[Libwebsockets] v1.7.1

Andy Green andy at warmcat.com
Sat Feb 20 02:34:09 CET 2016


Hi -

I have been tracking master with v1.7-stable branch except for patches 
that affect the API, it's early days but that has worked out well... 
it's the first time we had a stable branch contemporary with the 
release.  I guess that will slow down as the branches diverge.

The point release is necessitated by a small but annoying bug with 
http/1.1 keepalive when lws is returning errors, the connection could 
not close but had to wait for a timeout from the peer.  This bug had 
been there for a while but was hidden by lws closing the connection 
needlessly.  Now it acts well for close this also needed fixing.

Now we really properly support normal "official CA" certs now with top 
class ECDH cipher and SSLLABS grading (A+) on the test server.


from v1.7.1:./changelog --->

v1.7.1
======

NB: No API change since v1.7.0

Fixes
-----

1) MAJOR (Windows-only) fix assert firing

2) MAJOR http:/1.1 connections handled by  lws_return_http_status() did not
get sent a content-length resulting in the link hanging until the peer 
closed
it.  attack.sh updated to add a test for this.

Changes
-------

1) MINOR test-server gained some new switches

    -C <file>  use external SSL cert file
    -K <file>  use external SSL key file
    -A <file>  use external SSL CA cert file

    -u <uid>  set effective uid
    -g <gid>  set effective gid

together you can use them like this to have the test-server work with the
usual purchased SSL certs from an official CA.

    --ssl -C your.crt -K your.key -A your.cer -u 99 -g 99

2) MINOR the OpenSSL magic to setup ECDH cipher usage is implemented in the
library, and the ciphers restricted to use ECDH only.
Using this, the lws test server can score an A at SSLLABS test

3) MINOR STS (SSL always) header is added to the test server if you use 
--ssl.  With
that, we score A+ at SSLLABS test

4) MINOR daemonize function (disabled at cmake by default) is updated to 
work
with systemd

5) MINOR example systemd .service file now provided for test server
(not installed by default)

-Andy



More information about the Libwebsockets mailing list