• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#
2# libwebsockets - small server side websockets and web server implementation
3#
4# Copyright (C) 2010 - 2020 Andy Green <andy@warmcat.com>
5#
6# Permission is hereby granted, free of charge, to any person obtaining a copy
7# of this software and associated documentation files (the "Software"), to
8# deal in the Software without restriction, including without limitation the
9# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
10# sell copies of the Software, and to permit persons to whom the Software is
11# furnished to do so, subject to the following conditions:
12#
13# The above copyright notice and this permission notice shall be included in
14# all copies or substantial portions of the Software.
15#
16# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
21# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22# IN THE SOFTWARE.
23#
24#
25# This converts everything about the tls support into
26#
27# - entries on SOURCES (modifications set back in PARENT_SCOPE)
28# - entries on LIB_LIST (modifications set back in PARENT_SCOPE)
29# - include_directories()
30# - Api build-time discovery results set in PARENT_SCOPE
31#
32# Everything else is handled privately here.
33
34include_directories(.)
35
36# Allow the user to use the old CyaSSL options/library in stead of wolfSSL
37if (LWS_WITH_CYASSL AND LWS_WITH_WOLFSSL)
38	message(FATAL_ERROR "LWS_WITH_CYASSL and LWS_WITH_WOLFSSL are mutually exclusive!")
39endif()
40
41if (LWS_WITH_CYASSL)
42	# Copy CyaSSL options to the wolfSSL options
43	set(LWS_WITH_WOLFSSL ${LWS_WITH_CYASSL} CACHE BOOL "Use wolfSSL/CyaSSL instead of OpenSSL" FORCE PARENT_SCOPE)
44	set(LWS_WOLFSSL_LIBRARIES ${LWS_CYASSL_LIBRARIES} CACHE PATH "Path to wolfSSL/CyaSSL libraries" FORCE PARENT_SCOPE)
45	set(LWS_WOLFSSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS} CACHE PATH "Path to wolfSSL/CyaSSL header files" FORCE PARENT_SCOPE)
46endif()
47
48set(LWS_OPENSSL_LIBRARIES CACHE PATH "Path to the OpenSSL library" )
49set(LWS_OPENSSL_INCLUDE_DIRS CACHE PATH "Path to the OpenSSL include directory" )
50set(LWS_WOLFSSL_LIBRARIES CACHE PATH "Path to the wolfSSL library" )
51set(LWS_WOLFSSL_INCLUDE_DIRS CACHE PATH "Path to the wolfSSL include directory" )
52
53
54if (LWS_WITH_BORINGSSL)
55	# boringssl deprecated EVP_PKEY
56	set (LWS_WITH_GENHASH OFF PARENT_SCOPE)
57endif()
58
59if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL AND NOT LWS_WITH_MBEDTLS)
60	if ("${LWS_OPENSSL_LIBRARIES}" STREQUAL "" OR "${LWS_OPENSSL_INCLUDE_DIRS}" STREQUAL "")
61	else()
62		if (NOT LWS_PLAT_FREERTOS)
63			set(OPENSSL_LIBRARIES ${LWS_OPENSSL_LIBRARIES})
64		endif()
65		set(OPENSSL_INCLUDE_DIRS ${LWS_OPENSSL_INCLUDE_DIRS})
66		set(OPENSSL_FOUND 1)
67	endif()
68endif()
69
70if (LWS_WITH_SSL AND LWS_WITH_WOLFSSL)
71	if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "")
72		if (NOT WOLFSSL_FOUND)
73			if (LWS_WITH_CYASSL)
74				message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_WITH_CYASSL is turned on.")
75			else()
76				message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_WITH_WOLFSSL is turned on.")
77			endif()
78		endif()
79	else()
80		set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES})
81		set(WOLFSSL_INCLUDE_DIRS ${LWS_WOLFSSL_INCLUDE_DIRS})
82		set(WOLFSSL_FOUND 1)
83	endif()
84	set(USE_WOLFSSL 1)
85	set(USE_WOLFSSL 1 PARENT_SCOPE)
86	set(LWS_WITH_TLS 1 PARENT_SCOPE)
87	if (LWS_WITH_CYASSL)
88		set(USE_OLD_CYASSL 1)
89	endif()
90endif()
91
92if (LWS_SSL_CLIENT_USE_OS_CA_CERTS)
93	set(LWS_SSL_CLIENT_USE_OS_CA_CERTS 1 PARENT_SCOPE)
94endif()
95
96if (LWS_WITH_MBEDTLS)
97	add_subdirectory(mbedtls)
98	include_directories(${_CMAKE_INC_LIST})
99endif()
100
101# The base dir where the test-apps look for the SSL certs.
102set(LWS_OPENSSL_CLIENT_CERTS ../share CACHE PATH "Server SSL certificate directory")
103if (WIN32)
104	set(LWS_OPENSSL_CLIENT_CERTS . CACHE PATH "Client SSL certificate directory" PARENT_SCOPE)
105else()
106	set(LWS_OPENSSL_CLIENT_CERTS /etc/pki/tls/certs/ CACHE PATH "Client SSL certificate directory")
107endif()
108
109if (LWS_WITH_SSL)
110	list(APPEND SOURCES
111		tls/tls.c)
112	if (LWS_WITH_NETWORK)
113		list(APPEND SOURCES
114			tls/tls-network.c)
115	endif()
116	if (LWS_WITH_TLS_SESSIONS)
117		list(APPEND SOURCES
118			tls/tls-sessions.c)
119	endif()
120	if (LWS_WITH_TLS_JIT_TRUST)
121		list(APPEND SOURCES
122			tls/tls-jit-trust.c)
123	endif()
124
125	if (LWS_WITH_MBEDTLS)
126		list(APPEND SOURCES
127			tls/mbedtls/mbedtls-tls.c
128			tls/mbedtls/mbedtls-extensions.c
129			tls/mbedtls/mbedtls-x509.c)
130		if (LWS_WITH_NETWORK)
131			list(APPEND SOURCES
132				tls/mbedtls/mbedtls-ssl.c)
133		endif()
134		if (LWS_WITH_TLS_JIT_TRUST)
135			list(APPEND SOURCES
136				tls/mbedtls/mbedtls-extensions.c)
137		endif()
138		if (LWS_WITH_TLS_SESSIONS)
139			list(APPEND SOURCES
140				tls/mbedtls/mbedtls-session.c)
141		endif()
142		if (LWS_WITH_GENCRYPTO)
143			list(APPEND SOURCES
144				tls/mbedtls/lws-genhash.c
145				tls/mbedtls/lws-genrsa.c
146				tls/mbedtls/lws-genaes.c
147				tls/lws-genec-common.c
148				tls/mbedtls/lws-genec.c
149				tls/mbedtls/lws-gencrypto.c)
150		endif()
151	else()
152		list(APPEND SOURCES
153			tls/openssl/openssl-tls.c
154			tls/openssl/openssl-x509.c)
155		if (LWS_WITH_NETWORK)
156			list(APPEND SOURCES
157				tls/openssl/openssl-ssl.c)
158		endif()
159		if (LWS_WITH_TLS_SESSIONS)
160			list(APPEND SOURCES
161				tls/openssl/openssl-session.c)
162		endif()
163		if (LWS_WITH_GENCRYPTO)
164			list(APPEND SOURCES
165				tls/openssl/lws-genhash.c
166				tls/openssl/lws-genrsa.c
167				tls/openssl/lws-genaes.c
168				tls/lws-genec-common.c
169				tls/openssl/lws-genec.c
170				tls/openssl/lws-gencrypto.c)
171		endif()
172	endif()
173
174	if (NOT LWS_WITHOUT_SERVER)
175		list(APPEND SOURCES
176			tls/tls-server.c)
177		if (LWS_WITH_MBEDTLS)
178			list(APPEND SOURCES
179				tls/mbedtls/mbedtls-server.c)
180		else()
181			list(APPEND SOURCES
182				tls/openssl/openssl-server.c)
183		endif()
184	endif()
185	if (NOT LWS_WITHOUT_CLIENT)
186		list(APPEND SOURCES
187			tls/tls-client.c)
188		if (LWS_WITH_MBEDTLS)
189			list(APPEND SOURCES
190				tls/mbedtls/mbedtls-client.c)
191		else()
192			list(APPEND SOURCES
193				tls/openssl/openssl-client.c)
194		endif()
195
196	endif()
197endif()
198
199set(SOURCES ${SOURCES} PARENT_SCOPE)
200
201#
202# OpenSSL
203#
204if (LWS_WITH_SSL)
205	message("Compiling with SSL support")
206	set(chose_ssl 0)
207	if (LWS_WITH_WOLFSSL)
208		# Use wolfSSL as OpenSSL replacement.
209		# TODO: Add a find_package command for this also.
210		message("wolfSSL include dir: ${WOLFSSL_INCLUDE_DIRS}")
211		message("wolfSSL libraries: ${WOLFSSL_LIBRARIES}")
212
213		# Additional to the root directory we need to include
214		# the wolfssl/ subdirectory which contains the OpenSSL
215		# compatibility layer headers.
216
217		if (LWS_WITH_CYASSL)
218			foreach(inc ${WOLFSSL_INCLUDE_DIRS})
219				set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} ${inc} ${inc}/cyassl)
220				set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${inc}" "${inc}/cyassl")
221				set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE)
222			endforeach()
223		else()
224			foreach(inc ${WOLFSSL_INCLUDE_DIRS})
225				set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} ${inc} ${inc}/wolfssl)
226				set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${inc}" "${inc}/wolfssl")
227				set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE)
228			endforeach()
229		endif()
230		set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${OPENSSL_INCLUDE_DIRS})
231		set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} PARENT_SCOPE)
232		set(OPENSSL_INCLUDE_DIRS ${OPENSSL_INCLUDE_DIRS} PARENT_SCOPE)
233		set(VARIA wolfSSL_)
234
235		list(INSERT LIB_LIST 0 "${WOLFSSL_LIBRARIES}")
236		message("LIB_LIST ${LIB_LIST}")
237		set(chose_ssl 1)
238	endif()
239
240	if (LWS_WITH_MBEDTLS AND DEFINED MBEDTLS_INCLUDE_DIRS AND DEFINED MBEDTLS_LIBRARIES)
241		message("MBEDTLS include dir: ${MBEDTLS_INCLUDE_DIRS}")
242		message("MBEDTLS libraries: ${MBEDTLS_LIBRARIES}")
243
244		foreach(inc ${MBEDTLS_INCLUDE_DIRS})
245				set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${inc}" "${inc}/mbedtls")
246				set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE)
247		endforeach()
248
249		list(INSERT LIB_LIST 0 "${MBEDTLS_LIBRARIES}")
250	endif()
251
252	if (LWS_WITH_MBEDTLS)
253		set(chose_ssl 1)
254	endif()
255
256	if (NOT chose_ssl)
257		if (OPENSSL_FOUND AND "${OPENSSL_INCLUDE_DIRS}" STREQUAL "")
258			set(OPENSSL_INCLUDE_DIRS "${OPENSSL_INCLUDE_DIR}")
259		endif()
260
261		if (NOT OPENSSL_FOUND AND NOT LWS_WITH_BORINGSSL)
262			# TODO: Add support for STATIC also.
263			if (NOT LWS_PLAT_FREERTOS)
264				find_package(PkgConfig QUIET)
265				pkg_check_modules(PC_OPENSSL openssl QUIET)
266				find_package(OpenSSL REQUIRED)
267				list(APPEND OPENSSL_LIBRARIES ${PC_OPENSSL_LIBRARIES})
268				set(OPENSSL_LIBRARIES ${OPENSSL_LIBRARIES} PARENT_SCOPE)
269			endif()
270			set(OPENSSL_INCLUDE_DIRS "${OPENSSL_INCLUDE_DIR}")
271		endif()
272
273		message("OpenSSL include dir: ${OPENSSL_INCLUDE_DIRS}")
274		if (NOT LWS_PLAT_FREERTOS)
275			message("OpenSSL libraries: ${OPENSSL_LIBRARIES}")
276		endif()
277
278		if (OPENSSL_INCLUDE_DIRS)
279			set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} "${OPENSSL_INCLUDE_DIRS}")
280			set(LWS_PUBLIC_INCLUDES ${LWS_PUBLIC_INCLUDES} PARENT_SCOPE)
281		endif()
282		if (NOT LWS_PLAT_FREERTOS)
283			list(INSERT LIB_LIST 0 ${OPENSSL_LIBRARIES})
284		endif()
285
286		if (NOT LWS_WITH_MBEDTLS)
287			# older (0.98) Openssl lacks this
288			set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${OPENSSL_INCLUDE_DIRS} PARENT_SCOPE)
289			check_include_file(openssl/ecdh.h LWS_HAVE_OPENSSL_ECDH_H)
290
291			if (LWS_SSL_SERVER_WITH_ECDH_CERT AND NOT LWS_HAVE_OPENSSL_ECDH_H)
292				message(FATAL_ERROR "Missing openssl/ecdh.h, so cannot use LWS_SSL_SERVER_WITH_ECDH_CERT")
293			endif()
294		else()
295			unset(LWS_HAVE_OPENSSL_ECDH_H PARENT_SCOPE)
296		endif(NOT LWS_WITH_MBEDTLS)
297	endif()
298
299endif(LWS_WITH_SSL)
300
301if (DEFINED OPENSSL_INCLUDE_DIRS)
302	set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
303endif()
304if (DEFINED LIB_LIST)
305	set(CMAKE_REQUIRED_LIBRARIES ${LIB_LIST})
306endif()
307if (UNIX AND NOT (${CMAKE_SYSTEM_NAME} MATCHES "QNX"))
308	set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} ${CMAKE_DL_LIBS})
309endif()
310if ((CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX) AND NOT (${CMAKE_SYSTEM_NAME} MATCHES "QNX"))
311	set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} pthread)
312endif()
313
314if (NOT VARIA)
315	set(VARIA "")
316endif()
317
318CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_set1_param LWS_HAVE_SSL_CTX_set1_param PARENT_SCOPE)
319CHECK_FUNCTION_EXISTS(${VARIA}SSL_set_info_callback LWS_HAVE_SSL_SET_INFO_CALLBACK PARENT_SCOPE)
320CHECK_FUNCTION_EXISTS(${VARIA}X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host PARENT_SCOPE)
321CHECK_SYMBOL_EXISTS(${VARIA}X509_VERIFY_PARAM_set1_host LWS_HAVE_X509_VERIFY_PARAM_set1_host_sym PARENT_SCOPE)
322if (LWS_HAVE_X509_VERIFY_PARAM_set1_host_sym)
323	set(LWS_HAVE_X509_VERIFY_PARAM_set1_host 1 PARENT_SCOPE)
324endif()
325
326CHECK_FUNCTION_EXISTS(${VARIA}RSA_set0_key LWS_HAVE_RSA_SET0_KEY PARENT_SCOPE)
327CHECK_FUNCTION_EXISTS(${VARIA}X509_get_key_usage LWS_HAVE_X509_get_key_usage PARENT_SCOPE)
328CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_EVP_PKEY_new_raw_private_key LWS_HAVE_SSL_CTX_EVP_PKEY_new_raw_private_key PARENT_SCOPE)
329CHECK_FUNCTION_EXISTS(${VARIA}SSL_CTX_get0_certificate LWS_HAVE_SSL_CTX_get0_certificate PARENT_SCOPE)
330CHECK_FUNCTION_EXISTS(${VARIA}SSL_get0_alpn_selected LWS_HAVE_SSL_get0_alpn_selected PARENT_SCOPE)
331CHECK_FUNCTION_EXISTS(${VARIA}SSL_set_alpn_protos LWS_HAVE_SSL_set_alpn_protos PARENT_SCOPE)
332CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_cfb8 LWS_HAVE_EVP_aes_128_cfb8 PARENT_SCOPE)
333CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_cfb128 LWS_HAVE_EVP_aes_128_cfb128 PARENT_SCOPE)
334CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_192_cfb8 LWS_HAVE_EVP_aes_192_cfb8 PARENT_SCOPE)
335CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_192_cfb128 LWS_HAVE_EVP_aes_192_cfb128 PARENT_SCOPE)
336CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_256_cfb8 LWS_HAVE_EVP_aes_256_cfb8 PARENT_SCOPE)
337CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_256_cfb128 LWS_HAVE_EVP_aes_256_cfb128 PARENT_SCOPE)
338CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE)
339CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ofb LWS_HAVE_EVP_aes_128_ofb PARENT_SCOPE)
340CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ecb LWS_HAVE_EVP_aes_128_ecb PARENT_SCOPE)
341CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_ctr LWS_HAVE_EVP_aes_128_ctr PARENT_SCOPE)
342
343
344CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_xts LWS_HAVE_EVP_aes_128_xts PARENT_SCOPE)
345CHECK_FUNCTION_EXISTS(${VARIA}RSA_verify_pss_mgf1 LWS_HAVE_RSA_verify_pss_mgf1 PARENT_SCOPE)
346CHECK_FUNCTION_EXISTS(${VARIA}HMAC_CTX_new LWS_HAVE_HMAC_CTX_new PARENT_SCOPE)
347CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_set_ciphersuites LWS_HAVE_SSL_CTX_set_ciphersuites PARENT_SCOPE)
348CHECK_FUNCTION_EXISTS(${VARIA}EVP_PKEY_new_raw_private_key LWS_HAVE_EVP_PKEY_new_raw_private_key PARENT_SCOPE)
349CHECK_FUNCTION_EXISTS(${VARIA}SSL_SESSION_set_time LWS_HAVE_SSL_SESSION_set_time PARENT_SCOPE)
350CHECK_SYMBOL_EXISTS(${VARIA}SSL_SESSION_up_ref LWS_HAVE_SSL_SESSION_up_ref PARENT_SCOPE)
351
352
353# deprecated in openssl v3
354CHECK_FUNCTION_EXISTS(${VARIA}EC_KEY_new_by_curve_name LWS_HAVE_EC_KEY_new_by_curve_name PARENT_SCOPE)
355
356if (LWS_WITH_SSL AND NOT LWS_WITH_MBEDTLS)
357	# we don't want to confuse what's in or out of the wrapper with
358	# what's in an openssl also installed on the build host
359CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { STACK_OF(X509) *c = NULL; SSL_CTX *ctx = NULL; return (int)SSL_CTX_get_extra_chain_certs_only(ctx, &c); }\n" LWS_HAVE_SSL_EXTRA_CHAIN_CERTS)
360CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { EVP_MD_CTX *md_ctx = NULL; EVP_MD_CTX_free(md_ctx); return 0; }\n" LWS_HAVE_EVP_MD_CTX_free)
361CHECK_C_SOURCE_COMPILES("#include <openssl/ssl.h>\nint main(void) { OPENSSL_STACK *x = NULL; return !x; } \n" LWS_HAVE_OPENSSL_STACK)
362set(LWS_HAVE_SSL_EXTRA_CHAIN_CERTS ${LWS_HAVE_SSL_EXTRA_CHAIN_CERTS} PARENT_SCOPE)
363set(LWS_HAVE_EVP_MD_CTX_free ${LWS_HAVE_EVP_MD_CTX_free} PARENT_SCOPE)
364CHECK_FUNCTION_EXISTS(${VARIA}ECDSA_SIG_set0 LWS_HAVE_ECDSA_SIG_set0 PARENT_SCOPE)
365CHECK_FUNCTION_EXISTS(${VARIA}BN_bn2binpad LWS_HAVE_BN_bn2binpad PARENT_SCOPE)
366CHECK_FUNCTION_EXISTS(${VARIA}EVP_aes_128_wrap LWS_HAVE_EVP_aes_128_wrap PARENT_SCOPE)
367CHECK_FUNCTION_EXISTS(${VARIA}EC_POINT_get_affine_coordinates LWS_HAVE_EC_POINT_get_affine_coordinates PARENT_SCOPE)
368CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_load_verify_file LWS_HAVE_SSL_CTX_load_verify_file PARENT_SCOPE)
369CHECK_SYMBOL_EXISTS(${VARIA}SSL_CTX_load_verify_dir LWS_HAVE_SSL_CTX_load_verify_dir PARENT_SCOPE)
370endif()
371
372if (LWS_WITH_MBEDTLS)
373	set(LWS_HAVE_TLS_CLIENT_METHOD 1 PARENT_SCOPE)
374	if (NOT LWS_PLAT_FREERTOS)
375		# not supported in esp-idf openssl wrapper yet, but is in our version
376		set(LWS_HAVE_X509_VERIFY_PARAM_set1_host 1 PARENT_SCOPE)
377	endif()
378	set(CMAKE_REQUIRED_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY})
379
380	set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${MBEDTLS_INCLUDE_DIRS})
381	CHECK_C_SOURCE_COMPILES("#include <mbedtls/x509_crt.h>\nint main(void) { struct mbedtls_x509_crt c; c.authority_key_id.keyIdentifier.tag = MBEDTLS_ASN1_OCTET_STRING; return c.authority_key_id.keyIdentifier.tag; }\n" LWS_HAVE_MBEDTLS_AUTH_KEY_ID)
382	CHECK_C_SOURCE_COMPILES("#include <mbedtls/ssl.h>\nint main(void) { void *v = (void *)mbedtls_ssl_set_verify; return !!v; }\n" LWS_HAVE_mbedtls_ssl_set_verify)
383	CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_alpn_protocols LWS_HAVE_mbedtls_ssl_conf_alpn_protocols PARENT_SCOPE)
384	CHECK_FUNCTION_EXISTS(mbedtls_ssl_get_alpn_protocol LWS_HAVE_mbedtls_ssl_get_alpn_protocol PARENT_SCOPE)
385	CHECK_FUNCTION_EXISTS(mbedtls_ssl_conf_sni LWS_HAVE_mbedtls_ssl_conf_sni PARENT_SCOPE)
386	CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_ca_chain LWS_HAVE_mbedtls_ssl_set_hs_ca_chain PARENT_SCOPE)
387	CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_own_cert LWS_HAVE_mbedtls_ssl_set_hs_own_cert PARENT_SCOPE)
388	CHECK_FUNCTION_EXISTS(mbedtls_ssl_set_hs_authmode LWS_HAVE_mbedtls_ssl_set_hs_authmode PARENT_SCOPE)
389	CHECK_FUNCTION_EXISTS(mbedtls_net_init LWS_HAVE_mbedtls_net_init PARENT_SCOPE)
390	CHECK_FUNCTION_EXISTS(mbedtls_x509_crt_parse_file LWS_HAVE_mbedtls_x509_crt_parse_file PARENT_SCOPE) # some embedded may lack filesystem
391	CHECK_FUNCTION_EXISTS(mbedtls_md_setup LWS_HAVE_mbedtls_md_setup PARENT_SCOPE) # not on xenial 2.2
392	CHECK_FUNCTION_EXISTS(mbedtls_rsa_complete LWS_HAVE_mbedtls_rsa_complete PARENT_SCOPE) # not on xenial 2.2
393	CHECK_FUNCTION_EXISTS(mbedtls_internal_aes_encrypt LWS_HAVE_mbedtls_internal_aes_encrypt PARENT_SCOPE) # not on xenial 2.2
394else()
395CHECK_FUNCTION_EXISTS(${VARIA}TLS_client_method LWS_HAVE_TLS_CLIENT_METHOD PARENT_SCOPE)
396CHECK_FUNCTION_EXISTS(${VARIA}TLSv1_2_client_method LWS_HAVE_TLSV1_2_CLIENT_METHOD PARENT_SCOPE)
397endif()
398
399# Generate self-signed SSL certs for the test-server.
400
401if (LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL)
402	message("Searching for OpenSSL executable and dlls")
403	find_package(OpenSSLbins)
404	if (DEFINED OPENSSL_EXECUTABLE)
405		message("OpenSSL executable: ${OPENSSL_EXECUTABLE}")
406
407		if (OPENSSL_EXECUTABLE MATCHES "^$")
408			set(OPENSSL_EXECUTABLE openssl)
409		endif()
410	endif()
411	if (NOT DEFINED OPENSSL_EXECUTABLE)
412		set(OPENSSL_EXECUTABLE openssl)
413	endif()
414
415endif()
416
417set(GENCERTS 0)
418
419if (LWS_WITH_SSL AND OPENSSL_EXECUTABLE AND NOT LWS_WITHOUT_TEST_SERVER AND NOT LWS_WITHOUT_SERVER AND NOT LWS_WITHOUT_TESTAPPS)
420	set(GENCERTS 1)
421endif()
422if (LWS_PLAT_FREERTOS AND LWS_WITH_SSL)
423	set(GENCERTS 1)
424endif()
425message(" GENCERTS = ${GENCERTS}")
426if (GENCERTS)
427	message("Generating SSL Certificates for the test-server...")
428
429	set(TEST_SERVER_SSL_KEY "${PROJECT_BINARY_DIR}/libwebsockets-test-server.key.pem")
430	set(TEST_SERVER_SSL_CERT "${PROJECT_BINARY_DIR}/libwebsockets-test-server.pem")
431
432	if (WIN32)
433		if (MINGW)
434			message("cmd = \"${OPENSSL_EXECUTABLE}\" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj \"/C=GB/ST=Erewhon/L=All around/O=libwebsockets-test/CN=localhost\" -keyout \"${TEST_SERVER_SSL_KEY}\" -out \"${TEST_SERVER_SSL_CERT}\"")
435			execute_process(
436				COMMAND "${OPENSSL_EXECUTABLE}" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj "/C=GB/ST=Erewhon/L=All around/O=libwebsockets-test/CN=localhost" -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
437				RESULT_VARIABLE OPENSSL_RETURN_CODE)
438		else()
439			file(WRITE "${PROJECT_BINARY_DIR}/openssl_input.txt"
440				"GB\n"
441				"Erewhon\n"
442				"All around\n"
443				"libwebsockets-test\n"
444				"localhost\n"
445				"none@invalid.org\n\n"
446				)
447
448			# The "type" command is a bit picky with paths.
449			file(TO_NATIVE_PATH "${PROJECT_BINARY_DIR}/openssl_input.txt" OPENSSL_INPUT_WIN_PATH)
450			message("OPENSSL_INPUT_WIN_PATH = ${OPENSSL_INPUT_WIN_PATH}")
451			message("cmd = \"${OPENSSL_EXECUTABLE}\" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout \"${TEST_SERVER_SSL_KEY}\" -out \"${TEST_SERVER_SSL_CERT}\"")
452
453			if(OPENSSL_CONFIG_FILE)
454				execute_process(
455					COMMAND cmd /c type "${OPENSSL_INPUT_WIN_PATH}"
456					COMMAND "${OPENSSL_EXECUTABLE}" req -config ${OPENSSL_CONFIG_FILE} -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
457					RESULT_VARIABLE OPENSSL_RETURN_CODE
458					OUTPUT_QUIET ERROR_QUIET)
459			else()
460				execute_process(
461					COMMAND cmd /c type "${OPENSSL_INPUT_WIN_PATH}"
462					COMMAND "${OPENSSL_EXECUTABLE}" req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
463					RESULT_VARIABLE OPENSSL_RETURN_CODE
464					OUTPUT_QUIET ERROR_QUIET)
465			endif()
466
467			message("\n")
468		endif()
469
470		if (OPENSSL_RETURN_CODE)
471			message(WARNING "!!! Failed to generate SSL certificate for Test Server using cmd.exe !!!:\nOpenSSL return code = ${OPENSSL_RETURN_CODE}")
472		else()
473			message("SUCCSESFULLY generated SSL certificate")
474		endif()
475	else()
476               if (CMAKE_HOST_SYSTEM_NAME MATCHES "NetBSD")
477                execute_process(
478                        COMMAND "${OPENSSL_EXECUTABLE}"
479                                req -new -newkey rsa:2048 -days 10000 -nodes -x509 -subj "/O=lws/CN=localhost" -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
480                        RESULT_VARIABLE OPENSSL_RETURN_CODE
481                        #               OUTPUT_QUIET ERROR_QUIET
482                        )
483
484               else()
485
486		# Unix.
487		execute_process(
488			COMMAND printf "GB\\nErewhon\\nAll around\\nlibwebsockets-test\\n\\nlocalhost\\nnone@invalid.org\\n"
489			COMMAND "${OPENSSL_EXECUTABLE}"
490				req -new -newkey rsa:2048 -days 10000 -nodes -x509 -keyout "${TEST_SERVER_SSL_KEY}" -out "${TEST_SERVER_SSL_CERT}"
491			RESULT_VARIABLE OPENSSL_RETURN_CODE
492			#		OUTPUT_QUIET ERROR_QUIET
493			)
494
495		endif()
496
497		if (OPENSSL_RETURN_CODE)
498			message(WARNING "!!! Failed to generate SSL certificate for Test Server!!!:\nOpenSSL return code = ${OPENSSL_RETURN_CODE}")
499		else()
500			message("SUCCESSFULLY generated SSL certificate")
501		endif()
502	endif()
503
504	list(APPEND TEST_SERVER_DATA
505		"${TEST_SERVER_SSL_KEY}"
506		"${TEST_SERVER_SSL_CERT}")
507endif()
508
509#
510# Copy OpenSSL dlls to the output directory on Windows.
511# (Otherwise we'll get an error when trying to run)
512#
513if (MSVC AND LWS_WITH_SSL AND NOT LWS_WITH_WOLFSSL)
514	if(OPENSSL_BIN_FOUND)
515		message("OpenSSL dlls found:")
516		message("  Libeay: ${LIBEAY_BIN}")
517		message("  SSLeay: ${SSLEAY_BIN}")
518
519		foreach(TARGET_BIN ${TEST_APP_LIST})
520			add_custom_command(TARGET ${TARGET_BIN}
521				POST_BUILD
522				COMMAND "${CMAKE_COMMAND}" -E copy "${LIBEAY_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM)
523			add_custom_command(TARGET ${TARGET_BIN}
524				POST_BUILD
525				COMMAND "${CMAKE_COMMAND}" -E copy "${SSLEAY_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM)
526
527			#
528			# Win32: if we are using libuv, also need to copy it in the output dir
529			#
530			if (MSVC AND LWS_WITH_LIBUV)
531				STRING(REPLACE ".lib" ".dll" LIBUV_BIN ${LIBUV_LIBRARIES})
532				add_custom_command(TARGET ${TARGET_BIN}
533					POST_BUILD
534					COMMAND "${CMAKE_COMMAND}" -E copy "${LIBUV_BIN}" "$<TARGET_FILE_DIR:${TARGET_BIN}>" VERBATIM)
535			endif()
536		endforeach()
537	endif()
538endif()
539
540if (LWS_WITH_TLS AND (LWS_WITH_JOSE OR LWS_WITH_GENCRYPTO))
541	list(APPEND SOURCES
542		tls/lws-gencrypto-common.c)
543endif()
544
545#
546# Keep explicit parent scope exports at end
547#
548
549exports_to_parent_scope()
550set(LWS_HAVE_MBEDTLS_NET_SOCKETS ${LWS_HAVE_MBEDTLS_NET_SOCKETS} PARENT_SCOPE)
551set(TEST_SERVER_SSL_KEY "${TEST_SERVER_SSL_KEY}" PARENT_SCOPE)
552set(TEST_SERVER_SSL_CERT "${TEST_SERVER_SSL_CERT}" PARENT_SCOPE)
553set(TEST_SERVER_DATA ${TEST_SERVER_DATA} PARENT_SCOPE)
554
555