andrejs.hanins at ubnt.com
Tue Feb 23 12:48:46 CET 2016
On 02/20/2016 03:34 AM, Andy Green wrote:
> Hi -
> I have been tracking master with v1.7-stable branch except for patches that affect the API, it's early days but that has worked out well... it's the first time we had a stable branch contemporary with the release. I guess that will slow down as the branches diverge.
> The point release is necessitated by a small but annoying bug with http/1.1 keepalive when lws is returning errors, the connection could not close but had to wait for a timeout from the peer. This bug had been there for a while but was hidden by lws closing the connection needlessly. Now it acts well for close this also needed fixing.
Having another problem with v1.7.1. To close WS connection I request writable and return -1 from the writable callback, in previous versions it caused CLOSED callback to be called, but not anymore with v1.7.1. What I see from the logs is the following:
lws_calllback_as_writeable: 0x6fc600 (user=0x6f4600)
Close and handled
lws_close_free_wsi: shutting down connection: 0x6fc600
But my WS connection stays alive, the only callbacks I get is about FD modification but not about WSI destroy or close. Note that disconnect initiator side continues to send data through the connection, but other side is stopped with kill -stop.
This again probably related to the the 8c1f6026a7f95d0bbed342c2aabbc14b509602c3 (multithreaded stability) commit which added shutdown(wsi->sock, SHUT_WR).
Any ideas how to get callbacks about closed WSI back?
> Now we really properly support normal "official CA" certs now with top class ECDH cipher and SSLLABS grading (A+) on the test server.
> from v1.7.1:./changelog --->
> NB: No API change since v1.7.0
> 1) MAJOR (Windows-only) fix assert firing
> 2) MAJOR http:/1.1 connections handled by lws_return_http_status() did not
> get sent a content-length resulting in the link hanging until the peer closed
> it. attack.sh updated to add a test for this.
> 1) MINOR test-server gained some new switches
> -C <file> use external SSL cert file
> -K <file> use external SSL key file
> -A <file> use external SSL CA cert file
> -u <uid> set effective uid
> -g <gid> set effective gid
> together you can use them like this to have the test-server work with the
> usual purchased SSL certs from an official CA.
> --ssl -C your.crt -K your.key -A your.cer -u 99 -g 99
> 2) MINOR the OpenSSL magic to setup ECDH cipher usage is implemented in the
> library, and the ciphers restricted to use ECDH only.
> Using this, the lws test server can score an A at SSLLABS test
> 3) MINOR STS (SSL always) header is added to the test server if you use --ssl. With
> that, we score A+ at SSLLABS test
> 4) MINOR daemonize function (disabled at cmake by default) is updated to work
> with systemd
> 5) MINOR example systemd .service file now provided for test server
> (not installed by default)
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
More information about the Libwebsockets