This is an automated email from the ASF dual-hosted git repository.
gmurthy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/qpid-dispatch.git
The following commit(s) were added to refs/heads/master by this push:
new f2336b5 DISPATCH-1513 - Fixed router crash when running http requests
over https. This fix is available only on systems that are running
libwebsockets version 3.2.0 and above. This closes #660.
f2336b5 is described below
commit f2336b596a39cb5608cae83d67857ed0edfa29a8
Author: Ganesh Murthy <[email protected]>
AuthorDate: Mon Jan 13 12:17:56 2020 -0500
DISPATCH-1513 - Fixed router crash when running http requests over https.
This fix is available only on systems that are running libwebsockets version
3.2.0 and above. This closes #660.
---
.gitignore | 1 +
CMakeLists.txt | 1 +
cmake/FindLibWebSockets.cmake | 12 ++++++++++++
src/http-libwebsockets.c | 4 ++++
tests/{system_tests_http.py => system_tests_http.py.in} | 5 +++--
5 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/.gitignore b/.gitignore
index 262259e..4c68305 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,7 @@ tests/failoverserver.py
tests/system_tests_authz_service_plugin.py
tests/system_tests_handle_failover.py
tests/system_tests_topology_disposition.py
+tests/system_tests_http.py
*.iml
.idea
.metadata
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6dd9733..b9e8902 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -225,6 +225,7 @@
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tests/authservice.py.in ${CMAKE_CURRE
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tests/failoverserver.py.in
${CMAKE_CURRENT_SOURCE_DIR}/tests/failoverserver.py)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_authz_service_plugin.py.in
${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_authz_service_plugin.py)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_handle_failover.py.in
${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_handle_failover.py)
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_http.py.in
${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_http.py)
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_topology_disposition.py.in
${CMAKE_CURRENT_SOURCE_DIR}/tests/system_tests_topology_disposition.py)
execute_process(COMMAND ${RUN} --sh OUTPUT_FILE config.sh)
diff --git a/cmake/FindLibWebSockets.cmake b/cmake/FindLibWebSockets.cmake
index e8572ac..ddb8502 100644
--- a/cmake/FindLibWebSockets.cmake
+++ b/cmake/FindLibWebSockets.cmake
@@ -60,6 +60,18 @@ else()
LIBWEBSOCKETS DEFAULT_MSG LIBWEBSOCKETS_VERSION_STRING
LIBWEBSOCKETS_LIBRARIES LIBWEBSOCKETS_INCLUDE_DIRS)
endif()
+
+if (LIBWEBSOCKETS_FOUND)
+ # This is a fix for DISPATCH-1513. libwebsockets versions 3.2.0 introduces a
new flag called LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER
+ # The new flag allows (as the flag says) HTTP pver HTTPS listeners. Since
this flag is not available before lws 3.2.0 we need
+ # to selectively comment out a test.
+ set(TEST_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER "#")
+ set(LWS_VERSION_WITH_SSL_FIX "3.2.0")
+ if (LIBWEBSOCKETS_VERSION_STRING AND (LIBWEBSOCKETS_VERSION_STRING
VERSION_GREATER_EQUAL LWS_VERSION_WITH_SSL_FIX))
+ set(TEST_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER "")
+ endif()
+endif(LIBWEBSOCKETS_FOUND)
+
if(NOT LIBWEBSOCKETS_FOUND)
unset(LIBWEBSOCKETS_LIBRARIES)
unset(LIBWEBSOCKETS_INCLUDE_DIRS)
diff --git a/src/http-libwebsockets.c b/src/http-libwebsockets.c
index c4dd366..56aaa53 100644
--- a/src/http-libwebsockets.c
+++ b/src/http-libwebsockets.c
@@ -354,7 +354,11 @@ static void listener_start(qd_http_listener_t *hl,
qd_http_server_t *hs) {
info.options |=
LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT |
+#if LWS_LIBRARY_VERSION_MAJOR > 3 || (LWS_LIBRARY_VERSION_MAJOR == 3 &&
LWS_LIBRARY_VERSION_MINOR >= 2)
+ (config->ssl_required ? 0 :
LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT |
LWS_SERVER_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER) |
+#else
(config->ssl_required ? 0 :
LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT) |
+#endif
((config->requireAuthentication && info.ssl_ca_filepath) ?
LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT : 0);
}
info.vhost_name = hl->listener->config.host_port;
diff --git a/tests/system_tests_http.py b/tests/system_tests_http.py.in
similarity index 97%
rename from tests/system_tests_http.py
rename to tests/system_tests_http.py.in
index de229eb..712d5bd 100644
--- a/tests/system_tests_http.py
+++ b/tests/system_tests_http.py.in
@@ -250,8 +250,9 @@ class RouterTestHttp(TestCase):
self.assert_get("https://localhost:%s"; % r.ports[0])
# requireSsl=false Allows simple-ssl HTTP
- # Commenting out the following assert until DISPATCH-1513 is fixed.
- #self.assert_get("http://localhost:%s"; % r.ports[0])
+ # The following test will be commented out if you are running a
version lower than
+ # libwebsockets 3.2.0
+
${TEST_OPTION_ALLOW_HTTP_ON_HTTPS_LISTENER}self.assert_get("http://localhost:%s";
% r.ports[0])
self.assert_get("https://localhost:%s"; % r.ports[1])
# requireSsl=True does not allow simple-ssl HTTP
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
