ABI
Tracker

(libwebsockets)




Changelog for 3.0.0 version



Changelog
---------

v3.0.0
======

 - CHANGE: Clients used to call LWS_CALLBACK_CLOSED same as servers...
   LWS_CALLBACK_CLIENT_CLOSED has been introduced and is called for clients
   now.
   
 - CHANGE: LWS_CALLBACK_CLIENT_CONNECTION_ERROR used to only be directed at
   protocols[0].  However in many cases, the protocol to bind to was provided
   at client connection info time and the wsi bound accordingly.  In those
   cases, CONNECTION_ERROR is directed at the bound protocol, not protcols[0]
   any more.

 - CHANGE: CMAKE: the following cmake defaults have changed with this version:
 
     - LWS_WITH_ZIP_FOPS:      now defaults OFF
     - LWS_WITH_RANGES:        now defaults OFF
     - LWS_WITH_ZLIB:          now defaults OFF
     - LWS_WITHOUT_EXTENSIONS: now defaults ON
     
 - CHANGE: REMOVED: lws_alloc_vfs_file() (read a file to malloc buffer)
 
 - CHANGE: REMOVED: lws_read() (no longer useful outside of lws internals)
 
 - CHANGE: REMOVED: ESP8266... ESP32 is now within the same price range and much
   more performant
   
 - CHANGE: soname bump... don't forget to `ldconfig`
     
 - NEW: all event libraries support "foreign" loop integration where lws itself
   if just a temporary user of the loop unrelated to the actual loop lifecycle.
   
   See `minimal-http-server-eventlib-foreign` for example code demonstrating
   this for all the event libraries.
   
   Internal loop in lws is also supported and demonstrated by
   `minimal-http-server-eventlib`.
 
 - NEW: ws-over-h2 support.  This is a new RFC-on-the-way supported by Chrome
   and shortly firefox that allows ws connections to be multiplexed back to the
   server on the same tcp + tls wrapper h2 connection that the html and scripts
   came in on.  This is hugely faster that discrete connections.
 
 - NEW: UDP socket adoption and related event callbacks
 
 - NEW: Multi-client connection binding, queuing and pipelining support.
 
   Lws detects multiple client connections to the same server and port, and
   optimizes how it handles them according to the server type and provided
   flags.  For http/1.0, all occur with individual parallel connections.  For
   http/1.1, you can enable keepalive pipelining, so the connections occur
   sequentially on a single network connection.  For http/2, they all occur
   as parallel streams within a single h2 network connection.
   
   See minimal-http-client-multi for example code. 
   
 - NEW: High resolution timer API for wsi, get a callback on your wsi with
   LWS_CALLBACK_TIMER, set and reset the timer with lws_set_timer_usecs(wsi, us)
   Actual resolution depends on event backend.  Works with all backends, poll,
   libuv, libevent, and libev.
   
 - NEW: Protocols can arrange vhost-protocol instance specific callbacks with
   second resolution using `lws_timed_callback_vh_protocol()`

 - NEW: ACME client plugin for self-service TLS certificates
  
 - NEW: RFC7517 JSON Web Keys RFC7638 JWK thumbprint, and RFC7515 JSON Web
    signatures support
  
 - NEW: lws_cancel_service() now provides a generic way to synchronize events
   from other threads, which appear as a LWS_CALLBACK_EVENT_WAIT_CANCELLED
   callback on all protocols.  This is compatible with all the event libraries.

 - NEW: support BSD poll() where changes to the poll wait while waiting are
   undone.

 - NEW: Introduce generic hash, hmac and RSA apis that operate the same
   regardless of OpenSSL or mbedTLS tls backend
  
 - NEW: Introduce X509 element query api that works the same regardless of
   OpenSSL or mbedTLS tls backend
    
 - NEW: Introduce over 30 "minimal examples" in ./minimal-examples... these
   replace most of the old test servers
   
    - test-echo -> minimal-ws-server-echo and minimal-ws-client-echo

    - test-server-libuv / -libevent / -libev ->
         minimal-https-server-eventlib / -eventlib-foreign / -eventlib-demos

    - test-server-v2.0 -> folded into all the minimal servers

    - test-server direct http serving -> minimal-http-server-dynamic
    
   The minimal examples allow individual standalone build using their own
   small CMakeLists.txt.
   
 - NEW: lws now detects any back-to-back writes that did not go through the
   event loop inbetween and reports them.  This will flag any possibility of
   failure rather than wait until the problem happens.
   
 - NEW: CMake has LWS_WITH_DISTRO_RECOMMENDED to select features that are
   appropriate for distros
   
 - NEW: Optional vhost URL `error_document_404` if given causes a redirect there
   instead of serve the default 404 page.
   
 - NEW: lws_strncpy() wrapper guarantees NUL in copied string even if it was
   truncated to fit.
   
 - NEW: for client connections, local protocol binding name can be separated
   from the ws subprotocol name if needed, using .local_protocol_name

 - NEW: Automatic detection of time discontiguities
   
 - NEW: Applies TCP_USER_TIMEOUT for Linux tcp keepalive where available
     
 - QA: 1600 tests run on each commit in Travis CI, including almost all
   Autobahn in client and server mode, various h2load tests, h2spec, attack.sh
   the minimal example selftests and others.

 - QA: fix small warnings introduced on gcc8.x (eg, Fedora 28)
 
 - QA: Add most of -Wextra on gcc (-Wsign-compare, -Wignored-qualifiers,
   -Wtype-limits, -Wuninitialized)
   
 - QA: clean out warnings on windows
 
 - QA: pass all 146 h2spec tests now on strict
 
 - QA: introduce 35 selftests that operate different minimal examples against
   each other and confirm the results.
 
 - QA: LWS_WITH_MINIMAL_EXAMPLES allows mass build of all relevant minimal-
   examples with the LWS build, for CI and to make all the example binaries
   available from the lws build dir ./bin
 
 - REFACTOR: the lws source directory layout in ./lib has been radically
   improved, and there are now README.md files in selected subdirs with extra
   documentation of interest to people working on lws itself.

 - REFACTOR: pipelined transactions return to the event loop before starting the
   next part. 
 
 - REFACTOR: TLS: replace all TLS library constants with generic LWS ones and
   adapt all the TLS library code to translate to these common ones.
   
   Isolated all the tls-related private stuff in `./lib/tls/private.h`, and all
   the mbedTLS stuff in `./lib/tls/mbedtls` + openSSL stuff in
   `./lib/tls/openssl`
   
 - REFACTOR: the various kinds of wsi possible with lws have been extracted
   from the main code and isolated into "roles" in `./lib/roles` which
   communicate with the core code via an ops struct.  Everything related to
   ah is migrated to the http role.
   
   wsi modes are eliminated and replaced by the ops pointer for the role the
   wsi is performing.  Generic states for wsi are available to control the
   lifecycle using core code.
   
   Adding new "roles" is now much easier with the changes and ops struct to
   plug into.

 - REFACTOR: reduce four different kinds of buffer management in lws into a
   generic scatter-gather struct lws_buflist. 

 - REFACTOR: close notifications go through event loop


v2.4.0
======

 - HTTP/2 server support is now mature and usable!  LWS_WITH_HTTP2=1 enables it.
   Uses ALPN to serve HTTP/2, HTTP/1 and ws[s] connections all from the same
   listen port seamlessly.  (Requires ALPN-capable OpenSSL 1.1 or mbedTLS).

 - LWS_WITH_MBEDTLS=1 at CMake now builds and works against mbedTLS instead of
   OpenSSL.  Most things work identically, although on common targets where
   OpenSSL has acceleration, mbedTLS is many times slower in operation.  However
   it is a lot smaller codewise.
   
 - Generic hash apis introduced that work the same on mbedTLS or OpenSSL backend
 
 - LWS_WITH_PEER_LIMITS tracks IPs across all vhosts and allows restrictions on
   both the number of simultaneous connections and wsi in use for any single IP

 - lws_ring apis provide a generic single- or multi-tail ringbuffer... mirror
   protocol now uses this.  Features include ring elements may be sized to fit
   structs in the ringbuffer, callback when no tail any longer needs an element
   and it can be deleted, and zerocopy options to write new members directly
   into the ringbuffer, and use the ringbuffer element by address too.
 
 - abstract ssh 2 server plugin included, with both plugin and standalone
   demos provided.  You can bind the plugin to a vhost and also serve full-
   strength ssh from the vhost.  IO from the ssh server is controlled by an
   "ops" struct of callbacks for tx, rx, auth etc.
   
 - Many fixes, cleanups, source refactors and other improvements.


v2.3.0
======

 - ESP32 OpenSSL support for client and server

 - ESP32 4 x WLAN credential slots may be configured

 - Libevent event loop support

 - SOCKS5 proxy support

 - lws_meta protocol for websocket connection multiplexing

 - lws_vhost_destroy() added... allows dynamic removal of listening
   vhosts.  Vhosts with shared listen sockets adopt the listen socket
   automatically if the owner is destroyed.

 - IPv6 on Windows

 - Improved CGI handling suitable for general CGI scripting, eg, PHP

 - Convert even the "old style" test servers to use statically included
   plugin sources

 - LWS_WITH_STATS cmake option dumps resource usage and timing information
   every few seconds to debug log, including latency information about
   delay from asking for writeable callback to getting it

 - Large (> 2GB) files may be served

 - LWS_WITH_HTTP_PROXY Cmake option adds proxying mounts

 - Workaround for libev build by disabling -Werror on the test app

 - HTTP2 support disabled since no way to serve websockets on it


v2.2.0
======

Major new features

 - A mount can be protected by Basic Auth... in lwsws it looks like this

 ```
{
        "mountpoint": "/basic-auth",
        "origin": "file://_lws_ddir_/libwebsockets-test-server/private",
        "basic-auth": "/var/www/balogins-private"
}
```

The text file named in `basic-auth` contains user:password information
one per line.

See README.lwsws.md for more information.

 - RFC7233 RANGES support in lws server... both single and multipart.
 This allows seeking for multimedia file serving and download resume.
 It's enabled by default but can be disabled by CMake option.

 - On Linux, lwsws can reload configuration without dropping ongoing
 connections, when sent a SIGHUP.  The old configuration drops its
 listen sockets so the new configuration can listen on them.
 New connections connect to the server instance with the new
 configuration.  When all old connections eventually close, the old
 instance automatically exits.  This is equivalent to
 `systemctl reload apache`

 - New `adopt` api allow adoption including SSL negotiation and
 for raw sockets and file descriptors.

 - Chunked transfer encoding supported for client and server

 - Adaptations to allow operations inside OPTEE Secure World

 - ESP32 initial port - able to do all test server functions. See
 README.build.md

 - Serving gzipped files from inside a ZIP file is supported... this
 includes directly serving the gzipped content if the client
 indicated it could accept it (ie, almost all browsers) saving
 bandwidth and time.  For clients that can't accept it, lws
 automatically decompresses and serves the content in memory-
 efficient chunks. Only a few hundred bytes of heap are needed
 to serve any size file from inside the zip.  See README.coding.md

 - RAW file descriptors may now be adopted into the lws event loop,
 independent of event backend (including poll service).
 See README.coding.md

 - RAW server socket descriptors may now be enabled on the vhost if
 the first thing sent on the connection is not a valid http method.
 The user code can associate these with a specific protocol per
 vhost, and RAW-specific callbacks appear there for creation, rx,
 writable and close.  See libwebsockets-test-server-v2.0 for an example.
 See README.coding.md

 - RAW client connections are now possible using the method "RAW".
 After connection, the socket is associated to the protocol
 named in the client connection info and RAW-specific callbacks
 appear there for creation, rx, writable and close.
 See libwebsockets-test-client (with raw://) for an example.
 See README.coding.md


v2.1.0
======

Major new features

 - Support POST arguments, including multipart and file attachment

 - Move most of lwsws into lws, make the stub CC0

 - Add loopback test plugin to confirm client ws / http coexistence

 - Integrate lwsws testing on Appveyor (ie, windows)

 - Introduce helpers for sql, urlencode and urldecode sanitation

 - Introduce LWS_CALLBACK_HTTP_BIND_PROTOCOL / DROP_PROTOCOL that
 are compatible with http:/1.1 pipelining and different plugins
 owning different parts of the URL space

 - lwsgs - Generic Sessions plugin supports serverside sessions,
 cookies, hashed logins, forgot password etc

 - Added APIs for sending email to SMTP servers

 - Messageboard example plugin for lwsgs

 - Automatic PING sending at fixed intervals and close if no response

 - Change default header limit in ah to 4096 (from 1024)

 - Add SNI matching for wildcards if no specific wildcard vhost name match

 - Convert docs to Doxygen

 - ESP8266 support ^^

Fixes
-----

See git log v2.0.0..



v2.0.0
======

Summary
-------

 - There are only api additions, the api is compatible with v1.7.x.  But
   there is necessarily an soname bump to 8.
 
 - If you are using lws client, you mainly need to be aware the option
   LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT is needed at context-creation time
   if you will use SSL.
   
 - If you are using lws for serving, the above is also true but there are
   many new features to simplify your code (and life).  There is a
   summany online here
   
     https://libwebsockets.org/lws-2.0-new-features.html
     
   but basically the keywords are vhosts, mounts and plugins.  You can now
   do the web serving part from lws without any user callback code at all.
   See ./test-server/test-server-v2.0.c for an example, it has no user
   code for ws either since it uses the protocol plugins... that one C file
   is all that is needed to do the whole test server function.
   
   You now have the option to use a small generic ws-capable webserver
   "lwsws" and write your ws part as a plugin.  That eliminates even
   cut-and-pasting the test server code and offers more configurable
   features like control over http cacheability in JSON.


Fixes
-----

These are already in 1.7.x series

1) MAJOR (Windows-only) fix assert firing

2) MAJOR http:/1.1 connections handled by  lws_return_http_status() did not
get sent a content-length resulting in the link hanging until the peer closed
it.  attack.sh updated to add a test for this.

3) MINOR An error about hdr struct in _lws_ws_related is corrected, it's not
known to affect anything until after it was fixed

4) MINOR During the close shutdown wait state introduced at v1.7, if something
requests callback on writeable for the socket it will busywait until the
socket closes

5) MAJOR Although the test server has done it for a few versions already, it
is now required for the user code to explicitly call

	if (lws_http_transaction_completed(wsi))
		return -1;

when it finishes replying to a transaction in http.  Previously the library
did it for you, but that disallowed large, long transfers with multiple
trips around the event loop (and cgi...).

6) MAJOR connections on ah waiting list that closed did not get removed from
the waiting list...

7) MAJOR since we added the ability to hold an ah across http keepalive
transactions where more headers had already arrived, we broke the ability
to tell if more headers had arrived.  Result was if the browser didn't
close the keepalive, we retained ah for the lifetime of the keepalive,
using up the pool.

8) MAJOR windows-only-POLLHUP was not coming

9) Client should not send ext hdr if no exts

Changes
-------

1) MINOR test-server gained some new switches

   -C <file>  use external SSL cert file
   -K <file>  use external SSL key file
   -A <file>  use external SSL CA cert file
   
   -u <uid>  set effective uid
   -g <gid>  set effective gid

together you can use them like this to have the test-server work with the
usual purchased SSL certs from an official CA.

   --ssl -C your.crt -K your.key -A your.cer -u 99 -g 99

2) MINOR the OpenSSL magic to setup ECDH cipher usage is implemented in the
library, and the ciphers restricted to use ECDH only.
Using this, the lws test server can score an A at SSLLABS test

3) MINOR STS (SSL always) header is added to the test server if you use --ssl.  With
that, we score A+ at SSLLABS test

4) MINOR daemonize function (disabled at cmake by default) is updated to work
with systemd

5) MINOR example systemd .service file now provided for test server
(not installed by default)

6) test server html is updated with tabs and a new live server monitoring
feature.  Input sanitization added to the js.

7) client connections attempted when no ah is free no longer fail, they are
just deferred until an ah becomes available.

8) The test client pays attention to if you give it an http:/ or https://
protocol string to its argument in URL format.  If so, it stays in http[s]
client mode and doesn't upgrade to ws[s], allowing you to do generic http client
operations.  Receiving transfer-encoding: chunked is supported.

9) If you enable -DLWS_WITH_HTTP_PROXY=1 at cmake, the test server has a
new URI path http://localhost:7681/proxytest If you visit here, a client
connection to http://example.com:80 is spawned, and the results piped on
to your original connection.

10) Also with LWS_WITH_HTTP_PROXY enabled at cmake, lws wants to link to an
additional library, "libhubbub".  This allows lws to do html rewriting on the
fly, adjusting proxied urls in a lightweight and fast way.

11) There's a new context creation flag LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT,
this is included automatically if you give any other SSL-related option flag.
If you give no SSL-related option flag, nor this one directly, then even
though SSL support may be compiled in, it is never initialized nor used for the
whole lifetime of the lws context.

Conversely in order to prepare the context to use SSL, even though, eg, you
are not listening on SSL but will use SSL client connections later, you must
give this flag explicitly to make sure SSL is initialized.


User API additions
------------------

1) MINOR APIBREAK There's a new member in struct lws_context_creation_info, ecdh_curve,
which lets you set the name of the ECDH curve OpenSSL should use.  By
default (if you leave ecdh_curve NULL) it will use "prime256v1"

2) MINOR NEWAPI It was already possible to adopt a foreign socket that had not
been read from using lws_adopt_socket() since v1.7.  Now you can adopt a
partially-used socket if you don't need SSL, by passing it what you read
so it can drain that before reading from the socket.

LWS_VISIBLE LWS_EXTERN struct lws *
lws_adopt_socket_readbuf(struct lws_context *context, lws_sockfd_type accept_fd,
		const char *readbuf, size_t len);

3) MINOR NEWAPI CGI type "network io" subprocess execution is now possible from
a simple api.

LWS_VISIBLE LWS_EXTERN int
lws_cgi(struct lws *wsi, char * const *exec_array,  int script_uri_path_len,
        int timeout_secs);

LWS_VISIBLE LWS_EXTERN int
lws_cgi_kill(struct lws *wsi);

To use it, you must first set the cmake option

$ cmake .. -DLWS_WITH_CGI=1

See test-server-http.c and  test server path

http://localhost:7681/cgitest

stdin gets http body, you can test it with wget

$ echo hello > hello.txt
$ wget http://localhost:7681/cgitest --post-file=hello.txt -O- --quiet
lwstest script
read="hello"

The test script returns text/html table showing /proc/meminfo.  But the cgi
support is complete enough to run cgit cgi.

4) There is a helper api for forming logging timestamps

LWS_VISIBLE int
lwsl_timestamp(int level, char *p, int len)

this generates this kind of timestamp for use as logging preamble

lwsts[13116]: [2016/01/25 14:52:52:8386] NOTICE: Initial logging level 7

5) struct lws_client_connect_info has a new member

 const char *method
 
If it's NULL, then everything happens as before, lws_client_connect_via_info()
makes a ws or wss connection to the address given.

If you set method to a valid http method like "GET", though, then this method
is used and the connection remains in http[s], it's not upgraded to ws[s].

So with this, you can perform http[s] client operations as well as ws[s] ones.

There are 4 new related callbacks

	LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP			= 44,
	LWS_CALLBACK_CLOSED_CLIENT_HTTP				= 45,
	LWS_CALLBACK_RECEIVE_CLIENT_HTTP			= 46,
	LWS_CALLBACK_COMPLETED_CLIENT_HTTP			= 47,

6) struct lws_client_connect_info has a new member

 const char *parent_wsi
 
if non-NULL, the client wsi is set to be a child of parent_wsi.  This ensures
if parent_wsi closes, then the client child is closed just before.

7) If you're using SSL, there's a new context creation-time option flag
LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS.  If you give this, non-ssl
connections to the server listen port are accepted and receive a 301
redirect to / on the same host and port using https://

8) User code may set per-connection extension options now, using a new api
"lws_set_extension_option()".

This should be called from the ESTABLISHED callback like this

 lws_set_extension_option(wsi, "permessage-deflate",
                          "rx_buf_size", "12"); /* 1 << 12 */

If the extension is not active (missing or not negotiated for the
connection, or extensions are disabled on the library) the call is
just returns -1.  Otherwise the connection's extension has its
named option changed.

The extension may decide to alter or disallow the change, in the
example above permessage-deflate restricts the size of his rx
output buffer also considering the protocol's rx_buf_size member.


New application lwsws
---------------------

A libwebsockets-based general webserver is built by default now, lwsws.

It's configured by JSON, by default in

  /etc/lwsws/conf

which contains global lws context settings like this

{
  "global": {
   "uid": "99",
   "gid": "99",
   "interface": "eth0",
   "count-threads": "1"
 }
}

  /etc/lwsws/conf.d/*

which contains zero or more files describing vhosts, like this

{
 "vhosts": [
  { "name": "warmcat.com",
    "port": "443",
    "host-ssl-key": "/etc/pki/tls/private/warmcat.com.key",
    "host-ssl-cert": "/etc/pki/tls/certs/warmcat.com.crt",
    "host-ssl-ca": "/etc/pki/tls/certs/warmcat.com.cer",
    "mounts": [
      { "/": [
       { "home": "file:///var/www/warmcat.com" },
       { "default": "index.html" }
      ]
     }
    ]
   }
 ]
}



v1.7.0
======

Extension Changes
-----------------

1) There is now a "permessage-deflate" / RFC7692 implementation.  It's very
similar to "deflate-frame" we have offered for a long while; deflate-frame is
now provided as an alias of permessage-deflate.

The main differences are that the new permessage-deflate implementation:

 - properly performs streaming respecting input and output buffer limits.  The
   old deflate-frame implementation could only work on complete deflate input
   and produce complete inflate output for each frame.  The new implementation
   only mallocs buffers at initialization.

 - goes around the event loop after each input package is processed allowing
   interleaved output processing.  The RX flow control api can be used to
   force compressed input processing to match the rate of compressed output
   processing (test--echo shows an example of how to do this).

 - when being "deflate-frame" for compatibility he uses the same default zlib
   settings as the old "deflate-frame", but instead of exponentially increasing
   malloc allocations until the whole output will fit, he observes the default
   input and output chunking buffer sizes of "permessage-deflate", that's
   1024 in and 1024 out at a time.

2) deflate-stream has been disabled for many versions (for over a year) and is
now removed.  Browsers are now standardizing on "permessage-deflate" / RFC7692

3) struct lws_extension is simplified, and lws extensions now have a public
api (their callback) for use in user code to compose extensions and options
the user code wants.  lws_get_internal_exts() is deprecated but kept around
as a NOP.  The changes allow one extension implementation to go by different
names and allows the user client code to control option offers per-ext.

The test client and server are updated to use the new way.  If you use
the old way it should still work, but extensions will be disabled until you
update your code.

Extensions are now responsible for allocating and per-instance private struct
at instance construction time and freeing it when the instance is destroyed.
Not needing to know the size means the extension's struct can be opaque
to user code.


User api additions
------------------

1) The info struct gained three new me
...