Fix mbedtls-3.0 problem (#322)

* Fix mbedtls-3.0 problem

This cause CI to fail on macOS.

See this migration guide => https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guide.md

* cmake change find header file

* define macro for mbedtls >= 3

* update api call

* Update IXWebSocketVersion.h

* Update CHANGELOG.md

.github/workflows/unittest_linux.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   linux:

.github/workflows/unittest_linux_asan.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   linux:

.github/workflows/unittest_mac_tsan_mbedtls.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   mac_tsan_mbedtls:

.github/workflows/unittest_mac_tsan_openssl.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   mac_tsan_openssl:

.github/workflows/unittest_mac_tsan_sectransport.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   mac_tsan_sectransport:

.github/workflows/unittest_uwp.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   uwp:

.github/workflows/unittest_windows.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   windows:

.github/workflows/unittest_windows_gcc.yml

@@ -3,6 +3,7 @@ on:
   push:
     paths-ignore:
     - 'docs/**'
+  pull_request:
 
 jobs:
   windows:

CMake/FindMbedTLS.cmake

@@ -1,5 +1,8 @@
 find_path(MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h)
 
+# mbedtls-3.0 changed headers files, and we need to ifdef'out a few things
+find_path(MBEDTLS_VERSION_GREATER_THAN_3 mbedtls/build_info.h)
+
 find_library(MBEDTLS_LIBRARY mbedtls)
 find_library(MBEDX509_LIBRARY mbedx509)
 find_library(MBEDCRYPTO_LIBRARY mbedcrypto)

CMakeLists.txt

@@ -180,18 +180,28 @@ if (USE_TLS)
       # set(CMAKE_INCLUDE_PATH ${CMAKE_INCLUDE_PATH} /opt/local/include/openssl-1.0)
     endif()
 
-    # Use OPENSSL_ROOT_DIR CMake variable if you need to use your own openssl
-    find_package(OpenSSL REQUIRED) 
+    # This OPENSSL_FOUND check is to help find a cmake manually configured OpenSSL
+    if (NOT OPENSSL_FOUND)
+      find_package(OpenSSL REQUIRED)
+    endif()
     message(STATUS "OpenSSL: " ${OPENSSL_VERSION})
 
     add_definitions(${OPENSSL_DEFINITIONS})
-    target_include_directories(ixwebsocket PUBLIC ${OPENSSL_INCLUDE_DIR})
+    target_include_directories(ixwebsocket PUBLIC $<BUILD_INTERFACE:${OPENSSL_INCLUDE_DIR}>)
     target_link_libraries(ixwebsocket ${OPENSSL_LIBRARIES})
   elseif (USE_MBED_TLS)
     message(STATUS "TLS configured to use mbedtls")
 
-    find_package(MbedTLS REQUIRED)
-    target_include_directories(ixwebsocket PUBLIC ${MBEDTLS_INCLUDE_DIRS})
+    # This MBEDTLS_FOUND check is to help find a cmake manually configured MbedTLS
+    if (NOT MBEDTLS_FOUND)
+      find_package(MbedTLS REQUIRED)
+      
+      if (MBEDTLS_VERSION_GREATER_THAN_3)
+        target_compile_definitions(ixwebsocket PRIVATE IXWEBSOCKET_USE_MBED_TLS_MIN_VERSION_3)
+      endif()
+      
+    endif()
+    target_include_directories(ixwebsocket PUBLIC $<BUILD_INTERFACE:${MBEDTLS_INCLUDE_DIRS}>)
     target_link_libraries(ixwebsocket ${MBEDTLS_LIBRARIES})
   elseif (USE_SECURE_TRANSPORT)
     message(STATUS "TLS configured to use secure transport")
@@ -202,9 +212,11 @@ endif()
 option(USE_ZLIB "Enable zlib support" TRUE)
 
 if (USE_ZLIB)
-  # Use ZLIB_ROOT CMake variable if you need to use your own zlib
-  find_package(ZLIB REQUIRED)
-  include_directories(${ZLIB_INCLUDE_DIRS})
+  # This ZLIB_FOUND check is to help find a cmake manually configured zlib
+  if (NOT ZLIB_FOUND)
+    find_package(ZLIB REQUIRED)
+  endif()
+  target_include_directories(ixwebsocket PUBLIC $<BUILD_INTERFACE:${ZLIB_INCLUDE_DIRS}>)
   target_link_libraries(ixwebsocket ${ZLIB_LIBRARIES})
 
   target_compile_definitions(ixwebsocket PUBLIC IXWEBSOCKET_USE_ZLIB)
@@ -242,23 +254,29 @@ if (CMAKE_CXX_COMPILER_ID MATCHES "MSVC")
     target_compile_options(ixwebsocket PRIVATE /MP)
 endif()
 
+include(GNUInstallDirs)
+
 target_include_directories(ixwebsocket PUBLIC
   $<BUILD_INTERFACE:${IXWEBSOCKET_INCLUDE_DIRS}/>
-  $<INSTALL_INTERFACE:include/ixwebsocket>
+  $<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}/ixwebsocket>
 )
 
 set_target_properties(ixwebsocket PROPERTIES PUBLIC_HEADER "${IXWEBSOCKET_HEADERS}")
 
-install(TARGETS ixwebsocket
-        EXPORT ixwebsocket
-        ARCHIVE DESTINATION lib
-        PUBLIC_HEADER DESTINATION include/ixwebsocket/
-)
+option(IXWEBSOCKET_INSTALL "Install IXWebSocket" TRUE)
 
-install(EXPORT ixwebsocket
-        FILE ixwebsocket-config.cmake
-        NAMESPACE ixwebsocket::
-        DESTINATION lib/cmake/ixwebsocket)
+if (IXWEBSOCKET_INSTALL)
+  install(TARGETS ixwebsocket
+          EXPORT ixwebsocket
+          ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+          PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}/ixwebsocket/
+  )
+
+  install(EXPORT ixwebsocket
+          FILE ixwebsocket-config.cmake
+          NAMESPACE ixwebsocket::
+          DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/ixwebsocket)
+endif()
 
 if (USE_WS OR USE_TEST)
   include(FetchContent)

docs/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All changes to this project will be documented in this file.
 
+## [11.3.1] - 2021-10-22
+
+(library/cmake) Compatible with MbedTLS 3 + fix a bug on Windows where the incorrect remote port is computed (#320)
+
+## [11.3.0] - 2021-09-20
+
+(library/cmake) Only find OpenSSL, MbedTLS, zlib if they have not already been found, make CMake install optional (#317) + Use GNUInstallDirs in cmake (#318)
+
 ## [11.2.10] - 2021-07-27
 
 (ws) bump CLI command line parsing library from 1.8 to 2.0

docs/build.md

@@ -20,7 +20,7 @@ Options for building:
 * `-DBUILD_SHARED_LIBS=ON` will build the unittest as a shared libary instead of a static library, which is the default
 * `-DUSE_ZLIB=1` will enable zlib support, required for http client + server + websocket per message deflate extension
 * `-DUSE_TLS=1` will enable TLS support
-* `-DUSE_OPEN_SSL=1` will use [openssl](https://www.openssl.org/) for the TLS support (default on Linux and Windows)
+* `-DUSE_OPEN_SSL=1` will use [openssl](https://www.openssl.org/) for the TLS support (default on Linux and Windows). When using a custom version of openssl (say a prebuilt version, odd runtime problems can happens, as in #319, and special cmake trickery will be required (see this [comment](https://github.com/machinezone/IXWebSocket/issues/175#issuecomment-620231032))
 * `-DUSE_MBED_TLS=1` will use [mbedlts](https://tls.mbed.org/) for the TLS support
 * `-DUSE_WS=1` will build the ws interactive command line tool
 * `-DUSE_TEST=1` will build the unittest

ixwebsocket/IXNetSystem.cpp

@@ -278,4 +278,17 @@ namespace ix
 #endif
     }
 
+    // Convert network bytes to host bytes. Copied from the ASIO library
+    unsigned short network_to_host_short(unsigned short value)
+    {
+        #if defined(_WIN32)
+          unsigned char* value_p = reinterpret_cast<unsigned char*>(&value);
+          unsigned short result = (static_cast<unsigned short>(value_p[0]) << 8)
+            | static_cast<unsigned short>(value_p[1]);
+          return result;
+        #else // defined(_WIN32)
+          return ntohs(value);
+        #endif // defined(_WIN32)
+    }
+
 } // namespace ix

ixwebsocket/IXNetSystem.h

@@ -81,4 +81,6 @@ namespace ix
 
     const char* inet_ntop(int af, const void* src, char* dst, socklen_t size);
     int inet_pton(int af, const char* src, void* dst);
+
+    unsigned short network_to_host_short(unsigned short value);
 } // namespace ix

ixwebsocket/IXSocketMbedTLS.cpp

@@ -132,7 +132,11 @@ namespace ix
                 errMsg = "Cannot parse cert file '" + _tlsOptions.certFile + "'";
                 return false;
             }
+#ifdef IXWEBSOCKET_USE_MBED_TLS_MIN_VERSION_3
+            if (mbedtls_pk_parse_keyfile(&_pkey, _tlsOptions.keyFile.c_str(), "", mbedtls_ctr_drbg_random, &_ctr_drbg) < 0)
+#else
             if (mbedtls_pk_parse_keyfile(&_pkey, _tlsOptions.keyFile.c_str(), "") < 0)
+#endif
             {
                 errMsg = "Cannot parse key file '" + _tlsOptions.keyFile + "'";
                 return false;

ixwebsocket/IXSocketMbedTLS.h

@@ -13,7 +13,7 @@
 #include <mbedtls/debug.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/error.h>
-#include <mbedtls/net.h>
+#include <mbedtls/net_sockets.h>
 #include <mbedtls/platform.h>
 #include <mbedtls/x509.h>
 #include <mbedtls/x509_crt.h>

ixwebsocket/IXSocketServer.cpp

@@ -351,7 +351,7 @@ namespace ix
                     continue;
                 }
 
-                remotePort = client.sin_port;
+                remotePort = ix::network_to_host_short(client.sin_port);
                 remoteIp = remoteIp4;
             }
             else // AF_INET6
@@ -371,7 +371,7 @@ namespace ix
                     continue;
                 }
 
-                remotePort = client.sin_port;
+                remotePort = ix::network_to_host_short(client.sin_port);
                 remoteIp = remoteIp6;
             }
 

ixwebsocket/IXWebSocketVersion.h

@@ -6,4 +6,4 @@
 
 #pragma once
 
-#define IX_WEBSOCKET_VERSION "11.2.10"
+#define IX_WEBSOCKET_VERSION "11.3.1"

ws/package-lock.json

@@ -8,7 +8,7 @@
       "integrity": "sha512-jp/uFnooOiO+L211eZOoSyzpOITMXx1rBITauYykG3BRYPu8h0UcxsPNB04RR5vo4Tyz3+ay17tR6JVf9qzYWg=="
     },
     "ws": {
-      "version": "6.2.0",
+      "version": ">=6.2.2",
       "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.0.tgz",
       "integrity": "sha512-deZYUNlt2O4buFCa3t5bKLf8A7FPP/TVjwOeVNpw818Ma5nk4MLXls2eoEGS39o8119QIYxTrTDoPQ5B/gTD6w==",
       "requires": {