andrejs.hanins at ubnt.com
Mon Feb 22 14:32:31 CET 2016
Just as a heads up, not sure yet the reason, but with v1.7.1 I get LWS_CALLBACK_CHANGE_MODE_POLL_FD with fd = -1. There is also no LWS_CALLBACK_ADD_POLL_FD for that lws pointer. So it seems like something is subtly broken.
Everything is fine with v1.6.1
On 02/20/2016 03:34 AM, Andy Green wrote:
> Hi -
> I have been tracking master with v1.7-stable branch except for patches that affect the API, it's early days but that has worked out well... it's the first time we had a stable branch contemporary with the release. I guess that will slow down as the branches diverge.
> The point release is necessitated by a small but annoying bug with http/1.1 keepalive when lws is returning errors, the connection could not close but had to wait for a timeout from the peer. This bug had been there for a while but was hidden by lws closing the connection needlessly. Now it acts well for close this also needed fixing.
> Now we really properly support normal "official CA" certs now with top class ECDH cipher and SSLLABS grading (A+) on the test server.
> from v1.7.1:./changelog --->
> NB: No API change since v1.7.0
> 1) MAJOR (Windows-only) fix assert firing
> 2) MAJOR http:/1.1 connections handled by lws_return_http_status() did not
> get sent a content-length resulting in the link hanging until the peer closed
> it. attack.sh updated to add a test for this.
> 1) MINOR test-server gained some new switches
> -C <file> use external SSL cert file
> -K <file> use external SSL key file
> -A <file> use external SSL CA cert file
> -u <uid> set effective uid
> -g <gid> set effective gid
> together you can use them like this to have the test-server work with the
> usual purchased SSL certs from an official CA.
> --ssl -C your.crt -K your.key -A your.cer -u 99 -g 99
> 2) MINOR the OpenSSL magic to setup ECDH cipher usage is implemented in the
> library, and the ciphers restricted to use ECDH only.
> Using this, the lws test server can score an A at SSLLABS test
> 3) MINOR STS (SSL always) header is added to the test server if you use --ssl. With
> that, we score A+ at SSLLABS test
> 4) MINOR daemonize function (disabled at cmake by default) is updated to work
> with systemd
> 5) MINOR example systemd .service file now provided for test server
> (not installed by default)
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
More information about the Libwebsockets