andy at warmcat.com
Sat Feb 20 02:34:09 CET 2016
I have been tracking master with v1.7-stable branch except for patches
that affect the API, it's early days but that has worked out well...
it's the first time we had a stable branch contemporary with the
release. I guess that will slow down as the branches diverge.
The point release is necessitated by a small but annoying bug with
http/1.1 keepalive when lws is returning errors, the connection could
not close but had to wait for a timeout from the peer. This bug had
been there for a while but was hidden by lws closing the connection
needlessly. Now it acts well for close this also needed fixing.
Now we really properly support normal "official CA" certs now with top
class ECDH cipher and SSLLABS grading (A+) on the test server.
from v1.7.1:./changelog --->
NB: No API change since v1.7.0
1) MAJOR (Windows-only) fix assert firing
2) MAJOR http:/1.1 connections handled by lws_return_http_status() did not
get sent a content-length resulting in the link hanging until the peer
it. attack.sh updated to add a test for this.
1) MINOR test-server gained some new switches
-C <file> use external SSL cert file
-K <file> use external SSL key file
-A <file> use external SSL CA cert file
-u <uid> set effective uid
-g <gid> set effective gid
together you can use them like this to have the test-server work with the
usual purchased SSL certs from an official CA.
--ssl -C your.crt -K your.key -A your.cer -u 99 -g 99
2) MINOR the OpenSSL magic to setup ECDH cipher usage is implemented in the
library, and the ciphers restricted to use ECDH only.
Using this, the lws test server can score an A at SSLLABS test
3) MINOR STS (SSL always) header is added to the test server if you use
that, we score A+ at SSLLABS test
4) MINOR daemonize function (disabled at cmake by default) is updated to
5) MINOR example systemd .service file now provided for test server
(not installed by default)
More information about the Libwebsockets