1# 2# libwebsockets - small server side websockets and web server implementation 3# 4# Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com> 5# 6# Permission is hereby granted, free of charge, to any person obtaining a copy 7# of this software and associated documentation files (the "Software"), to 8# deal in the Software without restriction, including without limitation the 9# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10# sell copies of the Software, and to permit persons to whom the Software is 11# furnished to do so, subject to the following conditions: 12# 13# The above copyright notice and this permission notice shall be included in 14# all copies or substantial portions of the Software. 15# 16# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 22# IN THE SOFTWARE. 23# 24# 25# This converts everything about the tls support into 26# 27# - entries on SOURCES (modifications set back in PARENT_SCOPE) 28# - entries on LIB_LIST (modifications set back in PARENT_SCOPE) 29# - include_directories() 30# - Api build-time discovery results set in PARENT_SCOPE 31# 32# Everything else is handled privately here. 33 34include_directories(.) 35 36# Allow the user to use the old CyaSSL options/library in stead of wolfSSL 37if (LWS_WITH_CYASSL AND LWS_WITH_WOLFSSL) 38 message(FATAL_ERROR "LWS_WITH_CYASSL and LWS_WITH_WOLFSSL are mutually exclusive!") 39endif() 40 41if (LWS_WITH_CYASSL) 42 # Copy CyaSSL options to the wolfSSL options 43 set(LWS_WITH_WOLFSSL ${LWS_WITH_CYASSL} CACHE BOOL "Use wolfSSL/CyaSSL instead of OpenSSL" FORCE PARENT_SCOPE) 44 set(LWS_WOLFSSL_LIBRARIES ${LWS_CYASSL_LIBRARIES} CACHE PATH "Path to wolfSSL/CyaSSL libraries" FORCE PARENT_SCOPE) 45 set(LWS_WOLFSSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS} CACHE PATH "Path to wolfSSL/CyaSSL header files" FORCE PARENT_SCOPE) 46endif() 47 48set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library" ) 49set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory" ) 50set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library" ) 51set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory" ) 52 53 54if (LWS_WITH_BORINGSSL) 55 # boringssl deprecated EVP_PKEY 56 set (LWS_WITH_GENHASH OFF PARENT_SCOPE) 57endif() 58 59if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL AND NOT LWS_WITH_MBEDTLS) 60 if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "") 61 else() 62 if (NOT LWS_PLAT_FREERTOS) 63 set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES}) 64 endif() 65 set(OPENSSL_INCLUDE_DIRS ${LWS_OPENSSL_INCLUDE_DIRS}) 66 set(OPENSSL_FOUND 1) 67 endif() 68endif() 69 70if (LWS_WITH_SSL AND LWS_WITH_WOLFSSL) 71 if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "") 72 include (FindPkgConfig) 73 PKG_SEARCH_MODULE(LWS_WOLFSSL wolfssl) 74 75 if (NOT WOLFSSL_FOUND) 76 if (LWS_WITH_CYASSL) 77 message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_WITH_CYASSL is turned on.") 78 else() 79 message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_WITH_WOLFSSL is turned on.") 80 endif() 81 endif() 82 else() 83 set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES}) 84 set(WOLFSSL_INCLUDE_DIRS ${LWS_WOLFSSL_INCLUDE_DIRS}) 85 set(WOLFSSL_FOUND 1) 86 endif() 87 set(USE_WOLFSSL 1) 88 set(USE_WOLFSSL 1 PARENT_SCOPE) 89 set(LWS_WITH_TLS 1 PARENT_SCOPE) 90 if (LWS_WITH_CYASSL) 91 set(USE_OLD_CYASSL 1) 92 endif() 93endif() 94 95if (LWS_SSL_CLIENT_USE_OS_CA_CERTS) 96 set(LWS_SSL_CLIENT_USE_OS_CA_CERTS 1 PARENT_SCOPE) 97endif() 98 99if (LWS_WITH_MBEDTLS) 100 add_subdirectory(mbedtls) 101 include_directories(${_CMAKE_INC_LIST}) 102endif() 103 104# The base dir where the test-apps look for the SSL certs. 105set(LWS_OPENSSL_CLIENT_CERTS ../share CACHE PATH "Server SSL certificate directory") 106if (WIN32) 107 set(LWS_OPENSSL_CLIENT_CERTS . CACHE PATH "Client SSL certificate directory" PARENT_SCOPE) 108else() 109 set(LWS_OPENSSL_CLIENT_CERTS /etc/pki/tls/certs/ CACHE PATH "Client SSL certificate directory") 110endif() 111 112if (LWS_WITH_SSL) 113 list(APPEND SOURCES 114 tls/tls.c) 115 if (LWS_WITH_NETWORK) 116 list(APPEND SOURCES 117 tls/tls-network.c) 118 endif() 119 if (LWS_WITH_TLS_SESSIONS) 120 list(APPEND SOURCES 121 tls/tls-sessions.c) 122 endif() 123 if (LWS_WITH_TLS_JIT_TRUST) 124 list(APPEND SOURCES 125 tls/tls-jit-trust.c) 126 endif() 127 128 if (LWS_WITH_MBEDTLS) 129 list(APPEND SOURCES 130 tls/mbedtls/mbedtls-tls.c 131 tls/mbedtls/mbedtls-extensions.c 132 tls/mbedtls/mbedtls-x509.c) 133 if (LWS_WITH_NETWORK) 134 list(APPEND SOURCES 135 tls/mbedtls/mbedtls-ssl.c) 136 endif() 137 if (LWS_WITH_TLS_JIT_TRUST) 138 list(APPEND SOURCES 139 tls/mbedtls/mbedtls-extensions.c) 140 endif() 141 if (LWS_WITH_TLS_SESSIONS) 142 list(APPEND SOURCES 143 tls/mbedtls/mbedtls-session.c) 144 endif() 145 if (LWS_WITH_GENCRYPTO) 146 list(APPEND SOURCES 147 tls/mbedtls/lws-genhash.c 148 tls/mbedtls/lws-genrsa.c 149 tls/mbedtls/lws-genaes.c 150 tls/lws-genec-common.c 151 tls/mbedtls/lws-genec.c 152 tls/mbedtls/lws-gencrypto.c) 153 endif() 154 else() 155 list(APPEND SOURCES 156 tls/openssl/openssl-tls.c 157 tls/openssl/openssl-x509.c) 158 if (LWS_WITH_NETWORK) 159 list(APPEND SOURCES 160 tls/openssl/openssl-ssl.c) 161 endif() 162 if (LWS_WITH_TLS_SESSIONS) 163 list(APPEND SOURCES 164 tls/openssl/openssl-session.c) 165 endif() 166 if (LWS_WITH_GENCRYPTO) 167 list(APPEND SOURCES 168 tls/openssl/lws-genhash.c 169 tls/openssl/lws-genrsa.c 170 tls/openssl/lws-genaes.c 171 tls/lws-genec-common.c 172 tls/openssl/lws-genec.c 173 tls/openssl/lws-gencrypto.c) 174 endif() 175 endif() 176 177 if (NOT LWS_WITHOUT_SERVER) 178 list(APPEND SOURCES 179 tls/tls-server.c) 180 if (LWS_WITH_MBEDTLS) 181 list(APPEND SOURCES 182 tls/mbedtls/mbedtls-server.c) 183 else() 184 list(APPEND SOURCES 185 tls/openssl/openssl-server.c) 186 endif() 187 endif() 188 if (NOT LWS_WITHOUT_CLIENT) 189 list(APPEND SOURCES 190 tls/tls-client.c) 191 if (LWS_WITH_MBEDTLS) 192 list(APPEND SOURCES 193 tls/mbedtls/mbedtls-client.c) 194 else() 195 list(APPEND SOURCES 196 tls/openssl/openssl-client.c) 197 endif() 198 199 endif() 200endif() 201 202set(SOURCES ${SOURCES} PARENT_SCOPE) 203 204# 205# OpenSSL 206# 207if (LWS_WITH_SSL) 208 message("Compiling with SSL support") 209 set(chose_ssl 0) 210 if (LWS_WITH_WOLFSSL) 211 # Use wolfSSL as OpenSSL replacement. 212 # TODO: Add a find_package command for this also. 213 message("wolfSSL include dir: ${WOLFSSL_INCLUDE_DIRS}") 214 message("wolfSSL libraries: ${WOLFSSL_LIBRARIES}") 215 216 # Additional to the root directory we need to include 217 # the wolfssl/ subdirectory which contains the OpenSSL 218 # compatibility layer headers. 219 220 if (LWS_WITH_CYASSL) 221 foreach(inc ${WOLFSSL_INCLUDE_DIRS}) 222 set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} ${inc} ${inc}/cyassl) 223 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${inc}" "${inc}/cyassl") 224 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE) 225 endforeach() 226 else() 227 foreach(inc ${WOLFSSL_INCLUDE_DIRS}) 228 set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} ${inc} ${inc}/wolfssl) 229 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${inc}" "${inc}/wolfssl") 230 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE) 231 endforeach() 232 endif() 233 set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${OPENSSL_INCLUDE_DIRS}) 234 set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} PARENT_SCOPE) 235 set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} PARENT_SCOPE) 236 set(VARIA wolfSSL_) 237 238 list(INSERT LIB_LIST 0 "${WOLFSSL_LIBRARIES}") 239 message("LIB_LIST ${LIB_LIST}") 240 set(chose_ssl 1) 241 endif() 242 243 if (LWS_WITH_MBEDTLS AND DEFINED MBEDTLS_INCLUDE_DIRS AND DEFINED MBEDTLS_LIBRARIES) 244 message("MBEDTLS include dir: ${MBEDTLS_INCLUDE_DIRS}") 245 message("MBEDTLS libraries: ${MBEDTLS_LIBRARIES}") 246 247 foreach(inc ${MBEDTLS_INCLUDE_DIRS}) 248 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${inc}" "${inc}/mbedtls") 249 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE) 250 endforeach() 251 252 list(INSERT LIB_LIST 0 "${MBEDTLS_LIBRARIES}") 253 endif() 254 255 if (LWS_WITH_MBEDTLS) 256 set(chose_ssl 1) 257 endif() 258 259 if (NOT chose_ssl) 260 if (OPENSSL_FOUND AND "${OPENSSL_INCLUDE_DIRS}" STREQUAL "") 261 set(OPENSSL_INCLUDE_DIRS "${OPENSSL_INCLUDE_DIR}") 262 endif() 263 264 if (NOT OPENSSL_FOUND AND NOT LWS_WITH_BORINGSSL) 265 # TODO: Add support for STATIC also. 266 if (NOT LWS_PLAT_FREERTOS) 267 find_package(PkgConfig QUIET) 268 pkg_check_modules(PC_OPENSSL openssl QUIET) 269 find_package(OpenSSL REQUIRED) 270 list(APPEND OPENSSL_LIBRARIES ${PC_OPENSSL_LINK_LIBRARIES}) 271 set(OPENSSL_LIBRARIES ${OPENSSL_LIBRARIES} PARENT_SCOPE) 272 endif() 273 set(OPENSSL_INCLUDE_DIRS "${OPENSSL_INCLUDE_DIR}") 274 endif() 275 276 message("OpenSSL include dir: ${OPENSSL_INCLUDE_DIRS}") 277 if (NOT LWS_PLAT_FREERTOS) 278 message("OpenSSL libraries: ${OPENSSL_LIBRARIES}") 279 endif() 280 281 if (OPENSSL_INCLUDE_DIRS) 282 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${OPENSSL_INCLUDE_DIRS}") 283 set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE) 284 endif() 285 if (NOT LWS_PLAT_FREERTOS) 286 list(INSERT LIB_LIST 0 ${OPENSSL_LIBRARIES}) 287 endif() 288 289 if (NOT LWS_WITH_MBEDTLS) 290 # older (0.98) Openssl lacks this 291 set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${OPENSSL_INCLUDE_DIRS} PARENT_SCOPE) 292 check_include_file(openssl/ecdh.h LWS_HAVE_OPENSSL_ECDH_H) 293 294 if (LWS_SSL_SERVER_WITH_ECDH_CERT AND NOT LWS_HAVE_OPENSSL_ECDH_H) 295 message(FATAL_ERROR "Missing openssl/ecdh.h, so cannot use LWS_SSL_SERVER_WITH_ECDH_CERT") 296 endif() 297 else() 298 unset(LWS_HAVE_OPENSSL_ECDH_H PARENT_SCOPE) 299 endif(NOT LWS_WITH_MBEDTLS) 300 endif() 301 302endif(LWS_WITH_SSL) 303 304if (DEFINED OPENSSL_INCLUDE_DIRS) 305 set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS}) 306endif() 307if (DEFINED LIB_LIST) 308 set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIST}) 309endif() 310if (UNIX AND NOT (${CMAKE_SYSTEM_NAME} MATCHES "QNX")) 311 set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${CMAKE_DL_LIBS}) 312endif() 313if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT ((${CMAKE_SYSTEM_NAME} MATCHES "QNX") OR PC_OPENSSL_FOUND)) 314 set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} pthread) 315endif() 316 317if (NOT VARIA) 318 set(VARIA "") 319endif() 320 321CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_set1_param LWS_HAVE_SSL_CTX_set1_param PARENT_SCOPE) 322CHECK_FUNCTION_EXISTS(${VARIA}SSL_set_info_callback LWS_HAVE_SSL_SET_INFO_CALLBACK PARENT_SCOPE) 323CHECK_FUNCTION_EXISTS(${VARIA}X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host PARENT_SCOPE) 324CHECK_SYMBOL_EXISTS(${VARIA}X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host_sym PARENT_SCOPE) 325if (LWS_HAVE_X509_VERIFY_PARAM_set1_host_sym) 326 set(LWS_HAVE_X509_VERIFY_PARAM_set1_host 1 PARENT_SCOPE) 327endif() 328 329CHECK_FUNCTION_EXISTS(${VARIA}RSA_set0_key LWS_HAVE_RSA_SET0_KEY PARENT_SCOPE) 330CHECK_FUNCTION_EXISTS(${VARIA}X509_get_key_usage LWS_HAVE_X509_get_key_usage PARENT_SCOPE) 331CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_EVP_PKEY_new_raw_private_key LWS_HAVE_SSL_CTX_EVP_PKEY_new_raw_private_key PARENT_SCOPE) 332CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_get0_certificate LWS_HAVE_SSL_CTX_get0_certificate PARENT_SCOPE) 333CHECK_FUNCTION_EXISTS(${VARIA}SSL_get0_alpn_selected LWS_HAVE_SSL_get0_alpn_selected PARENT_SCOPE) 334CHECK_FUNCTION_EXISTS(${VARIA}SSL_set_alpn_protos LWS_HAVE_SSL_set_alpn_protos PARENT_SCOPE) 335CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_cfb8 LWS_HAVE_EVP_aes_128_cfb8 PARENT_SCOPE) 336CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_cfb128 LWS_HAVE_EVP_aes_128_cfb128 PARENT_SCOPE) 337CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_192_cfb8 LWS_HAVE_EVP_aes_192_cfb8 PARENT_SCOPE) 338CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_192_cfb128 LWS_HAVE_EVP_aes_192_cfb128 PARENT_SCOPE) 339CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_256_cfb8 LWS_HAVE_EVP_aes_256_cfb8 PARENT_SCOPE) 340CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_256_cfb128 LWS_HAVE_EVP_aes_256_cfb128 PARENT_SCOPE) 341CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE) 342CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ofb LWS_HAVE_EVP_aes_128_ofb PARENT_SCOPE) 343CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ecb LWS_HAVE_EVP_aes_128_ecb PARENT_SCOPE) 344CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ctr LWS_HAVE_EVP_aes_128_ctr PARENT_SCOPE) 345 346 347CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE) 348CHECK_FUNCTION_EXISTS(${VARIA}RSA_verify_pss_mgf1 LWS_HAVE_RSA_verify_pss_mgf1 PARENT_SCOPE) 349CHECK_FUNCTION_EXISTS(${VARIA}HMAC_CTX_new LWS_HAVE_HMAC_CTX_new PARENT_SCOPE) 350CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE) 351CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_EVP_PKEY_new_raw_private_key PARENT_SCOPE) 352CHECK_FUNCTION_EXISTS(${VARIA}SSL_SESSION_set_time LWS_HAVE_SSL_SESSION_set_time PARENT_SCOPE) 353CHECK_SYMBOL_EXISTS(${VARIA}SSL_SESSION_up_ref LWS_HAVE_SSL_SESSION_up_ref PARENT_SCOPE) 354 355 356# deprecated in openssl v3 357CHECK_FUNCTION_EXISTS(${VARIA}EC_KEY_new_by_curve_name LWS_HAVE_EC_KEY_new_by_curve_name PARENT_SCOPE) 358 359if (LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS) 360 # we don't want to confuse what's in or out of the wrapper with 361 # what's in an openssl also installed on the build host 362CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { STACK_OF(X509) *c = NULL; SSL_CTX *ctx = NULL; return (int)SSL_CTX_get_extra_chain_certs_only(ctx, &c); }\n" LWS_HAVE_SSL_EXTRA_CHAIN_CERTS) 363CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { EVP_MD_CTX *md_ctx = NULL; EVP_MD_CTX_free(md_ctx); return 0; }\n" LWS_HAVE_EVP_MD_CTX_free) 364CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { OPENSSL_STACK *x = NULL; return !x; } \n" LWS_HAVE_OPENSSL_STACK) 365set(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS ${LWS_HAVE_SSL_EXTRA_CHAIN_CERTS} PARENT_SCOPE) 366set(LWS_HAVE_EVP_MD_CTX_free ${LWS_HAVE_EVP_MD_CTX_free} PARENT_SCOPE) 367CHECK_FUNCTION_EXISTS(${VARIA}ECDSA_SIG_set0 LWS_HAVE_ECDSA_SIG_set0 PARENT_SCOPE) 368CHECK_FUNCTION_EXISTS(${VARIA}BN_bn2binpad LWS_HAVE_BN_bn2binpad PARENT_SCOPE) 369CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_wrap LWS_HAVE_EVP_aes_128_wrap PARENT_SCOPE) 370CHECK_FUNCTION_EXISTS(${VARIA}EC_POINT_get_affine_coordinates LWS_HAVE_EC_POINT_get_affine_coordinates PARENT_SCOPE) 371CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_load_verify_file LWS_HAVE_SSL_CTX_load_verify_file PARENT_SCOPE) 372CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_load_verify_dir LWS_HAVE_SSL_CTX_load_verify_dir PARENT_SCOPE) 373endif() 374 375if (LWS_WITH_MBEDTLS) 376 set(LWS_HAVE_TLS_CLIENT_METHOD 1 PARENT_SCOPE) 377 if (NOT LWS_PLAT_FREERTOS) 378 # not supported in esp-idf openssl wrapper yet, but is in our version 379 set(LWS_HAVE_X509_VERIFY_PARAM_set1_host 1 PARENT_SCOPE) 380 endif() 381 382 set(CMAKE_REQUIRED_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY}) 383 set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${MBEDTLS_INCLUDE_DIRS}) 384 385 if (ESP_PLATFORM) 386 # we know we should have things 387 set(LWS_HAVE_MBEDTLS_AUTH_KEY_ID 1 CACHE BOOL x) 388 set(LWS_HAVE_mbedtls_ssl_conf_alpn_protocols 1 CACHE BOOL x) 389 set(LWS_HAVE_mbedtls_ssl_get_alpn_protocol 1 CACHE BOOL x) 390 set(LWS_HAVE_mbedtls_ssl_conf_sni 1 CACHE BOOL x) 391 set(LWS_HAVE_mbedtls_ssl_set_hs_ca_chain 1 CACHE BOOL x) 392 set(LWS_HAVE_mbedtls_ssl_set_hs_own_cert 1 CACHE BOOL x) 393 set(LWS_HAVE_mbedtls_ssl_set_hs_authmode 1 CACHE BOOL x) 394 set(LWS_HAVE_mbedtls_net_init 1 CACHE BOOL x) 395 set(LWS_HAVE_mbedtls_x509_crt_parse_file 1 CACHE BOOL x) # some embedded may lack filesystem 396 set(LWS_HAVE_mbedtls_md_setup 1 CACHE BOOL x) # not on xenial 2.2 397 set(LWS_HAVE_mbedtls_rsa_complete 1 CACHE BOOL x) # not on xenial 2.2 398 set(LWS_HAVE_mbedtls_internal_aes_encrypt 1 CACHE BOOL x) # not on xenial 2.2 399 else() 400 CHECK_C_SOURCE_COMPILES("#include <mbedtls/x509_crt.h>\nint main(void) { struct mbedtls_x509_crt c; c.authority_key_id.keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; return c.authority_key_id.keyIdentifier.tag; }\n" LWS_HAVE_MBEDTLS_AUTH_KEY_ID) 401 CHECK_C_SOURCE_COMPILES("#include <mbedtls/ssl.h>\nint main(void) { void *v = (void *)mbedtls_ssl_set_verify; return !!v; }\n" LWS_HAVE_mbedtls_ssl_set_verify) 402 CHECK_C_SOURCE_COMPILES("#include <mbedtls/ssl.h>\nint main(void) { void *v = (void *)mbedtls_ssl_conf_alpn_protocols; return !!v; }\n" LWS_HAVE_mbedtls_ssl_conf_alpn_protocols) 403 404 CHECK_FUNCTION_EXISTS(mbedtls_ssl_get_alpn_protocol LWS_HAVE_mbedtls_ssl_get_alpn_protocol PARENT_SCOPE) 405 CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_sni LWS_HAVE_mbedtls_ssl_conf_sni PARENT_SCOPE) 406 CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_ca_chain LWS_HAVE_mbedtls_ssl_set_hs_ca_chain PARENT_SCOPE) 407 CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_own_cert LWS_HAVE_mbedtls_ssl_set_hs_own_cert PARENT_SCOPE) 408 CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_authmode LWS_HAVE_mbedtls_ssl_set_hs_authmode PARENT_SCOPE) 409 CHECK_FUNCTION_EXISTS(mbedtls_net_init LWS_HAVE_mbedtls_net_init PARENT_SCOPE) 410 CHECK_FUNCTION_EXISTS(mbedtls_x509_crt_parse_file LWS_HAVE_mbedtls_x509_crt_parse_file PARENT_SCOPE) # some embedded may lack filesystem 411 CHECK_FUNCTION_EXISTS(mbedtls_md_setup LWS_HAVE_mbedtls_md_setup PARENT_SCOPE) # not on xenial 2.2 412 CHECK_FUNCTION_EXISTS(mbedtls_rsa_complete LWS_HAVE_mbedtls_rsa_complete PARENT_SCOPE) # not on xenial 2.2 413 CHECK_FUNCTION_EXISTS(mbedtls_internal_aes_encrypt LWS_HAVE_mbedtls_internal_aes_encrypt PARENT_SCOPE) # not on xenial 2.2 414 endif() 415else() 416CHECK_FUNCTION_EXISTS(${VARIA}TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD PARENT_SCOPE) 417CHECK_FUNCTION_EXISTS(${VARIA}TLSv1_2_client_method LWS_HAVE_TLSV1_2_CLIENT_METHOD PARENT_SCOPE) 418endif() 419 420# Generate self-signed SSL certs for the test-server. 421 422if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL) 423 message("Searching for OpenSSL executable and dlls") 424 find_package(OpenSSLbins) 425 if (DEFINED OPENSSL_EXECUTABLE) 426 message("OpenSSL executable: ${OPENSSL_EXECUTABLE}") 427 428 if (OPENSSL_EXECUTABLE MATCHES "^$") 429 set(OPENSSL_EXECUTABLE openssl) 430 endif() 431 endif() 432 if (NOT DEFINED OPENSSL_EXECUTABLE) 433 set(OPENSSL_EXECUTABLE openssl) 434 endif() 435 436endif() 437 438set(GENCERTS 0) 439 440if (LWS_WITH_SSL AND OPENSSL_EXECUTABLE AND NOT LWS_WITHOUT_TEST_SERVER AND NOT LWS_WITHOUT_SERVER AND NOT LWS_WITHOUT_TESTAPPS) 441 set(GENCERTS 1) 442endif() 443if (LWS_PLAT_FREERTOS AND LWS_WITH_SSL) 444 set(GENCERTS 1) 445endif() 446message(" GENCERTS = ${GENCERTS}") 447if (GENCERTS) 448 message("Generating SSL Certificates for the test-server...") 449 450 set(TEST_SERVER_SSL_KEY "${PROJECT_BINARY_DIR}/libwebsockets-test-server.key.pem") 451 set(TEST_SERVER_SSL_CERT "${PROJECT_BINARY_DIR}/libwebsockets-test-server.pem") 452 453 if (WIN32) 454 if (MINGW) 455 message("cmd = \"${OPENSSL_EXECUTABLE}\" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj \"/C=GB/ST=Erewhon/L=All around/O=libwebsockets-test/CN=localhost\" -keyout \"${TEST_SERVER_SSL_KEY}\" -out \"${TEST_SERVER_SSL_CERT}\"") 456 execute_process( 457 COMMAND "${OPENSSL_EXECUTABLE}" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj "/C=GB/ST=Erewhon/L=All around/O=libwebsockets-test/CN=localhost" -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}" 458 RESULT_VARIABLE OPENSSL_RETURN_CODE) 459 else() 460 file(WRITE "${PROJECT_BINARY_DIR}/openssl_input.txt" 461 "GB\n" 462 "Erewhon\n" 463 "All around\n" 464 "libwebsockets-test\n" 465 "localhost\n" 466 "none@invalid.org\n\n" 467 ) 468 469 # The "type" command is a bit picky with paths. 470 file(TO_NATIVE_PATH "${PROJECT_BINARY_DIR}/openssl_input.txt" OPENSSL_INPUT_WIN_PATH) 471 message("OPENSSL_INPUT_WIN_PATH = ${OPENSSL_INPUT_WIN_PATH}") 472 message("cmd = \"${OPENSSL_EXECUTABLE}\" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout \"${TEST_SERVER_SSL_KEY}\" -out \"${TEST_SERVER_SSL_CERT}\"") 473 474 if(OPENSSL_CONFIG_FILE) 475 execute_process( 476 COMMAND cmd /c type "${OPENSSL_INPUT_WIN_PATH}" 477 COMMAND "${OPENSSL_EXECUTABLE}" req -config ${OPENSSL_CONFIG_FILE} -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}" 478 RESULT_VARIABLE OPENSSL_RETURN_CODE 479 OUTPUT_QUIET ERROR_QUIET) 480 else() 481 execute_process( 482 COMMAND cmd /c type "${OPENSSL_INPUT_WIN_PATH}" 483 COMMAND "${OPENSSL_EXECUTABLE}" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}" 484 RESULT_VARIABLE OPENSSL_RETURN_CODE 485 OUTPUT_QUIET ERROR_QUIET) 486 endif() 487 488 message("\n") 489 endif() 490 491 if (OPENSSL_RETURN_CODE) 492 message(WARNING "!!! Failed to generate SSL certificate for Test Server using cmd.exe !!!:\nOpenSSL return code = ${OPENSSL_RETURN_CODE}") 493 else() 494 message("SUCCSESFULLY generated SSL certificate") 495 endif() 496 else() 497 if (CMAKE_HOST_SYSTEM_NAME MATCHES "NetBSD") 498 execute_process( 499 COMMAND "${OPENSSL_EXECUTABLE}" 500 req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj "/O=lws/CN=localhost" -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}" 501 RESULT_VARIABLE OPENSSL_RETURN_CODE 502 # OUTPUT_QUIET ERROR_QUIET 503 ) 504 505 else() 506 507 # Unix. 508 execute_process( 509 COMMAND printf "GB\\nErewhon\\nAll around\\nlibwebsockets-test\\n\\nlocalhost\\nnone@invalid.org\\n" 510 COMMAND "${OPENSSL_EXECUTABLE}" 511 req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}" 512 RESULT_VARIABLE OPENSSL_RETURN_CODE 513 # OUTPUT_QUIET ERROR_QUIET 514 ) 515 516 endif() 517 518 if (OPENSSL_RETURN_CODE) 519 message(WARNING "!!! Failed to generate SSL certificate for Test Server!!!:\nOpenSSL return code = ${OPENSSL_RETURN_CODE}") 520 else() 521 message("SUCCESSFULLY generated SSL certificate") 522 endif() 523 endif() 524 525 list(APPEND TEST_SERVER_DATA 526 "${TEST_SERVER_SSL_KEY}" 527 "${TEST_SERVER_SSL_CERT}") 528endif() 529 530# 531# Copy OpenSSL dlls to the output directory on Windows. 532# (Otherwise we'll get an error when trying to run) 533# 534if (MSVC AND LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL) 535 if(OPENSSL_BIN_FOUND) 536 message("OpenSSL dlls found:") 537 message(" Libeay: ${LIBEAY_BIN}") 538 message(" SSLeay: ${SSLEAY_BIN}") 539 540 foreach(TARGET_BIN ${TEST_APP_LIST}) 541 add_custom_command(TARGET ${TARGET_BIN} 542 POST_BUILD 543 COMMAND "${CMAKE_COMMAND}" -E copy "${LIBEAY_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM) 544 add_custom_command(TARGET ${TARGET_BIN} 545 POST_BUILD 546 COMMAND "${CMAKE_COMMAND}" -E copy "${SSLEAY_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM) 547 548 # 549 # Win32: if we are using libuv, also need to copy it in the output dir 550 # 551 if (MSVC AND LWS_WITH_LIBUV) 552 STRING(REPLACE ".lib" ".dll" LIBUV_BIN ${LIBUV_LIBRARIES}) 553 add_custom_command(TARGET ${TARGET_BIN} 554 POST_BUILD 555 COMMAND "${CMAKE_COMMAND}" -E copy "${LIBUV_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM) 556 endif() 557 endforeach() 558 endif() 559endif() 560 561if (LWS_WITH_TLS AND (LWS_WITH_JOSE OR LWS_WITH_GENCRYPTO)) 562 list(APPEND SOURCES 563 tls/lws-gencrypto-common.c) 564endif() 565 566# 567# Keep explicit parent scope exports at end 568# 569 570exports_to_parent_scope() 571set(LWS_HAVE_MBEDTLS_NET_SOCKETS ${LWS_HAVE_MBEDTLS_NET_SOCKETS} PARENT_SCOPE) 572set(LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET ${LWS_HAVE_MBEDTLS_SSL_NEW_SESSION_TICKET} PARENT_SCOPE) 573set(LWS_HAVE_mbedtls_ssl_conf_alpn_protocols ${LWS_HAVE_mbedtls_ssl_conf_alpn_protocols} PARENT_SCOPE) 574set(TEST_SERVER_SSL_KEY "${TEST_SERVER_SSL_KEY}" PARENT_SCOPE) 575set(TEST_SERVER_SSL_CERT "${TEST_SERVER_SSL_CERT}" PARENT_SCOPE) 576set(TEST_SERVER_DATA ${TEST_SERVER_DATA} PARENT_SCOPE) 577 578