(nuttx-apps) 01/04: netutils/libwebsockets: Remove hard dependency on mbedTLS

Tue, 16 Jun 2026 10:27:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

acassis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/nuttx-apps.git

commit d106011a7fbef520bde8a81d5f40ee515e564cc9
Author: Tiago Medicci <[email protected]>
AuthorDate: Fri Jun 12 10:46:56 2026 -0300

    netutils/libwebsockets: Remove hard dependency on mbedTLS
    
    libwebsockets can be built without TLS support. To allow this, it
    was necessary to create a specific Kconfig option that enables TLS
    support if OPENSSL_MBEDTLS_WRAPPER is enabled. Otherwise, TLS is
    not supported (but libwebsockets can still be used with plain ws://
    connections).
    
    Signed-off-by: Tiago Medicci <[email protected]>
---
 netutils/libwebsockets/CMakeLists.txt | 21 ++++++++++++++-------
 netutils/libwebsockets/Kconfig        | 11 ++++++++++-
 netutils/libwebsockets/Make.defs      |  6 ++++--
 netutils/libwebsockets/Makefile       |  4 +++-
 netutils/libwebsockets/lws_config.h   |  8 +++++---
 5 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/netutils/libwebsockets/CMakeLists.txt 
b/netutils/libwebsockets/CMakeLists.txt
index 7977f9311..717788f13 100644
--- a/netutils/libwebsockets/CMakeLists.txt
+++ b/netutils/libwebsockets/CMakeLists.txt
@@ -21,7 +21,7 @@
 if(CONFIG_NETUTILS_LIBWEBSOCKETS)
 
   # 
############################################################################
-  # Config and Fetch MbedTLS lib
+  # Config and Fetch libwebsockets
   # 
############################################################################
 
   set(LIBWEBSOCKETS_DIR ${CMAKE_CURRENT_LIST_DIR}/libwebsockets)
@@ -66,7 +66,7 @@ if(CONFIG_NETUTILS_LIBWEBSOCKETS)
       -Wno-shadow)
 
   set(INCDIR
-      .
+      ${CMAKE_CURRENT_LIST_DIR}
       ${LIBWEBSOCKETS_DIR}/lib/core
       ${LIBWEBSOCKETS_DIR}/lib/plat/unix
       ${LIBWEBSOCKETS_DIR}/lib/event-libs
@@ -78,9 +78,7 @@ if(CONFIG_NETUTILS_LIBWEBSOCKETS)
       ${LIBWEBSOCKETS_DIR}/lib/roles/h1
       ${LIBWEBSOCKETS_DIR}/lib/roles/h2
       ${LIBWEBSOCKETS_DIR}/lib/roles/ws
-      ${LIBWEBSOCKETS_DIR}/lib/tls
-      ${LIBWEBSOCKETS_DIR}/lib/tls/mbedtls/wrapper/include
-      ${LIBWEBSOCKETS_DIR}/lib/tls/mbedtls/wrapper/include/internal)
+      ${LIBWEBSOCKETS_DIR}/lib/tls)
 
   set(CSRCS
       ${LIBWEBSOCKETS_DIR}/lib/plat/unix/unix-caps.c
@@ -146,7 +144,14 @@ if(CONFIG_NETUTILS_LIBWEBSOCKETS)
       ${LIBWEBSOCKETS_DIR}/lib/roles/raw-skt/ops-raw-skt.c
       ${LIBWEBSOCKETS_DIR}/lib/roles/raw-file/ops-raw-file.c
       ${LIBWEBSOCKETS_DIR}/lib/roles/http/client/client-http.c
-      ${LIBWEBSOCKETS_DIR}/lib/event-libs/poll/poll.c
+      ${LIBWEBSOCKETS_DIR}/lib/event-libs/poll/poll.c)
+
+  if(CONFIG_NETUTILS_LIBWEBSOCKETS_TLS)
+    list(APPEND INCDIR ${LIBWEBSOCKETS_DIR}/lib/tls/mbedtls/wrapper/include
+         ${LIBWEBSOCKETS_DIR}/lib/tls/mbedtls/wrapper/include/internal)
+    list(
+      APPEND
+      CSRCS
       ${LIBWEBSOCKETS_DIR}/lib/tls/tls.c
       ${LIBWEBSOCKETS_DIR}/lib/tls/tls-network.c
       ${LIBWEBSOCKETS_DIR}/lib/tls/tls-sessions.c
@@ -157,6 +162,7 @@ if(CONFIG_NETUTILS_LIBWEBSOCKETS)
       ${LIBWEBSOCKETS_DIR}/lib/tls/mbedtls/mbedtls-ssl.c
       ${LIBWEBSOCKETS_DIR}/lib/tls/mbedtls/mbedtls-session.c
       ${LIBWEBSOCKETS_DIR}/lib/tls/mbedtls/mbedtls-client.c)
+  endif()
 
   if(CONFIG_NETUTILS_MQTTC)
     list(APPEND INCDIR ${LIBWEBSOCKETS_DIR}/lib/roles/mqtt)
@@ -178,7 +184,8 @@ if(CONFIG_NETUTILS_LIBWEBSOCKETS)
   set_property(
     TARGET nuttx
     APPEND
-    PROPERTY NUTTX_INCLUDE_DIRECTORIES ${LIBWEBSOCKETS_DIR}/include)
+    PROPERTY NUTTX_INCLUDE_DIRECTORIES ${LIBWEBSOCKETS_DIR}/include
+             ${CMAKE_CURRENT_LIST_DIR})
 
   nuttx_add_library(libwebsockets STATIC)
   target_sources(libwebsockets PRIVATE ${CSRCS})
diff --git a/netutils/libwebsockets/Kconfig b/netutils/libwebsockets/Kconfig
index 07686db68..0e127e286 100644
--- a/netutils/libwebsockets/Kconfig
+++ b/netutils/libwebsockets/Kconfig
@@ -6,7 +6,7 @@
 config NETUTILS_LIBWEBSOCKETS
        bool "libwebsockets library (current version)"
        default n
-       depends on NET && OPENSSL_MBEDTLS_WRAPPER
+       depends on NET
        ---help---
                Enables the libwebsockets library.
 
@@ -16,4 +16,13 @@ config NETUTILS_LIBWEBSOCKETS_VERSION
        string "Version number"
        default "4.3.1"
 
+config NETUTILS_LIBWEBSOCKETS_TLS
+       bool "Enable TLS support"
+       default y
+       depends on OPENSSL_MBEDTLS_WRAPPER
+       ---help---
+               Enable TLS in libwebsockets via the OpenSSL-mbedTLS
+               wrapper. Requires CONFIG_OPENSSL_MBEDTLS_WRAPPER.
+               When disabled, only plain ws:// connections are supported.
+
 endif
diff --git a/netutils/libwebsockets/Make.defs b/netutils/libwebsockets/Make.defs
index 13fe3849c..58ebdbb3e 100644
--- a/netutils/libwebsockets/Make.defs
+++ b/netutils/libwebsockets/Make.defs
@@ -25,7 +25,9 @@ CONFIGURED_APPS += $(APPDIR)/netutils/libwebsockets
 
 # Allows `<libwebsockets/<>.h>` import.
 
-CFLAGS +=  
${INCDIR_PREFIX}$(APPDIR)/netutils/libwebsockets/libwebsockets/include
-CXXFLAGS +=  
${INCDIR_PREFIX}$(APPDIR)/netutils/libwebsockets/libwebsockets/include
+CFLAGS += ${INCDIR_PREFIX}$(APPDIR)/netutils/libwebsockets
+CFLAGS += 
${INCDIR_PREFIX}$(APPDIR)/netutils/libwebsockets/libwebsockets/include
+CXXFLAGS += ${INCDIR_PREFIX}$(APPDIR)/netutils/libwebsockets
+CXXFLAGS += 
${INCDIR_PREFIX}$(APPDIR)/netutils/libwebsockets/libwebsockets/include
 
 endif
diff --git a/netutils/libwebsockets/Makefile b/netutils/libwebsockets/Makefile
index ad8c0c5e6..2dbe64479 100644
--- a/netutils/libwebsockets/Makefile
+++ b/netutils/libwebsockets/Makefile
@@ -118,6 +118,7 @@ CSRCS += \
        $(LIBWEBSOCKETS_UNPACK)/lib/roles/http/client/client-http.c \
        $(LIBWEBSOCKETS_UNPACK)/lib/event-libs/poll/poll.c
 
+ifneq ($(CONFIG_NETUTILS_LIBWEBSOCKETS_TLS),)
 CSRCS += \
        $(LIBWEBSOCKETS_UNPACK)/lib/tls/tls.c \
        $(LIBWEBSOCKETS_UNPACK)/lib/tls/tls-network.c \
@@ -128,7 +129,8 @@ CSRCS += \
        $(LIBWEBSOCKETS_UNPACK)/lib/tls/mbedtls/mbedtls-x509.c \
        $(LIBWEBSOCKETS_UNPACK)/lib/tls/mbedtls/mbedtls-ssl.c \
        $(LIBWEBSOCKETS_UNPACK)/lib/tls/mbedtls/mbedtls-session.c \
-       $(LIBWEBSOCKETS_UNPACK)/lib/tls/mbedtls/mbedtls-client.c \
+       $(LIBWEBSOCKETS_UNPACK)/lib/tls/mbedtls/mbedtls-client.c
+endif
 
 ifneq ($(CONFIG_NETUTILS_MQTTC),)
        CFLAGS += -I$(LIBWEBSOCKETS_UNPACK)/lib/roles/mqtt
diff --git a/netutils/libwebsockets/lws_config.h 
b/netutils/libwebsockets/lws_config.h
index 3fe970b47..6a4bcb79b 100644
--- a/netutils/libwebsockets/lws_config.h
+++ b/netutils/libwebsockets/lws_config.h
@@ -106,7 +106,7 @@
 #define LWS_HAVE_MALLOC_H
 /* #define LWS_HAVE_MALLOC_TRIM */
 #define LWS_HAVE_MALLOC_USABLE_SIZE
-#ifdef CONFIG_CRYPTO_MBEDTLS
+#ifdef CONFIG_NETUTILS_LIBWEBSOCKETS_TLS
 #define LWS_HAVE_mbedtls_md_setup
 #define LWS_HAVE_mbedtls_net_init
 #define LWS_HAVE_mbedtls_rsa_complete
@@ -187,8 +187,10 @@
 
 /* #undef LWS_NO_CLIENT */
 #define LWS_NO_DAEMONIZE
+#ifdef CONFIG_NETUTILS_LIBWEBSOCKETS_TLS
 #define LWS_OPENSSL_CLIENT_CERTS "/etc/ssl/certs"
 #define LWS_OPENSSL_SUPPORT
+#endif
 /* #undef LWS_PLAT_OPTEE */
 #define LWS_PLAT_UNIX
 /* #undef LWS_PLAT_FREERTOS */
@@ -281,7 +283,7 @@
 /* #undef LWS_WITH_SDEVENT */
 #define LWS_WITH_LWSAC
 #define LWS_LOGS_TIMESTAMP
-#ifdef CONFIG_CRYPTO_MBEDTLS
+#ifdef CONFIG_NETUTILS_LIBWEBSOCKETS_TLS
 #define LWS_WITH_MBEDTLS
 #endif
 /* #undef LWS_WITH_MINIZ */
@@ -355,7 +357,7 @@
 /* #undef LWS_WITH_SYS_NTPCLIENT */
 #define LWS_WITH_SYS_STATE
 /* #undef LWS_WITH_THREADPOOL */
-#ifdef CONFIG_CRYPTO_MBEDTLS
+#ifdef CONFIG_NETUTILS_LIBWEBSOCKETS_TLS
 #define LWS_WITH_TLS
 /* #undef LWS_WITH_TLS_JIT_TRUST */
 #define LWS_WITH_TLS_SESSIONS

Reply via email to