso15 bool, bool, bool, + bool, std::vector>>&) */ void ChargePointEventsHandlerStub::iso15118GetInstalledCertificates( bool v2g_root_certificate, bool mo_root_certificate, bool v2g_certificate_chain, + bool oem_root_certificate, std::vector>>& certificates) { (void)certificates; m_calls["iso15118GetInstalledCertificates"] = {{"v2g_root_certificate", std::to_string(v2g_root_certificate)}, {"mo_root_certificate", std::to_string(mo_root_certificate)}, - {"v2g_certificate_chain", std::to_string(v2g_certificate_chain)}}; + {"v2g_certificate_chain", std::to_string(v2g_certificate_chain)}, + {"oem_root_certificate", std::to_string(oem_root_certificate)}}; } /** @copydoc ocpp::types::InstallCertificateStatusEnumType IChargePointEventsHandler::iso15118CertificateReceived( diff --git a/tests/stubs/ChargePointEventsHandlerStub.h b/tests/stubs/ChargePointEventsHandlerStub.h index 5f9754da..f173d85d 100755 --- a/tests/stubs/ChargePointEventsHandlerStub.h +++ b/tests/stubs/ChargePointEventsHandlerStub.h @@ -173,11 +173,13 @@ class ChargePointEventsHandlerStub : public ocpp::chargepoint::IChargePointEvent bool, bool, bool, + bool, std::vector>>&) */ void iso15118GetInstalledCertificates( bool v2g_root_certificate, bool mo_root_certificate, bool v2g_certificate_chain, + bool oem_root_certificate, std::vector>>& certificates) override; From a06756ea156b7fdd41db36a5082e8453387342f7 Mon Sep 17 00:00:00 2001 From: Habbus Date: Thu, 24 Oct 2024 10:07:21 +0200 Subject: [PATCH 2/9] Updated enumhelpers for OEMRootCertificate --- src/messages/Iso15118InstallCertificate.cpp | 3 ++- src/messages/types/CertificateHashDataChainTypeConverter.cpp | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/messages/Iso15118InstallCertificate.cpp b/src/messages/Iso15118InstallCertificate.cpp index a483fee8..38579306 100644 --- a/src/messages/Iso15118InstallCertificate.cpp +++ b/src/messages/Iso15118InstallCertificate.cpp @@ -29,7 +29,8 @@ namespace types /** @brief Helper to convert a enum class InstallCertificateUseEnumType enum to string */ const EnumToStringFromString InstallCertificateUseEnumTypeHelper = { {InstallCertificateUseEnumType::MORootCertificate, "MORootCertificate"}, - {InstallCertificateUseEnumType::V2GRootCertificate, "V2GRootCertificate"}}; + {InstallCertificateUseEnumType::V2GRootCertificate, "V2GRootCertificate"}, + {InstallCertificateUseEnumType::OEMRootCertificate, "OEMRootCertificate"}}; /** @brief Helper to convert a enum class InstallCertificateStatusEnumType enum to string */ const EnumToStringFromString InstallCertificateStatusEnumTypeHelper = { diff --git a/src/messages/types/CertificateHashDataChainTypeConverter.cpp b/src/messages/types/CertificateHashDataChainTypeConverter.cpp index 10d7f5fb..4fd98cb3 100644 --- a/src/messages/types/CertificateHashDataChainTypeConverter.cpp +++ b/src/messages/types/CertificateHashDataChainTypeConverter.cpp @@ -32,8 +32,8 @@ namespace types const EnumToStringFromString GetCertificateIdUseEnumTypeHelper = { {GetCertificateIdUseEnumType::MORootCertificate, "MORootCertificate"}, {GetCertificateIdUseEnumType::V2GCertificateChain, "V2GCertificateChain"}, - {GetCertificateIdUseEnumType::V2GRootCertificate, "V2GRootCertificate"}}; - + {GetCertificateIdUseEnumType::V2GRootCertificate, "V2GRootCertificate"}, + {GetCertificateIdUseEnumType::OEMRootCertificate, "OEMRootCertificate"}}; } // namespace types namespace messages From 159258e735221eb37f4d092ec6d2bbe324168840 Mon Sep 17 00:00:00 2001 From: c-jimenez <18682655+c-jimenez@users.noreply.github.com> Date: Tue, 4 Feb 2025 10:04:02 +0100 Subject: [PATCH 3/9] =?UTF-8?q?[message]=C2=A0Add=20error=20log=20when=20r?= =?UTF-8?q?esponse=20to=20call=20request=20doesn't=20match=20the=20JSON=20?= =?UTF-8?q?schema?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/messages/GenericMessageSender.h | 43 +++++++++++++++++++---------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/src/messages/GenericMessageSender.h b/src/messages/GenericMessageSender.h index 95ccac17..9f927ec5 100644 --- a/src/messages/GenericMessageSender.h +++ b/src/messages/GenericMessageSender.h @@ -21,6 +21,7 @@ along with OpenOCPP. If not, see . #include "IRequestFifo.h" #include "IRpc.h" +#include "Logger.h" #include "MessagesConverter.h" #include "MessagesValidator.h" @@ -152,15 +153,22 @@ class GenericMessageSender { // Validate response ocpp::json::JsonValidator* validator = m_messages_validator.getValidator(action, false); - if (validator && validator->isValid(resp)) + if (validator) { - // Convert response - std::string error_code; - std::string error_message; - resp_converter->setAllocator(&rpc_frame.GetAllocator()); - if (resp_converter->fromJson(resp, response, error_code, error_message)) + if (validator->isValid(resp)) { - ret = CallResult::Ok; + // Convert response + std::string error_code; + std::string error_message; + resp_converter->setAllocator(&rpc_frame.GetAllocator()); + if (resp_converter->fromJson(resp, response, error_code, error_message)) + { + ret = CallResult::Ok; + } + } + else + { + LOG_ERROR << "[" << action << "] - Invalid response : " << validator->lastError(); } } } @@ -219,15 +227,22 @@ class GenericMessageSender { // Validate response ocpp::json::JsonValidator* validator = m_messages_validator.getValidator(action, false); - if (validator && validator->isValid(resp)) + if (validator) { - // Convert response - std::string error_code; - std::string error_message; - resp_converter->setAllocator(&rpc_frame.GetAllocator()); - if (resp_converter->fromJson(resp, response, error_code, error_message)) + if (validator->isValid(resp)) + { + // Convert response + std::string error_code; + std::string error_message; + resp_converter->setAllocator(&rpc_frame.GetAllocator()); + if (resp_converter->fromJson(resp, response, error_code, error_message)) + { + ret = CallResult::Ok; + } + } + else { - ret = CallResult::Ok; + LOG_ERROR << "[" << action << "] - Invalid response : " << validator->lastError(); } } } From d164fe120c4f3ed1ee54b1b0055c21c649bcd2d4 Mon Sep 17 00:00:00 2001 From: c-jimenez <18682655+c-jimenez@users.noreply.github.com> Date: Tue, 4 Feb 2025 10:21:33 +0100 Subject: [PATCH 4/9] [libwebsocket] Update to version 4.3.3 --- 3rdparty/libwebsockets/.sai.json | 53 +++++++++++++---- 3rdparty/libwebsockets/CMakeLists.txt | 6 +- 3rdparty/libwebsockets/cmake/lws_config.h.in | 1 + .../libwebsockets/include/libwebsockets.h | 4 -- .../include/libwebsockets/lws-callbacks.h | 9 --- .../include/libwebsockets/lws-context-vhost.h | 13 +++-- 3rdparty/libwebsockets/lib/CMakeLists.txt | 2 + .../lib/core-net/client/connect3.c | 8 ++- 3rdparty/libwebsockets/lib/core-net/vhost.c | 14 +++++ 3rdparty/libwebsockets/lib/core/context.c | 28 ++++++--- .../libwebsockets/lib/core/private-lib-core.h | 4 ++ .../lib/event-libs/libuv/libuv.c | 5 +- .../libwebsockets/lib/misc/base64-decode.c | 2 +- 3rdparty/libwebsockets/lib/misc/dir.c | 4 +- .../lib/plat/freertos/esp32/esp_attr.h | 58 ------------------- .../lib/plat/unix/unix-sockets.c | 2 +- .../lib/plat/windows/windows-file.c | 11 ++-- .../lib/plat/windows/windows-service.c | 5 +- .../lib/plat/windows/windows-sockets.c | 14 ++++- 3rdparty/libwebsockets/lib/roles/h2/http2.c | 2 +- .../lib/roles/http/client/client-http.c | 2 +- .../lib/roles/http/server/lws-spa.c | 6 +- .../lib/roles/http/server/server.c | 10 +++- .../lib/roles/ws/client-parser-ws.c | 1 + .../lib/secure-streams/protocols/ss-h1.c | 19 ++++-- 3rdparty/libwebsockets/lib/tls/CMakeLists.txt | 11 ++-- .../lib/tls/mbedtls/CMakeLists.txt | 2 + .../lib/tls/mbedtls/mbedtls-server.c | 4 -- .../lib/tls/mbedtls/wrapper/platform/ssl_pm.c | 14 +++++ .../lib/tls/openssl/openssl-client.c | 8 ++- .../lib/tls/openssl/openssl-server.c | 30 ++++------ .../lib/tls/openssl/openssl-ssl.c | 5 +- .../CMakeLists.txt | 2 +- .../libwebsockets/test-apps/CMakeLists.txt | 2 +- 34 files changed, 202 insertions(+), 159 deletions(-) delete mode 100644 3rdparty/libwebsockets/lib/plat/freertos/esp32/esp_attr.h diff --git a/3rdparty/libwebsockets/.sai.json b/3rdparty/libwebsockets/.sai.json index 1d9fcfc9..3d349e94 100644 --- a/3rdparty/libwebsockets/.sai.json +++ b/3rdparty/libwebsockets/.sai.json @@ -5,7 +5,7 @@ # has somewhere to go to find its /usr/share content like certs "platforms": { - "linux-debian-buster/x86_64-amd/gcc": { + "linux-debian-11/x86_64-amd/gcc": { "build": "mkdir build destdir;cd build;export CCACHE_DISABLE=1;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export SAI_CPACK=\"-G DEB\";cmake .. ${cmake} && make -j4 && rm -rf ../destdir && make -j DESTDIR=../destdir install && ctest -j2 --output-on-failure ${cpack}" }, "linux-debian-buster/x86-amd/gcc": { @@ -20,6 +20,10 @@ "linux-debian-sid/x86-amd/gcc": { "build": "mkdir build destdir;cd build;export CCACHE_DISABLE=1;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export SAI_CPACK=\"-G DEB\";cmake .. ${cmake} && make -j4 && rm -rf ../destdir && make -j DESTDIR=../destdir install && ctest -j2 --output-on-failure ${cpack}" }, + "linux-debian-sid/x86_64-amd/gcc": { + "build": "mkdir build destdir;cd build;export CCACHE_DISABLE=1;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export SAI_CPACK=\"-G DEB\";cmake .. ${cmake} && make -j4 && rm -rf ../destdir && make -j DESTDIR=../destdir install && ctest -j2 --output-on-failure ${cpack}" + }, + "linux-ubuntu-1804/x86_64-amd/gcc": { "build": "mkdir build destdir;cd build;export CCACHE_DISABLE=1;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export SAI_CPACK=\"-G DEB\";cmake .. ${cmake} && make -j4 && rm -rf ../destdir && make -j DESTDIR=../destdir install && ctest -j2 --output-on-failure ${cpack}" }, @@ -38,6 +42,9 @@ "linux-centos-8/x86_64-amd/gcc": { "build": "mkdir build destdir;cd build;export CCACHE_DISABLE=1;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export SAI_CPACK=\"-G RPM\";cmake .. ${cmake} && make -j4 && rm -rf ../destdir && make -j DESTDIR=../destdir install && ctest -j2 --output-on-failure ${cpack}" }, + "linux-centos-8/aarch64-a72-bcm2711-rpi4/gcc": { + "build": "mkdir build destdir;cd build;export CCACHE_DISABLE=1;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export SAI_CPACK=\"-G RPM\";cmake .. ${cmake} && make -j4 && rm -rf ../destdir && make -j DESTDIR=../destdir install && ctest -j2 --output-on-failure ${cpack}" + }, "linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc": { "build": "mkdir build;cd build;export CCACHE_DISABLE=1;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export SAI_CPACK=\"-G DEB\";cmake .. ${cmake} && make -j3 && rm -rf ../destdir && make -j DESTDIR=../destdir install && ctest -j3 --output-on-failure ${cpack}", "default": false @@ -91,6 +98,11 @@ "build": "rm -rf ebuild ; mkdir ebuild; cd ebuild; cp -rp ../minimal-examples/embedded/esp32/${cpack} . ; cd ${cpack} ; . /opt/esp/esp-idf/export.sh ; ln -sf ../.. libwebsockets ; idf.py set-target esp32 && cp libwebsockets/minimal-examples/embedded/esp32/${cpack}/sdkconfig . && cp sdkconfig.h build && idf.py ${cmake} build size size-components size-files && cd build && /usr/local/bin/sai-device ${cpack} ESPPORT=0 ctest --output-on-failure", "default": false }, + "freertos-espidf/riscv-esp32c3/gcc": { + "build": "rm -rf ebuild ; mkdir ebuild; cd ebuild; cp -rp ../minimal-examples/embedded/esp32/${cpack} . ; cd ${cpack} ; . /opt/esp/esp-idf/export.sh ; ln -sf ../.. libwebsockets ; idf.py set-target esp32c3 && cp libwebsockets/minimal-examples/embedded/esp32/${cpack}/sdkconfig . && cp sdkconfig.h build && idf.py ${cmake} build size size-components size-files && cd build && /usr/local/bin/sai-device ${cpack} ESPPORT=0 ctest --output-on-failure", + "default": false + }, + "linux-fedora-32/riscv64-virt/gcc": { "build": "mkdir build destdir;cd build;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export CCACHE_DISABLE=1;export SAI_CPACK=\"-G RPM\";cmake .. ${cmake} && make -j4 && rm -rf ../destdir && make -j12 DESTDIR=../destdir install && ctest -j3 --output-on-failure ${cpack}", "default": false @@ -105,29 +117,39 @@ "netbsd/aarch64BE-bcm2837-a53/gcc": { "build": "mkdir build destdir;cd build;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export CCACHE_DISABLE=1;cmake .. ${cmake};make -j6 && rm -rf ../destdir && make -j6 DESTDIR=../destdir install && /usr/pkg/bin/ctest -j3 --output-on-failure", "default": false + }, + "netbsd/x86_64-amd/gcc": { + "build": "mkdir build destdir;cd build;export LD_LIBRARY_PATH=../destdir/usr/local/share/libwebsockets-test-server/plugins:../destdir/usr/local/lib;export CCACHE_DISABLE=1;cmake .. ${cmake};make -j6 && rm -rf ../destdir && make -j6 DESTDIR=../destdir install && /usr/pkg/bin/ctest -j3 --output-on-failure", + "default": false } + }, "configurations": { "default": { "cmake": "", - "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, freertos-linkit/arm32-m4-mt7697-usi/gcc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, w10/x86_64-amd/mingw32, w10/x86_64-amd/mingw64, netbsd/aarch64BE-bcm2837-a53/gcc, w10/x86_64-amd/wmbedtlsmsvc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" + "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, freertos-linkit/arm32-m4-mt7697-usi/gcc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, w10/x86_64-amd/mingw32, w10/x86_64-amd/mingw64, netbsd/aarch64BE-bcm2837-a53/gcc, netbsd/x86_64-amd/gcc, w10/x86_64-amd/wmbedtlsmsvc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" }, "default-noudp": { "cmake": "-DLWS_WITH_UDP=0", - "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, freertos-linkit/arm32-m4-mt7697-usi/gcc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, w10/x86_64-amd/mingw32, w10/x86_64-amd/mingw64, netbsd/aarch64BE-bcm2837-a53/gcc, w10/x86_64-amd/wmbedtlsmsvc" + "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, freertos-linkit/arm32-m4-mt7697-usi/gcc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, w10/x86_64-amd/mingw32, w10/x86_64-amd/mingw64, netbsd/aarch64BE-bcm2837-a53/gcc, netbsd/x86_64-amd/gcc, w10/x86_64-amd/wmbedtlsmsvc" }, "fault-injection": { - "cmake": "-DLWS_WITH_SYS_FAULT_INJECTION=1 -DLWS_WITH_MINIMAL_EXAMPLES=1", + "cmake": "-DLWS_WITH_SYS_FAULT_INJECTION=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_CBOR=1", "platforms": "w10/x86_64-amd/msvc" }, + "esp32-c3": { + "cmake": "-DLWS_IPV6=0", + "cpack": "esp-c3dev", + "platforms": "none, freertos-espidf/riscv-esp32c3/gcc" + }, "esp32-heltec": { "cmake": "-DLWS_IPV6=0", "cpack": "esp-heltec-wb32", "platforms": "none, freertos-espidf/xl6-esp32/gcc" }, "esp32-wrover": { - "cmake": "-DLWS_IPV6=0", + "cmake": "-DLWS_IPV6=0 -DLWS_WITH_CBOR=1", "cpack": "esp-wrover-kit", "platforms": "none, freertos-espidf/xl6-esp32/gcc" }, @@ -158,11 +180,11 @@ }, "default-examples": { "cmake": "-DLWS_WITH_MINIMAL_EXAMPLES=1", - "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, netbsd/aarch64BE-bcm2837-a53/gcc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" + "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, netbsd/aarch64BE-bcm2837-a53/gcc, netbsd/x86_64-amd/gcc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" }, "default-examples-tls-sess": { "cmake": "-DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_TLS_SESSIONS=1", - "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, netbsd/aarch64BE-bcm2837-a53/gcc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" + "platforms": "w10/x86_64-amd/msvc, w10/x86_64-amd/noptmsvc, linux-ubuntu-2004/aarch64-a72-bcm2711-rpi4/gcc, netbsd/aarch64BE-bcm2837-a53/gcc, netbsd/x86_64-amd/gcc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" }, "h1only-examples": { "cmake": "cmake .. -DLWS_WITH_HTTP2=0 -DLWS_WITH_MINIMAL_EXAMPLES=1", @@ -187,11 +209,11 @@ }, "secure-streams-proxy": { "cmake": "-DLWS_WITH_SECURE_STREAMS=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_SECURE_STREAMS_AUTH_SIGV4=1", - "platforms": "not w10/x86_64-amd/msvc, netbsd/aarch64BE-bcm2837-a53/gcc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" + "platforms": "not w10/x86_64-amd/msvc, netbsd/aarch64BE-bcm2837-a53/gcc, netbsd/x86_64-amd/gcc, openbsd/x86_64-amd/llvm, solaris/x86_64-amd/gcc" }, "secure-streams-proxy-metrics": { "cmake": "-DLWS_WITH_SECURE_STREAMS=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_SECURE_STREAMS_AUTH_SIGV4=1 -DLWS_WITH_SYS_METRICS=1", - "platforms": "not w10/x86_64-amd/msvc, netbsd/aarch64BE-bcm2837-a53/gcc" + "platforms": "not w10/x86_64-amd/msvc, netbsd/aarch64BE-bcm2837-a53/gcc, netbsd/x86_64-amd/gcc" }, "distro_recommended": { # minimal examples also needed for ctest "cmake": "-DLWS_WITH_DISTRO_RECOMMENDED=1 -DLWS_WITH_MINIMAL_EXAMPLES=1", @@ -210,7 +232,7 @@ "platforms": "not linux-centos-8/x86_64-amd/gcc" }, "lwsws2": { - "cmake": "-DLWS_WITH_LWSWS=ON -DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_HTTP2=1 -DLWS_WITH_ACME=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_LWS_DSH=1", + "cmake": "-DLWS_WITH_LWSWS=ON -DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_HTTP2=1 -DLWS_WITH_ACME=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_LWS_DSH=1 -DLWS_WITH_CACHE_NSCOOKIEJAR=0", # no distro -devel package for libuv "platforms": "not linux-centos-8/x86_64-amd/gcc" }, @@ -221,11 +243,11 @@ "mbedtls": { "cmake": "-DLWS_WITH_MBEDTLS=1 -DLWS_WITH_HTTP2=1 -DLWS_WITH_LWSWS=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_JOSE=1 -DCMAKE_BUILD_TYPE=DEBUG", # no distro -devel package for mbedtls - "platforms": "not linux-centos-7/x86_64-amd/gcc, not linux-centos-8/x86_64-amd/gcc" + "platforms": "not linux-centos-7/x86_64-amd/gcc, not linux-centos-8/x86_64-amd/gcc, not linux-ubuntu-xenial/x86_64-amd/gcc" }, "mbedtls-metrics": { "cmake": "-DLWS_WITH_MBEDTLS=1 -DLWS_WITH_HTTP2=1 -DLWS_WITH_LWSWS=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_JOSE=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_SYS_METRICS=1", - "platforms": "not linux-centos-7/x86_64-amd/gcc, not linux-centos-8/x86_64-amd/gcc" + "platforms": "not linux-centos-7/x86_64-amd/gcc, not linux-centos-8/x86_64-amd/gcc, not linux-ubuntu-xenial/x86_64-amd/gcc" }, "noserver": { "cmake": "-DLWS_WITHOUT_SERVER=ON -DLWS_WITH_MINIMAL_EXAMPLES=1 -DLWS_WITH_SECURE_STREAMS=1", @@ -279,6 +301,13 @@ "nologs": { "cmake": "-DLWS_WITH_NO_LOGS=ON" }, + "cookiejar": { + "cmake": "-DLWS_WITH_CACHE_NSCOOKIEJAR=ON" + }, + "jittrust": { + "cmake": "-DLWS_WITH_TLS_JIT_TRUST=1", + "platforms": "none, linux-fedora-32/x86_64-amd/gcc" + }, "smp": { "cmake": "-DLWS_MAX_SMP=32 -DLWS_WITH_MINIMAL_EXAMPLES=1" }, diff --git a/3rdparty/libwebsockets/CMakeLists.txt b/3rdparty/libwebsockets/CMakeLists.txt index cd04edbf..bd1f9a35 100644 --- a/3rdparty/libwebsockets/CMakeLists.txt +++ b/3rdparty/libwebsockets/CMakeLists.txt @@ -410,7 +410,7 @@ set(CPACK_RPM_PACKAGE_LICENSE "MIT") set(CPACK_PACKAGE_NAME "${PACKAGE}") set(CPACK_PACKAGE_VERSION_MAJOR "4") set(CPACK_PACKAGE_VERSION_MINOR "3") -set(CPACK_PACKAGE_VERSION_PATCH_NUMBER "2") +set(CPACK_PACKAGE_VERSION_PATCH_NUMBER "3") set(CPACK_PACKAGE_VERSION_PATCH "${CPACK_PACKAGE_VERSION_PATCH_NUMBER}-${LWS_BUILD_HASH}") set(CPACK_PACKAGE_RELEASE 1) @@ -849,6 +849,8 @@ endif() if (MSVC) # Turn off pointless microsoft security warnings. add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) + # Fail the build if any warnings + add_compile_options(/W3 /WX) # Unbreak MSVC broken preprocessor __VA_ARGS__ behaviour if (MSVC_VERSION GREATER 1925) add_compile_options(/Zc:preprocessor /wd5105) @@ -880,7 +882,7 @@ endif() # # ZLIB (needed for deflate extension and if LWS_WITH_HTTP_STREAM_COMPRESSION) # -if (LWS_WITH_ZLIB) +if (LWS_WITH_ZLIB AND NOT LWS_WITH_BUNDLED_ZLIB) if (NOT ZLIB_FOUND) if (LWS_WITH_MINIZ) find_package(Miniz REQUIRED) diff --git a/3rdparty/libwebsockets/cmake/lws_config.h.in b/3rdparty/libwebsockets/cmake/lws_config.h.in index f3f4a9d7..e69d0845 100644 --- a/3rdparty/libwebsockets/cmake/lws_config.h.in +++ b/3rdparty/libwebsockets/cmake/lws_config.h.in @@ -78,6 +78,7 @@ #cmakedefine LWS_HAVE_mbedtls_ssl_set_verify #cmakedefine LWS_HAVE_mbedtls_x509_crt_parse_file #cmakedefine LWS_HAVE_MBEDTLS_NET_SOCKETS +#cmakedefine LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET #cmakedefine LWS_HAVE_MBEDTLS_AUTH_KEY_ID #cmakedefine LWS_HAVE_NEW_UV_VERSION_H #cmakedefine LWS_HAVE_OPENSSL_ECDH_H diff --git a/3rdparty/libwebsockets/include/libwebsockets.h b/3rdparty/libwebsockets/include/libwebsockets.h index 8fb98c34..7454828a 100644 --- a/3rdparty/libwebsockets/include/libwebsockets.h +++ b/3rdparty/libwebsockets/include/libwebsockets.h @@ -41,10 +41,6 @@ extern "C" { #include "lws_config.h" -#if defined(LWS_SUPPRESS_DEPRECATED_API_WARNINGS) -#define OPENSSL_USE_DEPRECATED -#endif - /* place for one-shot opaque forward references */ typedef struct lws_context * lws_ctx_t; diff --git a/3rdparty/libwebsockets/include/libwebsockets/lws-callbacks.h b/3rdparty/libwebsockets/include/libwebsockets/lws-callbacks.h index fd36f7c7..455bfb0e 100644 --- a/3rdparty/libwebsockets/include/libwebsockets/lws-callbacks.h +++ b/3rdparty/libwebsockets/include/libwebsockets/lws-callbacks.h @@ -160,15 +160,6 @@ enum lws_callback_reasons { * the default callback action of returning 0 allows the client * certificates. */ - LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY = 37, - /**< if configured for including OpenSSL support but no private key - * file has been specified (ssl_private_key_filepath is NULL), this is - * called to allow the user to set the private key directly via - * libopenssl and perform further operations if required; this might be - * useful in situations where the private key is not directly accessible - * by the OS, for example if it is stored on a smartcard. - * user is the server's OpenSSL SSL_CTX* */ - LWS_CALLBACK_SSL_INFO = 67, /**< SSL connections only. An event you registered an * interest in at the vhost has occurred on a connection diff --git a/3rdparty/libwebsockets/include/libwebsockets/lws-context-vhost.h b/3rdparty/libwebsockets/include/libwebsockets/lws-context-vhost.h index b3de140b..c1406840 100644 --- a/3rdparty/libwebsockets/include/libwebsockets/lws-context-vhost.h +++ b/3rdparty/libwebsockets/include/libwebsockets/lws-context-vhost.h @@ -390,10 +390,15 @@ struct lws_context_creation_info { */ const char *ssl_private_key_filepath; /**< VHOST: filepath to private key if wanting SSL mode; - * if this is set to NULL but ssl_cert_filepath is set, the - * OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY callback is called - * to allow setting of the private key directly via openSSL - * library calls. (For backwards compatibility, this can also be used + * this should not be set to NULL when ssl_cert_filepath is set. + * + * Alteratively, the certificate and private key can both be set in + * the OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS callback directly via + * openSSL library calls. This requires that + * LWS_SERVER_OPTION_CREATE_VHOST_SSL_CTX is set in the vhost info options + * to force initializtion of the SSL_CTX context. + * + * (For backwards compatibility, this can also be used * to pass the client cert private key filepath when setting up a * vhost client SSL context, but it is preferred to use * .client_ssl_private_key_filepath for that.) diff --git a/3rdparty/libwebsockets/lib/CMakeLists.txt b/3rdparty/libwebsockets/lib/CMakeLists.txt index 19dc0cf6..786fa3d9 100644 --- a/3rdparty/libwebsockets/lib/CMakeLists.txt +++ b/3rdparty/libwebsockets/lib/CMakeLists.txt @@ -368,6 +368,8 @@ if (DEFINED LWS_PLAT_UNIX) endif() endif() set(LWS_HAVE_MBEDTLS_NET_SOCKETS ${LWS_HAVE_MBEDTLS_NET_SOCKETS} PARENT_SCOPE) +set(LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET ${LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET} PARENT_SCOPE) +set(LWS_HAVE_mbedtls_ssl_conf_alpn_protocols ${LWS_HAVE_mbedtls_ssl_conf_alpn_protocols} PARENT_SCOPE) set(TEST_SERVER_SSL_KEY "${TEST_SERVER_SSL_KEY}" PARENT_SCOPE) set(TEST_SERVER_SSL_CERT "${TEST_SERVER_SSL_CERT}" PARENT_SCOPE) set(TEST_SERVER_DATA ${TEST_SERVER_DATA} PARENT_SCOPE) diff --git a/3rdparty/libwebsockets/lib/core-net/client/connect3.c b/3rdparty/libwebsockets/lib/core-net/client/connect3.c index b7523303..a9d2e9e0 100644 --- a/3rdparty/libwebsockets/lib/core-net/client/connect3.c +++ b/3rdparty/libwebsockets/lib/core-net/client/connect3.c @@ -105,7 +105,13 @@ lws_client_connect_check(struct lws *wsi, int *real_errno) #else - if (!connect(wsi->desc.sockfd, (const struct sockaddr *)&wsi->sa46_peer.sa4, 0)) + if (!connect(wsi->desc.sockfd, (const struct sockaddr *)&wsi->sa46_peer.sa4, +#if defined(WIN32) + sizeof(struct sockaddr))) +#else + 0)) +#endif + return LCCCR_CONNECTED; en = LWS_ERRNO; diff --git a/3rdparty/libwebsockets/lib/core-net/vhost.c b/3rdparty/libwebsockets/lib/core-net/vhost.c index 298bf01e..74d61417 100644 --- a/3rdparty/libwebsockets/lib/core-net/vhost.c +++ b/3rdparty/libwebsockets/lib/core-net/vhost.c @@ -1437,6 +1437,20 @@ __lws_vhost_destroy2(struct lws_vhost *vh) // lwsl_info("%s: %s\n", __func__, vh->name); + /* + * remove ourselves from the defer binding list + */ + lws_start_foreach_llp(struct lws_vhost **, pv, + vh->context->no_listener_vhost_list) { + if (*pv == vh) { + lwsl_debug("deferred iface: removing vh %s\n", + (*pv)->name); + *pv = vh->no_listener_vhost_list; + vh->no_listener_vhost_list = NULL; + break; + } + } lws_end_foreach_llp(pv, no_listener_vhost_list); + /* * let the protocols destroy the per-vhost protocol objects */ diff --git a/3rdparty/libwebsockets/lib/core/context.c b/3rdparty/libwebsockets/lib/core/context.c index af818ebe..b9b724ed 100644 --- a/3rdparty/libwebsockets/lib/core/context.c +++ b/3rdparty/libwebsockets/lib/core/context.c @@ -327,10 +327,6 @@ static const char * const opts_str = #if defined(LWS_WITH_SECURE_STREAMS_PROXY_API) "SSPROX " #endif - -#if defined(LWS_WITH_MBEDTLS) - "MbedTLS " -#endif #if defined(LWS_WITH_CONMON) "ConMon " #endif @@ -390,6 +386,9 @@ lws_create_context(const struct lws_context_creation_info *info) #if defined(LWS_WITH_CACHE_NSCOOKIEJAR) && defined(LWS_WITH_CLIENT) struct lws_cache_creation_info ci; #endif +#if defined(LWS_WITH_MBEDTLS) + char mbedtls_version[32]; +#endif #if defined(__ANDROID__) struct rlimit rt; @@ -609,6 +608,12 @@ lws_create_context(const struct lws_context_creation_info *info) goto early_bail; } +#if defined(LWS_WITH_SYS_STATE) + // NOTE: we need to init this fields because they may be used in logger when context destroying + context->mgr_system.state_names = system_state_names; + context->mgr_system.context = context; +#endif + #if defined(LWS_WITH_NETWORK) context->event_loop_ops = plev->ops; context->us_wait_resolution = us_wait_resolution; @@ -782,7 +787,16 @@ lws_create_context(const struct lws_context_creation_info *info) #endif /* network */ +#if defined(LWS_WITH_MBEDTLS) + mbedtls_version_get_string(mbedtls_version); +#endif + +#if defined(LWS_WITH_MBEDTLS) + lwsl_cx_notice(context, "LWS: %s, MbedTLS-%s %s%s", library_version, mbedtls_version, opts_str, s); +#else lwsl_cx_notice(context, "LWS: %s, %s%s", library_version, opts_str, s); +#endif + #if defined(LWS_WITH_NETWORK) lwsl_cx_info(context, "Event loop: %s", plev->ops->name); #endif @@ -1340,11 +1354,9 @@ lws_create_context(const struct lws_context_creation_info *info) * init the lws_state mgr for the system state */ - context->mgr_system.state_names = system_state_names; context->mgr_system.name = "system"; context->mgr_system.state = LWS_SYSTATE_CONTEXT_CREATED; context->mgr_system.parent = context; - context->mgr_system.context = context; #if defined(LWS_WITH_SYS_SMD) context->mgr_system.smd_class = LWSSMDCL_SYSTEM_STATE; #endif @@ -1676,9 +1688,9 @@ lws_pt_destroy(struct lws_context_per_thread *pt) pt->pipe_wsi = NULL; } - if (pt->dummy_pipe_fds[0] + if ((pt->dummy_pipe_fds[0] || pt->dummy_pipe_fds[1]) #if !defined(WIN32) - && (int)pt->dummy_pipe_fds[0] != -1 + && ((int)pt->dummy_pipe_fds[0] != -1 || (int)pt->dummy_pipe_fds[1] != -1) #endif ) { struct lws wsi; diff --git a/3rdparty/libwebsockets/lib/core/private-lib-core.h b/3rdparty/libwebsockets/lib/core/private-lib-core.h index 6cdc91cf..8767ec16 100644 --- a/3rdparty/libwebsockets/lib/core/private-lib-core.h +++ b/3rdparty/libwebsockets/lib/core/private-lib-core.h @@ -34,6 +34,10 @@ #define _GNU_SOURCE #endif +#if defined(LWS_SUPPRESS_DEPRECATED_API_WARNINGS) +#define OPENSSL_SUPPRESS_DEPRECATED +#endif + /* #if !defined(_POSIX_C_SOURCE) #define _POSIX_C_SOURCE 200112L diff --git a/3rdparty/libwebsockets/lib/event-libs/libuv/libuv.c b/3rdparty/libwebsockets/lib/event-libs/libuv/libuv.c index dad371aa..e213b8dd 100644 --- a/3rdparty/libwebsockets/lib/event-libs/libuv/libuv.c +++ b/3rdparty/libwebsockets/lib/event-libs/libuv/libuv.c @@ -82,8 +82,9 @@ lws_uv_idle(uv_idle_t *handle uv_timer_start(&pt_to_priv_uv(pt)->sultimer, lws_uv_sultimer_cb, LWS_US_TO_MS((uint64_t)us), 0); - /* there is nobody who needs service forcing, shut down idle */ - uv_idle_stop(handle); + /* if there is nobody who needs service forcing, shut down idle */ + if (lws_service_adjust_timeout(pt->context, 1, pt->tid)) + uv_idle_stop(handle); lws_pt_unlock(pt); lws_context_unlock(pt->context); diff --git a/3rdparty/libwebsockets/lib/misc/base64-decode.c b/3rdparty/libwebsockets/lib/misc/base64-decode.c index 9d18b33f..332e91df 100644 --- a/3rdparty/libwebsockets/lib/misc/base64-decode.c +++ b/3rdparty/libwebsockets/lib/misc/base64-decode.c @@ -113,7 +113,7 @@ lws_b64_decode_stateful(struct lws_b64state *s, const char *in, size_t *in_len, const char *orig_in = in, *end_in = in + *in_len; uint8_t *orig_out = out, *end_out = out + *out_size; - while (in < end_in && *in && out + 4 < end_out) { + while (in < end_in && *in && out + 3 <= end_out) { for (; s->i < 4 && in < end_in && *in; s->i++) { uint8_t v; diff --git a/3rdparty/libwebsockets/lib/misc/dir.c b/3rdparty/libwebsockets/lib/misc/dir.c index 94a07ca9..b343b922 100644 --- a/3rdparty/libwebsockets/lib/misc/dir.c +++ b/3rdparty/libwebsockets/lib/misc/dir.c @@ -131,7 +131,7 @@ lws_dir(const char *dirpath, void *user, lws_dir_callback_function cb) } for (i = 0; i < n; i++) { -#if !defined(__sun) +#if !defined(__sun) && !defined(__QNX__) unsigned int type = namelist[i]->d_type; #endif if (strchr(namelist[i]->d_name, '~')) @@ -143,7 +143,7 @@ lws_dir(const char *dirpath, void *user, lws_dir_callback_function cb) * files are LDOT_UNKNOWN */ -#if defined(__sun) +#if defined(__sun) || defined(__QNX__) lws_dir_via_stat(combo, l, namelist[i]->d_name, &lde); #else /* diff --git a/3rdparty/libwebsockets/lib/plat/freertos/esp32/esp_attr.h b/3rdparty/libwebsockets/lib/plat/freertos/esp32/esp_attr.h deleted file mode 100644 index 5bf9a229..00000000 --- a/3rdparty/libwebsockets/lib/plat/freertos/esp32/esp_attr.h +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -#ifndef __ESP_ATTR_H__ -#define __ESP_ATTR_H__ - -#define ROMFN_ATTR - -//Normally, the linker script will put all code and rodata in flash, -//and all variables in shared RAM. These macros can be used to redirect -//particular functions/variables to other memory regions. - -// Forces code into IRAM instead of flash. -#define IRAM_ATTR __attribute__((section(".iram1"))) - -// Forces data into DRAM instead of flash -#define DRAM_ATTR __attribute__((section(".dram1"))) - -// Forces data to be 4 bytes aligned -#define WORD_ALIGNED_ATTR __attribute__((aligned(4))) - -// Forces data to be placed to DMA-capable places -#define DMA_ATTR WORD_ALIGNED_ATTR DRAM_ATTR - -// Forces a string into DRAM instead of flash -// Use as ets_printf(DRAM_STR("Hello world!\n")); -#define DRAM_STR(str) (__extension__({static const DRAM_ATTR char __c[] = (str); (const char *)&__c;})) - -// Forces code into RTC fast memory. See "docs/deep-sleep-stub.rst" -#define RTC_IRAM_ATTR __attribute__((section(".rtc.text"))) - -// Forces data into RTC slow memory. See "docs/deep-sleep-stub.rst" -// Any variable marked with this attribute will keep its value -// during a deep sleep / wake cycle. -#define RTC_DATA_ATTR __attribute__((section(".rtc.data"))) - -// Forces read-only data into RTC slow memory. See "docs/deep-sleep-stub.rst" -#define RTC_RODATA_ATTR __attribute__((section(".rtc.rodata"))) - -// Forces data into noinit section to avoid initialization after restart. -#define __NOINIT_ATTR __attribute__((section(".noinit"))) - -// Forces data into RTC slow memory of .noinit section. -// Any variable marked with this attribute will keep its value -// after restart or during a deep sleep / wake cycle. -#define RTC_NOINIT_ATTR __attribute__((section(".rtc_noinit"))) - -#endif /* __ESP_ATTR_H__ */ diff --git a/3rdparty/libwebsockets/lib/plat/unix/unix-sockets.c b/3rdparty/libwebsockets/lib/plat/unix/unix-sockets.c index 2c1b9569..cb2f1bba 100644 --- a/3rdparty/libwebsockets/lib/plat/unix/unix-sockets.c +++ b/3rdparty/libwebsockets/lib/plat/unix/unix-sockets.c @@ -198,7 +198,7 @@ static const int ip_opt_lws_flags[] = { #endif }, ip_opt_val[] = { IPTOS_LOWDELAY, IPTOS_THROUGHPUT, IPTOS_RELIABILITY -#if !defined(__OpenBSD__) && !defined(__sun) +#if !defined(__OpenBSD__) && !defined(__sun) && !defined(__QNX__) , IPTOS_MINCOST #endif }; diff --git a/3rdparty/libwebsockets/lib/plat/windows/windows-file.c b/3rdparty/libwebsockets/lib/plat/windows/windows-file.c index 27b0a9cc..370204a3 100644 --- a/3rdparty/libwebsockets/lib/plat/windows/windows-file.c +++ b/3rdparty/libwebsockets/lib/plat/windows/windows-file.c @@ -42,13 +42,12 @@ _lws_plat_file_open(const struct lws_plat_file_ops *fops, const char *filename, LARGE_INTEGER llFileSize = {0}; MultiByteToWideChar(CP_UTF8, 0, filename, -1, buf, LWS_ARRAY_SIZE(buf)); - if (((*flags) & 7) == _O_RDONLY) { - ret = CreateFileW(buf, GENERIC_READ, FILE_SHARE_READ, - NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); - } else { + if (((*flags) & 7) == _O_RDONLY) + ret = CreateFileW(buf, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, + NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + else ret = CreateFileW(buf, GENERIC_WRITE, 0, NULL, - CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); - } + CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if (ret == NULL) goto bail; diff --git a/3rdparty/libwebsockets/lib/plat/windows/windows-service.c b/3rdparty/libwebsockets/lib/plat/windows/windows-service.c index a64501d3..b56ef43d 100644 --- a/3rdparty/libwebsockets/lib/plat/windows/windows-service.c +++ b/3rdparty/libwebsockets/lib/plat/windows/windows-service.c @@ -41,11 +41,12 @@ _lws_plat_service_forced_tsi(struct lws_context *context, int tsi) if (!pt->fds[n].revents) continue; + unsigned int fds_count = pt->fds_count; m = lws_service_fd_tsi(context, &pt->fds[n], tsi); if (m < 0) return -1; - /* if something closed, retry this slot */ - if (m) + /* if something closed, fds_count will change, retry this slot */ + if (pt->fds_count != fds_count) n--; } diff --git a/3rdparty/libwebsockets/lib/plat/windows/windows-sockets.c b/3rdparty/libwebsockets/lib/plat/windows/windows-sockets.c index b0e15dd1..b82d0336 100644 --- a/3rdparty/libwebsockets/lib/plat/windows/windows-sockets.c +++ b/3rdparty/libwebsockets/lib/plat/windows/windows-sockets.c @@ -79,11 +79,13 @@ lws_plat_set_nonblocking(lws_sockfd_type fd) { u_long optl = 1; int result = !!ioctlsocket(fd, FIONBIO, &optl); +#if (_LWS_ENABLED_LOGS & LLL_ERR) if (result) { int error = LWS_ERRNO; lwsl_err("ioctlsocket FIONBIO 1 failed with error %d\n", error); } +#endif return result; } @@ -105,8 +107,10 @@ lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd, optval = 1; if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (const char *)&optval, optlen) < 0) { +#if (_LWS_ENABLED_LOGS & LLL_ERR) int error = LWS_ERRNO; lwsl_err("setsockopt SO_KEEPALIVE 1 failed with error %d\n", error); +#endif return 1; } @@ -116,8 +120,10 @@ lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd, if (WSAIoctl(fd, SIO_KEEPALIVE_VALS, &alive, sizeof(alive), NULL, 0, &dwBytesRet, NULL, NULL)) { +#if (_LWS_ENABLED_LOGS & LLL_ERR) int error = LWS_ERRNO; lwsl_err("WSAIoctl SIO_KEEPALIVE_VALS 1 %lu %lu failed with error %d\n", alive.keepalivetime, alive.keepaliveinterval, error); +#endif return 1; } } @@ -127,8 +133,10 @@ lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd, #ifndef _WIN32_WCE tcp_proto = getprotobyname("TCP"); if (!tcp_proto) { +#if (_LWS_ENABLED_LOGS & LLL_WARN) int error = LWS_ERRNO; lwsl_warn("getprotobyname(\"TCP\") failed with error, falling back to 6 %d\n", error); +#endif protonbr = 6; /* IPPROTO_TCP */ } else protonbr = tcp_proto->p_proto; @@ -137,8 +145,10 @@ lws_plat_set_socket_options(struct lws_vhost *vhost, lws_sockfd_type fd, #endif if (setsockopt(fd, protonbr, TCP_NODELAY, (const char *)&optval, optlen) ) { +#if (_LWS_ENABLED_LOGS & LLL_WARN) int error = LWS_ERRNO; lwsl_warn("setsockopt TCP_NODELAY 1 failed with error %d\n", error); +#endif } return lws_plat_set_nonblocking(fd); @@ -569,7 +579,7 @@ lws_plat_mbedtls_net_send(void *ctx, const uint8_t *buf, size_t len) return ret; en = LWS_ERRNO; - if (en == EAGAIN || en == EWOULDBLOCK) + if (en == EAGAIN || en == EWOULDBLOCK || en == WSAEWOULDBLOCK) return MBEDTLS_ERR_SSL_WANT_WRITE; ret = WSAGetLastError(); @@ -594,7 +604,7 @@ lws_plat_mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len) return ret; en = LWS_ERRNO; - if (en == EAGAIN || en == EWOULDBLOCK) + if (en == EAGAIN || en == EWOULDBLOCK || en == WSAEWOULDBLOCK) return MBEDTLS_ERR_SSL_WANT_READ; ret = WSAGetLastError(); diff --git a/3rdparty/libwebsockets/lib/roles/h2/http2.c b/3rdparty/libwebsockets/lib/roles/h2/http2.c index 58e7c107..9cccdbcd 100644 --- a/3rdparty/libwebsockets/lib/roles/h2/http2.c +++ b/3rdparty/libwebsockets/lib/roles/h2/http2.c @@ -2811,7 +2811,6 @@ int lws_read_h2(struct lws *wsi, unsigned char *buf, lws_filepos_t len) { unsigned char *oldbuf = buf; - lws_filepos_t body_chunk_len; // lwsl_notice("%s: h2 path: wsistate 0x%x len %d\n", __func__, // wsi->wsistate, (int)len); @@ -2827,6 +2826,7 @@ lws_read_h2(struct lws *wsi, unsigned char *buf, lws_filepos_t len) * case. */ while (len) { + lws_filepos_t body_chunk_len = 0; int m; /* diff --git a/3rdparty/libwebsockets/lib/roles/http/client/client-http.c b/3rdparty/libwebsockets/lib/roles/http/client/client-http.c index 7dce8500..16fd8b24 100644 --- a/3rdparty/libwebsockets/lib/roles/http/client/client-http.c +++ b/3rdparty/libwebsockets/lib/roles/http/client/client-http.c @@ -270,7 +270,7 @@ lws_http_client_socket_service(struct lws *wsi, struct lws_pollfd *pollfd) lwsl_err("Failed to generate handshake for client\n"); lws_close_free_wsi(wsi, LWS_CLOSE_STATUS_NOSTATUS, "chs"); - return 0; + return -1; } /* send our request to the server */ diff --git a/3rdparty/libwebsockets/lib/roles/http/server/lws-spa.c b/3rdparty/libwebsockets/lib/roles/http/server/lws-spa.c index a39c6613..ea5d4abd 100644 --- a/3rdparty/libwebsockets/lib/roles/http/server/lws-spa.c +++ b/3rdparty/libwebsockets/lib/roles/http/server/lws-spa.c @@ -438,12 +438,12 @@ lws_urldecode_s_process(struct lws_urldecode_stateful *s, const char *in, case MT_IGNORE3: if (*in == '\x0d') - s->state = MT_IGNORE1; - else if (*in == '-') { + s->state = MT_IGNORE2; + if (*in == '-') { s->state = MT_COMPLETED; s->wsi->http.rx_content_remain = 0; } - else in++; + in++; break; case MT_COMPLETED: break; diff --git a/3rdparty/libwebsockets/lib/roles/http/server/server.c b/3rdparty/libwebsockets/lib/roles/http/server/server.c index c98bf0d6..6b132a42 100644 --- a/3rdparty/libwebsockets/lib/roles/http/server/server.c +++ b/3rdparty/libwebsockets/lib/roles/http/server/server.c @@ -407,6 +407,7 @@ _lws_vhost_init_server(const struct lws_context_creation_info *info, struct lws_vhost *vhost) { struct vh_sock_args a; + int n; a.info = info; a.vhost = vhost; @@ -479,8 +480,9 @@ _lws_vhost_init_server(const struct lws_context_creation_info *info, (vhost->options & LWS_SERVER_OPTION_IPV6_V6ONLY_VALUE))) { #endif a.af = AF_INET; - if (_lws_vhost_init_server_af(&a)) - return 1; + n = _lws_vhost_init_server_af(&a); + if (n) + return n; #if defined(LWS_WITH_IPV6) } @@ -1232,6 +1234,8 @@ lws_check_basic_auth(struct lws *wsi, const char *basic_auth_login_file, return LCBA_CONTINUE; #else + if (!basic_auth_login_file && auth_mode == LWSAUTHM_DEFAULT) + return LCBA_CONTINUE; return LCBA_FAILED_AUTH; #endif } @@ -1854,7 +1858,7 @@ lws_http_action(struct lws *wsi) pp = lws_vhost_name_to_protocol(wsi->a.vhost, name); if (!pp) { lwsl_err("Unable to find plugin '%s'\n", - hit->origin); + name); return 1; } diff --git a/3rdparty/libwebsockets/lib/roles/ws/client-parser-ws.c b/3rdparty/libwebsockets/lib/roles/ws/client-parser-ws.c index f569532e..f67927b2 100644 --- a/3rdparty/libwebsockets/lib/roles/ws/client-parser-ws.c +++ b/3rdparty/libwebsockets/lib/roles/ws/client-parser-ws.c @@ -637,6 +637,7 @@ int lws_ws_client_rx_sm(struct lws *wsi, unsigned char c) if (n == PMDR_DID_NOTHING #if !defined(LWS_WITHOUT_EXTENSIONS) + || n == PMDR_NOTHING_WE_SHOULD_DO || n == PMDR_UNKNOWN #endif ) diff --git a/3rdparty/libwebsockets/lib/secure-streams/protocols/ss-h1.c b/3rdparty/libwebsockets/lib/secure-streams/protocols/ss-h1.c index d9ffe852..059138aa 100644 --- a/3rdparty/libwebsockets/lib/secure-streams/protocols/ss-h1.c +++ b/3rdparty/libwebsockets/lib/secure-streams/protocols/ss-h1.c @@ -248,12 +248,13 @@ lws_apply_metadata(lws_ss_handle_t *h, struct lws *wsi, uint8_t *buf, } /* - * Content-length on POST / PUT if we have the length information + * Content-length on POST / PUT / PATCH if we have the length information */ if (h->policy->u.http.method && ( (!strcmp(h->policy->u.http.method, "POST") || - !strcmp(h->policy->u.http.method, "PUT"))) && + !strcmp(h->policy->u.http.method, "PATCH") || + !strcmp(h->policy->u.http.method, "PUT"))) && wsi->http.writeable_len) { if (!(h->policy->flags & LWSSSPOLF_HTTP_NO_CONTENT_LENGTH)) { @@ -313,7 +314,7 @@ static int lws_extract_metadata(lws_ss_handle_t *h, struct lws *wsi) { lws_ss_metadata_t *polmd = h->policy->metadata, *omd; - int n, m = 0; + int n; while (polmd) { @@ -410,7 +411,6 @@ lws_extract_metadata(lws_ss_handle_t *h, struct lws *wsi) } #endif - m++; polmd = polmd->next; } @@ -831,6 +831,7 @@ secstream_h1(struct lws *wsi, enum lws_callback_reasons reason, void *user, h->policy->protocol == LWSSSP_H2) && h->being_serialized && ( !strcmp(h->policy->u.http.method, "PUT") || + !strcmp(h->policy->u.http.method, "PATCH") || !strcmp(h->policy->u.http.method, "POST"))) { wsi->client_suppress_CONNECTION_ERROR = 1; @@ -1096,6 +1097,16 @@ secstream_h1(struct lws *wsi, enum lws_callback_reasons reason, void *user, return -1; if (lws_ss_alloc_set_metadata(h, "method", "POST", 4)) return -1; + } else { + m = lws_hdr_total_length(wsi, WSI_TOKEN_PATCH_URI); + if (m) { + if (lws_ss_alloc_set_metadata(h, "path", + lws_hdr_simple_ptr(wsi, + WSI_TOKEN_PATCH_URI), (unsigned int)m)) + return -1; + if (lws_ss_alloc_set_metadata(h, "method", "PATCH", 5)) + return -1; + } } } } diff --git a/3rdparty/libwebsockets/lib/tls/CMakeLists.txt b/3rdparty/libwebsockets/lib/tls/CMakeLists.txt index e65bb138..9b15d9c6 100644 --- a/3rdparty/libwebsockets/lib/tls/CMakeLists.txt +++ b/3rdparty/libwebsockets/lib/tls/CMakeLists.txt @@ -267,7 +267,7 @@ if (LWS_WITH_SSL) find_package(PkgConfig QUIET) pkg_check_modules(PC_OPENSSL openssl QUIET) find_package(OpenSSL REQUIRED) - list(APPEND OPENSSL_LIBRARIES ${PC_OPENSSL_LIBRARIES}) + list(APPEND OPENSSL_LIBRARIES ${PC_OPENSSL_LINK_LIBRARIES}) set(OPENSSL_LIBRARIES ${OPENSSL_LIBRARIES} PARENT_SCOPE) endif() set(OPENSSL_INCLUDE_DIRS "${OPENSSL_INCLUDE_DIR}") @@ -310,7 +310,7 @@ endif() if (UNIX AND NOT (${CMAKE_SYSTEM_NAME} MATCHES "QNX")) set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${CMAKE_DL_LIBS}) endif() -if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT (${CMAKE_SYSTEM_NAME} MATCHES "QNX")) +if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT ((${CMAKE_SYSTEM_NAME} MATCHES "QNX") OR PC_OPENSSL_FOUND)) set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} pthread) endif() @@ -347,7 +347,7 @@ CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ctr LWS_HAVE_EVP_aes_128_ctr PARENT_SC CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}RSA_verify_pss_mgf1 LWS_HAVE_RSA_verify_pss_mgf1 PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}HMAC_CTX_new LWS_HAVE_HMAC_CTX_new PARENT_SCOPE) -CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE) +CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_EVP_PKEY_new_raw_private_key PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}SSL_SESSION_set_time LWS_HAVE_SSL_SESSION_set_time PARENT_SCOPE) CHECK_SYMBOL_EXISTS(${VARIA}SSL_SESSION_up_ref LWS_HAVE_SSL_SESSION_up_ref PARENT_SCOPE) @@ -399,7 +399,8 @@ if (LWS_WITH_MBEDTLS) else() CHECK_C_SOURCE_COMPILES("#include \nint main(void) { struct mbedtls_x509_crt c; c.authority_key_id.keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; return c.authority_key_id.keyIdentifier.tag; }\n" LWS_HAVE_MBEDTLS_AUTH_KEY_ID) CHECK_C_SOURCE_COMPILES("#include \nint main(void) { void *v = (void *)mbedtls_ssl_set_verify; return !!v; }\n" LWS_HAVE_mbedtls_ssl_set_verify) - CHECK_SYMBOL_EXISTS(mbedtls_ssl_conf_alpn_protocols LWS_HAVE_mbedtls_ssl_conf_alpn_protocols PARENT_SCOPE) + CHECK_C_SOURCE_COMPILES("#include \nint main(void) { void *v = (void *)mbedtls_ssl_conf_alpn_protocols; return !!v; }\n" LWS_HAVE_mbedtls_ssl_conf_alpn_protocols) + CHECK_FUNCTION_EXISTS(mbedtls_ssl_get_alpn_protocol LWS_HAVE_mbedtls_ssl_get_alpn_protocol PARENT_SCOPE) CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_sni LWS_HAVE_mbedtls_ssl_conf_sni PARENT_SCOPE) CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_ca_chain LWS_HAVE_mbedtls_ssl_set_hs_ca_chain PARENT_SCOPE) @@ -568,6 +569,8 @@ endif() exports_to_parent_scope() set(LWS_HAVE_MBEDTLS_NET_SOCKETS ${LWS_HAVE_MBEDTLS_NET_SOCKETS} PARENT_SCOPE) +set(LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET ${LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET} PARENT_SCOPE) +set(LWS_HAVE_mbedtls_ssl_conf_alpn_protocols ${LWS_HAVE_mbedtls_ssl_conf_alpn_protocols} PARENT_SCOPE) set(TEST_SERVER_SSL_KEY "${TEST_SERVER_SSL_KEY}" PARENT_SCOPE) set(TEST_SERVER_SSL_CERT "${TEST_SERVER_SSL_CERT}" PARENT_SCOPE) set(TEST_SERVER_DATA ${TEST_SERVER_DATA} PARENT_SCOPE) diff --git a/3rdparty/libwebsockets/lib/tls/mbedtls/CMakeLists.txt b/3rdparty/libwebsockets/lib/tls/mbedtls/CMakeLists.txt index e3415172..6208f182 100644 --- a/3rdparty/libwebsockets/lib/tls/mbedtls/CMakeLists.txt +++ b/3rdparty/libwebsockets/lib/tls/mbedtls/CMakeLists.txt @@ -124,6 +124,7 @@ include_directories(wrapper/include wrapper/include/internal) # old mbedtls has everything in mbedtls/net.h CHECK_C_SOURCE_COMPILES("#include \nint main(void) { return 0;}\n" LWS_HAVE_MBEDTLS_NET_SOCKETS) +CHECK_C_SOURCE_COMPILES("#include \nint main(void) { return MBEDTLS_SSL_NEW_SESSION_TICKET;}\n" LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET) # # Keep explicit parent scope exports at end @@ -131,3 +132,4 @@ CHECK_C_SOURCE_COMPILES("#include \nint main(void) { retu exports_to_parent_scope() set(LWS_HAVE_MBEDTLS_NET_SOCKETS ${LWS_HAVE_MBEDTLS_NET_SOCKETS} PARENT_SCOPE) +set(LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET ${LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET} PARENT_SCOPE) diff --git a/3rdparty/libwebsockets/lib/tls/mbedtls/mbedtls-server.c b/3rdparty/libwebsockets/lib/tls/mbedtls/mbedtls-server.c index ca703c5a..efd7fc8b 100644 --- a/3rdparty/libwebsockets/lib/tls/mbedtls/mbedtls-server.c +++ b/3rdparty/libwebsockets/lib/tls/mbedtls/mbedtls-server.c @@ -264,11 +264,7 @@ lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd) return 0; } -#if defined(LWS_AMAZON_RTOS) enum lws_ssl_capable_status -#else -int -#endif lws_tls_server_abort_connection(struct lws *wsi) { if (wsi->tls.use_ssl) diff --git a/3rdparty/libwebsockets/lib/tls/mbedtls/wrapper/platform/ssl_pm.c b/3rdparty/libwebsockets/lib/tls/mbedtls/wrapper/platform/ssl_pm.c index e8a0cb2d..3879e977 100755 --- a/3rdparty/libwebsockets/lib/tls/mbedtls/wrapper/platform/ssl_pm.c +++ b/3rdparty/libwebsockets/lib/tls/mbedtls/wrapper/platform/ssl_pm.c @@ -183,7 +183,12 @@ int ssl_pm_new(SSL *ssl) mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); } else { mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) + mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); +#else mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, 1); +#endif } mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); @@ -549,7 +554,11 @@ OSSL_HANDSHAKE_STATE ssl_pm_get_state(const SSL *ssl) case MBEDTLS_SSL_SERVER_KEY_EXCHANGE: state = TLS_ST_SR_KEY_EXCH; break; +#if defined(LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET) + case MBEDTLS_SSL_NEW_SESSION_TICKET: +#else case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET: +#endif state = TLS_ST_SW_SESSION_TICKET; break; case MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT: @@ -761,8 +770,13 @@ int pkey_pm_load(EVP_PKEY *pk, const unsigned char *buffer, int len) mbedtls_pk_init(pkey_pm->pkey); #if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000 +#if defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03050000 + ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, (unsigned int)len, NULL, 0, + mbedtls_ctr_drbg_random, pkey_pm->rngctx); +#else ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, (unsigned int)len + 1, NULL, 0, mbedtls_ctr_drbg_random, pkey_pm->rngctx); +#endif #else ret = mbedtls_pk_parse_key(pkey_pm->pkey, load_buf, (unsigned int)len + 1, NULL, 0); #endif diff --git a/3rdparty/libwebsockets/lib/tls/openssl/openssl-client.c b/3rdparty/libwebsockets/lib/tls/openssl/openssl-client.c index 6c8d5c1c..884ca021 100644 --- a/3rdparty/libwebsockets/lib/tls/openssl/openssl-client.c +++ b/3rdparty/libwebsockets/lib/tls/openssl/openssl-client.c @@ -515,6 +515,7 @@ lws_tls_client_connect(struct lws *wsi, char *errbuf, size_t elen) unsigned int len; #endif int m, n, en; + unsigned long l; #if defined(LWS_WITH_TLS_SESSIONS) && defined(LWS_HAVE_SSL_SESSION_set_time) SSL_SESSION *sess; #endif @@ -539,9 +540,10 @@ lws_tls_client_connect(struct lws *wsi, char *errbuf, size_t elen) } if (m == SSL_ERROR_SSL) { + l = ERR_get_error(); n = lws_snprintf(errbuf, elen, "tls: %s", wsi->tls.err_helper); if (!wsi->tls.err_helper[0]) - ERR_error_string_n((unsigned int)m, errbuf + n, (elen - (unsigned int)n)); + ERR_error_string_n((unsigned int)l, errbuf + n, (elen - (unsigned int)n)); return LWS_SSL_CAPABLE_ERROR; } @@ -866,6 +868,10 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, return 1; } + SSL_CTX_set_ex_data(vh->tls.ssl_client_ctx, + openssl_SSL_CTX_private_data_index, + (char *)vh->context); + lws_plat_vhost_tls_client_ctx_init(vh); tcr = lws_zalloc(sizeof(*tcr), "client ctx tcr"); diff --git a/3rdparty/libwebsockets/lib/tls/openssl/openssl-server.c b/3rdparty/libwebsockets/lib/tls/openssl/openssl-server.c index 34a6ada2..1fc81929 100644 --- a/3rdparty/libwebsockets/lib/tls/openssl/openssl-server.c +++ b/3rdparty/libwebsockets/lib/tls/openssl/openssl-server.c @@ -228,7 +228,10 @@ lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, return 1; } - if (private_key) { + if (!private_key) { + lwsl_err("ssl private key not set\n"); + return 1; + } else { /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key, SSL_FILETYPE_PEM) != 1) { @@ -244,14 +247,6 @@ lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, private_key, error, s); return 1; } - } else { - if (vhost->protocols[0].callback(wsi, - LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY, - vhost->tls.ssl_ctx, NULL, 0)) { - lwsl_err("ssl private key not set\n"); - - return 1; - } } return 0; @@ -389,7 +384,10 @@ lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, return 1; } - if (n != LWS_TLS_EXTANT_ALTERNATIVE && private_key) { + if (n == LWS_TLS_EXTANT_ALTERNATIVE || !private_key) { + lwsl_err("ssl private key not set\n"); + return 1; + } else { /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key, SSL_FILETYPE_PEM) != 1) { @@ -400,14 +398,6 @@ lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, (char *)vhost->context->pt[0].serv_buf)); return 1; } - } else { - if (vhost->protocols[0].callback(wsi, - LWS_CALLBACK_OPENSSL_CONTEXT_REQUIRES_PRIVATE_KEY, - vhost->tls.ssl_ctx, NULL, 0)) { - lwsl_err("ssl private key not set\n"); - - return 1; - } } check_key: @@ -709,14 +699,14 @@ lws_tls_server_new_nonblocking(struct lws *wsi, lws_sockfd_type accept_fd) return 0; } -int +enum lws_ssl_capable_status lws_tls_server_abort_connection(struct lws *wsi) { if (wsi->tls.use_ssl) SSL_shutdown(wsi->tls.ssl); SSL_free(wsi->tls.ssl); - return 0; + return LWS_SSL_CAPABLE_DONE; } enum lws_ssl_capable_status diff --git a/3rdparty/libwebsockets/lib/tls/openssl/openssl-ssl.c b/3rdparty/libwebsockets/lib/tls/openssl/openssl-ssl.c index cf4d2b8c..11e9b49f 100644 --- a/3rdparty/libwebsockets/lib/tls/openssl/openssl-ssl.c +++ b/3rdparty/libwebsockets/lib/tls/openssl/openssl-ssl.c @@ -57,8 +57,6 @@ int lws_ssl_get_error(struct lws *wsi, int n) m = SSL_get_error(wsi->tls.ssl, n); lwsl_debug("%s: %p %d -> %d (errno %d)\n", __func__, wsi->tls.ssl, n, m, LWS_ERRNO); - if (m == SSL_ERROR_SSL) - lws_tls_err_describe_clear(); // assert (LWS_ERRNO != 9); @@ -250,6 +248,9 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, size_t len) if (m == SSL_ERROR_ZERO_RETURN) /* cleanly shut down */ goto do_err; + if (m == SSL_ERROR_SSL) + lws_tls_err_describe_clear(); + /* hm not retryable.. could be 0 size pkt or error */ if (m == SSL_ERROR_SSL || m == SSL_ERROR_SYSCALL || diff --git a/3rdparty/libwebsockets/minimal-examples/secure-streams/minimal-secure-streams-post/CMakeLists.txt b/3rdparty/libwebsockets/minimal-examples/secure-streams/minimal-secure-streams-post/CMakeLists.txt index 62404153..ea23d849 100644 --- a/3rdparty/libwebsockets/minimal-examples/secure-streams/minimal-secure-streams-post/CMakeLists.txt +++ b/3rdparty/libwebsockets/minimal-examples/secure-streams/minimal-secure-streams-post/CMakeLists.txt @@ -19,7 +19,7 @@ if (requirements) find_program(VALGRIND "valgrind") - if (LWS_CTEST_INTERNET_AVAILABLE) + if (LWS_CTEST_INTERNET_AVAILABLE AND DISABLE_IT_DUE_TO_JIG_ROT) if (VALGRIND) add_test(NAME sspost-warmcat COMMAND ${CMAKE_SOURCE_DIR}/scripts/ctest-background.sh diff --git a/3rdparty/libwebsockets/test-apps/CMakeLists.txt b/3rdparty/libwebsockets/test-apps/CMakeLists.txt index 9ffed9f8..e0c097f1 100644 --- a/3rdparty/libwebsockets/test-apps/CMakeLists.txt +++ b/3rdparty/libwebsockets/test-apps/CMakeLists.txt @@ -163,7 +163,7 @@ if ((LWS_ROLE_H1 OR LWS_ROLE_H2)) set_property( TARGET test-server-extpoll PROPERTY COMPILE_DEFINITIONS - EXTERNAL_POLL + LWS_WITH_EXTERNAL_POLL INSTALL_DATADIR="${CMAKE_INSTALL_PREFIX}/share" ) From 5fce7f95d3cd0eebfd10fb01e0f3ec5d2760e9d3 Mon Sep 17 00:00:00 2001 From: c-jimenez <18682655+c-jimenez@users.noreply.github.com> Date: Tue, 4 Feb 2025 10:24:07 +0100 Subject: [PATCH 5/9] [libwebsocket] Report patches made to v4.3.2 --- 3rdparty/libwebsockets/CMakeLists.txt | 2 -- 3rdparty/libwebsockets/lib/tls/CMakeLists.txt | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/3rdparty/libwebsockets/CMakeLists.txt b/3rdparty/libwebsockets/CMakeLists.txt index bd1f9a35..76e71237 100644 --- a/3rdparty/libwebsockets/CMakeLists.txt +++ b/3rdparty/libwebsockets/CMakeLists.txt @@ -849,8 +849,6 @@ endif() if (MSVC) # Turn off pointless microsoft security warnings. add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) - # Fail the build if any warnings - add_compile_options(/W3 /WX) # Unbreak MSVC broken preprocessor __VA_ARGS__ behaviour if (MSVC_VERSION GREATER 1925) add_compile_options(/Zc:preprocessor /wd5105) diff --git a/3rdparty/libwebsockets/lib/tls/CMakeLists.txt b/3rdparty/libwebsockets/lib/tls/CMakeLists.txt index 9b15d9c6..64df43ee 100644 --- a/3rdparty/libwebsockets/lib/tls/CMakeLists.txt +++ b/3rdparty/libwebsockets/lib/tls/CMakeLists.txt @@ -347,7 +347,7 @@ CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ctr LWS_HAVE_EVP_aes_128_ctr PARENT_SC CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}RSA_verify_pss_mgf1 LWS_HAVE_RSA_verify_pss_mgf1 PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}HMAC_CTX_new LWS_HAVE_HMAC_CTX_new PARENT_SCOPE) -CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE) +CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_EVP_PKEY_new_raw_private_key PARENT_SCOPE) CHECK_FUNCTION_EXISTS(${VARIA}SSL_SESSION_set_time LWS_HAVE_SSL_SESSION_set_time PARENT_SCOPE) CHECK_SYMBOL_EXISTS(${VARIA}SSL_SESSION_up_ref LWS_HAVE_SSL_SESSION_up_ref PARENT_SCOPE) From 4b7cff69a9a0cc8cb48342722272e40d89e0b832 Mon Sep 17 00:00:00 2001 From: c-jimenez <18682655+c-jimenez@users.noreply.github.com> Date: Tue, 4 Feb 2025 10:26:12 +0100 Subject: [PATCH 6/9] [libwebsocket] ASYNC DNS : increase CNAME recursion limit to 10 --- 3rdparty/libwebsockets/lib/system/async-dns/async-dns-parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/libwebsockets/lib/system/async-dns/async-dns-parse.c b/3rdparty/libwebsockets/lib/system/async-dns/async-dns-parse.c index bdfe2050..3d5e2fff 100644 --- a/3rdparty/libwebsockets/lib/system/async-dns/async-dns-parse.c +++ b/3rdparty/libwebsockets/lib/system/async-dns/async-dns-parse.c @@ -154,7 +154,7 @@ lws_adns_iterate(lws_adns_q_t *q, const uint8_t *pkt, int len, const char *expname, lws_async_dns_find_t cb, void *opaque) { const uint8_t *e = pkt + len, *p, *pay; - struct label_stack stack[4]; + struct label_stack stack[10]; int n = 0, stp = 0, ansc, m; uint16_t rrtype, rrpaylen; char *sp, inq; From cd5848fa7bdb069ea4089bc825323e9c8c950c78 Mon Sep 17 00:00:00 2001 From: c-jimenez <18682655+c-jimenez@users.noreply.github.com> Date: Tue, 4 Feb 2025 10:41:23 +0100 Subject: [PATCH 7/9] Fix github actions --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/install-test.yml | 2 +- .github/workflows/unit-test-debug.yml | 2 +- .github/workflows/unit-test-release.yml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1e716c7d..5e0662ca 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -23,7 +23,7 @@ on: jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 permissions: actions: read contents: read @@ -42,7 +42,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -66,4 +66,4 @@ jobs: make clang - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/install-test.yml b/.github/workflows/install-test.yml index 70f27262..73fc54b8 100644 --- a/.github/workflows/install-test.yml +++ b/.github/workflows/install-test.yml @@ -9,7 +9,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/unit-test-debug.yml b/.github/workflows/unit-test-debug.yml index 5df34c48..63d55ab0 100644 --- a/.github/workflows/unit-test-debug.yml +++ b/.github/workflows/unit-test-debug.yml @@ -9,7 +9,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 diff --git a/.github/workflows/unit-test-release.yml b/.github/workflows/unit-test-release.yml index 3b84b957..96599a70 100644 --- a/.github/workflows/unit-test-release.yml +++ b/.github/workflows/unit-test-release.yml @@ -9,7 +9,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 From 6fc6c6d0ce07ed25a4df99535f3d7b4a7152a33c Mon Sep 17 00:00:00 2001 From: c-jimenez <18682655+c-jimenez@users.noreply.github.com> Date: Wed, 5 Feb 2025 16:51:59 +0100 Subject: [PATCH 8/9] =?UTF-8?q?[rpc]=C2=A0Fix=20start-stop-start=20sequenc?= =?UTF-8?q?e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/rpc/RpcBase.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/rpc/RpcBase.cpp b/src/rpc/RpcBase.cpp index 71955410..03205ebe 100644 --- a/src/rpc/RpcBase.cpp +++ b/src/rpc/RpcBase.cpp @@ -223,6 +223,10 @@ void RpcBase::start() // Initialize transaction id sequence m_transaction_id = std::rand(); + // Start queues + m_requests_queue.setEnable(true); + m_results_queue.setEnable(true); + // Check if a pool has been configured if (m_pool) { @@ -232,8 +236,6 @@ void RpcBase::start() else { // Start reception thread - m_requests_queue.setEnable(true); - m_results_queue.setEnable(true); m_rx_thread = new std::thread(std::bind(&RpcBase::rxThread, this)); } } From 8d3eff3cf6bb8f2ffaef0192db70b40b1d5c35dc Mon Sep 17 00:00:00 2001 From: c-jimenez <18682655+c-jimenez@users.noreply.github.com> Date: Wed, 5 Feb 2025 17:00:00 +0100 Subject: [PATCH 9/9] [version] Update version number => 1.5.7 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 40daa535..9ed74c43 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,7 @@ cmake_minimum_required(VERSION 3.13) project(OpenOCPP DESCRIPTION "Open Source C++ implementation of the OCPP 1.6 protocol" - VERSION 1.5.6 + VERSION 1.5.7 ) # Definitions for Version.h file