Move from CyaSSL to wolfSSL
This patch lets libwebsockets use the lastest version of wolfSSL (the new name for CyaSSL).
The reason for the patch is that allthough wolfSSL provides compatibility headers for (old) projects using CyaSSL,
these are incomplete and do not work for libwebsockets.
The patch also fixes a typo in CMakeLists.txt where CYASSL_LIBRARIES was added to include_directories() instead of CYASSL_INCLUDE_DIRS.
Signed-off-by: ABruines <alexander.bruines@gmail.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 43630f7..270478f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -44,8 +44,8 @@
option(LWS_WITH_STATIC "Build the static version of the library" ON)
option(LWS_WITH_SHARED "Build the shared version of the library" ON)
-option(LWS_WITH_SSL "Include SSL support (default OpenSSL, CyaSSL if LWS_USE_CYASSL is set)" ON)
-option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When settings this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF)
+option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON)
+option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When settings this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF)
option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON)
option(LWS_WITH_LIBEV "Compile with support for libev" OFF)
option(LWS_USE_BUNDLED_ZLIB "Use bundled zlib version (Windows only)" ${LWS_USE_BUNDLED_ZLIB_DEFAULT})
@@ -90,12 +90,12 @@
set(LWS_ZLIB_INCLUDE_DIRS CACHE PATH "Path to the zlib include directory")
set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library")
set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory")
-set(LWS_CYASSL_LIBRARIES CACHE PATH "Path to the CyaSSL library")
-set(LWS_CYASSL_INCLUDE_DIRS CACHE PATH "Path to the CyaSSL include directory")
+set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library")
+set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory")
set(LWS_LIBEV_LIBRARIES CACHE PATH "Path to the libev library")
set(LWS_LIBEV_INCLUDE_DIRS CACHE PATH "Path to the libev include directory")
-if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL)
+if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "")
else()
set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES})
@@ -104,17 +104,17 @@
endif()
endif()
-if (LWS_WITH_SSL AND LWS_USE_CYASSL)
- if ("${LWS_CYASSL_LIBRARIES}" STREQUAL "" OR "${LWS_CYASSL_INCLUDE_DIRS}" STREQUAL "")
- if (NOT CYASSL_FOUND)
- message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_USE_CYASSL is turned on.")
+if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
+ if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "")
+ if (NOT WOLFSSL_FOUND)
+ message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.")
endif()
else()
- set(CYASSL_LIBRARIES ${LWS_CYASSL_LIBRARIES})
- set(CYASSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS})
- set(CYASSL_FOUND 1)
+ set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES})
+ set(WOLFSSL_INCLUDE_DIRS ${LWS_WOLFSSL_INCLUDE_DIRS})
+ set(WOLFSSL_FOUND 1)
endif()
- set(USE_CYASSL 1)
+ set(USE_WOLFSSL 1)
endif()
if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
@@ -516,20 +516,20 @@
if (LWS_WITH_SSL)
message("Compiling with SSL support")
- if (LWS_USE_CYASSL)
- # Use CyaSSL as OpenSSL replacement.
+ if (LWS_USE_WOLFSSL)
+ # Use wolfSSL as OpenSSL replacement.
# TODO: Add a find_package command for this also.
- message("CyaSSL include dir: ${CYASSL_INCLUDE_DIRS}")
- message("CyaSSL libraries: ${CYASSL_LIBRARIES}")
+ message("wolfSSL include dir: ${WOLFSSL_INCLUDE_DIRS}")
+ message("wolfSSL libraries: ${WOLFSSL_LIBRARIES}")
# Additional to the root directory we need to include
- # the cyassl/ subdirectory which contains the OpenSSL
+ # the wolfssl/ subdirectory which contains the OpenSSL
# compatability layer headers.
- foreach(inc ${CYASSL_LIBRARIES})
- include_directories("${inc}" "${inc}/cyassl")
+ foreach(inc ${WOLFSSL_INCLUDE_DIRS})
+ include_directories("${inc}" "${inc}/wolfssl")
endforeach()
- list(APPEND LIB_LIST "${CYASSL_LIBRARIES}")
+ list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}")
else()
if (NOT OPENSSL_FOUND)
# TODO: Add support for STATIC also.
@@ -636,7 +636,7 @@
list(APPEND TEST_APP_LIST ${TEST_NAME})
endmacro()
- if (LWS_WITH_SSL AND NOT LWS_USE_CYASSL)
+ if (LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
message("Searching for OpenSSL executable and dlls")
find_package(OpenSSLbins)
message("OpenSSL executable: ${OPENSSL_EXECUTABLE}")
@@ -781,7 +781,7 @@
# Copy OpenSSL dlls to the output directory on Windows.
# (Otherwise we'll get an error when trying to run)
#
- if (WIN32 AND LWS_WITH_SSL AND NOT LWS_USE_CYASSL)
+ if (WIN32 AND LWS_WITH_SSL AND NOT LWS_USE_WOLFSSL)
if(OPENSSL_BIN_FOUND)
message("OpenSSL dlls found:")
message(" Libeay: ${LIBEAY_BIN}")
@@ -933,10 +933,10 @@
message("---------------------------------------------------------------------")
message(" LWS_WITH_SSL = ${LWS_WITH_SSL} (SSL Support)")
message(" LWS_SSL_CLIENT_USE_OS_CA_CERTS = ${LWS_SSL_CLIENT_USE_OS_CA_CERTS}")
-message(" LWS_USE_CYASSL = ${LWS_USE_CYASSL} (CyaSSL replacement for OpenSSL)")
-if (LWS_USE_CYASSL)
- message(" LWS_CYASSL_LIBRARIES = ${LWS_CYASSL_LIBRARIES}")
- message(" LWS_CYASSL_INCLUDE_DIRS = ${LWS_CYASSL_INCLUDE_DIRS}")
+message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL replacement for OpenSSL)")
+if (LWS_USE_WOLFSSL)
+ message(" LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}")
+ message(" LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}")
endif()
message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}")
message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}")
diff --git a/README.build.md b/README.build.md
index 00a2702..aca934c 100644
--- a/README.build.md
+++ b/README.build.md
@@ -10,7 +10,7 @@
simply remove your build directory.
Libwebsockets has been tested to build successfully on the following platforms
-with SSL support (both OpenSSL/CyaSSL):
+with SSL support (both OpenSSL/wolfSSL):
- Windows
- Linux (x86 and ARM)
@@ -151,27 +151,27 @@
On windows CMake comes with a gui application:
Start -> Programs -> CMake -> CMake (cmake-gui)
-CyaSSL replacement for OpenSSL
+wolfSSL replacement for OpenSSL
------------------------------
-CyaSSL is a lightweight SSL library targeted at embedded system:
-http://www.yassl.com/yaSSL/Products-cyassl.html
+wolfSSL is a lightweight SSL library targeted at embedded system:
+http://www.yassl.com/yaSSL/Products-wolfssl.html
It contains a OpenSSL compatability layer which makes it possible to pretty
much link to it instead of OpenSSL, giving a much smaller footprint.
-**NOTE**: cyassl needs to be compiled using the `--enable-opensslextra` flag for
+**NOTE**: wolfssl needs to be compiled using the `--enable-opensslextra` flag for
this to work.
-Compiling libwebsockets with CyaSSL
+Compiling libwebsockets with wolfSSL
-----------------------------------
```bash
-cmake .. -DLWS_USE_CYASSL=1 \
- -DLWS_CYASSL_INCLUDE_DIRS=/path/to/cyassl \
- -DLWS_CYASSL_LIB=/path/to/cyassl/cyassl.a ..
+cmake .. -DLWS_USE_WOLFSSL=1 \
+ -DLWS_WOLFSSL_INCLUDE_DIRS=/path/to/wolfssl \
+ -DLWS_WOLFSSL_LIB=/path/to/wolfssl/wolfssl.a ..
```
-**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIB` instead.
+**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIB` instead.
Reproducing HTTP2.0 tests
diff --git a/cross-openwrt-makefile b/cross-openwrt-makefile
index 9f1a0fd..2298ffb 100644
--- a/cross-openwrt-makefile
+++ b/cross-openwrt-makefile
@@ -23,11 +23,11 @@
CMAKE_OPTIONS += -DLWS_WITH_SSL=ON
CMAKE_OPTIONS += -DLWS_WITHOUT_TESTAPPS=$(if $(CONFIG_PACKAGE_libwebsockets-examples),"OFF","ON")
-# for cyassl, define these in addition to LWS_OPENSSL_SUPPORT and
-# edit package/libs/cyassl/Makefile to include --enable-opensslextra
-# CMAKE_OPTIONS += -DLWS_USE_CYASSL=ON
-# CMAKE_OPTIONS += -DLWS_CYASSL_LIB=$(STAGING_DIR)/usr/lib/libcyassl.so
-# CMAKE_OPTIONS += -DLWS_CYASSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
+# for wolfssl, define these in addition to LWS_OPENSSL_SUPPORT and
+# edit package/libs/wolfssl/Makefile to include --enable-opensslextra
+# CMAKE_OPTIONS += -DLWS_USE_WOLFSSL=ON
+# CMAKE_OPTIONS += -DLWS_WOLFSSL_LIB=$(STAGING_DIR)/usr/lib/libwolfssl.so
+# CMAKE_OPTIONS += -DLWS_WOLFSSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
# other options worth noting
# CMAKE_OPTIONS += -DLWS_WITHOUT_EXTENSIONS=ON
diff --git a/lib/client.c b/lib/client.c
index ebf6403..bf39b23 100644
--- a/lib/client.c
+++ b/lib/client.c
@@ -132,13 +132,13 @@
/* we can retry this... just cook the SSL BIO the first time */
if (wsi->use_ssl && !wsi->ssl) {
-#if defined(CYASSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
+#if defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
const char *hostname = lws_hdr_simple_ptr(wsi,
_WSI_TOKEN_CLIENT_PEER_ADDRESS);
#endif
wsi->ssl = SSL_new(context->ssl_client_ctx);
-#ifndef USE_CYASSL
+#ifndef USE_WOLFSSL
SSL_set_mode(wsi->ssl,
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif
@@ -146,9 +146,9 @@
* use server name indication (SNI), if supported,
* when establishing connection
*/
-#ifdef USE_CYASSL
-#ifdef CYASSL_SNI_HOST_NAME
- CyaSSL_UseSNI(wsi->ssl, CYASSL_SNI_HOST_NAME,
+#ifdef USE_WOLFSSL
+#ifdef WOLFSSL_SNI_HOST_NAME
+ wolfSSL_UseSNI(wsi->ssl, WOLFSSL_SNI_HOST_NAME,
hostname, strlen(hostname));
#endif
#else
@@ -157,9 +157,9 @@
#endif
#endif
-#ifdef USE_CYASSL
+#ifdef USE_WOLFSSL
/*
- * CyaSSL does certificate verification differently
+ * wolfSSL does certificate verification differently
* from OpenSSL.
* If we should ignore the certificate, we need to set
* this before SSL_new and SSL_connect is called.
@@ -167,16 +167,16 @@
* code -155
*/
if (wsi->use_ssl == 2)
- CyaSSL_set_verify(wsi->ssl,
+ wolfSSL_set_verify(wsi->ssl,
SSL_VERIFY_NONE, NULL);
-#endif /* USE_CYASSL */
+#endif /* USE_WOLFSSL */
wsi->client_bio =
BIO_new_socket(wsi->sock, BIO_NOCLOSE);
SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);
-#ifdef USE_CYASSL
- CyaSSL_set_using_nonblock(wsi->ssl, 1);
+#ifdef USE_WOLFSSL
+ wolfSSL_set_using_nonblock(wsi->ssl, 1);
#else
BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
#endif
@@ -300,9 +300,9 @@
}
}
- #ifndef USE_CYASSL
+ #ifndef USE_WOLFSSL
/*
- * See comment above about CyaSSL certificate
+ * See comment above about wolfSSL certificate
* verification
*/
lws_latency_pre(context, wsi);
@@ -323,7 +323,7 @@
return 0;
}
}
-#endif /* USE_CYASSL */
+#endif /* USE_WOLFSSL */
} else
wsi->ssl = NULL;
#endif
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 7f4bea3..91a8e5e 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -91,11 +91,11 @@
#endif
#ifdef LWS_OPENSSL_SUPPORT
-#ifdef USE_CYASSL
-#include <cyassl/openssl/ssl.h>
+#ifdef USE_WOLFSSL
+#include <wolfssl/openssl/ssl.h>
#else
#include <openssl/ssl.h>
-#endif /* not USE_CYASSL */
+#endif /* not USE_WOLFSSL */
#endif
#define CONTEXT_PORT_NO_LISTEN -1
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 2ab369a..8149956 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -149,16 +149,16 @@
#endif
#ifdef LWS_OPENSSL_SUPPORT
-#ifdef USE_CYASSL
-#include <cyassl/openssl/ssl.h>
-#include <cyassl/error-ssl.h>
+#ifdef USE_WOLFSSL
+#include <wolfssl/openssl/ssl.h>
+#include <wolfssl/error-ssl.h>
#else
#include <openssl/ssl.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
-#endif /* not USE_CYASSL */
+#endif /* not USE_WOLFSSL */
#endif
#include "libwebsockets.h"
diff --git a/lib/ssl.c b/lib/ssl.c
index 95d41c9..0d51854 100644
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -20,7 +20,9 @@
*/
#include "private-libwebsockets.h"
+#ifndef USE_WOLFSSL
#include <openssl/err.h>
+#endif
int openssl_websocket_private_data_index;
@@ -86,8 +88,8 @@
context->use_ssl = info->ssl_cert_filepath != NULL;
-#ifdef USE_CYASSL
- lwsl_notice(" Compiled with CYASSL support\n");
+#ifdef USE_WOLFSSL
+ lwsl_notice(" Compiled with WOLFSSL support\n");
#else
lwsl_notice(" Compiled with OpenSSL support\n");
#endif
@@ -240,7 +242,7 @@
if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx)
SSL_CTX_free(context->ssl_client_ctx);
-#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_CYASSL)
+#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
ERR_remove_thread_state(NULL);
@@ -511,7 +513,7 @@
{
int n, m;
struct libwebsocket *wsi = *pwsi;
-#ifndef USE_CYASSL
+#ifndef USE_WOLFSSL
BIO *bio;
#endif
@@ -542,8 +544,8 @@
SSL_set_fd(new_wsi->ssl, accept_fd);
-#ifdef USE_CYASSL
- CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
+#ifdef USE_WOLFSSL
+ wolfSSL_set_using_nonblock(new_wsi->ssl, 1);
#else
SSL_set_mode(new_wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
bio = SSL_get_rbio(new_wsi->ssl);
@@ -674,7 +676,7 @@
if (!context->user_supplied_ssl_ctx && context->ssl_client_ctx)
SSL_CTX_free(context->ssl_client_ctx);
-#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_CYASSL)
+#if (OPENSSL_VERSION_NUMBER < 0x01000000) || defined(USE_WOLFSSL)
ERR_remove_state(0);
#else
ERR_remove_thread_state(NULL);
diff --git a/lws_config.h.in b/lws_config.h.in
index 251cb18..4d66892 100644
--- a/lws_config.h.in
+++ b/lws_config.h.in
@@ -6,9 +6,9 @@
#endif
#endif
-/* Define to 1 to use CyaSSL as a replacement for OpenSSL.
+/* Define to 1 to use wolfSSL as a replacement for OpenSSL.
* LWS_OPENSSL_SUPPORT needs to be set also for this to work. */
-#cmakedefine USE_CYASSL
+#cmakedefine USE_WOLFSSL
/* The Libwebsocket version */
#cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"
