stop using C++14 lambda capture init, code should be C++11 compatible

* (http client) #ifdefs so we dont try to compress http requests with zlib

* (http client) Remove some #ifdefs for including zlib and removing fields

.dockerignore

@@ -2,3 +2,4 @@ build
 CMakeCache.txt
 ws/CMakeCache.txt
 test/build
+makefile

.github/workflows/docker.yml

@@ -0,0 +1,66 @@
+name: docker
+
+# When its time to do a release do a build for amd64
+# and push all of them to Docker Hub.
+# Only trigger on semver shaped tags.
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  login:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Prepare
+        id: prep
+        run: |
+          DOCKER_IMAGE=machinezone/ws
+          VERSION=edge
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF#refs/tags/v}
+          fi
+          if [ "${{ github.event_name }}" = "schedule" ]; then
+            VERSION=nightly
+          fi
+          TAGS="${DOCKER_IMAGE}:${VERSION}"
+          if [[ $VERSION =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
+            TAGS="$TAGS,${DOCKER_IMAGE}:latest"
+          fi
+          echo ::set-output name=tags::${TAGS}
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@master
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Login to GitHub Package Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GHCR_TOKEN }}
+
+      - name: Build and push
+        id: docker_build
+        uses: docker/build-push-action@v2-build-push
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          file: ./Dockerfile
+          target: prod
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.prep.outputs.tags }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache

.github/workflows/mkdocs.yml

@@ -0,0 +1,25 @@
+name: mkdocs
+on:
+  push:
+    paths:
+    - 'docs/**'
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v1
+      with:
+        python-version: 3.8
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install mkdocs
+        pip install mkdocs-material
+        pip install pygments
+    - name: Build doc
+      run: |
+        git pull
+        mkdocs gh-deploy

.github/workflows/stale.yml

@@ -0,0 +1,19 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/stale@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'Stale issue message'
+        stale-pr-message: 'Stale pull request message'
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'

.github/workflows/unittest_linux.yml

@@ -0,0 +1,14 @@
+name: linux
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: seanmiddleditch/gha-setup-ninja@master
+    - name: make test
+      run: make -f makefile.dev test

.github/workflows/unittest_linux_asan.yml

@@ -0,0 +1,14 @@
+name: linux_asan
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+
+jobs:
+  linux:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: seanmiddleditch/gha-setup-ninja@master
+    - name: make test_asan
+      run: make -f makefile.dev test_asan

.github/workflows/unittest_mac_tsan_mbedtls.yml

@@ -0,0 +1,16 @@
+name: mac_tsan_mbedtls
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+
+jobs:
+  mac_tsan_mbedtls:
+    runs-on: macOS-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: seanmiddleditch/gha-setup-ninja@master
+    - name: install mbedtls
+      run: brew install mbedtls
+    - name: make test
+      run: make -f makefile.dev test_tsan_mbedtls

.github/workflows/unittest_mac_tsan_openssl.yml

@@ -0,0 +1,16 @@
+name: mac_tsan_openssl
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+
+jobs:
+  mac_tsan_openssl:
+    runs-on: macOS-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: seanmiddleditch/gha-setup-ninja@master
+    - name: install openssl
+      run: brew install openssl@1.1
+    - name: make test
+      run: make -f makefile.dev test_tsan_openssl

.github/workflows/unittest_mac_tsan_sectransport.yml

@@ -0,0 +1,14 @@
+name: mac_tsan_sectransport
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+
+jobs:
+  mac_tsan_sectransport:
+    runs-on: macOS-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: seanmiddleditch/gha-setup-ninja@master
+    - name: make test_tsan_sectransport
+      run: make -f makefile.dev test_tsan_sectransport

.github/workflows/unittest_uwp.yml

@@ -0,0 +1,44 @@
+name: uwp
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+
+jobs:
+  uwp:
+    runs-on: windows-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: seanmiddleditch/gha-setup-vsdevenv@master
+    - uses: seanmiddleditch/gha-setup-ninja@master
+    - run: |
+        mkdir build
+        cd build
+        cmake -GNinja -DCMAKE_TOOLCHAIN_FILE=c:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION="10.0" -DCMAKE_CXX_COMPILER=cl.exe -DCMAKE_C_COMPILER=cl.exe -DUSE_TEST=1 -DUSE_ZLIB=0 ..
+    - run: |
+        cd build
+        ninja
+    - run: |
+        cd build
+        ninja test
+
+#
+#   Windows with OpenSSL is working but disabled as it takes 13 minutes (10 for openssl) to build with vcpkg
+#
+#   windows_openssl:
+#     runs-on: windows-latest
+#     steps:
+#     - uses: actions/checkout@v1
+#     - uses: seanmiddleditch/gha-setup-vsdevenv@master
+#     - run: |
+#         vcpkg install zlib:x64-windows
+#         vcpkg install openssl:x64-windows
+#     - run: |
+#         mkdir build
+#         cd build
+#         cmake -DCMAKE_TOOLCHAIN_FILE=c:/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_CXX_COMPILER=cl.exe -DUSE_OPEN_SSL=1 -DUSE_TLS=1 -DUSE_WS=1 -DUSE_TEST=1 ..
+#     - run: cmake --build build
+# 
+#     # Running the unittest does not work, the binary cannot be found
+#     #- run: ../build/test/ixwebsocket_unittest.exe
+#     # working-directory: test

.github/workflows/unittest_windows.yml

@@ -0,0 +1,26 @@
+name: windows
+on:
+  push:
+    paths-ignore:
+    - 'docs/**'
+
+jobs:
+  windows:
+    runs-on: windows-latest
+    steps:
+    - uses: actions/checkout@v1
+    - uses: seanmiddleditch/gha-setup-vsdevenv@master
+    - uses: seanmiddleditch/gha-setup-ninja@master
+    - run: |
+        mkdir build
+        cd build
+        cmake -GNinja -DCMAKE_CXX_COMPILER=cl.exe -DCMAKE_C_COMPILER=cl.exe -DUSE_WS=1 -DUSE_TEST=1 -DUSE_ZLIB=0 ..
+    - run: |
+        cd build
+        ninja
+    - run: |
+        cd build
+        ninja test
+
+#- run: ../build/test/ixwebsocket_unittest.exe
+# working-directory: test

.gitignore

@@ -1,3 +1,9 @@
 build
 *.pyc
 venv
+ixsnake/ixsnake/.certs/
+site/
+ws/.certs/
+ws/.srl
+ixhttpd
+makefile

.pre-commit-config.yaml

@@ -1,7 +1,12 @@
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v2.3.0
+    rev: v2.5.0
     hooks:
     -   id: check-yaml
     -   id: end-of-file-fixer
     -   id: trailing-whitespace
+-   repo: https://github.com/pocc/pre-commit-hooks
+    rev: v1.1.1
+    hooks:
+    -    id: clang-format
+         args: [-i, -style=file]

.travis.yml

@@ -1,59 +0,0 @@
-language: bash
-
-# See https://github.com/amaiorano/vectrexy/blob/master/.travis.yml
-# for ideas on installing vcpkg
-
-matrix:
-  include:
-    # macOS
-    # - os: osx
-    #   env:
-    #     - HOMEBREW_NO_AUTO_UPDATE=1
-    #   compiler: clang
-    #   script:
-    #     - brew install redis
-    #     - brew services start redis
-    #     - brew install mbedtls
-    #     - python test/run.py
-    #     - make ws
-
-    Linux
-    - os: linux
-      dist: bionic
-      before_install:
-        - sudo apt-get install -y libmbedtls-dev
-        - sudo apt-get install -y redis-server
-      script: 
-      - python test/run.py
-      #  - make ws
-      env:
-        - CC=gcc
-        - CXX=g++
-
-    # Clang + Linux disabled for now
-    # - os: linux
-    #   dist: xenial
-    #   script: python test/run.py
-    #   env:
-    #     - CC=clang 
-    #     - CXX=clang++
-
-    # Windows
-    # - os: windows
-    #   env:
-    #     - CMAKE_PATH="/c/Program Files/CMake/bin"
-    #   script: 
-    #     - cd third_party/zlib
-    #     - cmake .
-    #     - cmake --build . --target install
-    #     - cd ../..
-    #     # - cd third_party/mbedtls
-    #     # - cmake .
-    #     # - cmake --build . --target install
-    #     # - cd ../..
-    #     - export PATH=$CMAKE_PATH:$PATH
-    #     - cd test
-    #     - cmake .
-    #     - cmake --build --parallel .
-    #     - ixwebsocket_unittest.exe
-    #     # - python test/run.py

CMake/FindDeflate.cmake

@@ -0,0 +1,19 @@
+# Find package structure taken from libcurl
+
+include(FindPackageHandleStandardArgs)
+
+find_path(DEFLATE_INCLUDE_DIRS libdeflate.h)
+find_library(DEFLATE_LIBRARY deflate)
+
+find_package_handle_standard_args(Deflate
+    FOUND_VAR
+      DEFLATE_FOUND
+    REQUIRED_VARS
+      DEFLATE_LIBRARY
+      DEFLATE_INCLUDE_DIRS
+    FAIL_MESSAGE
+      "Could NOT find deflate"
+)
+
+set(DEFLATE_INCLUDE_DIRS ${DEFLATE_INCLUDE_DIRS})
+set(DEFLATE_LIBRARIES ${DEFLATE_LIBRARY})

CMake/FindMbedTLS.cmake

@@ -7,7 +7,7 @@ find_library(MBEDCRYPTO_LIBRARY mbedcrypto)
 set(MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_LIBRARY}")
 
 include(FindPackageHandleStandardArgs)
-find_package_handle_standard_args(MBEDTLS DEFAULT_MSG
+find_package_handle_standard_args(MbedTLS DEFAULT_MSG
     MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY)
 
 mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY)

CMake/FindSpdLog.cmake

@@ -0,0 +1,19 @@
+# Find package structure taken from libcurl
+
+include(FindPackageHandleStandardArgs)
+
+find_path(SPDLOG_INCLUDE_DIRS spdlog/spdlog.h)
+find_library(JSONCPP_LIBRARY spdlog)
+
+find_package_handle_standard_args(SPDLOG
+    FOUND_VAR
+    SPDLOG_FOUND
+    REQUIRED_VARS
+      SPDLOG_LIBRARY
+      SPDLOG_INCLUDE_DIRS
+    FAIL_MESSAGE
+      "Could NOT find spdlog"
+)
+
+set(SPDLOG_INCLUDE_DIRS ${SPDLOG_INCLUDE_DIRS})
+set(SPDLOG_LIBRARIES ${SPDLOG_LIBRARY})

CMakeLists.txt

@@ -3,15 +3,19 @@
 # Copyright (c) 2018 Machine Zone, Inc. All rights reserved.
 #
 
-cmake_minimum_required(VERSION 3.4.1)
+cmake_minimum_required(VERSION 3.4.1...3.17.2)
 set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
 
 project(ixwebsocket C CXX)
 
-set (CMAKE_CXX_STANDARD 14)
+set (CMAKE_CXX_STANDARD 11)
 set (CXX_STANDARD_REQUIRED ON)
 set (CMAKE_CXX_EXTENSIONS OFF)
 
+if (${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+  set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+endif()
+
 if (UNIX)
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -pedantic")
 endif()
@@ -21,40 +25,51 @@ if ("${CMAKE_CXX_COMPILER_ID}" MATCHES "Clang")
 endif()
 
 set( IXWEBSOCKET_SOURCES
+    ixwebsocket/IXBench.cpp
     ixwebsocket/IXCancellationRequest.cpp
     ixwebsocket/IXConnectionState.cpp
     ixwebsocket/IXDNSLookup.cpp
     ixwebsocket/IXExponentialBackoff.cpp
+    ixwebsocket/IXGetFreePort.cpp
+    ixwebsocket/IXGzipCodec.cpp
     ixwebsocket/IXHttp.cpp
     ixwebsocket/IXHttpClient.cpp
     ixwebsocket/IXHttpServer.cpp
     ixwebsocket/IXNetSystem.cpp
     ixwebsocket/IXSelectInterrupt.cpp
     ixwebsocket/IXSelectInterruptFactory.cpp
+    ixwebsocket/IXSelectInterruptPipe.cpp
+    ixwebsocket/IXSetThreadName.cpp
     ixwebsocket/IXSocket.cpp
     ixwebsocket/IXSocketConnect.cpp
     ixwebsocket/IXSocketFactory.cpp
     ixwebsocket/IXSocketServer.cpp
+    ixwebsocket/IXSocketTLSOptions.cpp
+    ixwebsocket/IXStrCaseCompare.cpp
+    ixwebsocket/IXUdpSocket.cpp
     ixwebsocket/IXUrlParser.cpp
+    ixwebsocket/IXUuid.cpp
     ixwebsocket/IXUserAgent.cpp
     ixwebsocket/IXWebSocket.cpp
     ixwebsocket/IXWebSocketCloseConstants.cpp
     ixwebsocket/IXWebSocketHandshake.cpp
     ixwebsocket/IXWebSocketHttpHeaders.cpp
-    ixwebsocket/IXWebSocketMessageQueue.cpp
     ixwebsocket/IXWebSocketPerMessageDeflate.cpp
     ixwebsocket/IXWebSocketPerMessageDeflateCodec.cpp
     ixwebsocket/IXWebSocketPerMessageDeflateOptions.cpp
+    ixwebsocket/IXWebSocketProxyServer.cpp
     ixwebsocket/IXWebSocketServer.cpp
     ixwebsocket/IXWebSocketTransport.cpp
-    ixwebsocket/LUrlParser.cpp
 )
 
 set( IXWEBSOCKET_HEADERS
+    ixwebsocket/IXBench.h
     ixwebsocket/IXCancellationRequest.h
     ixwebsocket/IXConnectionState.h
     ixwebsocket/IXDNSLookup.h
     ixwebsocket/IXExponentialBackoff.h
+    ixwebsocket/IXGetFreePort.h
+    ixwebsocket/IXGzipCodec.h
     ixwebsocket/IXHttp.h
     ixwebsocket/IXHttpClient.h
     ixwebsocket/IXHttpServer.h
@@ -62,12 +77,17 @@ set( IXWEBSOCKET_HEADERS
     ixwebsocket/IXProgressCallback.h
     ixwebsocket/IXSelectInterrupt.h
     ixwebsocket/IXSelectInterruptFactory.h
+    ixwebsocket/IXSelectInterruptPipe.h
     ixwebsocket/IXSetThreadName.h
     ixwebsocket/IXSocket.h
     ixwebsocket/IXSocketConnect.h
     ixwebsocket/IXSocketFactory.h
     ixwebsocket/IXSocketServer.h
+    ixwebsocket/IXSocketTLSOptions.h
+    ixwebsocket/IXStrCaseCompare.h
+    ixwebsocket/IXUdpSocket.h
     ixwebsocket/IXUrlParser.h
+    ixwebsocket/IXUuid.h
     ixwebsocket/IXUtf8Validator.h
     ixwebsocket/IXUserAgent.h
     ixwebsocket/IXWebSocket.h
@@ -75,58 +95,52 @@ set( IXWEBSOCKET_HEADERS
     ixwebsocket/IXWebSocketCloseInfo.h
     ixwebsocket/IXWebSocketErrorInfo.h
     ixwebsocket/IXWebSocketHandshake.h
+    ixwebsocket/IXWebSocketHandshakeKeyGen.h
     ixwebsocket/IXWebSocketHttpHeaders.h
+    ixwebsocket/IXWebSocketInitResult.h
     ixwebsocket/IXWebSocketMessage.h
-    ixwebsocket/IXWebSocketMessageQueue.h
     ixwebsocket/IXWebSocketMessageType.h
     ixwebsocket/IXWebSocketOpenInfo.h
     ixwebsocket/IXWebSocketPerMessageDeflate.h
     ixwebsocket/IXWebSocketPerMessageDeflateCodec.h
     ixwebsocket/IXWebSocketPerMessageDeflateOptions.h
+    ixwebsocket/IXWebSocketProxyServer.h
     ixwebsocket/IXWebSocketSendInfo.h
     ixwebsocket/IXWebSocketServer.h
     ixwebsocket/IXWebSocketTransport.h
     ixwebsocket/IXWebSocketVersion.h
-    ixwebsocket/LUrlParser.h
-    ixwebsocket/libwshandshake.hpp
 )
 
-if (UNIX)
-    # Linux, Mac, iOS, Android
-    list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/IXSelectInterruptPipe.cpp )
-    list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/IXSelectInterruptPipe.h )
-endif()
+option(USE_TLS "Enable TLS support" FALSE)
 
-# Platform specific code
-if (APPLE)
-    list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/apple/IXSetThreadName_apple.cpp)
-elseif (WIN32)
-    list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/windows/IXSetThreadName_windows.cpp)
-else()
-    list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/linux/IXSetThreadName_linux.cpp)
-    list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/IXSelectInterruptEventFd.cpp)
-    list( APPEND IXWEBSOCKET_HEADERS ixwebsocket/IXSelectInterruptEventFd.h)
-endif()
-
-if (WIN32)
-  set(USE_MBED_TLS TRUE)
-endif()
-
-set(USE_OPEN_SSL FALSE)
 if (USE_TLS)
+    # default to securetranport on Apple if nothing is configured
+    if (APPLE)
+      if (NOT USE_MBED_TLS AND NOT USE_OPEN_SSL) # unless we want something else
+        set(USE_SECURE_TRANSPORT ON)
+      endif()
+    # default to mbedtls on windows if nothing is configured
+    elseif (WIN32)
+      if (NOT USE_OPEN_SSL) # unless we want something else
+        set(USE_MBED_TLS ON)
+      endif()
+    else() # default to OpenSSL on all other platforms
+      if (NOT USE_MBED_TLS) # Unless mbedtls is requested
+        set(USE_OPEN_SSL ON)
+      endif()
+    endif()
+
     if (USE_MBED_TLS)
         list( APPEND IXWEBSOCKET_HEADERS ixwebsocket/IXSocketMbedTLS.h)
         list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/IXSocketMbedTLS.cpp)
-    elseif (APPLE)
+    elseif (USE_SECURE_TRANSPORT)
         list( APPEND IXWEBSOCKET_HEADERS ixwebsocket/IXSocketAppleSSL.h)
         list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/IXSocketAppleSSL.cpp)
-    elseif (WIN32)
-        list( APPEND IXWEBSOCKET_HEADERS ixwebsocket/IXSocketSChannel.h)
-        list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/IXSocketSChannel.cpp)
-    else()
-        set(USE_OPEN_SSL TRUE)
+    elseif (USE_OPEN_SSL)
         list( APPEND IXWEBSOCKET_HEADERS ixwebsocket/IXSocketOpenSSL.h)
         list( APPEND IXWEBSOCKET_SOURCES ixwebsocket/IXSocketOpenSSL.cpp)
+    else()
+        message(FATAL_ERROR "TLS Configuration error: unknown backend")
     endif()
 endif()
 
@@ -139,20 +153,74 @@ if (USE_TLS)
     target_compile_definitions(ixwebsocket PUBLIC IXWEBSOCKET_USE_TLS)
     if (USE_MBED_TLS)
         target_compile_definitions(ixwebsocket PUBLIC IXWEBSOCKET_USE_MBED_TLS)
-    elseif (APPLE)
-    elseif (WIN32)
-    else()
+    elseif (USE_OPEN_SSL)
         target_compile_definitions(ixwebsocket PUBLIC IXWEBSOCKET_USE_OPEN_SSL)
+    elseif (USE_SECURE_TRANSPORT)
+        target_compile_definitions(ixwebsocket PUBLIC IXWEBSOCKET_USE_SECURE_TRANSPORT)
+    else()
+        message(FATAL_ERROR "TLS Configuration error: unknown backend")
     endif()
 endif()
 
-if (APPLE AND USE_TLS AND NOT USE_MBED_TLS)
-  target_link_libraries(ixwebsocket "-framework foundation" "-framework security")
+if (USE_TLS)
+  if (USE_OPEN_SSL)
+    message(STATUS "TLS configured to use openssl")
+
+    # Help finding Homebrew's OpenSSL on macOS
+    if (APPLE)
+      set(CMAKE_LIBRARY_PATH ${CMAKE_LIBRARY_PATH} /usr/local/opt/openssl/lib)
+      set(CMAKE_INCLUDE_PATH ${CMAKE_INCLUDE_PATH} /usr/local/opt/openssl/include)
+
+      # This is for MacPort OpenSSL 1.0
+      # set(CMAKE_LIBRARY_PATH ${CMAKE_LIBRARY_PATH} /opt/local/lib/openssl-1.0)
+      # set(CMAKE_INCLUDE_PATH ${CMAKE_INCLUDE_PATH} /opt/local/include/openssl-1.0)
+    endif()
+
+    # Use OPENSSL_ROOT_DIR CMake variable if you need to use your own openssl
+    find_package(OpenSSL REQUIRED) 
+    message(STATUS "OpenSSL: " ${OPENSSL_VERSION})
+
+    add_definitions(${OPENSSL_DEFINITIONS})
+    target_include_directories(ixwebsocket PUBLIC ${OPENSSL_INCLUDE_DIR})
+    target_link_libraries(ixwebsocket ${OPENSSL_LIBRARIES})
+  elseif (USE_MBED_TLS)
+    message(STATUS "TLS configured to use mbedtls")
+
+    find_package(MbedTLS REQUIRED)
+    target_include_directories(ixwebsocket PUBLIC ${MBEDTLS_INCLUDE_DIRS})
+    target_link_libraries(ixwebsocket ${MBEDTLS_LIBRARIES})
+  elseif (USE_SECURE_TRANSPORT)
+    message(STATUS "TLS configured to use secure transport")
+    target_link_libraries(ixwebsocket "-framework foundation" "-framework security")
+  endif()
+endif()
+
+option(USE_ZLIB "Enable zlib support" TRUE)
+
+if (USE_ZLIB)
+  # Use ZLIB_ROOT CMake variable if you need to use your own zlib
+  find_package(ZLIB REQUIRED)
+  include_directories(${ZLIB_INCLUDE_DIRS})
+  target_link_libraries(ixwebsocket ${ZLIB_LIBRARIES})
+
+  target_compile_definitions(ixwebsocket PUBLIC IXWEBSOCKET_USE_ZLIB)
+endif()
+
+# brew install libdeflate
+find_package(Deflate)
+if (DEFLATE_FOUND)
+  include_directories(${DEFLATE_INCLUDE_DIRS})
+  target_link_libraries(ixwebsocket ${DEFLATE_LIBRARIES})
+  target_compile_definitions(ixwebsocket PUBLIC IXWEBSOCKET_USE_DEFLATE)
 endif()
 
 if (WIN32)
-  target_link_libraries(ixwebsocket wsock32 ws2_32)
+  target_link_libraries(ixwebsocket wsock32 ws2_32 shlwapi)
   add_definitions(-D_CRT_SECURE_NO_WARNINGS)
+
+  if (USE_TLS)
+    target_link_libraries(ixwebsocket Crypt32)
+  endif()
 endif()
 
 if (UNIX)
@@ -160,40 +228,9 @@ if (UNIX)
   target_link_libraries(ixwebsocket ${CMAKE_THREAD_LIBS_INIT})
 endif()
 
-if (USE_TLS AND USE_OPEN_SSL)
-  find_package(OpenSSL REQUIRED)
-  add_definitions(${OPENSSL_DEFINITIONS})
-  message(STATUS "OpenSSL: " ${OPENSSL_VERSION})
-  include_directories(${OPENSSL_INCLUDE_DIR})
-  target_link_libraries(ixwebsocket ${OPENSSL_LIBRARIES})
-endif()
-
-if (USE_TLS AND USE_MBED_TLS)
-  if (USE_VENDORED_THIRD_PARTY)
-    set (ENABLE_PROGRAMS OFF)
-    add_subdirectory(third_party/mbedtls)
-    include_directories(third_party/mbedtls/include)
-
-    target_link_libraries(ixwebsocket mbedtls)
-  else()
-    find_package(MbedTLS REQUIRED)
-    target_include_directories(ixwebsocket PUBLIC ${MBEDTLS_INCLUDE_DIRS})
-    target_link_libraries(ixwebsocket ${MBEDTLS_LIBRARIES})
-  endif()
-endif()
-
-find_package(ZLIB)
-if (ZLIB_FOUND)
-  include_directories(${ZLIB_INCLUDE_DIRS})
-  target_link_libraries(ixwebsocket ${ZLIB_LIBRARIES})
-else()
-  add_subdirectory(third_party/zlib)
-  include_directories(third_party/zlib ${CMAKE_CURRENT_BINARY_DIR}/third_party/zlib)
-  target_link_libraries(ixwebsocket zlibstatic)
-endif()
 
 set( IXWEBSOCKET_INCLUDE_DIRS
-    .
+    ${CMAKE_CURRENT_SOURCE_DIR}
 )
 
 if (CMAKE_CXX_COMPILER_ID MATCHES "MSVC")
@@ -201,24 +238,38 @@ if (CMAKE_CXX_COMPILER_ID MATCHES "MSVC")
     target_compile_options(ixwebsocket PRIVATE /MP)
 endif()
 
-target_include_directories(ixwebsocket PUBLIC ${IXWEBSOCKET_INCLUDE_DIRS})
+target_include_directories(ixwebsocket PUBLIC
+  $<BUILD_INTERFACE:${IXWEBSOCKET_INCLUDE_DIRS}/>
+  $<INSTALL_INTERFACE:include/ixwebsocket>
+)
 
 set_target_properties(ixwebsocket PROPERTIES PUBLIC_HEADER "${IXWEBSOCKET_HEADERS}")
 
 install(TARGETS ixwebsocket
-        ARCHIVE DESTINATION ${CMAKE_INSTALL_PREFIX}/lib
-        PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_PREFIX}/include/ixwebsocket/
+        EXPORT ixwebsocket
+        ARCHIVE DESTINATION lib
+        PUBLIC_HEADER DESTINATION include/ixwebsocket/
 )
 
+install(EXPORT ixwebsocket
+        FILE ixwebsocket-config.cmake
+        NAMESPACE ixwebsocket::
+        DESTINATION lib/cmake/ixwebsocket)
+
 if (USE_WS OR USE_TEST)
-  add_subdirectory(ixcore)
-  add_subdirectory(ixcrypto)
-  add_subdirectory(ixcobra)
+  include(FetchContent)
+  FetchContent_Declare(spdlog
+      GIT_REPOSITORY "https://github.com/gabime/spdlog"
+      GIT_TAG "v1.8.0"
+      GIT_SHALLOW 1) 
+
+  FetchContent_MakeAvailable(spdlog)
 
   if (USE_WS)
-      add_subdirectory(ws)
+    add_subdirectory(ws)
   endif()
   if (USE_TEST)
-      add_subdirectory(test)
+    enable_testing()
+    add_subdirectory(test)
   endif()
 endif()

DOCKER_VERSION

@@ -1 +0,0 @@
-6.2.1

README.md

@@ -1,13 +1,128 @@
 ## Hello world
 
-![Alt text](https://travis-ci.org/machinezone/IXWebSocket.svg?branch=master)
-
 IXWebSocket is a C++ library for WebSocket client and server development. It has minimal dependencies (no boost), is very simple to use and support everything you'll likely need for websocket dev (SSL, deflate compression, compiles on most platforms, etc...). HTTP client and server code is also available, but it hasn't received as much testing.
 
-It is been used on big mobile video game titles sending and receiving tons of messages since 2017 (iOS and Android).
+It is been used on big mobile video game titles sending and receiving tons of messages since 2017 (iOS and Android). It was tested on macOS, iOS, Linux, Android, Windows and FreeBSD. Note that the MinGW compiler is not supported at this point. Two important design goals are simplicity and correctness.
 
-Interested ? Go read the [docs](https://machinezone.github.io/IXWebSocket/) ! If things don't work as expected, please create an issue in github, or even better a pull request if you know how to fix your problem.
+A bad security bug affecting users compiling with SSL enabled and OpenSSL as the backend was just fixed in newly released version 11.0.0. Please upgrade ! (more details in the [https://github.com/machinezone/IXWebSocket/pull/250](PR).
 
-IXWebSocket is actively being developed, check out the [changelog](CHANGELOG.md) to know what's cooking. If you are looking for a real time messaging service (the chat-like 'server' your websocket code will talk to) with many features such as history, backed by Redis, look at [cobra](https://github.com/machinezone/cobra).
+```cpp
+/*
+ *  main.cpp
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2020 Machine Zone, Inc. All rights reserved.
+ *
+ *  Super simple standalone example. See ws folder, unittest and doc/usage.md for more.
+ *
+ *  On macOS
+ *  $ mkdir -p build ; cd build ; cmake -DUSE_TLS=1 .. ; make -j ; make install
+ *  $ clang++ --std=c++14 --stdlib=libc++ main.cpp -lixwebsocket -lz -framework Security -framework Foundation
+ *  $ ./a.out
+ */
+
+#include <ixwebsocket/IXNetSystem.h>
+#include <ixwebsocket/IXWebSocket.h>
+#include <iostream>
+
+int main()
+{
+    // Required on Windows
+    ix::initNetSystem();
+
+    // Our websocket object
+    ix::WebSocket webSocket;
+
+    std::string url("wss://echo.websocket.org");
+    webSocket.setUrl(url);
+
+    std::cout << "Connecting to " << url << "..." << std::endl;
+
+    // Setup a callback to be fired (in a background thread, watch out for race conditions !)
+    // when a message or an event (open, close, error) is received
+    webSocket.setOnMessageCallback([](const ix::WebSocketMessagePtr& msg)
+        {
+            if (msg->type == ix::WebSocketMessageType::Message)
+            {
+                std::cout << "received message: " << msg->str << std::endl;
+            }
+            else if (msg->type == ix::WebSocketMessageType::Open)
+            {
+                std::cout << "Connection established" << std::endl;
+            }
+        }
+    );
+
+    // Now that our callback is setup, we can start our background thread and receive messages
+    webSocket.start();
+
+    // Send a message to the server (default to TEXT mode)
+    webSocket.send("hello world");
+
+    while (true)
+    {
+        std::string text;
+        std::cout << "> " << std::flush;
+        std::getline(std::cin, text);
+
+        webSocket.send(text);
+    }
+
+    return 0;
+}
+```
+
+Interested? Go read the [docs](https://machinezone.github.io/IXWebSocket/)! If things don't work as expected, please create an issue on GitHub, or even better a pull request if you know how to fix your problem.
+
+IXWebSocket is actively being developed, check out the [changelog](https://machinezone.github.io/IXWebSocket/CHANGELOG/) to know what's cooking. If you are looking for a real time messaging service (the chat-like 'server' your websocket code will talk to) with many features such as history, backed by Redis, look at [cobra](https://github.com/machinezone/cobra).
+
+IXWebSocket client code is autobahn compliant beginning with the 6.0.0 version. See the current [test results](https://bsergean.github.io/autobahn/reports/clients/index.html). Some tests are still failing in the server code.
+
+## Users
+
+If your company or project is using this library, feel free to open an issue or PR to amend this list.
+
+- [Machine Zone](https://www.mz.com)
+- [Tokio](https://gitlab.com/HCInk/tokio), a discord library focused on audio playback with node bindings.
+- [libDiscordBot](https://github.com/tostc/libDiscordBot/tree/master), an easy to use Discord-bot framework.
+- [gwebsocket](https://github.com/norrbotten/gwebsocket), a websocket (lua) module for Garry's Mod
+- [DisCPP](https://github.com/DisCPP/DisCPP), a simple but feature rich Discord API wrapper
+- [discord.cpp](https://github.com/luccanunes/discord.cpp), a discord library for making bots
+
+## Alternative libraries
+
+There are plenty of great websocket libraries out there, which might work for you. Here are a couple of serious ones.
+
+* [websocketpp](https://github.com/zaphoyd/websocketpp) - C++
+* [beast](https://github.com/boostorg/beast) - C++
+* [libwebsockets](https://libwebsockets.org/) - C
+* [µWebSockets](https://github.com/uNetworking/uWebSockets) - C
+
+[uvweb](https://github.com/bsergean/uvweb) is a library written by the IXWebSocket author which is built on top of [uvw](https://github.com/skypjack/uvw), which is a C++ wrapper for [libuv](https://libuv.org/). It has more dependencies and does not support SSL at this point, but it can be used to open multiple connections within a single OS thread thanks to libuv.
+
+To check the performance of a websocket library, you can look at the [autoroute](https://github.com/bsergean/autoroute) project.
+
+## Continuous Integration
+
+| OS                | TLS               | Sanitizer         | Status            |
+|-------------------|-------------------|-------------------|-------------------|
+| Linux             | OpenSSL           | None              | [![Build2][1]][0] |
+| macOS             | Secure Transport  | Thread Sanitizer  | [![Build2][2]][0] |
+| macOS             | OpenSSL           | Thread Sanitizer  | [![Build2][3]][0] |
+| macOS             | MbedTLS           | Thread Sanitizer  | [![Build2][4]][0] |
+| Windows           | Disabled          | None              | [![Build2][5]][0] |
+| UWP               | Disabled          | None              | [![Build2][6]][0] |
+| Linux             | OpenSSL           | Address Sanitizer | [![Build2][7]][0] |
+
+* ASAN fails on Linux because of a known problem, we need a 
+* Some tests are disabled on Windows/UWP because of a pathing problem
+* TLS and ZLIB are disabled on Windows/UWP because enabling make the CI run takes a lot of time, for setting up vcpkg.
+
+[0]: https://github.com/machinezone/IXWebSocket
+[1]: https://github.com/machinezone/IXWebSocket/workflows/linux/badge.svg
+[2]: https://github.com/machinezone/IXWebSocket/workflows/mac_tsan_sectransport/badge.svg
+[3]: https://github.com/machinezone/IXWebSocket/workflows/mac_tsan_openssl/badge.svg
+[4]: https://github.com/machinezone/IXWebSocket/workflows/mac_tsan_mbedtls/badge.svg
+[5]: https://github.com/machinezone/IXWebSocket/workflows/windows/badge.svg
+[6]: https://github.com/machinezone/IXWebSocket/workflows/uwp/badge.svg
+[7]: https://github.com/machinezone/IXWebSocket/workflows/linux_asan/badge.svg
 
-IXWebSocket client code is autobahn compliant beginning with the 6.0.0 version. See the current [test results](https://bsergean.github.io/IXWebSocket/autobahn/index.html). Some tests are still failing in the server code.

SECURITY.md

@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 7.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Users should send an email to bsergean@gmail.com to report a vulnerability.

docker-compose.yml

@@ -1,43 +1,11 @@
-version: "3"
+version: "3.3"
 services:
-  snake:
-    image: bsergean/ws:build
-    entrypoint: ws snake --port 8765 --host 0.0.0.0 --redis_hosts redis1
-    ports:
-      - "8765:8765"
-    networks:
-      - ws-net
+  push:
+    entrypoint: ws push_server --host 0.0.0.0
+    image: ${DOCKER_REPO}/ws:build
+
+  autoroute:
+    entrypoint: ws autoroute ws://push:8008
+    image: ${DOCKER_REPO}/ws:build
     depends_on:
-      - redis1
-
-  ws:
-    security_opt:
-    - seccomp:unconfined
-    cap_add:
-    - SYS_PTRACE
-    stdin_open: true
-    tty: true
-    image: bsergean/ws:build
-    entrypoint: bash
-    networks:
-      - ws-net
-    depends_on:
-      - redis1
-
-  redis1:
-    image: redis:alpine
-    networks:
-      - ws-net
-
-  statsd:
-    image: jaconel/statsd
-    ports:
-      - "8125:8125"
-    environment:
-      - STATSD_DUMP_MSG=true
-      - GRAPHITE_HOST=127.0.0.1
-    networks:
-      - ws-net
-
-networks:
-  ws-net:
+      - push

docker/Dockerfile.alpine

@@ -1,12 +1,13 @@
-FROM alpine as build
+FROM alpine:3.12 as build
 
-RUN apk add --no-cache gcc g++ musl-dev linux-headers cmake openssl-dev 
-RUN apk add --no-cache make
-RUN apk add --no-cache zlib-dev
+RUN apk add --no-cache \
+    gcc g++ musl-dev linux-headers \
+    cmake mbedtls-dev make zlib-dev python3-dev ninja git
 
-RUN addgroup -S app && adduser -S -G app app 
-RUN chown -R app:app /opt
-RUN chown -R app:app /usr/local
+RUN addgroup -S app && \
+    adduser -S -G app app && \
+    chown -R app:app /opt && \
+    chown -R app:app /usr/local
 
 # There is a bug in CMake where we cannot build from the root top folder
 # So we build from /opt
@@ -14,20 +15,25 @@ COPY --chown=app:app . /opt
 WORKDIR /opt
 
 USER app
-RUN [ "make" ]
+RUN make -f makefile.dev ws_mbedtls_install && \
+    sh tools/trim_repo_for_docker.sh
 
-FROM alpine as runtime
+FROM alpine:3.12 as runtime
 
-RUN apk add --no-cache libstdc++
+RUN apk add --no-cache libstdc++ mbedtls ca-certificates python3 strace && \
+    addgroup -S app && \
+    adduser -S -G app app
 
-RUN addgroup -S app && adduser -S -G app app 
 COPY --chown=app:app --from=build /usr/local/bin/ws /usr/local/bin/ws
-RUN chmod +x /usr/local/bin/ws
-RUN ldd /usr/local/bin/ws
+
+# COPY --chown=app:app --from=build /opt /opt
+
+RUN chmod +x /usr/local/bin/ws && \
+    ldd /usr/local/bin/ws
 
 # Now run in usermode
 USER app
 WORKDIR /home/app
 
 ENTRYPOINT ["ws"]
-CMD ["--help"]
+EXPOSE 8008

docker/Dockerfile.centos

@@ -0,0 +1,41 @@
+FROM centos:8 as build
+
+RUN yum install -y gcc-c++ make cmake zlib-devel openssl-devel redhat-rpm-config
+
+RUN yum install -y epel-release
+RUN yum install -y mbedtls-devel
+
+RUN groupadd app && useradd -g app app
+RUN chown -R app:app /opt
+RUN chown -R app:app /usr/local
+
+# There is a bug in CMake where we cannot build from the root top folder
+# So we build from /opt
+COPY --chown=app:app . /opt
+WORKDIR /opt
+
+USER app
+RUN [ "make", "ws_mbedtls_install" ]
+RUN [ "rm", "-rf", "build" ]
+
+FROM centos:8 as runtime
+
+RUN yum install -y gdb strace
+
+RUN yum install -y epel-release
+RUN yum install -y mbedtls
+
+RUN groupadd app && useradd -g app app
+COPY --chown=app:app --from=build /usr/local/bin/ws /usr/local/bin/ws
+RUN chmod +x /usr/local/bin/ws
+RUN ldd /usr/local/bin/ws
+
+# Copy source code for gcc
+COPY --chown=app:app --from=build /opt /opt
+
+# Now run in usermode
+USER app
+WORKDIR /home/app
+
+ENTRYPOINT ["ws"]
+EXPOSE 8008

docker/Dockerfile.centos7

@@ -0,0 +1,26 @@
+FROM centos:7 as build
+
+RUN yum install -y gcc-c++ make zlib-devel openssl-devel redhat-rpm-config
+
+RUN groupadd app && useradd -g app app
+RUN chown -R app:app /opt
+RUN chown -R app:app /usr/local
+
+WORKDIR /tmp
+RUN curl -O https://cmake.org/files/v3.14/cmake-3.14.0-Linux-x86_64.tar.gz
+RUN tar zxvf cmake-3.14.0-Linux-x86_64.tar.gz
+RUN cp -rf cmake-3.14.0-Linux-x86_64/* /usr/
+
+RUN yum install -y git
+
+# There is a bug in CMake where we cannot build from the root top folder
+# So we build from /opt
+COPY --chown=app:app . /opt
+WORKDIR /opt
+
+USER app
+RUN [ "make", "ws_no_python" ]
+RUN [ "rm", "-rf", "build" ]
+
+ENTRYPOINT ["ws"]
+CMD ["--help"]

docker/Dockerfile.debian

@@ -2,14 +2,14 @@
 FROM debian:buster as build
 
 ENV DEBIAN_FRONTEND noninteractive
-RUN apt-get update 
-RUN apt-get -y install wget 
+RUN apt-get update
+RUN apt-get -y install wget
 RUN mkdir -p /tmp/cmake
 WORKDIR /tmp/cmake
-RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz 
+RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz
 RUN tar zxf cmake-3.14.0-Linux-x86_64.tar.gz
 
-RUN apt-get -y install g++ 
+RUN apt-get -y install g++
 RUN apt-get -y install libssl-dev
 RUN apt-get -y install libz-dev
 RUN apt-get -y install make
@@ -25,9 +25,9 @@ RUN ["make"]
 FROM debian:buster as runtime
 
 ENV DEBIAN_FRONTEND noninteractive
-RUN apt-get update 
-# Runtime 
-RUN apt-get install -y libssl1.1 
+RUN apt-get update
+# Runtime
+RUN apt-get install -y libssl1.1
 RUN apt-get install -y ca-certificates
 RUN ["update-ca-certificates"]
 

docker/Dockerfile.fedora

@@ -8,7 +8,7 @@ RUN yum install -y openssl-devel
 RUN yum install -y wget
 RUN mkdir -p /tmp/cmake
 WORKDIR /tmp/cmake
-RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz 
+RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz
 RUN tar zxf cmake-3.14.0-Linux-x86_64.tar.gz
 
 ARG CMAKE_BIN_PATH=/tmp/cmake/cmake-3.14.0-Linux-x86_64/bin
@@ -27,7 +27,7 @@ FROM fedora:30 as runtime
 
 RUN yum install -y libtsan
 
-RUN groupadd app && useradd -g app app 
+RUN groupadd app && useradd -g app app
 COPY --chown=app:app --from=build /usr/local/bin/ws /usr/local/bin/ws
 RUN chmod +x /usr/local/bin/ws
 RUN ldd /usr/local/bin/ws

docker/Dockerfile.ubuntu_bionic

@@ -2,14 +2,14 @@
 FROM ubuntu:bionic as build
 
 ENV DEBIAN_FRONTEND noninteractive
-RUN apt-get update 
-RUN apt-get -y install wget 
+RUN apt-get update
+RUN apt-get -y install wget
 RUN mkdir -p /tmp/cmake
 WORKDIR /tmp/cmake
-RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz 
+RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz
 RUN tar zxf cmake-3.14.0-Linux-x86_64.tar.gz
 
-RUN apt-get -y install g++ 
+RUN apt-get -y install g++
 RUN apt-get -y install libssl-dev
 RUN apt-get -y install libz-dev
 RUN apt-get -y install make

docker/Dockerfile.ubuntu_disco

@@ -2,14 +2,14 @@
 FROM ubuntu:disco as build
 
 ENV DEBIAN_FRONTEND noninteractive
-RUN apt-get update 
-RUN apt-get -y install wget 
+RUN apt-get update
+RUN apt-get -y install wget
 RUN mkdir -p /tmp/cmake
 WORKDIR /tmp/cmake
-RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz 
+RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz
 RUN tar zxf cmake-3.14.0-Linux-x86_64.tar.gz
 
-RUN apt-get -y install g++ 
+RUN apt-get -y install g++
 RUN apt-get -y install libssl-dev
 RUN apt-get -y install libz-dev
 RUN apt-get -y install make
@@ -20,4 +20,5 @@ COPY . .
 ARG CMAKE_BIN_PATH=/tmp/cmake/cmake-3.14.0-Linux-x86_64/bin
 ENV PATH="${CMAKE_BIN_PATH}:${PATH}"
 
-RUN ["make", "test"]
+# RUN ["make", "test"]
+CMD ["sh"]

docker/Dockerfile.ubuntu_groovy

@@ -0,0 +1,23 @@
+# Build time
+FROM ubuntu:groovy as build
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update
+
+RUN apt-get -y install g++ libssl-dev libz-dev make python ninja-build
+RUN apt-get -y install cmake
+RUN apt-get -y install gdb
+
+COPY . /opt
+WORKDIR /opt
+
+#
+# To use the container interactively for debugging/building
+# 1. Build with
+#    CMD ["ls"]
+# 2. Run with
+#    docker run --entrypoint sh -it docker-game-eng-dev.addsrv.com/ws:9.10.6 
+#
+
+RUN ["make", "test"]
+# CMD ["ls"]

docker/Dockerfile.ubuntu_precise

@@ -0,0 +1,27 @@
+# Build time
+FROM ubuntu:precise as build
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update
+RUN apt-get -y install wget
+RUN mkdir -p /tmp/cmake
+WORKDIR /tmp/cmake
+RUN wget --no-check-certificate https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz
+RUN tar zxf cmake-3.14.0-Linux-x86_64.tar.gz
+
+RUN apt-get -y install g++
+RUN apt-get -y install libssl-dev
+RUN apt-get -y install libz-dev
+RUN apt-get -y install make
+RUN apt-get -y install python
+RUN apt-get -y install git
+
+COPY . .
+
+ARG CMAKE_BIN_PATH=/tmp/cmake/cmake-3.14.0-Linux-x86_64/bin
+ENV PATH="${CMAKE_BIN_PATH}:${PATH}"
+
+RUN ["make", "ws_no_python"]
+
+ENTRYPOINT ["ws"]
+CMD ["--help"]

docker/Dockerfile.ubuntu_trusty

@@ -0,0 +1,22 @@
+# Build time
+FROM ubuntu:trusty as build
+
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update
+RUN apt-get -y install wget
+RUN mkdir -p /tmp/cmake
+WORKDIR /tmp/cmake
+RUN wget --no-check-certificate https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz
+RUN tar zxf cmake-3.14.0-Linux-x86_64.tar.gz
+
+RUN apt-get -y install g++ libssl-dev libz-dev make python git
+
+COPY . .
+
+ARG CMAKE_BIN_PATH=/tmp/cmake/cmake-3.14.0-Linux-x86_64/bin
+ENV PATH="${CMAKE_BIN_PATH}:${PATH}"
+
+RUN ["make", "ws_no_python"]
+
+ENTRYPOINT ["ws"]
+CMD ["--help"]

docker/Dockerfile.ubuntu_xenial

@@ -2,14 +2,14 @@
 FROM ubuntu:xenial as build
 
 ENV DEBIAN_FRONTEND noninteractive
-RUN apt-get update 
-RUN apt-get -y install wget 
+RUN apt-get update
+RUN apt-get -y install wget
 RUN mkdir -p /tmp/cmake
 WORKDIR /tmp/cmake
-RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz 
+RUN wget https://github.com/Kitware/CMake/releases/download/v3.14.0/cmake-3.14.0-Linux-x86_64.tar.gz
 RUN tar zxf cmake-3.14.0-Linux-x86_64.tar.gz
 
-RUN apt-get -y install g++ 
+RUN apt-get -y install g++
 RUN apt-get -y install libssl-dev
 RUN apt-get -y install libz-dev
 RUN apt-get -y install make

docs/CHANGELOG.md

@@ -1,5 +1,978 @@
 # Changelog
-All notable changes to this project will be documented in this file.
+
+All changes to this project will be documented in this file.
+
+## [11.0.8] - 2020-12-25
+
+(ws) trim ws dependencies no more ixcrypto and ixcore deps
+
+## [11.0.7] - 2020-12-25
+
+(ws) trim ws dependencies, only depends on ixcrypto and ixcore
+
+## [11.0.6] - 2020-12-22
+
+(build) rename makefile to makefile.dev to ease cmake BuildExternal (fix #261)
+
+## [11.0.5] - 2020-12-17
+
+(ws) Implement simple header based websocket authorization technique to reject
+client which do not supply a certain header ("Authorization") with a special
+value (see doc).
+
+## [11.0.4] - 2020-11-16
+
+(ixwebsocket) Handle EINTR return code in ix::poll and IXSelectInterrupt
+
+## [11.0.3] - 2020-11-16
+
+(ixwebsocket) Fix #252 / regression in 11.0.2 with string comparisons
+
+## [11.0.2] - 2020-11-15
+
+(ixwebsocket) use a C++11 compatible make_unique shim
+
+## [11.0.1] - 2020-11-11
+
+(socket) replace a std::vector with an std::array used as a tmp buffer in Socket::readBytes
+
+## [11.0.0] - 2020-11-11
+
+(openssl security fix) in the client to server connection, peer verification is not done in all cases. See https://github.com/machinezone/IXWebSocket/pull/250
+
+## [10.5.7] - 2020-11-07
+
+(docker) build docker container with zlib disabled
+
+## [10.5.6] - 2020-11-07
+
+(cmake) DEFLATE -> Deflate in CMake to stop warnings about casing
+
+## [10.5.5] - 2020-11-07
+
+(ws autoroute) Display result in compliant way (AUTOROUTE IXWebSocket :: N ms) so that result can be parsed easily
+
+## [10.5.4] - 2020-10-30
+
+(ws gunzip + IXGZipCodec) Can decompress gziped data with libdeflate. ws gunzip computed output filename was incorrect (was the extension aka gz) instead of the file without the extension. Also check whether the output file is writeable.
+
+## [10.5.3] - 2020-10-19
+
+(http code) With zlib disabled, some code should not be reached
+
+## [10.5.2] - 2020-10-12
+
+(ws curl) Add support for --data-binary option, to set the request body. When present the request will be sent with the POST verb
+
+## [10.5.1] - 2020-10-09
+
+(http client + server + ws) Add support for compressing http client requests with gzip. --compress_request argument is used in ws to enable this. The Content-Encoding is set to gzip, and decoded on the server side if present.
+
+## [10.5.0] - 2020-09-30
+
+(http client + server + ws) Add support for uploading files with ws -F foo=@filename, new -D http server option to debug incoming client requests, internal api changed for http POST, PUT and PATCH to supply an HttpFormDataParameters
+
+## [10.4.9] - 2020-09-30
+
+(http server + utility code) Add support for doing gzip compression with libdeflate library, if available
+
+## [10.4.8] - 2020-09-30
+
+(cmake) Stop using FetchContent cmake module to retrieve jsoncpp third party dependency
+
+## [10.4.7] - 2020-09-28
+
+(ws) add gzip and gunzip ws sub commands
+
+## [10.4.6] - 2020-09-26
+
+(cmake) use FetchContent cmake module to retrieve jsoncpp third party dependency
+
+## [10.4.5] - 2020-09-26
+
+(cmake) use FetchContent cmake module to retrieve spdlog third party dependency
+
+## [10.4.4] - 2020-09-22
+
+(cobra connection) retrieve cobra server connection id from the cobra handshake message and display it in ws clients, metrics publisher and bots
+
+## [10.4.3] - 2020-09-22
+
+(cobra 2 cobra) specify as an HTTP header which channel we will republish to
+
+## [10.4.2] - 2020-09-18
+
+(cobra bots) change an error log to a warning log when reconnecting because no messages were received for a minute
+
+## [10.4.1] - 2020-09-18
+
+(cobra connection and bots) set an HTTP header when connecting to help with debugging bots
+
+## [10.4.0] - 2020-09-12
+
+(http server) read body request when the Content-Length is specified + set timeout to read the request to 30 seconds max by default, and make it configurable as a constructor parameter
+
+## [10.3.5] - 2020-09-09
+
+(ws) autoroute command exit on its own once all messages have been received
+
+## [10.3.4] - 2020-09-04
+
+(docker) ws docker file installs strace
+
+## [10.3.3] - 2020-09-02
+
+(ws) echo_client command renamed to autoroute. Command exit once the server close the connection. push_server commands exit once N messages have been sent.
+
+## [10.3.2] - 2020-08-31
+
+(ws + cobra bots) add a cobra_to_cobra ws subcommand to subscribe to a channel and republish received events to a different channel
+
+## [10.3.1] - 2020-08-28
+
+(socket servers) merge the ConnectionInfo class with the ConnectionState one, which simplify all the server apis
+
+## [10.3.0] - 2020-08-26
+
+(ws) set the main thread name, to help with debugging in XCode, gdb, lldb etc...
+
+## [10.2.9] - 2020-08-19
+
+(ws) cobra to python bot / take a module python name as argument foo.bar.baz instead of a path foo/bar/baz.py
+
+## [10.2.8] - 2020-08-19
+
+(ws) on Linux with mbedtls, when the system ca certs are specified (the default) pick up sensible OS supplied paths (tested with CentOS and Alpine)
+
+## [10.2.7] - 2020-08-18
+
+(ws push_server) on the server side, stop sending and close the connection when the remote end has disconnected
+
+## [10.2.6] - 2020-08-17
+
+(ixwebsocket) replace std::unique_ptr<unsigned char[]> with std::array for some fixed arrays (which are in C++11)
+
+## [10.2.5] - 2020-08-15
+
+(ws) merge all ws_*.cpp files into a single one to speedup compilation
+
+## [10.2.4] - 2020-08-15
+
+(socket server) in the loop accepting connections, call select without a timeout on unix to avoid busy looping, and only wake up when a new connection happens
+
+## [10.2.3] - 2020-08-15
+
+(socket server) instead of busy looping with a sleep, only wake up the GC thread when a new thread will have to be joined, (we know that thanks to the ConnectionState OnSetTerminated callback
+
+## [10.2.2] - 2020-08-15
+
+(socket server) add a callback to the ConnectionState to be invoked when the connection is terminated. This will be used by the SocketServer in the future to know on time that the associated connection thread can be terminated.
+
+## [10.2.1] - 2020-08-15
+
+(socket server) do not create a select interrupt object everytime when polling for notifications while waiting for new connections, instead use a persistent one which is a member variable
+
+## [10.2.0] - 2020-08-14
+
+(ixwebsocket client) handle HTTP redirects
+
+## [10.2.0] - 2020-08-13
+
+(ws) upgrade to latest version of nlohmann json (3.9.1 from 3.2.0)
+
+## [10.1.9] - 2020-08-13
+
+(websocket proxy server) add ability to map different hosts to different websocket servers, using a json config file
+
+## [10.1.8] - 2020-08-12
+
+(ws) on macOS, with OpenSSL or MbedTLS, use /etc/ssl/cert.pem as the system certs
+
+## [10.1.7] - 2020-08-11
+
+(ws) -q option imply info log level, not warning log level
+
+## [10.1.6] - 2020-08-06
+
+(websocket server) Handle programmer error when the server callback is not registered properly (fix #227)
+
+## [10.1.5] - 2020-08-02
+
+(ws) Add a new ws sub-command, push_server. This command runs a server which sends many messages in a loop to a websocket client. We can receive above 200,000 messages per second (cf #235).
+
+## [10.1.4] - 2020-08-02
+
+(ws) Add a new ws sub-command, echo_client. This command sends a message to an echo server, and send back to a server whatever message it does receive. When connecting to a local ws echo_server, on my MacBook Pro 2015 I can send/receive around 30,000 messages per second. (cf #235)
+
+## [10.1.3] - 2020-08-02
+
+(ws) ws echo_server. Add a -q option to only enable warning and error log levels. This is useful for bench-marking so that we do not print a lot of things on the console. (cf #235)
+
+## [10.1.2] - 2020-07-31
+
+(build) make using zlib optional, with the caveat that some http and websocket features are not available when zlib is absent
+
+## [10.1.1] - 2020-07-29
+
+(websocket client) onProgressCallback not called for short messages on a websocket (fix #233)
+
+## [10.1.0] - 2020-07-29
+
+(websocket client) heartbeat is not sent at the requested frequency (fix #232)
+
+## [10.0.3] - 2020-07-28
+
+compiler warning fixes
+
+## [10.0.2] - 2020-07-28
+
+(ixcobra) CobraConnection: unsubscribe from all subscriptions when disconnecting
+
+## [10.0.1] - 2020-07-27
+
+(socket utility) move ix::getFreePort to ixwebsocket library
+
+## [10.0.0] - 2020-07-25
+
+(ixwebsocket server) change legacy api with 2 nested callbacks, so that the first api takes a weak_ptr<WebSocket> as its first argument
+
+## [9.10.7] - 2020-07-25
+
+(ixwebsocket) add WebSocketProxyServer, from ws. Still need to make the interface better.
+
+## [9.10.6] - 2020-07-24
+
+(ws) port broadcast_server sub-command to the new server API
+
+## [9.10.5] - 2020-07-24
+
+(unittest) port most unittests to the new server API
+
+## [9.10.3] - 2020-07-24
+
+(ws) port ws transfer to the new server API
+
+## [9.10.2] - 2020-07-24
+
+(websocket client) reset WebSocketTransport onClose callback in the WebSocket destructor
+
+## [9.10.1] - 2020-07-24
+
+(websocket server) reset client websocket callback when the connection is closed
+
+## [9.10.0] - 2020-07-23
+
+(websocket server) add a new simpler API to handle client connections / that API does not trigger a memory leak while the previous one did
+
+## [9.9.3] - 2020-07-17
+
+(build) merge platform specific files which were used to have different implementations for setting a thread name into a single file, to make it easier to include every source files and build the ixwebsocket library (fix #226)
+
+## [9.9.2] - 2020-07-10
+
+(socket server) bump default max connection count from 32 to 128
+
+## [9.9.1] - 2020-07-10
+
+(snake) implement super simple stream sql expression support in snake server
+
+## [9.9.0] - 2020-07-08
+
+(socket+websocket+http+redis+snake servers) expose the remote ip and remote port when a new connection is made
+
+## [9.8.6] - 2020-07-06
+
+(cmake) change the way zlib and openssl are searched
+
+## [9.8.5] - 2020-07-06
+
+(cobra python bots) remove the test which stop the bot when events do not follow cobra metrics system schema with an id and a device entry
+
+## [9.8.4] - 2020-06-26
+
+(cobra bots) remove bots which is not required now that we can use Python extensions
+
+## [9.8.3] - 2020-06-25
+
+(cmake) new python code is optional and enabled at cmake time with -DUSE_PYTHON=1
+
+## [9.8.2] - 2020-06-24
+
+(cobra bots) new cobra metrics bot to send data to statsd using Python for processing the message
+
+## [9.8.1] - 2020-06-19
+
+(cobra metrics to statsd bot) fps slow frame info : do not include os name
+
+## [9.8.0] - 2020-06-19
+
+(cobra metrics to statsd bot) send info about memory warnings
+
+## [9.7.9] - 2020-06-18
+
+(http client) fix deadlock when following redirects
+
+## [9.7.8] - 2020-06-18
+
+(cobra metrics to statsd bot) send info about net requests
+
+## [9.7.7] - 2020-06-17
+
+(cobra client and bots) add batch_size subscription option for retrieving multiple messages at once
+
+## [9.7.6] - 2020-06-15
+
+(websocket) WebSocketServer is not a final class, so that users can extend it (fix #215)
+
+## [9.7.5] - 2020-06-15
+
+(cobra bots) minor aesthetic change, in how we display http headers with a : then space as key value separator instead of :: with no space
+
+## [9.7.4] - 2020-06-11
+
+(cobra metrics to statsd bot) change from a statsd type of gauge to a timing one
+
+## [9.7.3] - 2020-06-11
+
+(redis cobra bots) capture most used devices in a zset
+
+## [9.7.2] - 2020-06-11
+
+(ws) add bare bone redis-cli like sub-command, with command line editing powered by libnoise
+
+## [9.7.1] - 2020-06-11
+
+(redis cobra bots) ws cobra metrics to redis / hostname invalid parsing
+
+## [9.7.0] - 2020-06-11
+
+(redis cobra bots) xadd with maxlen + fix bug in xadd client implementation and ws cobra metrics to redis command argument parsing
+
+## [9.6.9] - 2020-06-10
+
+(redis cobra bots) update the cobra to redis bot to use the bot framework, and change it to report fps metrics into redis streams.
+
+## [9.6.6] - 2020-06-04
+
+(statsd cobra bots) statsd improvement: prefix does not need a dot as a suffix, message size can be larger than 256 bytes, error handling was invalid, use core logger for logging instead of std::cerr
+
+## [9.6.5] - 2020-05-29
+
+(http server) support gzip compression
+
+## [9.6.4] - 2020-05-20
+
+(compiler fix) support clang 5 and earlier (contributed by @LunarWatcher)
+
+## [9.6.3] - 2020-05-18
+
+(cmake) revert CMake changes to fix #203 and be able to use an external OpenSSL
+
+## [9.6.2] - 2020-05-17
+
+(cmake) make install cmake files optional to not conflict with vcpkg
+
+## [9.6.1] - 2020-05-17
+
+(windows + tls) mbedtls is the default windows tls backend + add ability to load system certificates with mbdetls on windows
+
+## [9.6.0] - 2020-05-12
+
+(ixbots) add options to limit how many messages per minute should be processed
+
+## [9.5.9] - 2020-05-12
+
+(ixbots) add new class to configure a bot to simplify passing options around
+
+## [9.5.8] - 2020-05-08
+
+(openssl tls) (openssl < 1.1) logic inversion - crypto locking callback are not registered properly
+
+## [9.5.7] - 2020-05-08
+
+(cmake) default TLS back to mbedtls on Windows Universal Platform
+
+## [9.5.6] - 2020-05-06
+
+(cobra bots) add a --heartbeat_timeout option to specify when the bot should terminate because no events are received
+
+## [9.5.5] - 2020-05-06
+
+(openssl tls) when OpenSSL is older than 1.1, register the crypto locking callback to be thread safe. Should fix lots of CI failures
+
+## [9.5.4] - 2020-05-04
+
+(cobra bots) do not use a queue to store messages pending processing, let the bot handle queuing
+
+## [9.5.3] - 2020-04-29
+
+(http client) better current request cancellation support when the HttpClient destructor is invoked (see #189)
+
+## [9.5.2] - 2020-04-27
+
+(cmake) fix cmake broken tls option parsing
+
+## [9.5.1] - 2020-04-27
+
+(http client) Set default values for most HttpRequestArgs struct members (fix #185)
+
+## [9.5.0] - 2020-04-25
+
+(ssl) Default to OpenSSL on Windows, since it can load the system certificates by default
+
+## [9.4.1] - 2020-04-25
+
+(header) Add a space between header name and header value since most http parsers expects it, although it it not required. Cf #184 and #155
+
+## [9.4.0] - 2020-04-24
+
+(ssl) Add support for supplying SSL CA from memory, for OpenSSL and MbedTLS backends
+
+## [9.3.3] - 2020-04-17
+
+(ixbots) display sent/receive message, per seconds as accumulated
+
+## [9.3.2] - 2020-04-17
+
+(ws) add a --logfile option to configure all logs to go to a file
+
+## [9.3.1] - 2020-04-16
+
+(cobra bots) add a utility class to factor out the common bots features (heartbeat) and move all bots to used it + convert cobra_subscribe to be a bot and add a unittest for it
+
+## [9.3.0] - 2020-04-15
+
+(websocket) add a positive number to the heartbeat message sent, incremented each time the heartbeat is sent
+
+## [9.2.9] - 2020-04-15
+
+(ixcobra) change cobra event callback to use a struct instead of several objects, which is more flexible/extensible
+
+## [9.2.8] - 2020-04-15
+
+(ixcobra) make CobraConnection_EventType an enum class (CobraEventType)
+
+## [9.2.7] - 2020-04-14
+
+(ixsentry) add a library method to upload a payload directly to sentry
+
+## [9.2.6] - 2020-04-14
+
+(ixcobra) snake server / handle invalid incoming json messages + cobra subscriber in fluentd mode insert a created_at timestamp entry
+
+## [9.2.5] - 2020-04-13
+
+(websocket) WebSocketMessagePtr is a unique_ptr instead of a shared_ptr
+
+## [9.2.4] - 2020-04-13
+
+(websocket) use persistent member variable as temp variables to encode/decode zlib messages in order to reduce transient allocations
+
+## [9.2.3] - 2020-04-13
+
+(ws) add a --runtime option to ws cobra_subscribe to optionally limit how much time it will run
+
+## [9.2.2] - 2020-04-04
+
+(third_party deps) fix #177, update bundled spdlog to 1.6.0
+
+## [9.2.1] - 2020-04-04
+
+(windows) when using OpenSSL, the system store is used to populate the cacert. No need to ship a cacert.pem file with your app.
+
+## [9.2.0] - 2020-04-04
+
+(windows) ci: windows build with TLS (mbedtls) + verify that we can be build with OpenSSL
+
+## [9.1.9] - 2020-03-30
+
+(cobra to statsd bot) add ability to extract a numerical value and send a timer event to statsd, with the --timer option
+
+## [9.1.8] - 2020-03-29
+
+(cobra to statsd bot) bot init was missing + capture socket error
+
+## [9.1.7] - 2020-03-29
+
+(cobra to statsd bot) add ability to extract a numerical value and send a gauge event to statsd, with the --gauge option
+
+## [9.1.6] - 2020-03-29
+
+(ws cobra subscriber) use a Json::StreamWriter to write to std::cout, and save one std::string allocation for each message printed
+
+## [9.1.5] - 2020-03-29
+
+(docker) trim down docker image (300M -> 12M) / binary built without symbol and size optimization, and source code not copied over
+
+## [9.1.4] - 2020-03-28
+
+(jsoncpp) update bundled copy to version 1.9.3 (at sha 3beb37ea14aec1bdce1a6d542dc464d00f4a6cec)
+
+## [9.1.3] - 2020-03-27
+
+(docker) alpine docker build with release with debug info, and bundle ca-certificates
+
+## [9.1.2] - 2020-03-26
+
+(mac ssl) rename DarwinSSL -> SecureTransport (see this too -> https://github.com/curl/curl/issues/3733)
+
+## [9.1.1] - 2020-03-26
+
+(websocket) fix data race accessing _socket object without mutex protection when calling wakeUpFromPoll in WebSocketTransport.cpp
+
+## [9.1.0] - 2020-03-26
+
+(ixcobra) add explicit event types for handshake, authentication and subscription failure, and handle those by exiting in ws_cobra_subcribe and friends
+
+## [9.0.3] - 2020-03-24
+
+(ws connect) display statistics about how much time it takes to stop the connection
+
+## [9.0.2] - 2020-03-24
+
+(socket) works with unique_ptr<Socket> instead of shared_ptr<Socket> in many places
+
+## [9.0.1] - 2020-03-24
+
+(socket) selectInterrupt member is an unique_ptr instead of being a shared_ptr
+
+## [9.0.0] - 2020-03-23
+
+(websocket) reset per-message deflate codec everytime we connect to a server/client
+
+## [8.3.4] - 2020-03-23
+
+(websocket) fix #167, a long standing issue with sending empty messages with per-message deflate extension (and hopefully other zlib bug)
+
+## [8.3.3] - 2020-03-22
+
+(cobra to statsd) port to windows and add a unittest
+
+## [8.3.2] - 2020-03-20
+
+(websocket+tls) fix hang in tls handshake which could lead to ANR, discovered through unittesting.
+
+## [8.3.1] - 2020-03-20
+
+(cobra) CobraMetricsPublisher can be configure with an ix::CobraConfig + more unittest use SSL in server + client
+
+## [8.3.0] - 2020-03-18
+
+(websocket) Simplify ping/pong based heartbeat implementation
+
+## [8.2.7] - 2020-03-17
+
+(ws) ws connect gains a new option to set the interval at which to send pings
+(ws) ws echo_server gains a new option (-p) to disable responding to pings with pongs
+
+```
+IXWebSocket$ ws connect --ping_interval 2 wss://echo.websocket.org
+Type Ctrl-D to exit prompt...
+Connecting to url: wss://echo.websocket.org
+> ws_connect: connected
+[2020-03-17 23:53:02.726] [info] Uri: /
+[2020-03-17 23:53:02.726] [info] Headers:
+[2020-03-17 23:53:02.727] [info] Connection: Upgrade
+[2020-03-17 23:53:02.727] [info] Date: Wed, 18 Mar 2020 06:45:05 GMT
+[2020-03-17 23:53:02.727] [info] Sec-WebSocket-Accept: 0gtqbxW0aVL/QI/ICpLFnRaiKgA=
+[2020-03-17 23:53:02.727] [info] sec-websocket-extensions:
+[2020-03-17 23:53:02.727] [info] Server: Kaazing Gateway
+[2020-03-17 23:53:02.727] [info] Upgrade: websocket
+[2020-03-17 23:53:04.894] [info] Received pong
+[2020-03-17 23:53:06.859] [info] Received pong
+[2020-03-17 23:53:08.881] [info] Received pong
+[2020-03-17 23:53:10.848] [info] Received pong
+[2020-03-17 23:53:12.898] [info] Received pong
+[2020-03-17 23:53:14.865] [info] Received pong
+[2020-03-17 23:53:16.890] [info] Received pong
+[2020-03-17 23:53:18.853] [info] Received pong
+
+[2020-03-17 23:53:19.388] [info]
+ws_connect: connection closed: code 1000 reason Normal closure
+
+[2020-03-17 23:53:19.502] [info] Received 208 bytes
+[2020-03-17 23:53:19.502] [info] Sent 0 bytes
+```
+
+## [8.2.6] - 2020-03-16
+
+(cobra to sentry bot + docker) default docker file uses mbedtls + ws cobra_to_sentry pass tls options to sentryClient.
+
+## [8.2.5] - 2020-03-13
+
+(cobra client) ws cobra subscribe resubscribe at latest position after being disconnected
+
+## [8.2.4] - 2020-03-13
+
+(cobra client) can subscribe with a position
+
+## [8.2.3] - 2020-03-13
+
+(cobra client) pass the message position to the subscription data callback
+
+## [8.2.2] - 2020-03-12
+
+(openssl tls backend) Fix a hand in OpenSSL when using TLS v1.3 ... by disabling TLS v1.3
+
+## [8.2.1] - 2020-03-11
+
+(cobra) IXCobraConfig struct has tlsOptions and per message deflate options
+
+## [8.2.0] - 2020-03-11
+
+(cobra) add IXCobraConfig struct to pass cobra config around
+
+## [8.1.9] - 2020-03-09
+
+(ws cobra_subscribe) add a --fluentd option to wrap a message in an enveloppe so that fluentd can recognize it
+
+## [8.1.8] - 2020-03-02
+
+(websocket server) fix regression with disabling zlib extension on the server side. If a client does not support this extension the server will handle it fine. We still need to figure out how to disable the option.
+
+## [8.1.7] - 2020-02-26
+
+(websocket) traffic tracker received bytes is message size while it should be wire size
+
+## [8.1.6] - 2020-02-26
+
+(ws_connect) display sent/received bytes statistics on exit
+
+## [8.1.5] - 2020-02-23
+
+(server) give thread name to some usual worker threads / unittest is broken !!
+
+## [8.1.4] - 2020-02-22
+
+(websocket server) fix regression from 8.1.2, where per-deflate message compression was always disabled
+
+## [8.1.3] - 2020-02-21
+
+(client + server) Fix #155 / http header parser should treat the space(s) after the : delimiter as optional. Fixing this bug made us discover that websocket sub-protocols are not properly serialiazed, but start with a ,
+
+## [8.1.2] - 2020-02-18
+
+(WebSocketServer) add option to disable deflate compression, exposed with the -x option to ws echo_server
+
+## [8.1.1] - 2020-02-18
+
+(ws cobra to statsd and sentry sender) exit if no messages are received for one minute, which is a sign that something goes wrong on the server side. That should be changed to be configurable in the future
+
+## [8.1.0] - 2020-02-13
+
+(http client + sentry minidump upload) Multipart stream closing boundary is invalid + mark some options as mandatory in the command line tools
+
+## [8.0.7] - 2020-02-12
+
+(build) remove the unused subtree which was causing some way of installing to break
+
+## [8.0.6] - 2020-01-31
+
+(snake) add an option to disable answering pongs as response to pings, to test cobra client behavior with hanged connections
+
+## [8.0.5] - 2020-01-31
+
+(IXCobraConnection) set a ping timeout of 90 seconds. If no pong messages are received as responses to ping for a while, give up and close the connection
+
+## [8.0.4] - 2020-01-31
+
+(cobra to sentry) remove noisy logging
+
+## [8.0.3] - 2020-01-30
+
+(ixcobra) check if we are authenticated in publishNext before trying to publish a message
+
+## [8.0.2] - 2020-01-28
+
+Extract severity level when emitting messages to sentry
+
+## [8.0.1] - 2020-01-28
+
+Fix bug #151 - If a socket connection is interrupted, calling stop() on the IXWebSocket object blocks until the next retry
+
+## [8.0.0] - 2020-01-26
+
+(SocketServer) add ability to bind on an ipv6 address
+
+## [7.9.6] - 2020-01-22
+
+(ws) add a dnslookup sub-command, to get the ip address of a remote host
+
+## [7.9.5] - 2020-01-14
+
+(windows) fix #144, get rid of stubbed/un-implemented windows schannel ssl backend
+
+## [7.9.4] - 2020-01-12
+
+(openssl + mbedssl) fix #140, can send large files with ws send over ssl / still broken with apple ssl
+
+## [7.9.3] - 2020-01-10
+
+(apple ssl) model write method after the OpenSSL one for consistency
+
+## [7.9.2] - 2020-01-06
+
+(apple ssl) unify read and write ssl utility code
+
+## [7.9.1] - 2020-01-06
+
+(websocket client) better error propagation when errors are detected while sending data
+(ws send) detect failures to send big files, terminate in those cases and report error
+
+## [7.9.0] - 2020-01-04
+
+(ws send) add option (-x) to disable per message deflate compression
+
+## [7.8.9] - 2020-01-04
+
+(ws send + receive) handle all message types (ping + pong + fragment) / investigate #140
+
+## [7.8.8] - 2019-12-28
+
+(mbedtls) fix related to private key file parsing and initialization
+
+## [7.8.6] - 2019-12-28
+
+(ws cobra to sentry/statsd) fix for handling null events properly for empty queues + use queue to send data to statsd
+
+## [7.8.5] - 2019-12-28
+
+(ws cobra to sentry) handle null events for empty queues
+
+## [7.8.4] - 2019-12-27
+
+(ws cobra to sentry) game is picked in a fair manner, so that all games get the same share of sent events
+
+## [7.8.3] - 2019-12-27
+
+(ws cobra to sentry) refactor queue related code into a class
+
+## [7.8.2] - 2019-12-25
+
+(ws cobra to sentry) bound the queue size used to hold up cobra messages before they are sent to sentry. Default queue size is a 100 messages. Without such limit the program runs out of memory when a subscriber receive a lot of messages that cannot make it to sentry
+
+## [7.8.1] - 2019-12-25
+
+(ws client) use correct compilation defines so that spdlog is not used as a header only library (reduce binary size and increase compilation speed)
+
+## [7.8.0] - 2019-12-24
+
+(ws client) all commands use spdlog instead of std::cerr or std::cout for logging
+
+## [7.6.5] - 2019-12-24
+
+(cobra client) send a websocket ping every 30s to keep the connection opened
+
+## [7.6.4] - 2019-12-22
+
+(client) error handling, quote url in error case when failing to parse one
+(ws) ws_cobra_publish: register callbacks before connecting
+(doc) mention mbedtls in supported ssl server backend
+
+## [7.6.3] - 2019-12-20
+
+(tls) add a simple description of the TLS configuration routine for debugging
+
+## [7.6.2] - 2019-12-20
+
+(mbedtls) correct support for using own certificate and private key
+
+## [7.6.1] - 2019-12-20
+
+(ws commands) in websocket proxy, disable automatic reconnections + in Dockerfile, use alpine 3.11
+
+## [7.6.0] - 2019-12-19
+
+(cobra) Add TLS options to all cobra commands and classes. Add example to the doc.
+
+## [7.5.8] - 2019-12-18
+
+(cobra-to-sentry) capture application version from device field
+
+## [7.5.7] - 2019-12-18
+
+(tls) Experimental TLS server support with mbedtls (windows) + process cert tlsoption (client + server)
+
+## [7.5.6] - 2019-12-18
+
+(tls servers) Make it clear that apple ssl and mbedtls backends do not support SSL in server mode
+
+## [7.5.5] - 2019-12-17
+
+(tls options client) TLSOptions struct _validated member should be initialized to false
+
+## [7.5.4] - 2019-12-16
+
+(websocket client) improve the error message when connecting to a non websocket server
+
+Before:
+
+```
+Connection error: Got bad status connecting to example.com:443, status: 200, HTTP Status line: HTTP/1.1 200 OK
+```
+
+After:
+
+```
+Connection error: Expecting status 101 (Switching Protocol), got 200 status connecting to example.com:443, HTTP Status line: HTTP/1.1 200 OK
+```
+
+## [7.5.3] - 2019-12-12
+
+(server) attempt at fixing #131 by using blocking writes in server mode
+
+## [7.5.2] - 2019-12-11
+
+(ws) cobra to sentry - created events with sentry tags based on tags present in the cobra messages
+
+## [7.5.1] - 2019-12-06
+
+(mac) convert SSL errors to utf8
+
+## [7.5.0] - 2019-12-05
+
+- (ws) cobra to sentry. Handle Error 429 Too Many Requests and politely wait before sending more data to sentry.
+
+In the example below sentry we are sending data too fast, sentry asks us to slow down which we do. Notice how the sent count stop increasing, while we are waiting for 41 seconds.
+
+```
+[2019-12-05 15:50:33.759] [info] messages received 2449 sent 3
+[2019-12-05 15:50:34.759] [info] messages received 5533 sent 7
+[2019-12-05 15:50:35.759] [info] messages received 8612 sent 11
+[2019-12-05 15:50:36.759] [info] messages received 11562 sent 15
+[2019-12-05 15:50:37.759] [info] messages received 14410 sent 19
+[2019-12-05 15:50:38.759] [info] messages received 17236 sent 23
+[2019-12-05 15:50:39.282] [error] Error sending data to sentry: 429
+[2019-12-05 15:50:39.282] [error] Body: {"exception":[{"stacktrace":{"frames":[{"filename":"WorldScene.lua","function":"WorldScene.lua:1935","lineno":1958},{"filename":"WorldScene.lua","function":"onUpdate_WorldCam","lineno":1921},{"filename":"WorldMapTile.lua","function":"__index","lineno":239}]},"value":"noisytypes: Attempt to call nil(nil,2224139838)!"}],"platform":"python","sdk":{"name":"ws","version":"1.0.0"},"tags":[["game","niso"],["userid","107638363"],["environment","live"]],"timestamp":"2019-12-05T23:50:39Z"}
+
+[2019-12-05 15:50:39.282] [error] Response: {"error_name":"rate_limit","error":"Creation of this event was denied due to rate limiting"}
+[2019-12-05 15:50:39.282] [warning] Error 429 - Too Many Requests. ws will sleep and retry after 41 seconds
+[2019-12-05 15:50:39.760] [info] messages received 18839 sent 25
+[2019-12-05 15:50:40.760] [info] messages received 18839 sent 25
+[2019-12-05 15:50:41.760] [info] messages received 18839 sent 25
+[2019-12-05 15:50:42.761] [info] messages received 18839 sent 25
+[2019-12-05 15:50:43.762] [info] messages received 18839 sent 25
+[2019-12-05 15:50:44.763] [info] messages received 18839 sent 25
+[2019-12-05 15:50:45.768] [info] messages received 18839 sent 25
+```
+
+## [7.4.5] - 2019-12-03
+
+- (ws) #125 / fix build problem when jsoncpp is not installed locally
+
+## [7.4.4] - 2019-12-03
+
+- (ws) #125 / cmake detects an already installed jsoncpp and will try to use this one if present
+
+## [7.4.3] - 2019-12-03
+
+- (http client) use std::unordered_map instead of std::map for HttpParameters and HttpFormDataParameters class aliases
+
+## [7.4.2] - 2019-12-02
+
+- (client) internal IXDNSLookup class requires a valid cancellation request function callback to be passed in
+
+## [7.4.1] - 2019-12-02
+
+- (client) fix an overflow in the exponential back off code
+
+## [7.4.0] - 2019-11-25
+
+- (http client) Add support for multipart HTTP POST upload
+- (ixsentry) Add support for uploading a minidump to sentry
+
+## [7.3.5] - 2019-11-20
+
+- On Darwin SSL, add ability to skip peer verification.
+
+## [7.3.4] - 2019-11-20
+
+- 32-bits compile fix, courtesy of @fcojavmc
+
+## [7.3.1] - 2019-11-16
+
+- ws proxy_server / remote server close not forwarded to the client
+
+## [7.3.0] - 2019-11-15
+
+- New ws command: `ws proxy_server`.
+
+## [7.2.2] - 2019-11-01
+
+- Tag a release + minor reformating.
+
+## [7.2.1] - 2019-10-26
+
+- Add unittest to IXSentryClient to lua backtrace parsing code
+
+## [7.2.0] - 2019-10-24
+
+- Add cobra_metrics_to_redis sub-command to create streams for each cobra metric event being received.
+
+## [7.1.0] - 2019-10-13
+
+- Add client support for websocket subprotocol. Look for the new addSubProtocol method for details.
+
+## [7.0.0] - 2019-10-01
+
+- TLS support in server code, only implemented for the OpenSSL SSL backend for now.
+
+## [6.3.4] - 2019-09-30
+
+- all ws subcommands propagate tls options to servers (unimplemented) or ws or http client (implemented) (contributed by Matt DeBoer)
+
+## [6.3.3] - 2019-09-30
+
+- ws has a --version option
+
+## [6.3.2] - 2019-09-29
+
+- (http + websocket clients) can specify cacert and some other tls options (not implemented on all backend). This makes it so that server certs can finally be validated on windows.
+
+## [6.3.1] - 2019-09-29
+
+- Add ability to use OpenSSL on apple platforms.
+
+## [6.3.0] - 2019-09-28
+
+- ixcobra / fix crash in CobraConnection::publishNext when the queue is empty + handle CobraConnection_PublishMode_Batch in CobraMetricsThreadedPublisher
+
+## [6.2.9] - 2019-09-27
+
+- mbedtls fixes / the unittest now pass on macOS, and hopefully will on Windows/AppVeyor as well.
+
+## [6.2.8] - 2019-09-26
+
+- Http server: add options to ws https to redirect all requests to a given url. POST requests will get a 200 and an empty response.
+
+```
+ws httpd -L --redirect_url https://www.google.com
+```
+
+## [6.2.7] - 2019-09-25
+
+- Stop having ws send subcommand send a binary message in text mode, which would cause error in `make ws_test` shell script test.
+
+## [6.2.6] - 2019-09-24
+
+- Fix 2 race conditions detected with TSan, one in CobraMetricsPublisher::push and another one in WebSocketTransport::sendData (that one was bad).
+
+## [6.2.5] - 2019-09-23
+
+- Add simple Redis Server which is only capable of doing publish / subscribe. New ws redis_server sub-command to use it. The server is used in the unittest, so that we can run on CI in environment where redis isn not available like github actions env.
+
+## [6.2.4] - 2019-09-22
+
+- Add options to configure TLS ; contributed by Matt DeBoer. Only implemented for OpenSSL TLS backend for now.
+
+## [6.2.3] - 2019-09-21
+
+- Fix crash in the Linux unittest in the HTTP client code, in Socket::readBytes
+- Cobra Metrics Publisher code returns the message id of the message that got published, to be used to validated that it got sent properly when receiving an ack.
+
+## [6.2.2] - 2019-09-19
+
+- In DNS lookup code, make sure the weak pointer we use lives through the expected scope (if branch)
 
 ## [6.2.1] - 2019-09-17
 

docs/build.md

@@ -17,11 +17,25 @@ There is a unittest which can be executed by typing `make test`.
 
 Options for building:
 
+* `-DUSE_ZLIB=1` will enable zlib support, required for http client + server + websocket per message deflate extension
 * `-DUSE_TLS=1` will enable TLS support
-* `-DUSE_MBED_TLS=1` will use [mbedlts](https://tls.mbed.org/) for the TLS support (default on Windows)
+* `-DUSE_OPEN_SSL=1` will use [openssl](https://www.openssl.org/) for the TLS support (default on Linux and Windows)
+* `-DUSE_MBED_TLS=1` will use [mbedlts](https://tls.mbed.org/) for the TLS support
 * `-DUSE_WS=1` will build the ws interactive command line tool
+* `-DUSE_TEST=1` will build the unittest
+* `-DUSE_PYTHON=1` will use Python3 for cobra bots, require Python3 to be installed.
 
-If you are on Windows, look at the [appveyor](https://github.com/machinezone/IXWebSocket/blob/master/appveyor.yml) file that has instructions for building dependencies.
+If you are on Windows, look at the [appveyor](https://github.com/machinezone/IXWebSocket/blob/master/appveyor.yml) file (not maintained much though) or rather the [github actions](https://github.com/machinezone/IXWebSocket/blob/master/.github/workflows/unittest_windows.yml) which have instructions for building dependencies.
+
+It is also possible to externally include the project, so that everything is fetched over the wire when you build like so:
+
+```
+    ExternalProject_Add(
+        IXWebSocket
+        GIT_REPOSITORY https://github.com/machinezone/IXWebSocket.git
+        ...
+    )
+```
 
 ### vcpkg
 
@@ -30,21 +44,39 @@ It is possible to get IXWebSocket through Microsoft [vcpkg](https://github.com/m
 ```
 vcpkg install ixwebsocket
 ```
+To use the installed package within a cmake project, use the following:
+```cmake
+ set(CMAKE_TOOLCHAIN_FILE "$ENV{VCPKG_ROOT}/scripts/buildsystems/vcpkg.cmake" CACHE STRING "") # this is super important in order for cmake to include the vcpkg search/lib paths!
+
+ # find library and its headers
+ find_path(IXWEBSOCKET_INCLUDE_DIR ixwebsocket/IXWebSocket.h)
+ find_library(IXWEBSOCKET_LIBRARY ixwebsocket)
+ # include headers
+ include_directories(${IXWEBSOCKET_INCLUDE_DIR})
+ # ...
+ target_link_libraries(${PROJECT_NAME} ... ${IXWEBSOCKET_LIBRARY}) # Cmake will automatically fail the generation if the lib was not found, i.e is set to NOTFOUNS
+
+```
 
 ### Conan
 
-Support for building with conan was contributed by Olivia Zoe (thanks !). The package name to reference is `IXWebSocket/5.0.0@LunarWatcher/stable`. The package is in the process to be published to the official conan package repo, but in the meantime, it can be accessed by adding a new remote
+[ ![Download](https://api.bintray.com/packages/conan/conan-center/ixwebsocket%3A_/images/download.svg) ](https://bintray.com/conan/conan-center/ixwebsocket%3A_/_latestVersion)
 
-```
-conan remote add remote_name_here https://api.bintray.com/conan/oliviazoe0/conan-packages
-```
+Conan is currently supported through a recipe in [Conan Center](https://github.com/conan-io/conan-center-index/tree/master/recipes/ixwebsocket) ([Bintray entry](https://bintray.com/conan/conan-center/ixwebsocket%3A_)).
+
+Package reference
+
+* Conan 1.21.0 and up: `ixwebsocket/7.9.2`
+* Earlier versions: `ixwebsocket/7.9.2@_/_`
+
+Note that the version listed here might not be the latest one. See Bintray or the recipe itself for the latest version. If you're migrating from the previous, custom Bintray remote, note that the package reference _has_ to be lower-case.
 
 ### Docker
 
 There is a Dockerfile for running the unittest on Linux, and to run the `ws` tool. It is also available on the docker registry.
 
 ```
-docker run bsergean/ws
+docker run docker.pkg.github.com/machinezone/ixwebsocket/ws:latest --help
 ```
 
 To use docker-compose you must make a docker container first.

docs/design.md

@@ -6,7 +6,9 @@ The per message deflate compression option is supported. It can lead to very nic
 
 ### TLS/SSL
 
-Connections can be optionally secured and encrypted with TLS/SSL when using a wss:// endpoint, or using normal un-encrypted socket with ws:// endpoints. AppleSSL is used on iOS and macOS, OpenSSL is used on Android and Linux, mbedTLS is used on Windows.
+Connections can be optionally secured and encrypted with TLS/SSL when using a wss:// endpoint, or using normal un-encrypted socket with ws:// endpoints. AppleSSL is used on iOS and macOS, OpenSSL and mbedTLS can be used on Android, Linux and Windows.
+
+If you are using OpenSSL, try to be on a version higher than 1.1.x as there there are thread safety problems with 1.0.x.
 
 ### Polling and background thread work
 
@@ -24,14 +26,19 @@ Large frames are broken up into smaller chunks or messages to avoid filling up t
 
 The library has an interactive tool which is handy for testing compatibility ith other libraries. We have tested our client against Python, Erlang, Node.js, and C++ websocket server libraries.
 
-The unittest tries to be comprehensive, and has been running on multiple platoform, with different sanitizers such as thread sanitizer to catch data races or the undefined behavior sanitizer.
+The unittest tries to be comprehensive, and has been running on multiple platforms, with different sanitizers such as a thread sanitizer to catch data races or the undefined behavior sanitizer.
 
-The regression test is running after each commit on travis.
+The regression test is running after each commit on github actions for multiple configurations.
+
+* Linux
+* macOS with thread sanitizer
+* macOS, with OpenSSL, with thread sanitizer
+* macOS, with MbedTLS, with thread sanitizer
+* Windows, with MbedTLS (the unittest is not run yet)
 
 ## Limitations
 
-* On Windows TLS is not setup yet to validate certificates.
-* There is no convenient way to embed a ca cert.
+* On some configuration (mostly Android) certificate validation needs to be setup so that SocketTLSOptions.caFile point to a pem file, such as the one distributed by Firefox. Unless that setup is done connecting to a wss endpoint will display an error. With mbedtls the message will contain `error in handshake : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed`.
 * Automatic reconnection works at the TCP socket level, and will detect remote end disconnects. However, if the device/computer network become unreachable (by turning off wifi), it is quite hard to reliably and timely detect it at the socket level using `recv` and `send` error codes. [Here](https://stackoverflow.com/questions/14782143/linux-socket-how-to-detect-disconnected-network-in-a-client-program) is a good discussion on the subject. This behavior is consistent with other runtimes such as node.js. One way to detect a disconnected device with low level C code is to do a name resolution with DNS but this can be expensive. Mobile devices have good and reliable API to do that.
 * The server code is using select to detect incoming data, and creates one OS thread per connection. This is not as scalable as strategies using epoll or kqueue.
 
@@ -73,5 +80,3 @@ Here is a simplistic diagram which explains how the code is structured in term o
 |                       |
 +-----------------------+
 ```
-
-

docs/index.md

@@ -1,5 +1,3 @@
-![Alt text](https://travis-ci.org/machinezone/IXWebSocket.svg?branch=master)
-
 ## Introduction
 
 [*WebSocket*](https://en.wikipedia.org/wiki/WebSocket) is a computer communications protocol, providing full-duplex and bi-directionnal communication channels over a single TCP connection. *IXWebSocket* is a C++ library for client and server Websocket communication, and for client and server HTTP communication. *TLS* aka *SSL* is supported. The code is derived from [easywsclient](https://github.com/dhbaird/easywsclient) and from the [Satori C SDK](https://github.com/satori-com/satori-rtm-sdk-c). It has been tested on the following platforms.
@@ -9,14 +7,15 @@
 * Linux
 * Android
 * Windows
+* FreeBSD
 
 ## Example code
 
-```
-# Required on Windows
+```c++
+// Required on Windows
 ix::initNetSystem();
 
-# Our websocket object
+// Our websocket object
 ix::WebSocket webSocket;
 
 std::string url("ws://localhost:8080/");
@@ -39,8 +38,27 @@ webSocket.start();
 webSocket.send("hello world");
 ```
 
-## Why another library ?
+## Why another library?
 
 There are 2 main reasons that explain why IXWebSocket got written. First, we needed a C++ cross-platform client library, which should have few dependencies. What looked like the most solid one, [websocketpp](https://github.com/zaphoyd/websocketpp) did depend on boost and this was not an option for us. Secondly, there were other available libraries with fewer dependencies (C ones), but they required calling an explicit poll routine periodically to know if a client had received data from a server, which was not elegant.
 
-We started by solving those 2 problems, then we added server websocket code, then an HTTP client, and finally a very simple HTTP server.
+We started by solving those 2 problems, then we added server websocket code, then an HTTP client, and finally a very simple HTTP server. IXWebSocket comes with a command line utility named ws which is quite handy, and is now packaged with alpine linux. You can install it with `apk add ws`.
+
+* Few dependencies (only zlib)
+* Simple to use ; uses std::string and std::function callbacks.
+* Complete support of the websocket protocol, and basic http support.
+* Client and Server
+* TLS support
+
+## Alternative libraries
+
+There are plenty of great websocket libraries out there, which might work for you. Here are a couple of serious ones.
+
+* [websocketpp](https://github.com/zaphoyd/websocketpp) - C++
+* [beast](https://github.com/boostorg/beast) - C++
+* [libwebsockets](https://libwebsockets.org/) - C
+* [µWebSockets](https://github.com/uNetworking/uWebSockets) - C
+
+## Contributing
+
+IXWebSocket is developed on [GitHub](https://github.com/machinezone/IXWebSocket). We'd love to hear about how you use it; opening up an issue on GitHub is ok for that. If things don't work as expected, please create an issue on GitHub, or even better a pull request if you know how to fix your problem.

docs/packages.md

@@ -0,0 +1,94 @@
+Notes on how we can update the different packages for ixwebsocket.
+
+## VCPKG
+
+Visit the [releases](https://github.com/machinezone/IXWebSocket/releases) page on Github. A tag must have been made first.
+
+Download the latest entry.
+
+```
+$ cd /tmp
+/tmp$ curl -s -O -L https://github.com/machinezone/IXWebSocket/archive/v9.1.9.tar.gz
+/tmp$
+/tmp$ openssl sha512 v9.1.9.tar.gz
+SHA512(v9.1.9.tar.gz)= f1fd731b5f6a9ce6d6d10bee22a5d9d9baaa8ea0564d6c4cd7eb91dcb88a45c49b2c7fdb75f8640a3589c1b30cee33ef5df8dcbb55920d013394d1e33ddd3c8e
+```
+
+Now go punch those values in the vcpkg ixwebsocket port config files. Here is what the diff look like.
+
+```
+vcpkg$ git diff
+diff --git a/ports/ixwebsocket/CONTROL b/ports/ixwebsocket/CONTROL
+index db9c2adc9..4acae5c3f 100644
+--- a/ports/ixwebsocket/CONTROL
++++ b/ports/ixwebsocket/CONTROL
+@@ -1,5 +1,5 @@
+ Source: ixwebsocket
+-Version: 8.0.5
++Version: 9.1.9
+ Build-Depends: zlib
+ Homepage: https://github.com/machinezone/IXWebSocket
+ Description: Lightweight WebSocket Client and Server + HTTP Client and Server
+diff --git a/ports/ixwebsocket/portfile.cmake b/ports/ixwebsocket/portfile.cmake
+index de082aece..68e523a05 100644
+--- a/ports/ixwebsocket/portfile.cmake
++++ b/ports/ixwebsocket/portfile.cmake
+@@ -1,8 +1,8 @@
+ vcpkg_from_github(
+     OUT_SOURCE_PATH SOURCE_PATH
+     REPO machinezone/IXWebSocket
+-    REF v8.0.5
+-    SHA512 9dcc20d9a0629b92c62a68a8bd7c8206f18dbd9e93289b0b687ec13c478ce9ad1f3563b38c399c8277b0d3812cc78ca725786ba1dedbc3445b9bdb9b689e8add
++    REF v9.1.9
++    SHA512 f1fd731b5f6a9ce6d6d10bee22a5d9d9baaa8ea0564d6c4cd7eb91dcb88a45c49b2c7fdb75f8640a3589c1b30cee33ef5df8dcbb55920d013394d1e33ddd3c8e
+ )
+```
+
+You will need a fork of the vcpkg repo to make a pull request.
+
+```
+git fetch upstream
+git co master
+git reset --hard upstream/master
+git push origin master --force
+```
+
+Make the pull request (I use a new branch to do that).
+
+```
+vcpkg$ git co -b feature/ixwebsocket_9.1.9
+M	ports/ixwebsocket/CONTROL
+M	ports/ixwebsocket/portfile.cmake
+Switched to a new branch 'feature/ixwebsocket_9.1.9'
+vcpkg$
+vcpkg$
+vcpkg$ git commit -am 'ixwebsocket: update to 9.1.9'
+[feature/ixwebsocket_9.1.9 8587a4881] ixwebsocket: update to 9.1.9
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+vcpkg$
+vcpkg$ git push
+fatal: The current branch feature/ixwebsocket_9.1.9 has no upstream branch.
+To push the current branch and set the remote as upstream, use
+
+    git push --set-upstream origin feature/ixwebsocket_9.1.9
+
+vcpkg$ git push --set-upstream origin feature/ixwebsocket_9.1.9
+
+Enumerating objects: 11, done.
+Counting objects: 100% (11/11), done.
+Delta compression using up to 8 threads
+Compressing objects: 100% (6/6), done.
+Writing objects: 100% (6/6), 621 bytes | 621.00 KiB/s, done.
+Total 6 (delta 4), reused 0 (delta 0)
+remote: Resolving deltas: 100% (4/4), completed with 4 local objects.
+remote:
+remote: Create a pull request for 'feature/ixwebsocket_9.1.9' on GitHub by visiting:
+remote:      https://github.com/bsergean/vcpkg/pull/new/feature/ixwebsocket_9.1.9
+remote:
+To https://github.com/bsergean/vcpkg.git
+ * [new branch]          feature/ixwebsocket_9.1.9 -> feature/ixwebsocket_9.1.9
+Branch 'feature/ixwebsocket_9.1.9' set up to track remote branch 'feature/ixwebsocket_9.1.9' from 'origin' by rebasing.
+vcpkg$
+```
+
+Just visit this url, https://github.com/bsergean/vcpkg/pull/new/feature/ixwebsocket_9.1.9, printed on the console, to make the pull request.

docs/performance.md

@@ -0,0 +1,37 @@
+
+## WebSocket Client performance
+
+We will run a client and a server on the same machine, connecting to localhost. This bench is run on a MacBook Pro from 2015. We can receive over 200,000 (small) messages per second, another way to put it is that it takes 5 micro-second to receive and process one message. This is an indication about the minimal latency to receive messages.
+
+### Receiving messages
+
+By using the push_server ws sub-command, the server will send the same message in a loop to any connected client.
+
+```
+ws push_server -q --send_msg 'yo'
+```
+
+By using the echo_client ws sub-command, with the -m (mute or no_send), we will display statistics on how many messages we can receive per second.
+
+```
+$ ws echo_client -m ws://localhost:8008
+[2020-08-02 12:31:17.284] [info] ws_echo_client: connected
+[2020-08-02 12:31:17.284] [info] Uri: /
+[2020-08-02 12:31:17.284] [info] Headers:
+[2020-08-02 12:31:17.284] [info] Connection: Upgrade
+[2020-08-02 12:31:17.284] [info] Sec-WebSocket-Accept: byy/pMK2d0PtRwExaaiOnXJTQHo=
+[2020-08-02 12:31:17.284] [info] Server: ixwebsocket/10.1.4 macos ssl/SecureTransport zlib 1.2.11
+[2020-08-02 12:31:17.284] [info] Upgrade: websocket
+[2020-08-02 12:31:17.663] [info] messages received: 0 per second 2595307 total
+[2020-08-02 12:31:18.668] [info] messages received: 79679 per second 2674986 total
+[2020-08-02 12:31:19.668] [info] messages received: 207438 per second 2882424 total
+[2020-08-02 12:31:20.673] [info] messages received: 209207 per second 3091631 total
+[2020-08-02 12:31:21.676] [info] messages received: 216056 per second 3307687 total
+[2020-08-02 12:31:22.680] [info] messages received: 214927 per second 3522614 total
+[2020-08-02 12:31:23.684] [info] messages received: 216960 per second 3739574 total
+[2020-08-02 12:31:24.688] [info] messages received: 215232 per second 3954806 total
+[2020-08-02 12:31:25.691] [info] messages received: 212300 per second 4167106 total
+[2020-08-02 12:31:26.694] [info] messages received: 212501 per second 4379607 total
+[2020-08-02 12:31:27.699] [info] messages received: 212330 per second 4591937 total
+[2020-08-02 12:31:28.702] [info] messages received: 216511 per second 4808448 total
+```

docs/usage.md

@@ -6,7 +6,7 @@ The [*ws*](https://github.com/machinezone/IXWebSocket/tree/master/ws) folder cou
 
 To use the network system on Windows, you need to initialize it once with *WSAStartup()* and clean it up with *WSACleanup()*. We have helpers for that which you can use, see below. This init would typically take place in your main function.
 
-```
+```cpp
 #include <ixwebsocket/IXNetSystem.h>
 
 int main()
@@ -22,12 +22,12 @@ int main()
 
 ## WebSocket client API
 
-```
+```cpp
 #include <ixwebsocket/IXWebSocket.h>
 
 ...
 
-# Our websocket object
+// Our websocket object
 ix::WebSocket webSocket;
 
 std::string url("ws://localhost:8080/");
@@ -35,7 +35,7 @@ webSocket.setUrl(url);
 
 // Optional heart beat, sent every 45 seconds when there is not any traffic
 // to make sure that load balancers do not kill an idle connection.
-webSocket.setHeartBeatPeriod(45);
+webSocket.setPingInterval(45);
 
 // Per message deflate connection is enabled by default. You can tweak its parameters or disable it
 webSocket.disablePerMessageDeflate();
@@ -67,9 +67,28 @@ webSocket.stop()
 
 ### Sending messages
 
-`websocket.send("foo")` will send a message.
+`WebSocketSendInfo result = websocket.send("foo")` will send a message.
 
-If the connection was closed and sending failed, the return value will be set to false.
+If the connection was closed, sending will fail, and the success field of the result object  will be set to false. There could also be a compression error in which case the compressError field will be set to true. The payloadSize field and wireSize fields will tell you respectively how much bytes the message weight, and how many bytes were sent on the wire (potentially compressed + counting the message header (a few bytes).
+
+There is an optional progress callback that can be passed in as the second argument. If a message is large it will be fragmented into chunks which will be sent independantly. Everytime the we can write a fragment into the OS network cache, the callback will be invoked. If a user wants to cancel a slow send, false should be returned from within the callback.
+
+Here is an example code snippet copied from the ws send sub-command. Each fragment weights 32K, so the total integer is the wireSize divided by 32K. As an example if you are sending 32M of data, uncompressed, total will be 1000. current will be set to 0 for the first fragment, then 1, 2 etc...
+
+```
+auto result =
+    _webSocket.sendBinary(serializedMsg, [this, throttle](int current, int total) -> bool {
+        spdlog::info("ws_send: Step {} out of {}", current + 1, total);
+
+        if (throttle)
+        {
+            std::chrono::duration<double, std::milli> duration(10);
+            std::this_thread::sleep_for(duration);
+        }
+
+        return _connected;
+    });
+```
 
 ### ReadyState
 
@@ -82,9 +101,9 @@ If the connection was closed and sending failed, the return value will be set to
 
 ### Open and Close notifications
 
-The onMessage event will be fired when the connection is opened or closed. This is similar to the [Javascript browser API](https://developer.mozilla.org/en-US/docs/Web/API/WebSocket), which has `open` and `close` events notification that can be registered with the browser `addEventListener`.
+The onMessage event will be fired when the connection is opened or closed. This is similar to the [JavaScript browser API](https://developer.mozilla.org/en-US/docs/Web/API/WebSocket), which has `open` and `close` events notification that can be registered with the browser `addEventListener`.
 
-```
+```cpp
 webSocket.setOnMessageCallback([](const ix::WebSocketMessagePtr& msg)
     {
         if (msg->type == ix::WebSocketMessageType::Open)
@@ -115,7 +134,7 @@ webSocket.setOnMessageCallback([](const ix::WebSocketMessagePtr& msg)
 
 A message will be fired when there is an error with the connection. The message type will be `ix::WebSocketMessageType::Error`. Multiple fields will be available on the event to describe the error.
 
-```
+```cpp
 webSocket.setOnMessageCallback([](const ix::WebSocketMessagePtr& msg)
     {
         if (msg->type == ix::WebSocketMessageType::Error)
@@ -140,7 +159,7 @@ webSocket.setOnMessageCallback([](const ix::WebSocketMessagePtr& msg)
 
 The url can be set and queried after a websocket object has been created. You will have to call `stop` and `start` if you want to disconnect and connect to that new url.
 
-```
+```cpp
 std::string url("wss://example.com");
 websocket.configure(url);
 ```
@@ -149,7 +168,7 @@ websocket.configure(url);
 
 Ping/pong messages are used to implement keep-alive. 2 message types exists to identify ping and pong messages. Note that when a ping message is received, a pong is instantly send back as requested by the WebSocket spec.
 
-```
+```cpp
 webSocket.setOnMessageCallback([](const ix::WebSocketMessagePtr& msg)
     {
         if (msg->type == ix::WebSocketMessageType::Ping ||
@@ -163,7 +182,7 @@ webSocket.setOnMessageCallback([](const ix::WebSocketMessagePtr& msg)
 
 A ping message can be sent to the server, with an optional data string.
 
-```
+```cpp
 websocket.ping("ping data, optional (empty string is ok): limited to 125 bytes long");
 ```
 
@@ -173,25 +192,40 @@ You can configure an optional heart beat / keep-alive, sent every 45 seconds
 when there is no any traffic to make sure that load balancers do not kill an
 idle connection.
 
-```
-webSocket.setHeartBeatPeriod(45);
+```cpp
+webSocket.setPingInterval(45);
 ```
 
 ### Supply extra HTTP headers.
 
 You can set extra HTTP headers to be sent during the WebSocket handshake.
 
-```
+```cpp
 WebSocketHttpHeaders headers;
 headers["foo"] = "bar";
 webSocket.setExtraHeaders(headers);
 ```
 
+### Subprotocols
+
+You can specify subprotocols to be set during the WebSocket handshake. For more info you can refer to [this doc](https://hpbn.co/websocket/#subprotocol-negotiation).
+
+```cpp
+webSocket.addSubprotocol("appProtocol-v1");
+webSocket.addSubprotocol("appProtocol-v2");
+```
+
+The protocol that the server did accept is available in the open info `protocol` field.
+
+```cpp
+std::cout << "protocol: " << msg->openInfo.protocol << std::endl;
+```
+
 ### Automatic reconnection
 
 Automatic reconnection kicks in when the connection is disconnected without the user consent. This feature is on by default and can be turned off.
 
-```
+```cpp
 webSocket.enableAutomaticReconnection();  // turn on
 webSocket.disableAutomaticReconnection(); // turn off
 bool enabled = webSocket.isAutomaticReconnectionEnabled(); // query state
@@ -224,14 +258,18 @@ Wait time(ms): 10000
 
 The waiting time is capped by default at 10s between 2 attempts, but that value can be changed and queried.
 
-```
+```cpp
 webSocket.setMaxWaitBetweenReconnectionRetries(5 * 1000); // 5000ms = 5s
 uint32_t m = webSocket.getMaxWaitBetweenReconnectionRetries();
 ```
 
 ## WebSocket server API
 
-```
+### Legacy api
+
+This api was actually changed to take a weak_ptr<WebSocket> as the first argument to setOnConnectionCallback ; previously it would take a shared_ptr<WebSocket> which was creating cycles and then memory leaks problems.
+
+```cpp
 #include <ixwebsocket/IXWebSocketServer.h>
 
 ...
@@ -241,38 +279,48 @@ uint32_t m = webSocket.getMaxWaitBetweenReconnectionRetries();
 ix::WebSocketServer server(port);
 
 server.setOnConnectionCallback(
-    [&server](std::shared_ptr<WebSocket> webSocket,
+    [&server](std::weak_ptr<WebSocket> webSocket,
               std::shared_ptr<ConnectionState> connectionState)
     {
-        webSocket->setOnMessageCallback(
-            [webSocket, connectionState, &server](const ix::WebSocketMessagePtr msg)
-            {
-                if (msg->type == ix::WebSocketMessageType::Open)
+        std::cout << "Remote ip: " << connectionState->remoteIp << std::endl;
+
+        auto ws = webSocket.lock();
+        if (ws)
+        {
+            ws->setOnMessageCallback(
+                [webSocket, connectionState, &server](const ix::WebSocketMessagePtr msg)
                 {
-                    std::cerr << "New connection" << std::endl;
-
-                    // A connection state object is available, and has a default id
-                    // You can subclass ConnectionState and pass an alternate factory
-                    // to override it. It is useful if you want to store custom
-                    // attributes per connection (authenticated bool flag, attributes, etc...)
-                    std::cerr << "id: " << connectionState->getId() << std::endl;
-
-                    // The uri the client did connect to.
-                    std::cerr << "Uri: " << msg->openInfo.uri << std::endl;
-
-                    std::cerr << "Headers:" << std::endl;
-                    for (auto it : msg->openInfo.headers)
+                    if (msg->type == ix::WebSocketMessageType::Open)
                     {
-                        std::cerr << it.first << ": " << it.second << std::endl;
+                        std::cout << "New connection" << std::endl;
+
+                        // A connection state object is available, and has a default id
+                        // You can subclass ConnectionState and pass an alternate factory
+                        // to override it. It is useful if you want to store custom
+                        // attributes per connection (authenticated bool flag, attributes, etc...)
+                        std::cout << "id: " << connectionState->getId() << std::endl;
+
+                        // The uri the client did connect to.
+                        std::cout << "Uri: " << msg->openInfo.uri << std::endl;
+
+                        std::cout << "Headers:" << std::endl;
+                        for (auto it : msg->openInfo.headers)
+                        {
+                            std::cout << it.first << ": " << it.second << std::endl;
+                        }
+                    }
+                    else if (msg->type == ix::WebSocketMessageType::Message)
+                    {
+                        // For an echo server, we just send back to the client whatever was received by the server
+                        // All connected clients are available in an std::set. See the broadcast cpp example.
+                        // Second parameter tells whether we are sending the message in binary or text mode.
+                        // Here we send it in the same mode as it was received.
+                        auto ws = webSocket.lock();
+                        if (ws)
+                        {
+                            ws->send(msg->str, msg->binary);
+                        }
                     }
-                }
-                else if (msg->type == ix::WebSocketMessageType::Message)
-                {
-                    // For an echo server, we just send back to the client whatever was received by the server
-                    // All connected clients are available in an std::set. See the broadcast cpp example.
-                    // Second parameter tells whether we are sending the message in binary or text mode.
-                    // Here we send it in the same mode as it was received.
-                    webSocket->send(msg->str, msg->binary);
                 }
             }
         );
@@ -294,9 +342,76 @@ server.wait();
 
 ```
 
-## HTTP client API
+### New api
+
+The new API does not require to use 2 nested callbacks, which is a bit annoying. The real fix is that there was a memory leak due to a shared_ptr cycle, due to passing down a shared_ptr<WebSocket> down to the callbacks.
+
+The webSocket reference is guaranteed to be always valid ; by design the callback will never be invoked with a null webSocket object.
+
+```cpp
+#include <ixwebsocket/IXWebSocketServer.h>
+
+...
+
+// Run a server on localhost at a given port.
+// Bound host name, max connections and listen backlog can also be passed in as parameters.
+ix::WebSocketServer server(port);
+
+server.setOnClientMessageCallback(std::shared_ptr<ConnectionState> connectionState,
+                                  WebSocket& webSocket,
+                                  const WebSocketMessagePtr& msg)
+{
+    // The ConnectionState object contains information about the connection,
+    // at this point only the client ip address and the port.
+    std::cout << "Remote ip: " << connectionState->getRemoteIp();
+
+    if (msg->type == ix::WebSocketMessageType::Open)
+    {
+        std::cout << "New connection" << std::endl;
+
+        // A connection state object is available, and has a default id
+        // You can subclass ConnectionState and pass an alternate factory
+        // to override it. It is useful if you want to store custom
+        // attributes per connection (authenticated bool flag, attributes, etc...)
+        std::cout << "id: " << connectionState->getId() << std::endl;
+
+        // The uri the client did connect to.
+        std::cout << "Uri: " << msg->openInfo.uri << std::endl;
+
+        std::cout << "Headers:" << std::endl;
+        for (auto it : msg->openInfo.headers)
+        {
+            std::cout << it.first << ": " << it.second << std::endl;
+        }
+    }
+    else if (msg->type == ix::WebSocketMessageType::Message)
+    {
+        // For an echo server, we just send back to the client whatever was received by the server
+        // All connected clients are available in an std::set. See the broadcast cpp example.
+        // Second parameter tells whether we are sending the message in binary or text mode.
+        // Here we send it in the same mode as it was received.
+        webSocket.send(msg->str, msg->binary);
+    }
+);
+
+auto res = server.listen();
+if (!res.first)
+{
+    // Error handling
+    return 1;
+}
+
+// Run the server in the background. Server can be stoped by calling server.stop()
+server.start();
+
+// Block until server.stop() is called.
+server.wait();
 
 ```
+
+## HTTP client API
+
+```cpp
 #include <ixwebsocket/IXHttpClient.h>
 
 ...
@@ -343,18 +458,25 @@ out = httpClient.get(url, args);
 // POST request with parameters
 HttpParameters httpParameters;
 httpParameters["foo"] = "bar";
-out = httpClient.post(url, httpParameters, args);
+
+// HTTP form data can be passed in as well, for multi-part upload of files
+HttpFormDataParameters httpFormDataParameters;
+httpParameters["baz"] = "booz";
+
+out = httpClient.post(url, httpParameters, httpFormDataParameters, args);
 
 // POST request with a body
 out = httpClient.post(url, std::string("foo=bar"), args);
 
+// PUT and PATCH are available too.
+
 //
 // Result
 //
 auto statusCode = response->statusCode; // Can be HttpErrorCode::Ok, HttpErrorCode::UrlMalformed, etc...
 auto errorCode = response->errorCode; // 200, 404, etc...
 auto responseHeaders = response->headers; // All the headers in a special case-insensitive unordered_map of (string, string)
-auto payload = response->payload; // All the bytes from the response as an std::string
+auto body = response->body; // All the bytes from the response as an std::string
 auto errorMsg = response->errorMsg; // Descriptive error message in case of failure
 auto uploadSize = response->uploadSize; // Byte count of uploaded data
 auto downloadSize = response->downloadSize; // Byte count of downloaded data
@@ -377,9 +499,11 @@ bool ok = httpClient.performRequest(args, [](const HttpResponsePtr& response)
 // ok will be false if your httpClient is not async
 ```
 
+See this [issue](https://github.com/machinezone/IXWebSocket/issues/209) for links about uploading files with HTTP multipart.
+
 ## HTTP server API
 
-```
+```cpp
 #include <ixwebsocket/IXHttpServer.h>
 
 ix::HttpServer server(port, hostname);
@@ -397,14 +521,16 @@ server.wait();
 
 If you want to handle how requests are processed, implement the setOnConnectionCallback callback, which takes an HttpRequestPtr as input, and returns an HttpResponsePtr. You can look at HttpServer::setDefaultConnectionCallback for a slightly more advanced callback example.
 
-```
+```cpp
 setOnConnectionCallback(
     [this](HttpRequestPtr request,
-           std::shared_ptr<ConnectionState> /*connectionState*/) -> HttpResponsePtr
+           std::shared_ptr<ConnectionState> connectionState) -> HttpResponsePtr
     {
         // Build a string for the response
         std::stringstream ss;
-        ss << request->method
+        ss << connectionState->getRemoteIp();
+           << " "
+           << request->method
            << " "
            << request->uri;
 
@@ -416,3 +542,40 @@ setOnConnectionCallback(
                                               content);
 }
 ```
+
+## TLS support and configuration
+
+To leverage TLS features, the library must be compiled with the option `USE_TLS=1`.
+
+If you are using OpenSSL, try to be on a version higher than 1.1.x as there there are thread safety problems with 1.0.x.
+
+Then, secure sockets are automatically used when connecting to a `wss://*` url.
+
+Additional TLS options can be configured by passing a `ix::SocketTLSOptions` instance to the
+`setTLSOptions` on `ix::WebSocket` (or `ix::WebSocketServer` or `ix::HttpServer`)
+
+```cpp
+webSocket.setTLSOptions({
+    .certFile = "path/to/cert/file.pem",
+    .keyFile = "path/to/key/file.pem",
+    .caFile = "path/to/trust/bundle/file.pem", // as a file, or in memory buffer in PEM format
+    .tls = true // required in server mode
+});
+```
+
+Specifying `certFile` and `keyFile` configures the certificate that will be used to communicate with TLS peers.
+
+On a client, this is only necessary for connecting to servers that require a client certificate.
+
+On a server, this is necessary for TLS support.
+
+Specifying `caFile` configures the trusted roots bundle file (in PEM format) that will be used to verify peer certificates.
+ - The special value of `SYSTEM` (the default) indicates that the system-configured trust bundle should be used; this is generally what you want when connecting to any publicly exposed API/server.
+ - The special value of `NONE` can be used to disable peer verification; this is only recommended to rule out certificate verification when testing connectivity.
+ - If the value contain the special value `-----BEGIN CERTIFICATE-----`, the value will be read from memory, and not from a file. This is convenient on platforms like Android where reading / writing to the file system can be challenging without proper permissions, or without knowing the location of a temp directory.
+
+For a client, specifying `caFile` can be used if connecting to a server that uses a self-signed cert, or when using a custom CA in an internal environment.
+
+For a server, specifying `caFile` implies that:
+1. You require clients to present a certificate
+1. It must be signed by one of the trusted roots in the file

docs/ws.md

@@ -19,16 +19,255 @@ Subcommands:
   broadcast_server            Broadcasting server
   ping                        Ping pong
   curl                        HTTP Client
-  redis_publish               Redis publisher
-  redis_subscribe             Redis subscriber
-  cobra_subscribe             Cobra subscriber
-  cobra_publish               Cobra publisher
-  cobra_to_statsd             Cobra to statsd
-  cobra_to_sentry             Cobra to sentry
-  snake                       Snake server
   httpd                       HTTP server
 ```
 
+## curl
+
+The curl subcommand try to be compatible with the curl syntax, to fetch http pages.
+
+Making a HEAD request with the -I parameter.
+
+```
+$ ws curl -I https://www.google.com/
+
+Accept-Ranges: none
+Alt-Svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
+Cache-Control: private, max-age=0
+Content-Type: text/html; charset=ISO-8859-1
+Date: Tue, 08 Oct 2019 21:36:57 GMT
+Expires: -1
+P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
+Server: gws
+Set-Cookie: NID=188=ASwfz8GrXQrHCLqAz-AndLOMLcz0rC9yecnf3h0yXZxRL3rTufTU_GDDwERp7qQL7LZ_EB8gCRyPXGERyOSAgaqgnrkoTmvWrwFemRLMaOZ896GrHobi5fV7VLklnSG2w48Gj8xMlwxfP7Z-bX-xR9UZxep1tHM6UmFQdD_GkBE; expires=Wed, 08-Apr-2020 21:36:57 GMT; path=/; domain=.google.com; HttpOnly
+Transfer-Encoding: chunked
+Vary: Accept-Encoding
+X-Frame-Options: SAMEORIGIN
+X-XSS-Protection: 0
+Upload size: 143
+Download size: 0
+Status: 200
+```
+
+Making a POST request with the -F parameter.
+
+```
+$ ws curl -F foo=bar https://httpbin.org/post
+foo: bar
+Downloaded 438 bytes out of 438
+Access-Control-Allow-Credentials: true
+Access-Control-Allow-Origin: *
+Connection: keep-alive
+Content-Encoding:
+Content-Length: 438
+Content-Type: application/json
+Date: Tue, 08 Oct 2019 21:47:54 GMT
+Referrer-Policy: no-referrer-when-downgrade
+Server: nginx
+X-Content-Type-Options: nosniff
+X-Frame-Options: DENY
+X-XSS-Protection: 1; mode=block
+Upload size: 219
+Download size: 438
+Status: 200
+payload: {
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {
+    "foo": "bar"
+  },
+  "headers": {
+    "Accept": "*/*",
+    "Content-Length": "7",
+    "Content-Type": "application/x-www-form-urlencoded",
+    "Host": "httpbin.org",
+    "User-Agent": "ixwebsocket/7.0.0 macos ssl/OpenSSL OpenSSL 1.0.2q  20 Nov 2018 zlib 1.2.11"
+  },
+  "json": null,
+  "origin": "155.94.127.118, 155.94.127.118",
+  "url": "https://httpbin.org/post"
+}
+```
+
+Passing in a custom header with -H.
+
+```
+$ ws curl -F foo=bar -H 'my_custom_header: baz' https://httpbin.org/post
+my_custom_header:  baz
+foo: bar
+Downloaded 470 bytes out of 470
+Access-Control-Allow-Credentials: true
+Access-Control-Allow-Origin: *
+Connection: keep-alive
+Content-Encoding:
+Content-Length: 470
+Content-Type: application/json
+Date: Tue, 08 Oct 2019 21:50:25 GMT
+Referrer-Policy: no-referrer-when-downgrade
+Server: nginx
+X-Content-Type-Options: nosniff
+X-Frame-Options: DENY
+X-XSS-Protection: 1; mode=block
+Upload size: 243
+Download size: 470
+Status: 200
+payload: {
+  "args": {},
+  "data": "",
+  "files": {},
+  "form": {
+    "foo": "bar"
+  },
+  "headers": {
+    "Accept": "*/*",
+    "Content-Length": "7",
+    "Content-Type": "application/x-www-form-urlencoded",
+    "Host": "httpbin.org",
+    "My-Custom-Header": "baz",
+    "User-Agent": "ixwebsocket/7.0.0 macos ssl/OpenSSL OpenSSL 1.0.2q  20 Nov 2018 zlib 1.2.11"
+  },
+  "json": null,
+  "origin": "155.94.127.118, 155.94.127.118",
+  "url": "https://httpbin.org/post"
+}
+```
+
+## connect
+
+The connect command connects to a websocket endpoint, and starts an interactive prompt. Line editing, such as using the direction keys to fetch the last thing you tried to type) is provided. That command is pretty useful to try to send random data to an endpoint and verify that the service handles it with grace (such as sending invalid json).
+
+```
+ws connect wss://echo.websocket.org
+Type Ctrl-D to exit prompt...
+Connecting to url: wss://echo.websocket.org
+> ws_connect: connected
+Uri: /
+Handshake Headers:
+Connection: Upgrade
+Date: Tue, 08 Oct 2019 21:38:44 GMT
+Sec-WebSocket-Accept: 2j6LBScZveqrMx1W/GJkCWvZo3M=
+sec-websocket-extensions:
+Server: Kaazing Gateway
+Upgrade: websocket
+Received ping
+Received ping
+Received ping
+Hello world !
+> Received 13 bytes
+ws_connect: received message: Hello world !
+> Hello world !
+> Received 13 bytes
+ws_connect: received message: Hello world !
+```
+
+```
+ws connect 'ws://jeanserge.com/v2?appkey=_pubsub'
+Type Ctrl-D to exit prompt...
+Connecting to url: ws://jeanserge.com/v2?appkey=_pubsub
+> ws_connect: connected
+Uri: /v2?appkey=_pubsub
+Handshake Headers:
+Connection: Upgrade
+Date: Tue, 08 Oct 2019 21:45:28 GMT
+Sec-WebSocket-Accept: LYHmjh9Gsu/Yw7aumQqyPObOEV4=
+Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=15; client_max_window_bits=15
+Server: Python/3.7 websockets/8.0.2
+Upgrade: websocket
+bababababababab
+> ws_connect: connection closed: code 1000 reason
+
+ws_connect: connected
+Uri: /v2?appkey=_pubsub
+Handshake Headers:
+Connection: Upgrade
+Date: Tue, 08 Oct 2019 21:45:44 GMT
+Sec-WebSocket-Accept: I1rqxdLgTU+opPi5/zKPBTuXdLw=
+Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=15; client_max_window_bits=15
+Server: Python/3.7 websockets/8.0.2
+Upgrade: websocket
+```
+
+It is possible to pass custom HTTP header when doing the connection handshake,
+the remote server might process them to implement a simple authorization
+scheme.
+
+```
+src$ ws connect -H Authorization:supersecret ws://localhost:8008
+Type Ctrl-D to exit prompt...
+[2020-12-17 22:35:08.732] [info] Authorization: supersecret
+Connecting to url: ws://localhost:8008
+> [2020-12-17 22:35:08.736] [info] ws_connect: connected
+[2020-12-17 22:35:08.736] [info] Uri: /
+[2020-12-17 22:35:08.736] [info] Headers:
+[2020-12-17 22:35:08.736] [info] Connection: Upgrade
+[2020-12-17 22:35:08.736] [info] Sec-WebSocket-Accept: 2yaTFcdwn8KL6IzSMj2u6Le7KTg=
+[2020-12-17 22:35:08.736] [info] Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=15; client_max_window_bits=15
+[2020-12-17 22:35:08.736] [info] Server: ixwebsocket/11.0.4 macos ssl/SecureTransport zlib 1.2.11
+[2020-12-17 22:35:08.736] [info] Upgrade: websocket
+[2020-12-17 22:35:08.736] [info] Received 25 bytes
+ws_connect: received message: Authorization suceeded!
+[2020-12-17 22:35:08.736] [info] Received pong ixwebsocket::heartbeat::30s::0
+hello
+> [2020-12-17 22:35:25.157] [info] Received 7 bytes
+ws_connect: received message: hello
+```
+
+If the wrong header is passed in, the server would close the connection with a custom close code (>4000, and <4999).
+
+```
+[2020-12-17 22:39:37.044] [info] Upgrade: websocket
+ws_connect: connection closed: code 4001 reason Permission denied
+```
+
+## echo server
+
+The ws echo server will respond what the client just sent him. If we use the
+simple --http_authorization_header we can enforce that client need to pass a
+special value in the Authorization header to connect.
+
+```
+$ ws echo_server --http_authorization_header supersecret
+[2020-12-17 22:35:06.192] [info] Listening on 127.0.0.1:8008
+[2020-12-17 22:35:08.735] [info] New connection
+[2020-12-17 22:35:08.735] [info] remote ip: 127.0.0.1
+[2020-12-17 22:35:08.735] [info] id: 0
+[2020-12-17 22:35:08.735] [info] Uri: /
+[2020-12-17 22:35:08.735] [info] Headers:
+[2020-12-17 22:35:08.735] [info] Authorization: supersecret
+[2020-12-17 22:35:08.735] [info] Connection: Upgrade
+[2020-12-17 22:35:08.735] [info] Host: localhost:8008
+[2020-12-17 22:35:08.735] [info] Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=15; client_max_window_bits=15
+[2020-12-17 22:35:08.735] [info] Sec-WebSocket-Key: eFF2Gf25dC7eC15Ab1135G==
+[2020-12-17 22:35:08.735] [info] Sec-WebSocket-Version: 13
+[2020-12-17 22:35:08.735] [info] Upgrade: websocket
+[2020-12-17 22:35:08.735] [info] User-Agent: ixwebsocket/11.0.4 macos ssl/SecureTransport zlib 1.2.11
+[2020-12-17 22:35:25.157] [info] Received 7 bytes
+```
+
+## Websocket proxy
+
+```
+ws proxy_server --remote_host ws://127.0.0.1:9000 -v
+Listening on 127.0.0.1:8008
+```
+
+If you connect to ws://127.0.0.1:8008, the proxy will connect to ws://127.0.0.1:9000 and pass all traffic to this server.
+
+You can also use a more complex setup if you want to redirect to different websocket servers based on the hostname your client is trying to connect to. If you have multiple CNAME aliases that point to the same server.
+
+A JSON config file is used to express that mapping ; here connecting to echo.jeanserge.com will proxy the client to ws://localhost:8008 on the local machine (which actually runs ws echo_server), while connecting to bavarde.jeanserge.com will proxy the client to ws://localhost:5678 where a cobra python server is running. As a side note you will need a wildcard SSL certificate if you want to have SSL enabled on that machine.
+
+```
+echo.jeanserge.com=ws://localhost:8008
+bavarde.jeanserge.com=ws://localhost:5678
+```
+The --config_path option is required to instruct ws proxy_server to read that file.
+
+```
+ws proxy_server --config_path proxyConfig.json --port 8765
+```
+
 ## File transfer
 
 ```
@@ -67,7 +306,3 @@ Options:
   --connect-timeout INT       Connection timeout
   --transfer-timeout INT      Transfer timeout
 ```
-
-## Cobra Client
-
-[cobra](https://github.com/machinezone/cobra) is a real time messenging server. ws has sub-command to interacti with cobra.

httpd.cpp

@@ -0,0 +1,46 @@
+/*
+ *  httpd.cpp
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2020 Machine Zone, Inc. All rights reserved.
+ *
+ *  Buid with make httpd
+ */
+
+#include <ixwebsocket/IXHttpServer.h>
+#include <sstream>
+#include <iostream>
+
+int main(int argc, char** argv)
+{
+    if (argc != 3)
+    {
+        std::cerr << "Usage: " << argv[0]
+                  << " <port> <host>" << std::endl;
+        std::cerr << " " << argv[0] << " 9090 127.0.0.1" << std::endl;
+        std::cerr << " " << argv[0] << " 9090 0.0.0.0" << std::endl;
+        return 1;
+    }
+
+    int port;
+    std::stringstream ss;
+    ss << argv[1];
+    ss >> port;
+    std::string hostname(argv[2]);
+
+    std::cout << "Listening on " << hostname
+              << ":" << port << std::endl;
+
+    ix::HttpServer server(port, hostname);
+
+    auto res = server.listen();
+    if (!res.first)
+    {
+        std::cout << res.second << std::endl;
+        return 1;
+    }
+
+    server.start();
+    server.wait();
+
+    return 0;
+}

ixcobra/CMakeLists.txt

@@ -1,30 +0,0 @@
-#
-# Author: Benjamin Sergeant
-# Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
-#
-
-set (IXCOBRA_SOURCES
-    ixcobra/IXCobraConnection.cpp
-    ixcobra/IXCobraMetricsThreadedPublisher.cpp
-    ixcobra/IXCobraMetricsPublisher.cpp
-)
-
-set (IXCOBRA_HEADERS
-    ixcobra/IXCobraConnection.h
-    ixcobra/IXCobraMetricsThreadedPublisher.h
-    ixcobra/IXCobraMetricsPublisher.h
-)
-
-add_library(ixcobra STATIC
-    ${IXCOBRA_SOURCES}
-    ${IXCOBRA_HEADERS}
-)
-
-set(IXCOBRA_INCLUDE_DIRS
-    .
-    ..
-    ../ixcore
-    ../ixcrypto
-    ../third_party)
-
-target_include_directories( ixcobra PUBLIC ${IXCOBRA_INCLUDE_DIRS} )

ixcobra/ixcobra/IXCobraConnection.cpp

@@ -1,604 +0,0 @@
-/*
- *  IXCobraConnection.cpp
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017-2018 Machine Zone. All rights reserved.
- */
-
-#include "IXCobraConnection.h"
-#include <ixcrypto/IXHMac.h>
-#include <ixwebsocket/IXWebSocket.h>
-
-#include <algorithm>
-#include <stdexcept>
-#include <cmath>
-#include <cassert>
-#include <cstring>
-#include <iostream>
-
-
-namespace ix
-{
-    TrafficTrackerCallback CobraConnection::_trafficTrackerCallback = nullptr;
-    PublishTrackerCallback CobraConnection::_publishTrackerCallback = nullptr;
-    constexpr size_t CobraConnection::kQueueMaxSize;
-
-    CobraConnection::CobraConnection() :
-        _webSocket(new WebSocket()),
-        _publishMode(CobraConnection_PublishMode_Immediate),
-        _authenticated(false),
-        _eventCallback(nullptr),
-        _id(0)
-    {
-        _pdu["action"] = "rtm/publish";
-
-        initWebSocketOnMessageCallback();
-    }
-
-    CobraConnection::~CobraConnection()
-    {
-        disconnect();
-        setEventCallback(nullptr);
-    }
-
-    void CobraConnection::setTrafficTrackerCallback(const TrafficTrackerCallback& callback)
-    {
-        _trafficTrackerCallback = callback;
-    }
-
-    void CobraConnection::resetTrafficTrackerCallback()
-    {
-        setTrafficTrackerCallback(nullptr);
-    }
-
-    void CobraConnection::invokeTrafficTrackerCallback(size_t size, bool incoming)
-    {
-        if (_trafficTrackerCallback)
-        {
-            _trafficTrackerCallback(size, incoming);
-        }
-    }
-
-    void CobraConnection::setPublishTrackerCallback(const PublishTrackerCallback& callback)
-    {
-        _publishTrackerCallback = callback;
-    }
-
-    void CobraConnection::resetPublishTrackerCallback()
-    {
-        setPublishTrackerCallback(nullptr);
-    }
-
-    void CobraConnection::invokePublishTrackerCallback(bool sent, bool acked)
-    {
-        if (_publishTrackerCallback)
-        {
-            _publishTrackerCallback(sent, acked);
-        }
-    }
-
-    void CobraConnection::setEventCallback(const EventCallback& eventCallback)
-    {
-        std::lock_guard<std::mutex> lock(_eventCallbackMutex);
-        _eventCallback = eventCallback;
-    }
-
-    void CobraConnection::invokeEventCallback(ix::CobraConnectionEventType eventType,
-                                              const std::string& errorMsg,
-                                              const WebSocketHttpHeaders& headers,
-                                              const std::string& subscriptionId,
-                                              CobraConnection::MsgId msgId)
-    {
-        std::lock_guard<std::mutex> lock(_eventCallbackMutex);
-        if (_eventCallback)
-        {
-            _eventCallback(eventType, errorMsg, headers, subscriptionId, msgId);
-        }
-    }
-
-    void CobraConnection::invokeErrorCallback(const std::string& errorMsg,
-                                              const std::string& serializedPdu)
-    {
-        std::stringstream ss;
-        ss << errorMsg << " : received pdu => " << serializedPdu;
-        invokeEventCallback(ix::CobraConnection_EventType_Error, ss.str());
-    }
-
-    void CobraConnection::disconnect()
-    {
-        _authenticated = false;
-        _webSocket->stop();
-    }
-
-    void CobraConnection::initWebSocketOnMessageCallback()
-    {
-        _webSocket->setOnMessageCallback(
-            [this](const ix::WebSocketMessagePtr& msg)
-            {
-                CobraConnection::invokeTrafficTrackerCallback(msg->wireSize, true);
-
-                std::stringstream ss;
-                if (msg->type == ix::WebSocketMessageType::Open)
-                {
-                    invokeEventCallback(ix::CobraConnection_EventType_Open,
-                                        std::string(),
-                                        msg->openInfo.headers);
-                    sendHandshakeMessage();
-                }
-                else if (msg->type == ix::WebSocketMessageType::Close)
-                {
-                    _authenticated = false;
-
-                    std::stringstream ss;
-                    ss << "Close code " << msg->closeInfo.code;
-                    ss << " reason " << msg->closeInfo.reason;
-                    invokeEventCallback(ix::CobraConnection_EventType_Closed,
-                                        ss.str());
-                }
-                else if (msg->type == ix::WebSocketMessageType::Message)
-                {
-                    Json::Value data;
-                    Json::Reader reader;
-                    if (!reader.parse(msg->str, data))
-                    {
-                        invokeErrorCallback("Invalid json", msg->str);
-                        return;
-                    }
-
-                    if (!data.isMember("action"))
-                    {
-                        invokeErrorCallback("Missing action", msg->str);
-                        return;
-                    }
-
-                    auto action = data["action"].asString();
-
-                    if (action == "auth/handshake/ok")
-                    {
-                        if (!handleHandshakeResponse(data))
-                        {
-                            invokeErrorCallback("Error extracting nonce from handshake response", msg->str);
-                        }
-                    }
-                    else if (action == "auth/handshake/error")
-                    {
-                        invokeErrorCallback("Handshake error", msg->str);
-                    }
-                    else if (action == "auth/authenticate/ok")
-                    {
-                        _authenticated = true;
-                        invokeEventCallback(ix::CobraConnection_EventType_Authenticated);
-                        flushQueue();
-                    }
-                    else if (action == "auth/authenticate/error")
-                    {
-                        invokeErrorCallback("Authentication error", msg->str);
-                    }
-                    else if (action == "rtm/subscription/data")
-                    {
-                        handleSubscriptionData(data);
-                    }
-                    else if (action == "rtm/subscribe/ok")
-                    {
-                        if (!handleSubscriptionResponse(data))
-                        {
-                            invokeErrorCallback("Error processing subscribe response", msg->str);
-                        }
-                    }
-                    else if (action == "rtm/subscribe/error")
-                    {
-                        invokeErrorCallback("Subscription error", msg->str);
-                    }
-                    else if (action == "rtm/unsubscribe/ok")
-                    {
-                        if (!handleUnsubscriptionResponse(data))
-                        {
-                            invokeErrorCallback("Error processing unsubscribe response", msg->str);
-                        }
-                    }
-                    else if (action == "rtm/unsubscribe/error")
-                    {
-                        invokeErrorCallback("Unsubscription error", msg->str);
-                    }
-                    else if (action == "rtm/publish/ok")
-                    {
-                        if (!handlePublishResponse(data))
-                        {
-                            invokeErrorCallback("Error processing publish response", msg->str);
-                        }
-                    }
-                    else if (action == "rtm/publish/error")
-                    {
-                        invokeErrorCallback("Publish error", msg->str);
-                    }
-                    else
-                    {
-                        invokeErrorCallback("Un-handled message type", msg->str);
-                    }
-                }
-                else if (msg->type == ix::WebSocketMessageType::Error)
-                {
-                    std::stringstream ss;
-                    ss << "Connection error: " << msg->errorInfo.reason      << std::endl;
-                    ss << "#retries: "         << msg->errorInfo.retries     << std::endl;
-                    ss << "Wait time(ms): "    << msg->errorInfo.wait_time   << std::endl;
-                    ss << "HTTP Status: "      << msg->errorInfo.http_status << std::endl;
-                    invokeErrorCallback(ss.str(), std::string());
-                }
-        });
-    }
-
-    void CobraConnection::setPublishMode(CobraConnectionPublishMode publishMode)
-    {
-        _publishMode = publishMode;
-    }
-
-    void CobraConnection::configure(const std::string& appkey,
-                                    const std::string& endpoint,
-                                    const std::string& rolename,
-                                    const std::string& rolesecret,
-                                    const WebSocketPerMessageDeflateOptions& webSocketPerMessageDeflateOptions)
-    {
-        _roleName = rolename;
-        _roleSecret = rolesecret;
-
-        std::stringstream ss;
-        ss << endpoint;
-        ss << "/v2?appkey=";
-        ss << appkey;
-
-        std::string url = ss.str();
-        _webSocket->setUrl(url);
-        _webSocket->setPerMessageDeflateOptions(webSocketPerMessageDeflateOptions);
-    }
-
-    //
-    // Handshake message schema.
-    //
-    // handshake = {
-    //     "action": "auth/handshake",
-    //     "body": {
-    //         "data": {
-    //             "role": role
-    //         },
-    //         "method": "role_secret"
-    //     },
-    // }
-    //
-    //
-    bool CobraConnection::sendHandshakeMessage()
-    {
-        Json::Value data;
-        data["role"] = _roleName;
-
-        Json::Value body;
-        body["data"] = data;
-        body["method"] = "role_secret";
-
-        Json::Value pdu;
-        pdu["action"] = "auth/handshake";
-        pdu["body"] = body;
-        pdu["id"] = Json::UInt64(_id++);
-
-        std::string serializedJson = serializeJson(pdu);
-        CobraConnection::invokeTrafficTrackerCallback(serializedJson.size(), false);
-
-        return _webSocket->send(serializedJson).success;
-    }
-
-    //
-    // Extract the nonce from the handshake response
-    // use it to compute a hash during authentication
-    //
-    // {
-    //     "action": "auth/handshake/ok",
-    //     "body": {
-    //         "data": {
-    //             "nonce": "MTI0Njg4NTAyMjYxMzgxMzgzMg==",
-    //             "version": "0.0.24"
-    //         }
-    //     }
-    // }
-    //
-    bool CobraConnection::handleHandshakeResponse(const Json::Value& pdu)
-    {
-        if (!pdu.isObject()) return false;
-
-        if (!pdu.isMember("body")) return false;
-        Json::Value body = pdu["body"];
-
-        if (!body.isMember("data")) return false;
-        Json::Value data = body["data"];
-
-        if (!data.isMember("nonce")) return false;
-        Json::Value nonce = data["nonce"];
-
-        if (!nonce.isString()) return false;
-
-        return sendAuthMessage(nonce.asString());
-    }
-
-    //
-    // Authenticate message schema.
-    //
-    // challenge = {
-    //     "action": "auth/authenticate",
-    //     "body": {
-    //         "method": "role_secret",
-    //         "credentials": {
-    //             "hash": computeHash(secret, nonce)
-    //         }
-    //     },
-    // }
-    //
-    bool CobraConnection::sendAuthMessage(const std::string& nonce)
-    {
-        Json::Value credentials;
-        credentials["hash"] = hmac(nonce, _roleSecret);
-
-        Json::Value body;
-        body["credentials"] = credentials;
-        body["method"] = "role_secret";
-
-        Json::Value pdu;
-        pdu["action"] = "auth/authenticate";
-        pdu["body"] = body;
-        pdu["id"] = Json::UInt64(_id++);
-
-        std::string serializedJson = serializeJson(pdu);
-        CobraConnection::invokeTrafficTrackerCallback(serializedJson.size(), false);
-
-        return _webSocket->send(serializedJson).success;
-    }
-
-    bool CobraConnection::handleSubscriptionResponse(const Json::Value& pdu)
-    {
-        if (!pdu.isObject()) return false;
-
-        if (!pdu.isMember("body")) return false;
-        Json::Value body = pdu["body"];
-
-        if (!body.isMember("subscription_id")) return false;
-        Json::Value subscriptionId = body["subscription_id"];
-
-        if (!subscriptionId.isString()) return false;
-
-        invokeEventCallback(ix::CobraConnection_EventType_Subscribed,
-                            std::string(), WebSocketHttpHeaders(),
-                            subscriptionId.asString());
-        return true;
-    }
-
-    bool CobraConnection::handleUnsubscriptionResponse(const Json::Value& pdu)
-    {
-        if (!pdu.isObject()) return false;
-
-        if (!pdu.isMember("body")) return false;
-        Json::Value body = pdu["body"];
-
-        if (!body.isMember("subscription_id")) return false;
-        Json::Value subscriptionId = body["subscription_id"];
-
-        if (!subscriptionId.isString()) return false;
-
-        invokeEventCallback(ix::CobraConnection_EventType_UnSubscribed,
-                            std::string(), WebSocketHttpHeaders(),
-                            subscriptionId.asString());
-        return true;
-    }
-
-    bool CobraConnection::handleSubscriptionData(const Json::Value& pdu)
-    {
-        if (!pdu.isObject()) return false;
-
-        if (!pdu.isMember("body")) return false;
-        Json::Value body = pdu["body"];
-
-        // Identify subscription_id, so that we can find
-        // which callback to execute
-        if (!body.isMember("subscription_id")) return false;
-        Json::Value subscriptionId = body["subscription_id"];
-
-        std::lock_guard<std::mutex> lock(_cbsMutex);
-        auto cb = _cbs.find(subscriptionId.asString());
-        if (cb == _cbs.end()) return false; // cannot find callback
-
-        // Extract messages now
-        if (!body.isMember("messages")) return false;
-        Json::Value messages = body["messages"];
-
-        for (auto&& msg : messages)
-        {
-            cb->second(msg);
-        }
-
-        return true;
-    }
-
-    bool CobraConnection::handlePublishResponse(const Json::Value& pdu)
-    {
-        if (!pdu.isObject()) return false;
-
-        if (!pdu.isMember("id")) return false;
-        Json::Value id = pdu["id"];
-
-        if (!id.isUInt64()) return false;
-
-        uint64_t msgId = id.asUInt64();
-
-        invokeEventCallback(ix::CobraConnection_EventType_Published,
-                            std::string(), WebSocketHttpHeaders(),
-                            std::string(), msgId);
-
-        invokePublishTrackerCallback(false, true);
-
-        return true;
-    }
-
-    bool CobraConnection::connect()
-    {
-        _webSocket->start();
-        return true;
-    }
-
-    bool CobraConnection::isConnected() const
-    {
-        return _webSocket->getReadyState() == ix::ReadyState::Open;
-    }
-
-    bool CobraConnection::isAuthenticated() const
-    {
-        return isConnected() && _authenticated;
-    }
-
-    std::string CobraConnection::serializeJson(const Json::Value& value)
-    {
-        std::lock_guard<std::mutex> lock(_jsonWriterMutex);
-        return _jsonWriter.write(value);
-    }
-
-    //
-    // publish is not thread safe as we are trying to reuse some Json objects.
-    //
-    CobraConnection::MsgId CobraConnection::publish(const Json::Value& channels,
-                                                    const Json::Value& msg)
-    {
-        invokePublishTrackerCallback(true, false);
-
-        CobraConnection::MsgId msgId = _id;
-
-        _body["channels"] = channels;
-        _body["message"] = msg;
-        _pdu["body"] = _body;
-        _pdu["id"] = Json::UInt64(_id++);
-
-        std::string serializedJson = serializeJson(_pdu);
-
-        //
-        // 1. When we use batch mode, we just enqueue and will do the flush explicitely
-        // 2. When we aren't authenticated yet to the cobra server, we need to enqueue
-        //    and retry later
-        // 3. If the network connection was droped (WebSocket::send will return false),
-        //    it means the message won't be sent so we need to enqueue as well.
-        //
-        // The order of the conditionals is important.
-        //
-        if (_publishMode == CobraConnection_PublishMode_Batch || !_authenticated ||
-            !publishMessage(serializedJson))
-        {
-            enqueue(serializedJson);
-        }
-
-        return msgId;
-    }
-
-    void CobraConnection::subscribe(const std::string& channel,
-                                    const std::string& filter,
-                                    SubscriptionCallback cb)
-    {
-        // Create and send a subscribe pdu
-        Json::Value body;
-        body["channel"] = channel;
-
-        if (!filter.empty())
-        {
-            body["filter"] = filter;
-        }
-
-        Json::Value pdu;
-        pdu["action"] = "rtm/subscribe";
-        pdu["body"] = body;
-        pdu["id"] = Json::UInt64(_id++);
-
-        _webSocket->send(pdu.toStyledString());
-
-        // Set the callback
-        std::lock_guard<std::mutex> lock(_cbsMutex);
-        _cbs[channel] = cb;
-    }
-
-    void CobraConnection::unsubscribe(const std::string& channel)
-    {
-        {
-            std::lock_guard<std::mutex> lock(_cbsMutex);
-            auto cb = _cbs.find(channel);
-            if (cb == _cbs.end()) return;
-
-            _cbs.erase(cb);
-        }
-
-        // Create and send an unsubscribe pdu
-        Json::Value body;
-        body["subscription_id"] = channel;
-
-        Json::Value pdu;
-        pdu["action"] = "rtm/unsubscribe";
-        pdu["body"] = body;
-        pdu["id"] = Json::UInt64(_id++);
-
-        _webSocket->send(pdu.toStyledString());
-    }
-
-    //
-    // Enqueue strategy drops old messages when we are at full capacity
-    //
-    // If we want to keep only 3 items max in the queue:
-    //
-    // enqueue(A) -> [A]
-    // enqueue(B) -> [B, A]
-    // enqueue(C) -> [C, B, A]
-    // enqueue(D) -> [D, C, B] -- now we drop A, the oldest message,
-    //                         -- and keep the 'fresh ones'
-    //
-    void CobraConnection::enqueue(const std::string& msg)
-    {
-        std::lock_guard<std::mutex> lock(_queueMutex);
-
-        if (_messageQueue.size() == CobraConnection::kQueueMaxSize)
-        {
-            _messageQueue.pop_back();
-        }
-        _messageQueue.push_front(msg);
-    }
-
-    //
-    // We process messages back (oldest) to front (newest) to respect ordering
-    // when sending them. If we fail to send something, we put it back in the queue
-    // at the end we picked it up originally (at the end).
-    //
-    bool CobraConnection::flushQueue()
-    {
-        std::lock_guard<std::mutex> lock(_queueMutex);
-
-        while (!_messageQueue.empty())
-        {
-            auto&& msg = _messageQueue.back();
-            if (!publishMessage(msg))
-            {
-                _messageQueue.push_back(msg);
-                return false;
-            }
-            _messageQueue.pop_back();
-        }
-
-        return true;
-    }
-
-    bool CobraConnection::publishMessage(const std::string& serializedJson)
-    {
-        auto webSocketSendInfo = _webSocket->send(serializedJson);
-        CobraConnection::invokeTrafficTrackerCallback(webSocketSendInfo.wireSize,
-                                                      false);
-        return webSocketSendInfo.success;
-    }
-
-    void CobraConnection::suspend()
-    {
-        disconnect();
-    }
-
-    void CobraConnection::resume()
-    {
-        connect();
-    }
-
-} // namespace ix

ixcobra/ixcobra/IXCobraConnection.h

@@ -1,198 +0,0 @@
-/*
- *  IXCobraConnection.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017-2018 Machine Zone. All rights reserved.
- */
-
-#pragma once
-
-#include <ixwebsocket/IXWebSocketHttpHeaders.h>
-#include <ixwebsocket/IXWebSocketPerMessageDeflateOptions.h>
-#include <jsoncpp/json/json.h>
-#include <memory>
-#include <mutex>
-#include <queue>
-#include <string>
-#include <thread>
-#include <unordered_map>
-#include <limits>
-
-namespace ix
-{
-    class WebSocket;
-
-    enum CobraConnectionEventType
-    {
-        CobraConnection_EventType_Authenticated = 0,
-        CobraConnection_EventType_Error = 1,
-        CobraConnection_EventType_Open = 2,
-        CobraConnection_EventType_Closed = 3,
-        CobraConnection_EventType_Subscribed = 4,
-        CobraConnection_EventType_UnSubscribed = 5,
-        CobraConnection_EventType_Published = 6
-    };
-
-    enum CobraConnectionPublishMode
-    {
-        CobraConnection_PublishMode_Immediate = 0,
-        CobraConnection_PublishMode_Batch = 1
-    };
-
-    using SubscriptionCallback = std::function<void(const Json::Value&)>;
-    using EventCallback = std::function<void(CobraConnectionEventType,
-                                             const std::string&,
-                                             const WebSocketHttpHeaders&,
-                                             const std::string&,
-                                             uint64_t msgId)>;
-
-    using TrafficTrackerCallback = std::function<void(size_t size, bool incoming)>;
-    using PublishTrackerCallback = std::function<void(bool sent, bool acked)>;
-
-    class CobraConnection
-    {
-    public:
-        using MsgId = uint64_t;
-
-        CobraConnection();
-        ~CobraConnection();
-
-        /// Configuration / set keys, etc...
-        /// All input data but the channel name is encrypted with rc4
-        void configure(const std::string& appkey,
-                       const std::string& endpoint,
-                       const std::string& rolename,
-                       const std::string& rolesecret,
-                       const WebSocketPerMessageDeflateOptions& webSocketPerMessageDeflateOptions);
-
-        /// Set the traffic tracker callback
-        static void setTrafficTrackerCallback(const TrafficTrackerCallback& callback);
-
-        /// Reset the traffic tracker callback to an no-op one.
-        static void resetTrafficTrackerCallback();
-
-        /// Set the publish tracker callback
-        static void setPublishTrackerCallback(const PublishTrackerCallback& callback);
-
-        /// Reset the publish tracker callback to an no-op one.
-        static void resetPublishTrackerCallback();
-
-        /// Set the closed callback
-        void setEventCallback(const EventCallback& eventCallback);
-
-        /// Start the worker thread, used for background publishing
-        void start();
-
-        /// Publish a message to a channel
-        ///
-        /// No-op if the connection is not established
-        MsgId publish(const Json::Value& channels, const Json::Value& msg);
-
-        // Subscribe to a channel, and execute a callback when an incoming
-        // message arrives.
-        void subscribe(const std::string& channel,
-                       const std::string& filter = std::string(),
-                       SubscriptionCallback cb = nullptr);
-
-        /// Unsubscribe from a channel
-        void unsubscribe(const std::string& channel);
-
-        /// Close the connection
-        void disconnect();
-
-        /// Connect to Cobra and authenticate the connection
-        bool connect();
-
-        /// Returns true only if we're connected
-        bool isConnected() const;
-
-        /// Returns true only if we're authenticated
-        bool isAuthenticated() const;
-
-        /// Flush the publish queue
-        bool flushQueue();
-
-        /// Set the publish mode
-        void setPublishMode(CobraConnectionPublishMode publishMode);
-
-        /// Lifecycle management. Free resources when backgrounding
-        void suspend();
-        void resume();
-
-    private:
-        bool sendHandshakeMessage();
-        bool handleHandshakeResponse(const Json::Value& data);
-        bool sendAuthMessage(const std::string& nonce);
-        bool handleSubscriptionData(const Json::Value& pdu);
-        bool handleSubscriptionResponse(const Json::Value& pdu);
-        bool handleUnsubscriptionResponse(const Json::Value& pdu);
-        bool handlePublishResponse(const Json::Value& pdu);
-
-        void initWebSocketOnMessageCallback();
-
-        bool publishMessage(const std::string& serializedJson);
-        void enqueue(const std::string& msg);
-        std::string serializeJson(const Json::Value& pdu);
-
-        /// Invoke the traffic tracker callback
-        static void invokeTrafficTrackerCallback(size_t size, bool incoming);
-
-        /// Invoke the publish tracker callback
-        static void invokePublishTrackerCallback(bool sent, bool acked);
-
-        /// Invoke event callbacks
-        void invokeEventCallback(CobraConnectionEventType eventType,
-                                 const std::string& errorMsg = std::string(),
-                                 const WebSocketHttpHeaders& headers = WebSocketHttpHeaders(),
-                                 const std::string& subscriptionId = std::string(),
-                                 uint64_t msgId = std::numeric_limits<uint64_t>::max());
-        void invokeErrorCallback(const std::string& errorMsg, const std::string& serializedPdu);
-
-        ///
-        /// Member variables
-        ///
-        std::unique_ptr<WebSocket> _webSocket;
-
-        /// Configuration data
-        std::string _roleName;
-        std::string _roleSecret;
-        std::atomic<CobraConnectionPublishMode> _publishMode;
-
-        // Can be set on control+background thread, protecting with an atomic
-        std::atomic<bool> _authenticated;
-
-        // Keep some objects around
-        Json::Value _body;
-        Json::Value _pdu;
-        Json::FastWriter _jsonWriter;
-        mutable std::mutex _jsonWriterMutex;
-
-        /// Traffic tracker callback
-        static TrafficTrackerCallback _trafficTrackerCallback;
-
-        /// Publish tracker callback
-        static PublishTrackerCallback _publishTrackerCallback;
-
-        /// Cobra events callbacks
-        EventCallback _eventCallback;
-        mutable std::mutex _eventCallbackMutex;
-
-        /// Subscription callbacks, only one per channel
-        std::unordered_map<std::string, SubscriptionCallback> _cbs;
-        mutable std::mutex _cbsMutex;
-
-        // Message Queue can be touched on control+background thread,
-        // protecting with a mutex.
-        //
-        // Message queue is used when there are problems sending messages so
-        // that sending can be retried later.
-        std::deque<std::string> _messageQueue;
-        mutable std::mutex _queueMutex;
-
-        // Cap the queue size (100 elems so far -> ~100k)
-        static constexpr size_t kQueueMaxSize = 256;
-
-        // Each pdu sent should have an incremental unique id
-        std::atomic<uint64_t> _id;
-    };
-
-} // namespace ix

ixcobra/ixcobra/IXCobraMetricsPublisher.cpp

@@ -1,241 +0,0 @@
-/*
- *  IXCobraMetricsPublisher.cpp
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017 Machine Zone. All rights reserved.
- */
-
-#include "IXCobraMetricsPublisher.h"
-
-#include <algorithm>
-#include <stdexcept>
-
-
-namespace ix
-{
-    const int CobraMetricsPublisher::kVersion = 1;
-    const std::string CobraMetricsPublisher::kSetRateControlId = "sms_set_rate_control_id";
-    const std::string CobraMetricsPublisher::kSetBlacklistId = "sms_set_blacklist_id";
-
-    CobraMetricsPublisher::CobraMetricsPublisher() :
-        _enabled(true)
-    {
-    }
-
-    CobraMetricsPublisher::~CobraMetricsPublisher()
-    {
-        ;
-    }
-
-    void CobraMetricsPublisher::configure(const std::string& appkey,
-                                          const std::string& endpoint,
-                                          const std::string& channel,
-                                          const std::string& rolename,
-                                          const std::string& rolesecret,
-                                          bool enablePerMessageDeflate)
-    {
-        // Configure the satori connection and start its publish background thread
-        _cobra_metrics_theaded_publisher.start();
-
-        _cobra_metrics_theaded_publisher.configure(appkey, endpoint, channel,
-                                                   rolename, rolesecret,
-                                                   enablePerMessageDeflate);
-    }
-
-    Json::Value& CobraMetricsPublisher::getGenericAttributes()
-    {
-        std::lock_guard<std::mutex> lock(_device_mutex);
-        return _device;
-    }
-
-    void CobraMetricsPublisher::setGenericAttributes(const std::string& attrName,
-                                                      const Json::Value& value)
-    {
-        std::lock_guard<std::mutex> lock(_device_mutex);
-        _device[attrName] = value;
-    }
-
-    void CobraMetricsPublisher::enable(bool enabled)
-    {
-        _enabled = enabled;
-    }
-
-    void CobraMetricsPublisher::setBlacklist(const std::vector<std::string>& blacklist)
-    {
-        _blacklist = blacklist;
-        std::sort(_blacklist.begin(), _blacklist.end());
-
-        // publish our blacklist
-        Json::Value data;
-        Json::Value metrics;
-        for (auto&& metric : blacklist)
-        {
-            metrics.append(metric);
-        }
-        data["blacklist"] = metrics;
-        push(kSetBlacklistId, data);
-    }
-
-    bool CobraMetricsPublisher::isMetricBlacklisted(const std::string& id) const
-    {
-        return std::binary_search(_blacklist.begin(), _blacklist.end(), id);
-    }
-
-    void CobraMetricsPublisher::setRateControl(
-        const std::unordered_map<std::string, int>& rate_control)
-    {
-        for (auto&& it : rate_control)
-        {
-            if (it.second >= 0)
-            {
-                _rate_control[it.first] = it.second;
-            }
-        }
-
-        // publish our rate_control
-        Json::Value data;
-        Json::Value metrics;
-        for (auto&& it : _rate_control)
-        {
-            metrics[it.first] = it.second;
-        }
-        data["rate_control"] = metrics;
-        push(kSetRateControlId, data);
-    }
-
-    bool CobraMetricsPublisher::isAboveMaxUpdateRate(const std::string& id) const
-    {
-        // Is this metrics rate controlled ?
-        auto rate_control_it = _rate_control.find(id);
-        if (rate_control_it == _rate_control.end()) return false;
-
-        // Was this metrics already sent ?
-        std::lock_guard<std::mutex> lock(_last_update_mutex);
-        auto last_update = _last_update.find(id);
-        if (last_update == _last_update.end()) return false;
-
-        auto timeDeltaFromLastSend =
-            std::chrono::steady_clock::now() - last_update->second;
-
-        return timeDeltaFromLastSend < std::chrono::seconds(rate_control_it->second);
-    }
-
-    void CobraMetricsPublisher::setLastUpdate(const std::string& id)
-    {
-        std::lock_guard<std::mutex> lock(_last_update_mutex);
-        _last_update[id] = std::chrono::steady_clock::now();
-    }
-
-    uint64_t CobraMetricsPublisher::getMillisecondsSinceEpoch() const
-    {
-        auto now = std::chrono::system_clock::now();
-        auto ms =
-            std::chrono::duration_cast<std::chrono::milliseconds>(
-                now.time_since_epoch()).count();
-
-        return ms;
-    }
-
-    void CobraMetricsPublisher::push(const std::string& id,
-                                     const std::string& data,
-                                     bool shouldPushTest)
-    {
-        if (!_enabled) return;
-
-        Json::Value root;
-        Json::Reader reader;
-        if (!reader.parse(data, root)) return;
-
-        push(id, root, shouldPushTest);
-    }
-
-    void CobraMetricsPublisher::push(const std::string& id,
-                                     const CobraMetricsPublisher::Message& data)
-    {
-        if (!_enabled) return;
-
-        Json::Value root;
-        for (auto it : data)
-        {
-            root[it.first] = it.second;
-        }
-
-        push(id, root);
-    }
-
-    bool CobraMetricsPublisher::shouldPush(const std::string& id) const
-    {
-        if (!_enabled) return false;
-        if (isMetricBlacklisted(id)) return false;
-        if (isAboveMaxUpdateRate(id)) return false;
-
-        return true;
-    }
-
-    void CobraMetricsPublisher::push(const std::string& id,
-                                     const Json::Value& data,
-                                     bool shouldPushTest)
-    {
-        if (shouldPushTest && !shouldPush(id)) return;
-
-        setLastUpdate(id);
-
-        Json::Value msg;
-        msg["id"] = id;
-        msg["data"] = data;
-        msg["session"] = _session;
-        msg["version"] = kVersion;
-        msg["timestamp"] = Json::UInt64(getMillisecondsSinceEpoch());
-
-        {
-            std::lock_guard<std::mutex> lock(_device_mutex);
-            msg["device"] = _device;
-        }
-
-        {
-            //
-            // Bump a counter for each id
-            // This is used to make sure that we are not
-            // dropping messages, by checking that all the ids is the list of
-            // all natural numbers until the last value sent (0, 1, 2, ..., N)
-            //
-            std::lock_guard<std::mutex> lock(_device_mutex);
-            auto it = _counters.emplace(id, 0);
-            msg["per_id_counter"] = it.first->second;
-            it.first->second += 1;
-        }
-
-        // Now actually enqueue the task
-        _cobra_metrics_theaded_publisher.push(msg);
-    }
-
-    void CobraMetricsPublisher::setPublishMode(CobraConnectionPublishMode publishMode)
-    {
-        _cobra_metrics_theaded_publisher.setPublishMode(publishMode);
-    }
-
-    bool CobraMetricsPublisher::flushQueue()
-    {
-        return _cobra_metrics_theaded_publisher.flushQueue();
-    }
-
-    void CobraMetricsPublisher::suspend()
-    {
-        _cobra_metrics_theaded_publisher.suspend();
-    }
-
-    void CobraMetricsPublisher::resume()
-    {
-        _cobra_metrics_theaded_publisher.resume();
-    }
-
-    bool CobraMetricsPublisher::isConnected() const
-    {
-        return _cobra_metrics_theaded_publisher.isConnected();
-    }
-
-    bool CobraMetricsPublisher::isAuthenticated() const
-    {
-        return _cobra_metrics_theaded_publisher.isAuthenticated();
-    }
-
-} // namespace ix

ixcobra/ixcobra/IXCobraMetricsPublisher.h

@@ -1,167 +0,0 @@
-/*
- *  IXCobraMetricsPublisher.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017 Machine Zone. All rights reserved.
- */
-
-#pragma once
-
-#include "IXCobraMetricsThreadedPublisher.h"
-#include <atomic>
-#include <chrono>
-#include <jsoncpp/json/json.h>
-#include <string>
-#include <unordered_map>
-
-namespace ix
-{
-    class CobraMetricsPublisher
-    {
-    public:
-        CobraMetricsPublisher();
-        ~CobraMetricsPublisher();
-
-        /// Thread safety notes:
-        ///
-        /// 1. _enabled, _blacklist and _rate_control read/writes are not protected by a mutex
-        /// to make shouldPush as fast as possible. _enabled default to false.
-        ///
-        /// The code that set those is ran only once at init, and
-        /// the last value to be set is _enabled, which is also the first value checked in
-        /// shouldPush, so there shouldn't be any race condition.
-        ///
-        /// 2. The queue of messages is thread safe, so multiple metrics can be safely pushed on
-        /// multiple threads
-        ///
-        /// 3. Access to _last_update is protected as it needs to be read/write.
-        ///
-
-        /// Configuration / set keys, etc...
-        /// All input data but the channel name is encrypted with rc4
-        void configure(const std::string& appkey,
-                       const std::string& endpoint,
-                       const std::string& channel,
-                       const std::string& rolename,
-                       const std::string& rolesecret,
-                       bool enablePerMessageDeflate);
-
-        /// Setter for the list of blacklisted metrics ids.
-        /// That list is sorted internally for fast lookups
-        void setBlacklist(const std::vector<std::string>& blacklist);
-
-        /// Set the maximum rate at which a metrics can be sent. Unit is seconds
-        /// if rate_control = { 'foo_id': 60 },
-        /// the foo_id metric cannot be pushed more than once every 60 seconds
-        void setRateControl(const std::unordered_map<std::string, int>& rate_control);
-
-        /// Configuration / enable/disable
-        void enable(bool enabled);
-
-        /// Simple interface, list of key value pairs where typeof(key) == typeof(value) == string
-        typedef std::unordered_map<std::string, std::string> Message;
-        void push(const std::string& id,
-                  const CobraMetricsPublisher::Message& data = CobraMetricsPublisher::Message());
-
-        /// Richer interface using json, which supports types (bool, int, float) and hierarchies of
-        /// elements
-        ///
-        /// The shouldPushTest argument should be set to false, and used in combination with the
-        /// shouldPush method for places where we want to be as lightweight as possible when
-        /// collecting metrics. When set to false, it is used so that we don't do double work when
-        /// computing whether a metrics should be sent or not.
-        void push(const std::string& id, const Json::Value& data, bool shouldPushTest = true);
-
-        /// Interface used by lua. msg is a json encoded string.
-        void push(const std::string& id, const std::string& data, bool shouldPushTest = true);
-
-        /// Tells whether a metric can be pushed.
-        /// A metric can be pushed if it satisfies those conditions:
-        ///
-        /// 1. the metrics system should be enabled
-        /// 2. the metrics shouldn't be black-listed
-        /// 3. the metrics shouldn't have reached its rate control limit at this
-        /// "sampling"/"calling" time
-        bool shouldPush(const std::string& id) const;
-
-        /// Get generic information json object
-        Json::Value& getGenericAttributes();
-
-        /// Set generic information values
-        void setGenericAttributes(const std::string& attrName, const Json::Value& value);
-
-        /// Set a unique id for the session. A uuid can be used.
-        void setSession(const std::string& session) { _session = session; }
-
-        /// Get the unique id used to identify the current session
-        const std::string& getSession() const { return _session; }
-
-        /// Return the number of milliseconds since the epoch (~1970)
-        uint64_t getMillisecondsSinceEpoch() const;
-
-        /// Set satori connection publish mode
-        void setPublishMode(CobraConnectionPublishMode publishMode);
-
-        /// Flush the publish queue
-        bool flushQueue();
-
-        /// Lifecycle management. Free resources when backgrounding
-        void suspend();
-        void resume();
-
-        /// Tells whether the socket connection is opened
-        bool isConnected() const;
-
-        /// Returns true only if we're authenticated
-        bool isAuthenticated() const;
-
-    private:
-        /// Lookup an id in our metrics to see whether it is blacklisted
-        /// Complexity is logarithmic
-        bool isMetricBlacklisted(const std::string& id) const;
-
-        /// Tells whether we should drop a metrics or not as part of an enqueuing
-        /// because it exceed the max update rate (it is sent too often)
-        bool isAboveMaxUpdateRate(const std::string& id) const;
-
-        /// Record when a metric was last sent. Used for rate control
-        void setLastUpdate(const std::string& id);
-
-        ///
-        /// Member variables
-        ///
-
-        CobraMetricsThreadedPublisher _cobra_metrics_theaded_publisher;
-
-        /// A boolean to enable or disable this system
-        /// push becomes a no-op when _enabled is false
-        std::atomic<bool> _enabled;
-
-        /// A uuid used to uniquely identify a session
-        std::string _session;
-
-        /// The _device json blob is populated once when configuring this system
-        /// It record generic metadata about the client, run (version, device model, etc...)
-        Json::Value _device;
-        mutable std::mutex _device_mutex; // protect access to _device
-
-        /// Metrics control (black list + rate control)
-        std::vector<std::string> _blacklist;
-        std::unordered_map<std::string, int> _rate_control;
-        std::unordered_map<std::string, std::chrono::time_point<std::chrono::steady_clock>>
-            _last_update;
-        mutable std::mutex _last_update_mutex; // protect access to _last_update
-
-        /// Bump a counter for each metric type
-        std::unordered_map<std::string, int> _counters;
-        mutable std::mutex _counters_mutex; // protect access to _counters
-
-        // const strings for internal ids
-        static const std::string kSetRateControlId;
-        static const std::string kSetBlacklistId;
-
-        /// Our protocol version. Can be used by subscribers who would want to be backward
-        /// compatible if we change the way we arrange data
-        static const int kVersion;
-    };
-
-} // namespace ix

ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.cpp

@@ -1,225 +0,0 @@
-/*
- *  IXCobraMetricsThreadedPublisher.cpp
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017 Machine Zone. All rights reserved.
- */
-
-#include "IXCobraMetricsThreadedPublisher.h"
-#include <ixwebsocket/IXSetThreadName.h>
-#include <ixcore/utils/IXCoreLogger.h>
-
-#include <algorithm>
-#include <stdexcept>
-#include <cmath>
-#include <cassert>
-#include <iostream>
-
-
-namespace ix
-{
-    CobraMetricsThreadedPublisher::CobraMetricsThreadedPublisher() :
-        _stop(false)
-    {
-        _cobra_connection.setEventCallback(
-            []
-            (ix::CobraConnectionEventType eventType,
-             const std::string& errMsg,
-             const ix::WebSocketHttpHeaders& headers,
-             const std::string& subscriptionId,
-             CobraConnection::MsgId msgId)
-            {
-                std::stringstream ss;
-
-                if (eventType == ix::CobraConnection_EventType_Open)
-                {
-                    ss << "Handshake headers" << std::endl;
-
-                    for (auto it : headers)
-                    {
-                        ss << it.first << ": " << it.second << std::endl;
-                    }
-                }
-                else if (eventType == ix::CobraConnection_EventType_Authenticated)
-                {
-                    ss << "Authenticated";
-                }
-                else if (eventType == ix::CobraConnection_EventType_Error)
-                {
-                    ss << "Error: " << errMsg;
-                }
-                else if (eventType == ix::CobraConnection_EventType_Closed)
-                {
-                    ss << "Connection closed: " << errMsg;
-                }
-                else if (eventType == ix::CobraConnection_EventType_Subscribed)
-                {
-                    ss << "Subscribed through subscription id: " << subscriptionId;
-                }
-                else if (eventType == ix::CobraConnection_EventType_UnSubscribed)
-                {
-                    ss << "Unsubscribed through subscription id: " << subscriptionId;
-                }
-                else if (eventType == ix::CobraConnection_EventType_Published)
-                {
-                    ss << "Published message " << msgId << " acked";
-                }
-
-                ix::IXCoreLogger::Log(ss.str().c_str());
-        });
-    }
-
-    CobraMetricsThreadedPublisher::~CobraMetricsThreadedPublisher()
-    {
-        // The background thread won't be joinable if it was never
-        // started by calling CobraMetricsThreadedPublisher::start
-        if (!_thread.joinable()) return;
-
-        _stop = true;
-        _condition.notify_one();
-        _thread.join();
-    }
-
-    void CobraMetricsThreadedPublisher::start()
-    {
-        if (_thread.joinable()) return; // we've already been started
-
-        _thread = std::thread(&CobraMetricsThreadedPublisher::run, this);
-    }
-
-    void CobraMetricsThreadedPublisher::configure(const std::string& appkey,
-                                                  const std::string& endpoint,
-                                                  const std::string& channel,
-                                                  const std::string& rolename,
-                                                  const std::string& rolesecret,
-                                                  bool enablePerMessageDeflate)
-    {
-        _channel = channel;
-
-        ix::WebSocketPerMessageDeflateOptions webSocketPerMessageDeflateOptions(enablePerMessageDeflate);
-        _cobra_connection.configure(appkey, endpoint,
-                                    rolename, rolesecret,
-                                    webSocketPerMessageDeflateOptions);
-    }
-
-    void CobraMetricsThreadedPublisher::pushMessage(MessageKind messageKind,
-                                                    const Json::Value& msg)
-    {
-        // Enqueue the task
-        {
-            // acquire lock
-            std::unique_lock<std::mutex> lock(_queue_mutex);
-
-            // add the task
-            _queue.push(std::make_pair(messageKind, msg));
-        } // release lock
-
-        // wake up one thread
-        _condition.notify_one();
-    }
-
-    void CobraMetricsThreadedPublisher::setPublishMode(CobraConnectionPublishMode publishMode)
-    {
-        _cobra_connection.setPublishMode(publishMode);
-    }
-
-    bool CobraMetricsThreadedPublisher::flushQueue()
-    {
-        return _cobra_connection.flushQueue();
-    }
-
-    void CobraMetricsThreadedPublisher::run()
-    {
-        setThreadName("CobraMetricsPublisher");
-
-        Json::Value channels;
-        channels.append(std::string());
-        channels.append(std::string());
-        const std::string messageIdKey("id");
-
-        _cobra_connection.connect();
-
-        while (true)
-        {
-            Json::Value msg;
-            MessageKind messageKind;
-
-            {
-                std::unique_lock<std::mutex> lock(_queue_mutex);
-
-                while (!_stop && _queue.empty())
-                {
-                    _condition.wait(lock);
-                }
-                if (_stop)
-                {
-                    _cobra_connection.disconnect();
-                    return;
-                }
-
-                auto item = _queue.front();
-                _queue.pop();
-
-                messageKind = item.first;
-                msg = item.second;
-            }
-
-            switch (messageKind)
-            {
-                case MessageKind::Suspend:
-                {
-                    _cobra_connection.suspend();
-                    continue;
-                }; break;
-
-                case MessageKind::Resume:
-                {
-                    _cobra_connection.resume();
-                    continue;
-                }; break;
-
-                case MessageKind::Message:
-                {
-                    ;
-                }; break;
-            }
-
-            //
-            // Publish to multiple channels. This let the consumer side
-            // easily subscribe to all message of a certain type, without having
-            // to do manipulations on the messages on the server side.
-            //
-            channels[0] = _channel;
-            if (msg.isMember(messageIdKey))
-            {
-                channels[1] = msg[messageIdKey];
-            }
-            _cobra_connection.publish(channels, msg);
-        }
-    }
-
-    void CobraMetricsThreadedPublisher::push(const Json::Value& msg)
-    {
-        pushMessage(MessageKind::Message, msg);
-    }
-
-    void CobraMetricsThreadedPublisher::suspend()
-    {
-        pushMessage(MessageKind::Suspend, Json::Value());
-    }
-
-    void CobraMetricsThreadedPublisher::resume()
-    {
-        pushMessage(MessageKind::Resume, Json::Value());
-    }
-
-    bool CobraMetricsThreadedPublisher::isConnected() const
-    {
-        return _cobra_connection.isConnected();
-    }
-
-    bool CobraMetricsThreadedPublisher::isAuthenticated() const
-    {
-        return _cobra_connection.isAuthenticated();
-    }
-
-} // namespace ix

ixcobra/ixcobra/IXCobraMetricsThreadedPublisher.h

@@ -1,104 +0,0 @@
-/*
- *  IXCobraMetricsThreadedPublisher.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017 Machine Zone. All rights reserved.
- */
-
-#pragma once
-
-#include "IXCobraConnection.h"
-#include <atomic>
-#include <condition_variable>
-#include <jsoncpp/json/json.h>
-#include <map>
-#include <mutex>
-#include <queue>
-#include <string>
-#include <thread>
-
-namespace ix
-{
-    class CobraMetricsThreadedPublisher
-    {
-    public:
-        CobraMetricsThreadedPublisher();
-        ~CobraMetricsThreadedPublisher();
-
-        /// Configuration / set keys, etc...
-        void configure(const std::string& appkey,
-                       const std::string& endpoint,
-                       const std::string& channel,
-                       const std::string& rolename,
-                       const std::string& rolesecret,
-                       bool enablePerMessageDeflate);
-
-        /// Start the worker thread, used for background publishing
-        void start();
-
-        /// Push a msg to our queue of messages to be published to cobra on the background
-        //  thread. Main user right now is the Cobra Metrics System
-        void push(const Json::Value& msg);
-
-        /// Set cobra connection publish mode
-        void setPublishMode(CobraConnectionPublishMode publishMode);
-
-        /// Flush the publish queue
-        bool flushQueue();
-
-        /// Lifecycle management. Free resources when backgrounding
-        void suspend();
-        void resume();
-
-        /// Tells whether the socket connection is opened
-        bool isConnected() const;
-
-        /// Returns true only if we're authenticated
-        bool isAuthenticated() const;
-
-    private:
-        enum class MessageKind
-        {
-            Message = 0,
-            Suspend = 1,
-            Resume = 2
-        };
-
-        /// Push a message to be processed by the background thread
-        void pushMessage(MessageKind messageKind, const Json::Value& msg);
-
-        /// Get a wait time which is increasing exponentially based on the number of retries
-        uint64_t getWaitTimeExp(int retry_count);
-
-        /// Debugging routine to print the connection parameters to the console
-        void printInfo();
-
-        /// Publish a message to satory
-        /// Will retry multiple times (3) if a problem occurs.
-        ///
-        /// Right now, only called on the publish worker thread.
-        void safePublish(const Json::Value& msg);
-
-        /// The worker thread "daemon" method. That method never returns unless _stop is set to true
-        void run();
-
-        /// Our connection to cobra.
-        CobraConnection _cobra_connection;
-
-        /// The channel we are publishing to
-        std::string _channel;
-
-        /// Internal data structures used to publish to cobra
-        /// Pending messages are stored into a queue, which is protected by a mutex
-        /// We used a condition variable to prevent the worker thread from busy polling
-        /// So we notify the condition variable when an incoming message arrives to signal
-        /// that it should wake up and take care of publishing it to cobra
-        /// To shutdown the worker thread one has to set the _stop boolean to true.
-        /// This is done in the destructor
-        std::queue<std::pair<MessageKind, Json::Value>> _queue;
-        mutable std::mutex _queue_mutex;
-        std::condition_variable _condition;
-        std::atomic<bool> _stop;
-        std::thread _thread;
-    };
-
-} // namespace ix

ixcobra/ixcobra/README.md

@@ -1 +0,0 @@
-Client code to publish to a real time analytic system, described in [https://bsergean.github.io/redis_conf_2019/slides.html#1](link).

ixcore/CMakeLists.txt

@@ -1,19 +0,0 @@
-#
-# Author: Benjamin Sergeant
-# Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
-#
-
-set (IXCORE_SOURCES
-    ixcore/utils/IXCoreLogger.cpp
-)
-
-set (IXCORE_HEADERS
-    ixcore/utils/IXCoreLogger.h
-)
-
-add_library(ixcore STATIC
-    ${IXCORE_SOURCES}
-    ${IXCORE_HEADERS}
-)
-
-target_include_directories( ixcore PUBLIC . )

ixcore/ixcore/utils/IXCoreLogger.cpp

@@ -1,14 +0,0 @@
-#include "ixcore/utils/IXCoreLogger.h"
-
-
-namespace ix
-{
-// Default do nothing logger
-IXCoreLogger::LogFunc IXCoreLogger::_currentLogger = [](const char* /*msg*/){};
-
-void IXCoreLogger::Log(const char* msg)
-{
-    _currentLogger(msg);
-}
-
-} // ix

ixcore/ixcore/utils/IXCoreLogger.h

@@ -1,18 +0,0 @@
-#pragma once
-#include <functional>
-
-namespace ix
-{
-    class IXCoreLogger
-    {
-    public:
-        using LogFunc = std::function<void(const char*)>;
-        static void Log(const char* msg);
-
-        static void setLogFunction(LogFunc& func) { _currentLogger = func; }
-
-    private:
-        static LogFunc _currentLogger;
-    };
-
-} // namespace ix

ixcrypto/CMakeLists.txt

@@ -1,54 +0,0 @@
-#
-# Author: Benjamin Sergeant
-# Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
-#
-set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/../CMake;${CMAKE_MODULE_PATH}")
-
-set (IXCRYPTO_SOURCES
-    ixcrypto/IXHMac.cpp
-    ixcrypto/IXBase64.cpp
-    ixcrypto/IXUuid.cpp
-    ixcrypto/IXHash.cpp
-)
-
-set (IXCRYPTO_HEADERS
-    ixcrypto/IXHMac.h
-    ixcrypto/IXBase64.h
-    ixcrypto/IXUuid.h
-    ixcrypto/IXHash.h
-)
-
-add_library(ixcrypto STATIC
-    ${IXCRYPTO_SOURCES}
-    ${IXCRYPTO_HEADERS}
-)
-
-set(IXCRYPTO_INCLUDE_DIRS 
-    .
-    ../ixcore)
-
-target_include_directories( ixcrypto PUBLIC ${IXCRYPTO_INCLUDE_DIRS} )
-
-# hmac computation needs a crypto library
-
-if (WIN32)
-  set(USE_MBED_TLS TRUE)
-endif()
-
-target_compile_definitions(ixcrypto PUBLIC IXCRYPTO_USE_TLS)
-if (USE_MBED_TLS)
-    find_package(MbedTLS REQUIRED)
-    target_include_directories(ixcrypto PUBLIC ${MBEDTLS_INCLUDE_DIRS})
-    target_link_libraries(ixcrypto ${MBEDTLS_LIBRARIES})
-    target_compile_definitions(ixcrypto PUBLIC IXCRYPTO_USE_MBED_TLS)
-elseif (APPLE)
-elseif (WIN32)
-else()
-    find_package(OpenSSL REQUIRED)
-    add_definitions(${OPENSSL_DEFINITIONS})
-    message(STATUS "OpenSSL: " ${OPENSSL_VERSION})
-    include_directories(${OPENSSL_INCLUDE_DIR})
-    target_link_libraries(ixcrypto ${OPENSSL_LIBRARIES})
-    target_compile_definitions(ixcrypto PUBLIC IXCRYPTO_USE_OPEN_SSL)
-endif()
-

ixcrypto/ixcrypto/IXBase64.cpp

@@ -1,135 +0,0 @@
-/*
- base64.cpp and base64.h
-
- Copyright (C) 2004-2008 René Nyffenegger
-
- This source code is provided 'as-is', without any express or implied
- warranty. In no event will the author be held liable for any damages
- arising from the use of this software.
-
- Permission is granted to anyone to use this software for any purpose,
- including commercial applications, and to alter it and redistribute it
- freely, subject to the following restrictions:
-
- 1. The origin of this source code must not be misrepresented; you must not
- claim that you wrote the original source code. If you use this source code
- in a product, an acknowledgment in the product documentation would be
- appreciated but is not required.
-
- 2. Altered source versions must be plainly marked as such, and must not be
- misrepresented as being the original source code.
-
- 3. This notice may not be removed or altered from any source distribution.
-
- René Nyffenegger rene.nyffenegger@adp-gmbh.ch
-
- */
-
-#include "IXBase64.h"
-
-namespace ix
-{
-    static const std::string base64_chars =
-    "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
-    "abcdefghijklmnopqrstuvwxyz"
-    "0123456789+/";
-
-    std::string base64_encode(const std::string& data, size_t len)
-    {
-        std::string ret;
-        int i = 0;
-        int j = 0;
-        unsigned char char_array_3[3];
-        unsigned char char_array_4[4];
-
-        const char* bytes_to_encode = data.c_str();
-
-        while(len--)
-        {
-            char_array_3[i++] = *(bytes_to_encode++);
-            if(i == 3)
-            {
-                char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
-                char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
-                char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
-                char_array_4[3] = char_array_3[2] & 0x3f;
-
-                for(i = 0; (i <4) ; i++)
-                    ret += base64_chars[char_array_4[i]];
-
-                i = 0;
-            }
-        }
-
-        if(i)
-        {
-            for(j = i; j < 3; j++)
-                char_array_3[j] = '\0';
-
-            char_array_4[0] = (char_array_3[0] & 0xfc) >> 2;
-            char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4);
-            char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6);
-            char_array_4[3] = char_array_3[2] & 0x3f;
-
-            for(j = 0; (j < i + 1); j++)
-                ret += base64_chars[char_array_4[j]];
-
-            while((i++ < 3))
-                ret += '=';
-
-        }
-
-        return ret;
-    }
-
-    static inline bool is_base64(unsigned char c)
-    {
-        return (isalnum(c) || (c == '+') || (c == '/'));
-    }
-
-    std::string base64_decode(const std::string& encoded_string)
-    {
-        int in_len = (int)encoded_string.size();
-        int i = 0;
-        int j = 0;
-        int in_ = 0;
-        unsigned char char_array_4[4], char_array_3[3];
-        std::string ret;
-
-        while(in_len-- && ( encoded_string[in_] != '=') && is_base64(encoded_string[in_]))
-        {
-            char_array_4[i++] = encoded_string[in_]; in_++;
-            if(i ==4)
-            {
-                for(i = 0; i <4; i++)
-                    char_array_4[i] = base64_chars.find(char_array_4[i]);
-
-                char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
-                char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
-                char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
-
-                for(i = 0; (i < 3); i++)
-                    ret += char_array_3[i];
-
-                i = 0;
-            }
-        }
-
-        if(i)
-        {
-            for(j = i; j <4; j++)
-                char_array_4[j] = 0;
-
-            for(j = 0; j <4; j++)
-                char_array_4[j] = base64_chars.find(char_array_4[j]);
-
-            char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4);
-            char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2);
-            char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3];
-
-            for(j = 0; (j < i - 1); j++) ret += char_array_3[j];
-        }
-
-        return ret;
-    }
-}

ixcrypto/ixcrypto/IXBase64.h

@@ -1,15 +0,0 @@
-/*
- *  base64.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2018 Machine Zone. All rights reserved.
- */
-
-#pragma once
-
-#include <string>
-
-namespace ix
-{
-    std::string base64_encode(const std::string& data, size_t len);
-    std::string base64_decode(const std::string& encoded_string);
-} // namespace ix

ixcrypto/ixcrypto/IXHMac.cpp

@@ -1,50 +0,0 @@
-/*
- *  IXHMac.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2018 Machine Zone. All rights reserved.
- */
-
-#include "IXHMac.h"
-#include "IXBase64.h"
-
-#if defined(IXCRYPTO_USE_MBED_TLS)
-# include <mbedtls/md.h>
-#elif defined(__APPLE__)
-# include <CommonCrypto/CommonHMAC.h>
-#elif defined(IXCRYPTO_USE_OPEN_SSL)
-# include <openssl/hmac.h>
-#else
-# error "Unsupported configuration"
-#endif
-
-namespace ix
-{
-    std::string hmac(const std::string& data, const std::string& key)
-    {
-        constexpr size_t hashSize = 16;
-        unsigned char hash[hashSize];
-
-#if defined(IXCRYPTO_USE_MBED_TLS)
-        mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_MD5),
-               (unsigned char *) key.c_str(), key.size(),
-               (unsigned char *) data.c_str(), data.size(),
-               (unsigned char *) &hash);
-#elif defined(__APPLE__)
-        CCHmac(kCCHmacAlgMD5,
-               key.c_str(), key.size(),
-               data.c_str(), data.size(),
-               &hash);
-#elif defined(IXCRYPTO_USE_OPEN_SSL)
-        HMAC(EVP_md5(),
-             key.c_str(), (int) key.size(),
-             (unsigned char *) data.c_str(), (int) data.size(),
-             (unsigned char *) hash, nullptr);
-#else
-#       error "Unsupported configuration"
-#endif
-
-        std::string hashString(reinterpret_cast<char*>(hash), hashSize);
-
-        return base64_encode(hashString, (uint32_t) hashString.size());
-    }
-}

ixcrypto/ixcrypto/IXHMac.h

@@ -1,14 +0,0 @@
-/*
- *  IXHMac.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2018 Machine Zone. All rights reserved.
- */
-
-#pragma once
-
-#include <string>
-
-namespace ix
-{
-    std::string hmac(const std::string& data, const std::string& key);
-}

ixcrypto/ixcrypto/IXHash.cpp

@@ -1,22 +0,0 @@
-/*
- *  IXHash.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2018 Machine Zone. All rights reserved.
- */
-
-#include "IXHash.h"
-
-namespace ix
-{
-    uint64_t djb2Hash(const std::vector<uint8_t>& data)
-    {
-        uint64_t hashAddress = 5381;
-
-        for (auto&& c : data)
-        {
-            hashAddress = ((hashAddress << 5) + hashAddress) + c;
-        }
-
-        return hashAddress;
-    }
-}

ixcrypto/ixcrypto/IXHash.h

@@ -1,15 +0,0 @@
-/*
- *  IXHash.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2018 Machine Zone. All rights reserved.
- */
-
-#pragma once
-
-#include <cstdint>
-#include <vector>
-
-namespace ix
-{
-    uint64_t djb2Hash(const std::vector<uint8_t>& data);
-}

ixwebsocket/IXBench.cpp

@@ -0,0 +1,61 @@
+/*
+ *  IXBench.cpp
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved.
+ */
+
+#include "IXBench.h"
+
+#include <iostream>
+
+namespace ix
+{
+    Bench::Bench(const std::string& description)
+        : _description(description)
+    {
+        reset();
+    }
+
+    Bench::~Bench()
+    {
+        if (!_reported)
+        {
+            report();
+        }
+    }
+
+    void Bench::reset()
+    {
+        _start = std::chrono::high_resolution_clock::now();
+        _reported = false;
+    }
+
+    void Bench::report()
+    {
+        auto now = std::chrono::high_resolution_clock::now();
+        auto microseconds = std::chrono::duration_cast<std::chrono::microseconds>(now - _start);
+
+        _duration = microseconds.count();
+        std::cerr << _description << " completed in " << _duration << " us" << std::endl;
+
+        setReported();
+    }
+
+    void Bench::record()
+    {
+        auto now = std::chrono::high_resolution_clock::now();
+        auto microseconds = std::chrono::duration_cast<std::chrono::microseconds>(now - _start);
+
+        _duration = microseconds.count();
+    }
+
+    void Bench::setReported()
+    {
+        _reported = true;
+    }
+
+    uint64_t Bench::getDuration() const
+    {
+        return _duration;
+    }
+} // namespace ix

ixwebsocket/IXBench.h

@@ -0,0 +1,32 @@
+/*
+ *  IXBench.h
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved.
+ */
+#pragma once
+
+#include <chrono>
+#include <stdint.h>
+#include <string>
+
+namespace ix
+{
+    class Bench
+    {
+    public:
+        Bench(const std::string& description);
+        ~Bench();
+
+        void reset();
+        void record();
+        void report();
+        void setReported();
+        uint64_t getDuration() const;
+
+    private:
+        std::string _description;
+        std::chrono::time_point<std::chrono::high_resolution_clock> _start;
+        uint64_t _duration;
+        bool _reported;
+    };
+} // namespace ix

ixwebsocket/IXCancellationRequest.cpp

@@ -6,18 +6,20 @@
 
 #include "IXCancellationRequest.h"
 
+#include <cassert>
 #include <chrono>
 
 namespace ix
 {
-    CancellationRequest makeCancellationRequestWithTimeout(int secs,
-                                                           std::atomic<bool>& requestInitCancellation)
+    CancellationRequest makeCancellationRequestWithTimeout(
+        int secs, std::atomic<bool>& requestInitCancellation)
     {
+        assert(secs > 0);
+
         auto start = std::chrono::system_clock::now();
         auto timeout = std::chrono::seconds(secs);
 
-        auto isCancellationRequested = [&requestInitCancellation, start, timeout]() -> bool
-        {
+        auto isCancellationRequested = [&requestInitCancellation, start, timeout]() -> bool {
             // Was an explicit cancellation requested ?
             if (requestInitCancellation) return true;
 
@@ -30,4 +32,4 @@ namespace ix
 
         return isCancellationRequested;
     }
-}
+} // namespace ix

ixwebsocket/IXConnectionState.cpp

@@ -10,7 +10,8 @@ namespace ix
 {
     std::atomic<uint64_t> ConnectionState::_globalId(0);
 
-    ConnectionState::ConnectionState() : _terminated(false)
+    ConnectionState::ConnectionState()
+        : _terminated(false)
     {
         computeId();
     }
@@ -30,6 +31,11 @@ namespace ix
         return std::make_shared<ConnectionState>();
     }
 
+    void ConnectionState::setOnSetTerminatedCallback(const OnSetTerminatedCallback& callback)
+    {
+        _onSetTerminatedCallback = callback;
+    }
+
     bool ConnectionState::isTerminated() const
     {
         return _terminated;
@@ -38,6 +44,30 @@ namespace ix
     void ConnectionState::setTerminated()
     {
         _terminated = true;
-    }
-}
 
+        if (_onSetTerminatedCallback)
+        {
+            _onSetTerminatedCallback();
+        }
+    }
+
+    const std::string& ConnectionState::getRemoteIp()
+    {
+        return _remoteIp;
+    }
+
+    int ConnectionState::getRemotePort()
+    {
+        return _remotePort;
+    }
+
+    void ConnectionState::setRemoteIp(const std::string& remoteIp)
+    {
+        _remoteIp = remoteIp;
+    }
+
+    void ConnectionState::setRemotePort(int remotePort)
+    {
+        _remotePort = remotePort;
+    }
+} // namespace ix

ixwebsocket/IXConnectionState.h

@@ -7,12 +7,15 @@
 #pragma once
 
 #include <atomic>
+#include <functional>
 #include <memory>
 #include <stdint.h>
 #include <string>
 
 namespace ix
 {
+    using OnSetTerminatedCallback = std::function<void()>;
+
     class ConnectionState
     {
     public:
@@ -25,12 +28,27 @@ namespace ix
         void setTerminated();
         bool isTerminated() const;
 
+        const std::string& getRemoteIp();
+        int getRemotePort();
+
         static std::shared_ptr<ConnectionState> createConnectionState();
 
+    private:
+        void setOnSetTerminatedCallback(const OnSetTerminatedCallback& callback);
+
+        void setRemoteIp(const std::string& remoteIp);
+        void setRemotePort(int remotePort);
+
     protected:
         std::atomic<bool> _terminated;
         std::string _id;
+        OnSetTerminatedCallback _onSetTerminatedCallback;
 
         static std::atomic<uint64_t> _globalId;
+
+        std::string _remoteIp;
+        int _remotePort;
+
+        friend class SocketServer;
     };
 } // namespace ix

ixwebsocket/IXDNSLookup.cpp

@@ -4,23 +4,36 @@
  *  Copyright (c) 2018 Machine Zone, Inc. All rights reserved.
  */
 
-#include "IXDNSLookup.h"
-#include "IXNetSystem.h"
+//
+// On Windows Universal Platform (uwp), gai_strerror defaults behavior is to returns wchar_t
+// which is different from all other platforms. We want the non unicode version.
+// See https://github.com/microsoft/vcpkg/pull/11030
+// We could do this in IXNetSystem.cpp but so far we are only using gai_strerror in here.
+//
+#ifdef _UNICODE
+#undef _UNICODE
+#endif
+#ifdef UNICODE
+#undef UNICODE
+#endif
 
-#include <string.h>
+#include "IXDNSLookup.h"
+
+#include "IXNetSystem.h"
 #include <chrono>
+#include <string.h>
 #include <thread>
 
 namespace ix
 {
     const int64_t DNSLookup::kDefaultWait = 1; // ms
 
-    DNSLookup::DNSLookup(const std::string& hostname, int port, int64_t wait) :
-        _hostname(hostname),
-        _port(port),
-        _wait(wait),
-        _res(nullptr),
-        _done(false)
+    DNSLookup::DNSLookup(const std::string& hostname, int port, int64_t wait)
+        : _hostname(hostname)
+        , _port(port)
+        , _wait(wait)
+        , _res(nullptr)
+        , _done(false)
     {
         ;
     }
@@ -38,8 +51,7 @@ namespace ix
         std::string sport = std::to_string(port);
 
         struct addrinfo* res;
-        int getaddrinfo_result = getaddrinfo(hostname.c_str(), sport.c_str(),
-                                             &hints, &res);
+        int getaddrinfo_result = getaddrinfo(hostname.c_str(), sport.c_str(), &hints, &res);
         if (getaddrinfo_result)
         {
             errMsg = gai_strerror(getaddrinfo_result);
@@ -56,13 +68,18 @@ namespace ix
                            : resolveUnCancellable(errMsg, isCancellationRequested);
     }
 
-    struct addrinfo* DNSLookup::resolveUnCancellable(std::string& errMsg,
-                                                     const CancellationRequest& isCancellationRequested)
+    void DNSLookup::release(struct addrinfo* addr)
+    {
+        freeaddrinfo(addr);
+    }
+
+    struct addrinfo* DNSLookup::resolveUnCancellable(
+        std::string& errMsg, const CancellationRequest& isCancellationRequested)
     {
         errMsg = "no error";
 
         // Maybe a cancellation request got in before the background thread terminated ?
-        if (isCancellationRequested && isCancellationRequested())
+        if (isCancellationRequested())
         {
             errMsg = "cancellation requested";
             return nullptr;
@@ -71,8 +88,8 @@ namespace ix
         return getAddrInfo(_hostname, _port, errMsg);
     }
 
-    struct addrinfo* DNSLookup::resolveCancellable(std::string& errMsg,
-                                                   const CancellationRequest& isCancellationRequested)
+    struct addrinfo* DNSLookup::resolveCancellable(
+        std::string& errMsg, const CancellationRequest& isCancellationRequested)
     {
         errMsg = "no error";
 
@@ -108,7 +125,7 @@ namespace ix
             std::this_thread::sleep_for(std::chrono::milliseconds(_wait));
 
             // Were we cancelled ?
-            if (isCancellationRequested && isCancellationRequested())
+            if (isCancellationRequested())
             {
                 errMsg = "cancellation requested";
                 return nullptr;
@@ -116,7 +133,7 @@ namespace ix
         }
 
         // Maybe a cancellation request got in before the bg terminated ?
-        if (isCancellationRequested && isCancellationRequested())
+        if (isCancellationRequested())
         {
             errMsg = "cancellation requested";
             return nullptr;
@@ -126,7 +143,9 @@ namespace ix
         return getRes();
     }
 
-    void DNSLookup::run(std::weak_ptr<DNSLookup> self, std::string hostname, int port) // thread runner
+    void DNSLookup::run(std::weak_ptr<DNSLookup> self,
+                        std::string hostname,
+                        int port) // thread runner
     {
         // We don't want to read or write into members variables of an object that could be
         // gone, so we use temporary variables (res) or we pass in by copy everything that
@@ -134,7 +153,7 @@ namespace ix
         std::string errMsg;
         struct addrinfo* res = getAddrInfo(hostname, port, errMsg);
 
-        if (self.lock())
+        if (auto lock = self.lock())
         {
             // Copy result into the member variables
             setRes(res);
@@ -167,4 +186,4 @@ namespace ix
         std::lock_guard<std::mutex> lock(_resMutex);
         return _res;
     }
-}
+} // namespace ix

ixwebsocket/IXDNSLookup.h

@@ -31,6 +31,8 @@ namespace ix
                                  const CancellationRequest& isCancellationRequested,
                                  bool cancellable = true);
 
+        void release(struct addrinfo* addr);
+
     private:
         struct addrinfo* resolveCancellable(std::string& errMsg,
                                             const CancellationRequest& isCancellationRequested);

ixwebsocket/IXExponentialBackoff.cpp

@@ -1,5 +1,5 @@
 /*
- *  IXExponentialBackoff.h
+ *  IXExponentialBackoff.cpp
  *  Author: Benjamin Sergeant
  *  Copyright (c) 2017-2019 Machine Zone, Inc. All rights reserved.
  */
@@ -10,11 +10,10 @@
 
 namespace ix
 {
-    uint32_t calculateRetryWaitMilliseconds(
-        uint32_t retry_count,
-        uint32_t maxWaitBetweenReconnectionRetries)
+    uint32_t calculateRetryWaitMilliseconds(uint32_t retry_count,
+                                            uint32_t maxWaitBetweenReconnectionRetries)
     {
-        uint32_t wait_time = std::pow(2, retry_count) * 100;
+        uint32_t wait_time = (retry_count < 26) ? (std::pow(2, retry_count) * 100) : 0;
 
         if (wait_time > maxWaitBetweenReconnectionRetries || wait_time == 0)
         {
@@ -23,4 +22,4 @@ namespace ix
 
         return wait_time;
     }
-}
+} // namespace ix

ixwebsocket/IXExponentialBackoff.h

@@ -10,7 +10,6 @@
 
 namespace ix
 {
-    uint32_t calculateRetryWaitMilliseconds(
-        uint32_t retry_count,
-        uint32_t maxWaitBetweenReconnectionRetries);
+    uint32_t calculateRetryWaitMilliseconds(uint32_t retry_count,
+                                            uint32_t maxWaitBetweenReconnectionRetries);
 } // namespace ix

ixwebsocket/IXGetFreePort.cpp

@@ -4,12 +4,20 @@
  *  Copyright (c) 2019 Machine Zone. All rights reserved.
  */
 
+// Using inet_addr will trigger an error on uwp without this
+// FIXME: use a different api
+#ifdef _WIN32
+#ifndef _WINSOCK_DEPRECATED_NO_WARNINGS
+#define _WINSOCK_DEPRECATED_NO_WARNINGS
+#endif
+#endif
+
 #include "IXGetFreePort.h"
+
 #include <ixwebsocket/IXNetSystem.h>
 #include <ixwebsocket/IXSocket.h>
-
-#include <string>
 #include <random>
+#include <string>
 
 namespace ix
 {
@@ -23,15 +31,14 @@ namespace ix
 
     int getAnyFreePort()
     {
-        int sockfd;
+        socket_t sockfd;
         if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
         {
             return getAnyFreePortRandom();
         }
 
         int enable = 1;
-        if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
-                       (char*) &enable, sizeof(enable)) < 0)
+        if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char*) &enable, sizeof(enable)) < 0)
         {
             return getAnyFreePortRandom();
         }
@@ -39,10 +46,10 @@ namespace ix
         // Bind to port 0. This is the standard way to get a free port.
         struct sockaddr_in server; // server address information
         server.sin_family = AF_INET;
-        server.sin_port   = htons(0);
+        server.sin_port = htons(0);
         server.sin_addr.s_addr = inet_addr("127.0.0.1");
 
-        if (bind(sockfd, (struct sockaddr *)&server, sizeof(server)) < 0)
+        if (bind(sockfd, (struct sockaddr*) &server, sizeof(server)) < 0)
         {
             Socket::closeSocket(sockfd);
             return getAnyFreePortRandom();
@@ -50,7 +57,7 @@ namespace ix
 
         struct sockaddr_in sa; // server address information
         socklen_t len = sizeof(sa);
-        if (getsockname(sockfd, (struct sockaddr *) &sa, &len) < 0)
+        if (getsockname(sockfd, (struct sockaddr*) &sa, &len) < 0)
         {
             Socket::closeSocket(sockfd);
             return getAnyFreePortRandom();
@@ -67,11 +74,11 @@ namespace ix
         while (true)
         {
 #if defined(__has_feature)
-# if __has_feature(address_sanitizer)
+#if __has_feature(address_sanitizer)
             int port = getAnyFreePortRandom();
-# else
+#else
             int port = getAnyFreePort();
-# endif
+#endif
 #else
             int port = getAnyFreePort();
 #endif

ixwebsocket/IXGzipCodec.cpp

@@ -0,0 +1,183 @@
+/*
+ *  IXGzipCodec.cpp
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2020 Machine Zone, Inc. All rights reserved.
+ */
+
+#include "IXGzipCodec.h"
+
+#include "IXBench.h"
+#include <array>
+#include <string.h>
+
+#ifdef IXWEBSOCKET_USE_ZLIB
+#include <zlib.h>
+#endif
+
+#ifdef IXWEBSOCKET_USE_DEFLATE
+#include <libdeflate.h>
+#endif
+
+namespace ix
+{
+    std::string gzipCompress(const std::string& str)
+    {
+#ifndef IXWEBSOCKET_USE_ZLIB
+        return std::string();
+#else
+#ifdef IXWEBSOCKET_USE_DEFLATE
+        int compressionLevel = 6;
+        struct libdeflate_compressor* compressor;
+
+        compressor = libdeflate_alloc_compressor(compressionLevel);
+
+        const void* uncompressed_data = str.data();
+        size_t uncompressed_size = str.size();
+        void* compressed_data;
+        size_t actual_compressed_size;
+        size_t max_compressed_size;
+
+        max_compressed_size = libdeflate_gzip_compress_bound(compressor, uncompressed_size);
+        compressed_data = malloc(max_compressed_size);
+
+        if (compressed_data == NULL)
+        {
+            return std::string();
+        }
+
+        actual_compressed_size = libdeflate_gzip_compress(
+            compressor, uncompressed_data, uncompressed_size, compressed_data, max_compressed_size);
+
+        libdeflate_free_compressor(compressor);
+
+        if (actual_compressed_size == 0)
+        {
+            free(compressed_data);
+            return std::string();
+        }
+
+        std::string out;
+        out.assign(reinterpret_cast<char*>(compressed_data), actual_compressed_size);
+        free(compressed_data);
+
+        return out;
+#else
+        z_stream zs; // z_stream is zlib's control structure
+        memset(&zs, 0, sizeof(zs));
+
+        // deflateInit2 configure the file format: request gzip instead of deflate
+        const int windowBits = 15;
+        const int GZIP_ENCODING = 16;
+
+        deflateInit2(&zs,
+                     Z_DEFAULT_COMPRESSION,
+                     Z_DEFLATED,
+                     windowBits | GZIP_ENCODING,
+                     8,
+                     Z_DEFAULT_STRATEGY);
+
+        zs.next_in = (Bytef*) str.data();
+        zs.avail_in = (uInt) str.size(); // set the z_stream's input
+
+        int ret;
+        char outbuffer[32768];
+        std::string outstring;
+
+        // retrieve the compressed bytes blockwise
+        do
+        {
+            zs.next_out = reinterpret_cast<Bytef*>(outbuffer);
+            zs.avail_out = sizeof(outbuffer);
+
+            ret = deflate(&zs, Z_FINISH);
+
+            if (outstring.size() < zs.total_out)
+            {
+                // append the block to the output string
+                outstring.append(outbuffer, zs.total_out - outstring.size());
+            }
+        } while (ret == Z_OK);
+
+        deflateEnd(&zs);
+
+        return outstring;
+#endif // IXWEBSOCKET_USE_DEFLATE
+#endif // IXWEBSOCKET_USE_ZLIB
+    }
+
+#ifdef IXWEBSOCKET_USE_DEFLATE
+    static uint32_t loadDecompressedGzipSize(const uint8_t* p)
+    {
+        return ((uint32_t) p[0] << 0) | ((uint32_t) p[1] << 8) | ((uint32_t) p[2] << 16) |
+               ((uint32_t) p[3] << 24);
+    }
+#endif
+
+    bool gzipDecompress(const std::string& in, std::string& out)
+    {
+#ifndef IXWEBSOCKET_USE_ZLIB
+        return false;
+#else
+#ifdef IXWEBSOCKET_USE_DEFLATE
+        struct libdeflate_decompressor* decompressor;
+        decompressor = libdeflate_alloc_decompressor();
+
+        const void* compressed_data = in.data();
+        size_t compressed_size = in.size();
+
+        // Retrieve uncompressed size from the trailer of the gziped data
+        const uint8_t* ptr = reinterpret_cast<const uint8_t*>(&in.front());
+        auto uncompressed_size = loadDecompressedGzipSize(&ptr[compressed_size - 4]);
+
+        // Use it to redimension our output buffer
+        out.resize(uncompressed_size);
+
+        libdeflate_result result = libdeflate_gzip_decompress(
+            decompressor, compressed_data, compressed_size, &out.front(), uncompressed_size, NULL);
+
+        libdeflate_free_decompressor(decompressor);
+        return result == LIBDEFLATE_SUCCESS;
+#else
+        z_stream inflateState;
+        memset(&inflateState, 0, sizeof(inflateState));
+
+        inflateState.zalloc = Z_NULL;
+        inflateState.zfree = Z_NULL;
+        inflateState.opaque = Z_NULL;
+        inflateState.avail_in = 0;
+        inflateState.next_in = Z_NULL;
+
+        if (inflateInit2(&inflateState, 16 + MAX_WBITS) != Z_OK)
+        {
+            return false;
+        }
+
+        inflateState.avail_in = (uInt) in.size();
+        inflateState.next_in = (unsigned char*) (const_cast<char*>(in.data()));
+
+        const int kBufferSize = 1 << 14;
+        std::array<unsigned char, kBufferSize> compressBuffer;
+
+        do
+        {
+            inflateState.avail_out = (uInt) kBufferSize;
+            inflateState.next_out = &compressBuffer.front();
+
+            int ret = inflate(&inflateState, Z_SYNC_FLUSH);
+
+            if (ret == Z_NEED_DICT || ret == Z_DATA_ERROR || ret == Z_MEM_ERROR)
+            {
+                inflateEnd(&inflateState);
+                return false;
+            }
+
+            out.append(reinterpret_cast<char*>(&compressBuffer.front()),
+                       kBufferSize - inflateState.avail_out);
+        } while (inflateState.avail_out == 0);
+
+        inflateEnd(&inflateState);
+        return true;
+#endif // IXWEBSOCKET_USE_DEFLATE
+#endif // IXWEBSOCKET_USE_ZLIB
+    }
+} // namespace ix

ixwebsocket/IXGzipCodec.h

@@ -0,0 +1,15 @@
+/*
+ *  IXGzipCodec.h
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2020 Machine Zone, Inc. All rights reserved.
+ */
+
+#pragma once
+
+#include <string>
+
+namespace ix
+{
+    std::string gzipCompress(const std::string& str);
+    bool gzipDecompress(const std::string& in, std::string& out);
+} // namespace ix

ixwebsocket/IXHttp.cpp

@@ -5,9 +5,10 @@
  */
 
 #include "IXHttp.h"
-#include "IXCancellationRequest.h"
-#include "IXSocket.h"
 
+#include "IXCancellationRequest.h"
+#include "IXGzipCodec.h"
+#include "IXSocket.h"
 #include <sstream>
 #include <vector>
 
@@ -57,7 +58,8 @@ namespace ix
         return std::make_pair(httpVersion, statusCode);
     }
 
-    std::tuple<std::string, std::string, std::string> Http::parseRequestLine(const std::string& line)
+    std::tuple<std::string, std::string, std::string> Http::parseRequestLine(
+        const std::string& line)
     {
         // Request-Line   = Method SP Request-URI SP HTTP-Version CRLF
         std::string token;
@@ -91,14 +93,13 @@ namespace ix
         return std::make_tuple(method, requestUri, httpVersion);
     }
 
-    std::tuple<bool, std::string, HttpRequestPtr> Http::parseRequest(std::shared_ptr<Socket> socket)
+    std::tuple<bool, std::string, HttpRequestPtr> Http::parseRequest(
+        std::unique_ptr<Socket>& socket, int timeoutSecs)
     {
         HttpRequestPtr httpRequest;
 
         std::atomic<bool> requestInitCancellation(false);
 
-        int timeoutSecs = 5; // FIXME
-
         auto isCancellationRequested =
             makeCancellationRequestWithTimeout(timeoutSecs, requestInitCancellation);
 
@@ -114,8 +115,8 @@ namespace ix
 
         // Parse request line (GET /foo HTTP/1.1\r\n)
         auto requestLine = Http::parseRequestLine(line);
-        auto method      = std::get<0>(requestLine);
-        auto uri         = std::get<1>(requestLine);
+        auto method = std::get<0>(requestLine);
+        auto uri = std::get<1>(requestLine);
         auto httpVersion = std::get<2>(requestLine);
 
         // Retrieve and validate HTTP headers
@@ -128,11 +129,57 @@ namespace ix
             return std::make_tuple(false, "Error parsing HTTP headers", httpRequest);
         }
 
-        httpRequest = std::make_shared<HttpRequest>(uri, method, httpVersion, headers);
+        std::string body;
+        if (headers.find("Content-Length") != headers.end())
+        {
+            int contentLength = 0;
+            try
+            {
+                contentLength = std::stoi(headers["Content-Length"]);
+            }
+            catch (std::exception)
+            {
+                return std::make_tuple(
+                    false, "Error parsing HTTP Header 'Content-Length'", httpRequest);
+            }
+
+            if (contentLength < 0)
+            {
+                return std::make_tuple(
+                    false, "Error: 'Content-Length' should be a positive integer", httpRequest);
+            }
+
+            auto res = socket->readBytes(contentLength, nullptr, isCancellationRequested);
+            if (!res.first)
+            {
+                return std::make_tuple(
+                    false, std::string("Error reading request: ") + res.second, httpRequest);
+            }
+            body = res.second;
+        }
+
+        // If the content was compressed with gzip, decode it
+        if (headers["Content-Encoding"] == "gzip")
+        {
+#ifdef IXWEBSOCKET_USE_ZLIB
+            std::string decompressedPayload;
+            if (!gzipDecompress(body, decompressedPayload))
+            {
+                return std::make_tuple(
+                    false, std::string("Error during gzip decompression of the body"), httpRequest);
+            }
+            body = decompressedPayload;
+#else
+            std::string errorMsg("ixwebsocket was not compiled with gzip support on");
+            return std::make_tuple(false, errorMsg, httpRequest);
+#endif
+        }
+
+        httpRequest = std::make_shared<HttpRequest>(uri, method, httpVersion, body, headers);
         return std::make_tuple(true, "", httpRequest);
     }
 
-    bool Http::sendResponse(HttpResponsePtr response, std::shared_ptr<Socket> socket)
+    bool Http::sendResponse(HttpResponsePtr response, std::unique_ptr<Socket>& socket)
     {
         // Write the response to the socket
         std::stringstream ss;
@@ -149,7 +196,7 @@ namespace ix
 
         // Write headers
         ss.str("");
-        ss << "Content-Length: " << response->payload.size() << "\r\n";
+        ss << "Content-Length: " << response->body.size() << "\r\n";
         for (auto&& it : response->headers)
         {
             ss << it.first << ": " << it.second << "\r\n";
@@ -161,8 +208,6 @@ namespace ix
             return false;
         }
 
-        return response->payload.empty()
-            ? true
-            : socket->writeBytes(response->payload, nullptr);
+        return response->body.empty() ? true : socket->writeBytes(response->body, nullptr);
     }
-}
+} // namespace ix

ixwebsocket/IXHttp.h

@@ -9,6 +9,7 @@
 #include "IXProgressCallback.h"
 #include "IXWebSocketHttpHeaders.h"
 #include <tuple>
+#include <unordered_map>
 
 namespace ix
 {
@@ -38,7 +39,7 @@ namespace ix
         std::string description;
         HttpErrorCode errorCode;
         WebSocketHttpHeaders headers;
-        std::string payload;
+        std::string body;
         std::string errorMsg;
         uint64_t uploadSize;
         uint64_t downloadSize;
@@ -47,7 +48,7 @@ namespace ix
                      const std::string& des = std::string(),
                      const HttpErrorCode& c = HttpErrorCode::Ok,
                      const WebSocketHttpHeaders& h = WebSocketHttpHeaders(),
-                     const std::string& p = std::string(),
+                     const std::string& b = std::string(),
                      const std::string& e = std::string(),
                      uint64_t u = 0,
                      uint64_t d = 0)
@@ -55,7 +56,7 @@ namespace ix
             , description(des)
             , errorCode(c)
             , headers(h)
-            , payload(p)
+            , body(b)
             , errorMsg(e)
             , uploadSize(u)
             , downloadSize(d)
@@ -65,7 +66,8 @@ namespace ix
     };
 
     using HttpResponsePtr = std::shared_ptr<HttpResponse>;
-    using HttpParameters = std::map<std::string, std::string>;
+    using HttpParameters = std::unordered_map<std::string, std::string>;
+    using HttpFormDataParameters = std::unordered_map<std::string, std::string>;
     using Logger = std::function<void(const std::string&)>;
     using OnResponseCallback = std::function<void(const HttpResponsePtr&)>;
 
@@ -75,12 +77,14 @@ namespace ix
         std::string verb;
         WebSocketHttpHeaders extraHeaders;
         std::string body;
-        int connectTimeout;
-        int transferTimeout;
-        bool followRedirects;
-        int maxRedirects;
-        bool verbose;
-        bool compress;
+        std::string multipartBoundary;
+        int connectTimeout = 60;
+        int transferTimeout = 1800;
+        bool followRedirects = true;
+        int maxRedirects = 5;
+        bool verbose = false;
+        bool compress = true;
+        bool compressRequest = false;
         Logger logger;
         OnProgressCallback onProgressCallback;
     };
@@ -92,15 +96,18 @@ namespace ix
         std::string uri;
         std::string method;
         std::string version;
+        std::string body;
         WebSocketHttpHeaders headers;
 
         HttpRequest(const std::string& u,
                     const std::string& m,
                     const std::string& v,
+                    const std::string& b,
                     const WebSocketHttpHeaders& h = WebSocketHttpHeaders())
             : uri(u)
             , method(m)
             , version(v)
+            , body(b)
             , headers(h)
         {
         }
@@ -112,11 +119,10 @@ namespace ix
     {
     public:
         static std::tuple<bool, std::string, HttpRequestPtr> parseRequest(
-            std::shared_ptr<Socket> socket);
-        static bool sendResponse(HttpResponsePtr response, std::shared_ptr<Socket> socket);
+            std::unique_ptr<Socket>& socket, int timeoutSecs);
+        static bool sendResponse(HttpResponsePtr response, std::unique_ptr<Socket>& socket);
 
-        static std::pair<std::string, int> parseStatusLine(
-            const std::string& line);
+        static std::pair<std::string, int> parseStatusLine(const std::string& line);
         static std::tuple<std::string, std::string, std::string> parseRequestLine(
             const std::string& line);
         static std::string trim(const std::string& str);

ixwebsocket/IXHttpClient.cpp

@@ -5,18 +5,18 @@
  */
 
 #include "IXHttpClient.h"
+
+#include "IXGzipCodec.h"
+#include "IXSocketFactory.h"
 #include "IXUrlParser.h"
 #include "IXUserAgent.h"
 #include "IXWebSocketHttpHeaders.h"
-#include "IXSocketFactory.h"
-
-#include <sstream>
-#include <iomanip>
-#include <vector>
-#include <cstring>
-
 #include <assert.h>
-#include <zlib.h>
+#include <cstring>
+#include <iomanip>
+#include <random>
+#include <sstream>
+#include <vector>
 
 namespace ix
 {
@@ -25,8 +25,12 @@ namespace ix
     const std::string HttpClient::kHead = "HEAD";
     const std::string HttpClient::kDel = "DEL";
     const std::string HttpClient::kPut = "PUT";
+    const std::string HttpClient::kPatch = "PATCH";
 
-    HttpClient::HttpClient(bool async) : _async(async), _stop(false)
+    HttpClient::HttpClient(bool async)
+        : _async(async)
+        , _stop(false)
+        , _forceBody(false)
     {
         if (!_async) return;
 
@@ -42,8 +46,17 @@ namespace ix
         _thread.join();
     }
 
-    HttpRequestArgsPtr HttpClient::createRequest(const std::string& url,
-                                                 const std::string& verb)
+    void HttpClient::setTLSOptions(const SocketTLSOptions& tlsOptions)
+    {
+        _tlsOptions = tlsOptions;
+    }
+
+    void HttpClient::setForceBody(bool value)
+    {
+        _forceBody = value;
+    }
+
+    HttpRequestArgsPtr HttpClient::createRequest(const std::string& url, const std::string& verb)
     {
         auto request = std::make_shared<HttpRequestArgs>();
         request->url = url;
@@ -106,16 +119,15 @@ namespace ix
         }
     }
 
-    HttpResponsePtr HttpClient::request(
-        const std::string& url,
-        const std::string& verb,
-        const std::string& body,
-        HttpRequestArgsPtr args,
-        int redirects)
+    HttpResponsePtr HttpClient::request(const std::string& url,
+                                        const std::string& verb,
+                                        const std::string& body,
+                                        HttpRequestArgsPtr args,
+                                        int redirects)
     {
         // We only have one socket connection, so we cannot
         // make multiple requests concurrently.
-        std::lock_guard<std::mutex> lock(_mutex);
+        std::lock_guard<std::recursive_mutex> lock(_mutex);
 
         uint64_t uploadSize = 0;
         uint64_t downloadSize = 0;
@@ -131,20 +143,30 @@ namespace ix
         {
             std::stringstream ss;
             ss << "Cannot parse url: " << url;
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::UrlMalformed,
-                                                  headers, payload, ss.str(),
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::UrlMalformed,
+                                                  headers,
+                                                  payload,
+                                                  ss.str(),
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         bool tls = protocol == "https";
         std::string errorMsg;
-        _socket = createSocket(tls, errorMsg);
+        _socket = createSocket(tls, -1, errorMsg, _tlsOptions);
 
         if (!_socket)
         {
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::CannotCreateSocket,
-                                                  headers, payload, errorMsg,
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::CannotCreateSocket,
+                                                  headers,
+                                                  payload,
+                                                  errorMsg,
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         // Build request string
@@ -152,10 +174,13 @@ namespace ix
         ss << verb << " " << path << " HTTP/1.1\r\n";
         ss << "Host: " << host << "\r\n";
 
+#ifdef IXWEBSOCKET_USE_ZLIB
         if (args->compress)
         {
-            ss << "Accept-Encoding: gzip" << "\r\n";
+            ss << "Accept-Encoding: gzip"
+               << "\r\n";
         }
+#endif
 
         // Append extra headers
         for (auto&& it : args->extraHeaders)
@@ -166,7 +191,8 @@ namespace ix
         // Set a default Accept header if none is present
         if (headers.find("Accept") == headers.end())
         {
-            ss << "Accept: */*" << "\r\n";
+            ss << "Accept: */*"
+               << "\r\n";
         }
 
         // Set a default User agent if none is present
@@ -175,14 +201,32 @@ namespace ix
             ss << "User-Agent: " << userAgent() << "\r\n";
         }
 
-        if (verb == kPost || verb == kPut)
+        if (verb == kPost || verb == kPut || verb == kPatch || _forceBody)
         {
+            // Set request compression header
+#ifdef IXWEBSOCKET_USE_ZLIB
+            if (args->compressRequest)
+            {
+                ss << "Content-Encoding: gzip"
+                   << "\r\n";
+            }
+#endif
+
             ss << "Content-Length: " << body.size() << "\r\n";
 
             // Set default Content-Type if unspecified
             if (args->extraHeaders.find("Content-Type") == args->extraHeaders.end())
             {
-                ss << "Content-Type: application/x-www-form-urlencoded" << "\r\n";
+                if (args->multipartBoundary.empty())
+                {
+                    ss << "Content-Type: application/x-www-form-urlencoded"
+                       << "\r\n";
+                }
+                else
+                {
+                    ss << "Content-Type: multipart/form-data; boundary=" << args->multipartBoundary
+                       << "\r\n";
+                }
             }
             ss << "\r\n";
             ss << body;
@@ -194,25 +238,28 @@ namespace ix
 
         std::string req(ss.str());
         std::string errMsg;
-        std::atomic<bool> requestInitCancellation(false);
 
         // Make a cancellation object dealing with connection timeout
         auto isCancellationRequested =
-            makeCancellationRequestWithTimeout(args->connectTimeout, requestInitCancellation);
+            makeCancellationRequestWithTimeout(args->connectTimeout, _stop);
 
         bool success = _socket->connect(host, port, errMsg, isCancellationRequested);
         if (!success)
         {
             std::stringstream ss;
             ss << "Cannot connect to url: " << url << " / error : " << errMsg;
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::CannotConnect,
-                                                  headers, payload, ss.str(),
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::CannotConnect,
+                                                  headers,
+                                                  payload,
+                                                  ss.str(),
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         // Make a new cancellation object dealing with transfer timeout
-        isCancellationRequested =
-            makeCancellationRequestWithTimeout(args->transferTimeout, requestInitCancellation);
+        isCancellationRequested = makeCancellationRequestWithTimeout(args->transferTimeout, _stop);
 
         if (args->verbose)
         {
@@ -221,8 +268,7 @@ namespace ix
                << "to " << host << ":" << port << std::endl
                << "request size: " << req.size() << " bytes" << std::endl
                << "=============" << std::endl
-               << req
-               << "=============" << std::endl
+               << req << "=============" << std::endl
                << std::endl;
 
             log(ss.str(), args);
@@ -231,9 +277,14 @@ namespace ix
         if (!_socket->writeBytes(req, isCancellationRequested))
         {
             std::string errorMsg("Cannot send request");
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::SendError,
-                                                  headers, payload, errorMsg,
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::SendError,
+                                                  headers,
+                                                  payload,
+                                                  errorMsg,
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         uploadSize = req.size();
@@ -245,9 +296,14 @@ namespace ix
         if (!lineValid)
         {
             std::string errorMsg("Cannot retrieve status line");
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::CannotReadStatusLine,
-                                                  headers, payload, errorMsg,
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::CannotReadStatusLine,
+                                                  headers,
+                                                  payload,
+                                                  errorMsg,
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         if (args->verbose)
@@ -260,9 +316,14 @@ namespace ix
         if (sscanf(line.c_str(), "HTTP/1.1 %d", &code) != 1)
         {
             std::string errorMsg("Cannot parse response code from status line");
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::MissingStatus,
-                                                  headers, payload, errorMsg,
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::MissingStatus,
+                                                  headers,
+                                                  payload,
+                                                  errorMsg,
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         auto result = parseHttpHeaders(_socket, isCancellationRequested);
@@ -272,9 +333,14 @@ namespace ix
         if (!headersValid)
         {
             std::string errorMsg("Cannot parse http headers");
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::HeaderParsingError,
-                                                  headers, payload, errorMsg,
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::HeaderParsingError,
+                                                  headers,
+                                                  payload,
+                                                  errorMsg,
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         // Redirect ?
@@ -283,30 +349,45 @@ namespace ix
             if (headers.find("Location") == headers.end())
             {
                 std::string errorMsg("Missing location header for redirect");
-                return std::make_shared<HttpResponse>(code, description, HttpErrorCode::MissingLocation,
-                                                      headers, payload, errorMsg,
-                                                      uploadSize, downloadSize);
+                return std::make_shared<HttpResponse>(code,
+                                                      description,
+                                                      HttpErrorCode::MissingLocation,
+                                                      headers,
+                                                      payload,
+                                                      errorMsg,
+                                                      uploadSize,
+                                                      downloadSize);
             }
 
             if (redirects >= args->maxRedirects)
             {
                 std::stringstream ss;
                 ss << "Too many redirects: " << redirects;
-                return std::make_shared<HttpResponse>(code, description, HttpErrorCode::TooManyRedirects,
-                                                      headers, payload, ss.str(),
-                                                      uploadSize, downloadSize);
+                return std::make_shared<HttpResponse>(code,
+                                                      description,
+                                                      HttpErrorCode::TooManyRedirects,
+                                                      headers,
+                                                      payload,
+                                                      ss.str(),
+                                                      uploadSize,
+                                                      downloadSize);
             }
 
             // Recurse
             std::string location = headers["Location"];
-            return request(location, verb, body, args, redirects+1);
+            return request(location, verb, body, args, redirects + 1);
         }
 
         if (verb == "HEAD")
         {
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::Ok,
-                                                  headers, payload, std::string(),
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::Ok,
+                                                  headers,
+                                                  payload,
+                                                  std::string(),
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         // Parse response:
@@ -319,15 +400,19 @@ namespace ix
 
             payload.reserve(contentLength);
 
-            auto chunkResult = _socket->readBytes(contentLength,
-                                                  args->onProgressCallback,
-                                                  isCancellationRequested);
+            auto chunkResult = _socket->readBytes(
+                contentLength, args->onProgressCallback, isCancellationRequested);
             if (!chunkResult.first)
             {
                 errorMsg = "Cannot read chunk";
-                return std::make_shared<HttpResponse>(code, description, HttpErrorCode::ChunkReadError,
-                                                      headers, payload, errorMsg,
-                                                      uploadSize, downloadSize);
+                return std::make_shared<HttpResponse>(code,
+                                                      description,
+                                                      HttpErrorCode::ChunkReadError,
+                                                      headers,
+                                                      payload,
+                                                      errorMsg,
+                                                      uploadSize,
+                                                      downloadSize);
             }
             payload += chunkResult.second;
         }
@@ -343,9 +428,14 @@ namespace ix
 
                 if (!lineResult.first)
                 {
-                    return std::make_shared<HttpResponse>(code, description, HttpErrorCode::ChunkReadError,
-                                                          headers, payload, errorMsg,
-                                                          uploadSize, downloadSize);
+                    return std::make_shared<HttpResponse>(code,
+                                                          description,
+                                                          HttpErrorCode::ChunkReadError,
+                                                          headers,
+                                                          payload,
+                                                          errorMsg,
+                                                          uploadSize,
+                                                          downloadSize);
                 }
 
                 uint64_t chunkSize;
@@ -356,23 +446,26 @@ namespace ix
                 if (args->verbose)
                 {
                     std::stringstream oss;
-                    oss << "Reading " << chunkSize << " bytes"
-                        << std::endl;
+                    oss << "Reading " << chunkSize << " bytes" << std::endl;
                     log(oss.str(), args);
                 }
 
                 payload.reserve(payload.size() + (size_t) chunkSize);
 
                 // Read a chunk
-                auto chunkResult = _socket->readBytes((size_t) chunkSize,
-                                                      args->onProgressCallback,
-                                                      isCancellationRequested);
+                auto chunkResult = _socket->readBytes(
+                    (size_t) chunkSize, args->onProgressCallback, isCancellationRequested);
                 if (!chunkResult.first)
                 {
                     errorMsg = "Cannot read chunk";
-                    return std::make_shared<HttpResponse>(code, description, HttpErrorCode::ChunkReadError,
-                                                          headers, payload, errorMsg,
-                                                          uploadSize, downloadSize);
+                    return std::make_shared<HttpResponse>(code,
+                                                          description,
+                                                          HttpErrorCode::ChunkReadError,
+                                                          headers,
+                                                          payload,
+                                                          errorMsg,
+                                                          uploadSize,
+                                                          downloadSize);
                 }
                 payload += chunkResult.second;
 
@@ -381,9 +474,14 @@ namespace ix
 
                 if (!lineResult.first)
                 {
-                    return std::make_shared<HttpResponse>(code, description, HttpErrorCode::ChunkReadError,
-                                                          headers, payload, errorMsg,
-                                                          uploadSize, downloadSize);
+                    return std::make_shared<HttpResponse>(code,
+                                                          description,
+                                                          HttpErrorCode::ChunkReadError,
+                                                          headers,
+                                                          payload,
+                                                          errorMsg,
+                                                          uploadSize,
+                                                          downloadSize);
                 }
 
                 if (chunkSize == 0) break;
@@ -396,9 +494,14 @@ namespace ix
         else
         {
             std::string errorMsg("Cannot read http body");
-            return std::make_shared<HttpResponse>(code, description, HttpErrorCode::CannotReadBody,
-                                                  headers, payload, errorMsg,
-                                                  uploadSize, downloadSize);
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::CannotReadBody,
+                                                  headers,
+                                                  payload,
+                                                  errorMsg,
+                                                  uploadSize,
+                                                  downloadSize);
         }
 
         downloadSize = payload.size();
@@ -406,45 +509,95 @@ namespace ix
         // If the content was compressed with gzip, decode it
         if (headers["Content-Encoding"] == "gzip")
         {
+#ifdef IXWEBSOCKET_USE_ZLIB
             std::string decompressedPayload;
-            if (!gzipInflate(payload, decompressedPayload))
+            if (!gzipDecompress(payload, decompressedPayload))
             {
                 std::string errorMsg("Error decompressing payload");
-                return std::make_shared<HttpResponse>(code, description, HttpErrorCode::Gzip,
-                                                      headers, payload, errorMsg,
-                                                      uploadSize, downloadSize);
+                return std::make_shared<HttpResponse>(code,
+                                                      description,
+                                                      HttpErrorCode::Gzip,
+                                                      headers,
+                                                      payload,
+                                                      errorMsg,
+                                                      uploadSize,
+                                                      downloadSize);
             }
             payload = decompressedPayload;
+#else
+            std::string errorMsg("ixwebsocket was not compiled with gzip support on");
+            return std::make_shared<HttpResponse>(code,
+                                                  description,
+                                                  HttpErrorCode::Gzip,
+                                                  headers,
+                                                  payload,
+                                                  errorMsg,
+                                                  uploadSize,
+                                                  downloadSize);
+#endif
         }
 
-        return std::make_shared<HttpResponse>(code, description, HttpErrorCode::Ok,
-                                              headers, payload, std::string(),
-                                              uploadSize, downloadSize);
+        return std::make_shared<HttpResponse>(code,
+                                              description,
+                                              HttpErrorCode::Ok,
+                                              headers,
+                                              payload,
+                                              std::string(),
+                                              uploadSize,
+                                              downloadSize);
     }
 
-    HttpResponsePtr HttpClient::get(const std::string& url,
-                                    HttpRequestArgsPtr args)
+    HttpResponsePtr HttpClient::get(const std::string& url, HttpRequestArgsPtr args)
     {
         return request(url, kGet, std::string(), args);
     }
 
-    HttpResponsePtr HttpClient::head(const std::string& url,
-                                     HttpRequestArgsPtr args)
+    HttpResponsePtr HttpClient::head(const std::string& url, HttpRequestArgsPtr args)
     {
         return request(url, kHead, std::string(), args);
     }
 
-    HttpResponsePtr HttpClient::del(const std::string& url,
-                                    HttpRequestArgsPtr args)
+    HttpResponsePtr HttpClient::del(const std::string& url, HttpRequestArgsPtr args)
     {
         return request(url, kDel, std::string(), args);
     }
 
+    HttpResponsePtr HttpClient::request(const std::string& url,
+                                        const std::string& verb,
+                                        const HttpParameters& httpParameters,
+                                        const HttpFormDataParameters& httpFormDataParameters,
+                                        HttpRequestArgsPtr args)
+    {
+        std::string body;
+
+        if (httpFormDataParameters.empty())
+        {
+            body = serializeHttpParameters(httpParameters);
+        }
+        else
+        {
+            std::string multipartBoundary = generateMultipartBoundary();
+            args->multipartBoundary = multipartBoundary;
+            body = serializeHttpFormDataParameters(
+                multipartBoundary, httpFormDataParameters, httpParameters);
+        }
+
+#ifdef IXWEBSOCKET_USE_ZLIB
+        if (args->compressRequest)
+        {
+            body = gzipCompress(body);
+        }
+#endif
+
+        return request(url, verb, body, args);
+    }
+
     HttpResponsePtr HttpClient::post(const std::string& url,
                                      const HttpParameters& httpParameters,
+                                     const HttpFormDataParameters& httpFormDataParameters,
                                      HttpRequestArgsPtr args)
     {
-        return request(url, kPost, serializeHttpParameters(httpParameters), args);
+        return request(url, kPost, httpParameters, httpFormDataParameters, args);
     }
 
     HttpResponsePtr HttpClient::post(const std::string& url,
@@ -456,9 +609,10 @@ namespace ix
 
     HttpResponsePtr HttpClient::put(const std::string& url,
                                     const HttpParameters& httpParameters,
+                                    const HttpFormDataParameters& httpFormDataParameters,
                                     HttpRequestArgsPtr args)
     {
-        return request(url, kPut, serializeHttpParameters(httpParameters), args);
+        return request(url, kPut, httpParameters, httpFormDataParameters, args);
     }
 
     HttpResponsePtr HttpClient::put(const std::string& url,
@@ -468,14 +622,28 @@ namespace ix
         return request(url, kPut, body, args);
     }
 
+    HttpResponsePtr HttpClient::patch(const std::string& url,
+                                      const HttpParameters& httpParameters,
+                                      const HttpFormDataParameters& httpFormDataParameters,
+                                      HttpRequestArgsPtr args)
+    {
+        return request(url, kPatch, httpParameters, httpFormDataParameters, args);
+    }
+
+    HttpResponsePtr HttpClient::patch(const std::string& url,
+                                      const std::string& body,
+                                      const HttpRequestArgsPtr args)
+    {
+        return request(url, kPatch, body, args);
+    }
+
     std::string HttpClient::urlEncode(const std::string& value)
     {
         std::ostringstream escaped;
         escaped.fill('0');
         escaped << std::hex;
 
-        for (std::string::const_iterator i = value.begin(), n = value.end();
-             i != n; ++i)
+        for (std::string::const_iterator i = value.begin(), n = value.end(); i != n; ++i)
         {
             std::string::value_type c = (*i);
 
@@ -503,73 +671,80 @@ namespace ix
 
         for (auto&& it : httpParameters)
         {
-            ss << urlEncode(it.first)
-               << "="
-               << urlEncode(it.second);
+            ss << urlEncode(it.first) << "=" << urlEncode(it.second);
 
-            if (i++ < (count-1))
+            if (i++ < (count - 1))
             {
-               ss << "&";
+                ss << "&";
             }
         }
         return ss.str();
     }
 
-    bool HttpClient::gzipInflate(
-        const std::string& in,
-        std::string& out)
+    std::string HttpClient::serializeHttpFormDataParameters(
+        const std::string& multipartBoundary,
+        const HttpFormDataParameters& httpFormDataParameters,
+        const HttpParameters& httpParameters)
     {
-        z_stream inflateState;
-        std::memset(&inflateState, 0, sizeof(inflateState));
+        //
+        // --AaB03x
+        // Content-Disposition: form-data; name="submit-name"
 
-        inflateState.zalloc = Z_NULL;
-        inflateState.zfree = Z_NULL;
-        inflateState.opaque = Z_NULL;
-        inflateState.avail_in = 0;
-        inflateState.next_in = Z_NULL;
+        // Larry
+        // --AaB03x
+        // Content-Disposition: form-data; name="foo.txt"; filename="file1.txt"
+        // Content-Type: text/plain
 
-        if (inflateInit2(&inflateState, 16+MAX_WBITS) != Z_OK)
+        // ... contents of file1.txt ...
+        // --AaB03x--
+        //
+        std::stringstream ss;
+
+        for (auto&& it : httpFormDataParameters)
         {
-            return false;
+            ss << "--" << multipartBoundary << "\r\n"
+               << "Content-Disposition:"
+               << " form-data; name=\"" << it.first << "\";"
+               << " filename=\"" << it.first << "\""
+               << "\r\n"
+               << "Content-Type: application/octet-stream"
+               << "\r\n"
+               << "\r\n"
+               << it.second << "\r\n";
         }
 
-        inflateState.avail_in = (uInt) in.size();
-        inflateState.next_in = (unsigned char *)(const_cast<char *>(in.data()));
-
-        const int kBufferSize = 1 << 14;
-
-        std::unique_ptr<unsigned char[]> compressBuffer =
-            std::make_unique<unsigned char[]>(kBufferSize);
-
-        do
+        for (auto&& it : httpParameters)
         {
-            inflateState.avail_out = (uInt) kBufferSize;
-            inflateState.next_out = compressBuffer.get();
+            ss << "--" << multipartBoundary << "\r\n"
+               << "Content-Disposition:"
+               << " form-data; name=\"" << it.first << "\";"
+               << "\r\n"
+               << "\r\n"
+               << it.second << "\r\n";
+        }
 
-            int ret = inflate(&inflateState, Z_SYNC_FLUSH);
+        ss << "--" << multipartBoundary << "--\r\n";
 
-            if (ret == Z_NEED_DICT || ret == Z_DATA_ERROR || ret == Z_MEM_ERROR)
-            {
-                inflateEnd(&inflateState);
-                return false;
-            }
-
-            out.append(
-                reinterpret_cast<char *>(compressBuffer.get()),
-                kBufferSize - inflateState.avail_out
-            );
-        } while (inflateState.avail_out == 0);
-
-        inflateEnd(&inflateState);
-        return true;
+        return ss.str();
     }
 
-    void HttpClient::log(const std::string& msg,
-                         HttpRequestArgsPtr args)
+    void HttpClient::log(const std::string& msg, HttpRequestArgsPtr args)
     {
         if (args->logger)
         {
             args->logger(msg);
         }
     }
-}
+
+    std::string HttpClient::generateMultipartBoundary()
+    {
+        std::string str("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
+
+        static std::random_device rd;
+        static std::mt19937 generator(rd());
+
+        std::shuffle(str.begin(), str.end(), generator);
+
+        return str;
+    }
+} // namespace ix

ixwebsocket/IXHttpClient.h

@@ -8,6 +8,7 @@
 
 #include "IXHttp.h"
 #include "IXSocket.h"
+#include "IXSocketTLSOptions.h"
 #include "IXWebSocketHttpHeaders.h"
 #include <algorithm>
 #include <atomic>
@@ -33,6 +34,7 @@ namespace ix
 
         HttpResponsePtr post(const std::string& url,
                              const HttpParameters& httpParameters,
+                             const HttpFormDataParameters& httpFormDataParameters,
                              HttpRequestArgsPtr args);
         HttpResponsePtr post(const std::string& url,
                              const std::string& body,
@@ -40,17 +42,34 @@ namespace ix
 
         HttpResponsePtr put(const std::string& url,
                             const HttpParameters& httpParameters,
+                            const HttpFormDataParameters& httpFormDataParameters,
                             HttpRequestArgsPtr args);
         HttpResponsePtr put(const std::string& url,
                             const std::string& body,
                             HttpRequestArgsPtr args);
 
+        HttpResponsePtr patch(const std::string& url,
+                              const HttpParameters& httpParameters,
+                              const HttpFormDataParameters& httpFormDataParameters,
+                              HttpRequestArgsPtr args);
+        HttpResponsePtr patch(const std::string& url,
+                              const std::string& body,
+                              HttpRequestArgsPtr args);
+
         HttpResponsePtr request(const std::string& url,
                                 const std::string& verb,
                                 const std::string& body,
                                 HttpRequestArgsPtr args,
                                 int redirects = 0);
 
+        HttpResponsePtr request(const std::string& url,
+                                const std::string& verb,
+                                const HttpParameters& httpParameters,
+                                const HttpFormDataParameters& httpFormDataParameters,
+                                HttpRequestArgsPtr args);
+
+        void setForceBody(bool value);
+
         // Async API
         HttpRequestArgsPtr createRequest(const std::string& url = std::string(),
                                          const std::string& verb = HttpClient::kGet);
@@ -58,8 +77,18 @@ namespace ix
         bool performRequest(HttpRequestArgsPtr request,
                             const OnResponseCallback& onResponseCallback);
 
+        // TLS
+        void setTLSOptions(const SocketTLSOptions& tlsOptions);
+
         std::string serializeHttpParameters(const HttpParameters& httpParameters);
 
+        std::string serializeHttpFormDataParameters(
+            const std::string& multipartBoundary,
+            const HttpFormDataParameters& httpFormDataParameters,
+            const HttpParameters& httpParameters = HttpParameters());
+
+        std::string generateMultipartBoundary();
+
         std::string urlEncode(const std::string& value);
 
         const static std::string kPost;
@@ -67,15 +96,13 @@ namespace ix
         const static std::string kHead;
         const static std::string kDel;
         const static std::string kPut;
+        const static std::string kPatch;
 
     private:
         void log(const std::string& msg, HttpRequestArgsPtr args);
 
-        bool gzipInflate(const std::string& in, std::string& out);
-
         // Async API background thread runner
         void run();
-
         // Async API
         bool _async;
         std::queue<std::pair<HttpRequestArgsPtr, OnResponseCallback>> _queue;
@@ -84,7 +111,13 @@ namespace ix
         std::atomic<bool> _stop;
         std::thread _thread;
 
-        std::shared_ptr<Socket> _socket;
-        std::mutex _mutex; // to protect accessing the _socket (only one socket per client)
+        std::unique_ptr<Socket> _socket;
+        std::recursive_mutex _mutex; // to protect accessing the _socket (only one socket per
+                                     // client) the mutex needs to be recursive as this function
+                                     // might be called recursively to follow HTTP redirections
+
+        SocketTLSOptions _tlsOptions;
+
+        bool _forceBody;
     };
 } // namespace ix

ixwebsocket/IXHttpServer.cpp

@@ -5,13 +5,14 @@
  */
 
 #include "IXHttpServer.h"
-#include "IXSocketConnect.h"
-#include "IXSocketFactory.h"
-#include "IXNetSystem.h"
 
-#include <iostream>
-#include <sstream>
+#include "IXGzipCodec.h"
+#include "IXNetSystem.h"
+#include "IXSocketConnect.h"
+#include "IXUserAgent.h"
+#include <cstring>
 #include <fstream>
+#include <sstream>
 #include <vector>
 
 namespace
@@ -28,7 +29,7 @@ namespace
         file.seekg(0, file.beg);
 
         memblock.resize((size_t) size);
-        file.read((char*)&memblock.front(), static_cast<std::streamsize>(size));
+        file.read((char*) &memblock.front(), static_cast<std::streamsize>(size));
 
         return std::make_pair(true, memblock);
     }
@@ -39,15 +40,21 @@ namespace
         auto vec = res.second;
         return std::make_pair(res.first, std::string(vec.begin(), vec.end()));
     }
-}
+} // namespace
 
 namespace ix
 {
+    const int HttpServer::kDefaultTimeoutSecs(30);
+
     HttpServer::HttpServer(int port,
                            const std::string& host,
                            int backlog,
-                           size_t maxConnections) : SocketServer(port, host, backlog, maxConnections),
-        _connectedClientsCount(0)
+                           size_t maxConnections,
+                           int addressFamily,
+                           int timeoutSecs)
+        : SocketServer(port, host, backlog, maxConnections, addressFamily)
+        , _connectedClientsCount(0)
+        , _timeoutSecs(timeoutSecs)
     {
         setDefaultConnectionCallback();
     }
@@ -71,19 +78,12 @@ namespace ix
         _onConnectionCallback = callback;
     }
 
-    void HttpServer::handleConnection(
-        int fd,
-        std::shared_ptr<ConnectionState> connectionState)
+    void HttpServer::handleConnection(std::unique_ptr<Socket> socket,
+                                      std::shared_ptr<ConnectionState> connectionState)
     {
         _connectedClientsCount++;
 
-        std::string errorMsg;
-        auto socket = createSocket(fd, errorMsg);
-
-        // Set the socket to non blocking mode + other tweaks
-        SocketConnect::configure(fd);
-
-        auto ret = Http::parseRequest(socket);
+        auto ret = Http::parseRequest(socket, _timeoutSecs);
         // FIXME: handle errors in parseRequest
 
         if (std::get<0>(ret))
@@ -95,7 +95,6 @@ namespace ix
             }
         }
         connectionState->setTerminated();
-        Socket::closeSocket(fd);
 
         _connectedClientsCount--;
     }
@@ -109,39 +108,43 @@ namespace ix
     {
         setOnConnectionCallback(
             [this](HttpRequestPtr request,
-                   std::shared_ptr<ConnectionState> /*connectionState*/) -> HttpResponsePtr
-            {
+                   std::shared_ptr<ConnectionState> connectionState) -> HttpResponsePtr {
                 std::string uri(request->uri);
                 if (uri.empty() || uri == "/")
                 {
                     uri = "/index.html";
                 }
 
+                WebSocketHttpHeaders headers;
+                headers["Server"] = userAgent();
+
                 std::string path("." + uri);
                 auto res = readAsString(path);
                 bool found = res.first;
                 if (!found)
                 {
-                    return std::make_shared<HttpResponse>(404, "Not Found",
-                                                          HttpErrorCode::Ok,
-                                                          WebSocketHttpHeaders(),
-                                                          std::string());
+                    return std::make_shared<HttpResponse>(
+                        404, "Not Found", HttpErrorCode::Ok, WebSocketHttpHeaders(), std::string());
                 }
 
                 std::string content = res.second;
 
+#ifdef IXWEBSOCKET_USE_ZLIB
+                std::string acceptEncoding = request->headers["Accept-encoding"];
+                if (acceptEncoding == "*" || acceptEncoding.find("gzip") != std::string::npos)
+                {
+                    content = gzipCompress(content);
+                    headers["Content-Encoding"] = "gzip";
+                }
+#endif
+
                 // Log request
                 std::stringstream ss;
-                ss << request->method
-                   << " "
-                   << request->headers["User-Agent"]
-                   << " "
-                   << request->uri
-                   << " "
-                   << content.size();
+                ss << connectionState->getRemoteIp() << ":" << connectionState->getRemotePort()
+                   << " " << request->method << " " << request->headers["User-Agent"] << " "
+                   << request->uri << " " << content.size();
                 logInfo(ss.str());
 
-                WebSocketHttpHeaders headers;
                 // FIXME: check extensions to set the content type
                 // headers["Content-Type"] = "application/octet-stream";
                 headers["Accept-Ranges"] = "none";
@@ -151,11 +154,76 @@ namespace ix
                     headers[it.first] = it.second;
                 }
 
-                return std::make_shared<HttpResponse>(200, "OK",
-                                                      HttpErrorCode::Ok,
-                                                      headers,
-                                                      content);
-            }
-        );
+                return std::make_shared<HttpResponse>(
+                    200, "OK", HttpErrorCode::Ok, headers, content);
+            });
     }
-}
+
+    void HttpServer::makeRedirectServer(const std::string& redirectUrl)
+    {
+        //
+        // See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections
+        //
+        setOnConnectionCallback(
+            [this,
+             redirectUrl](HttpRequestPtr request,
+                          std::shared_ptr<ConnectionState> connectionState) -> HttpResponsePtr {
+                WebSocketHttpHeaders headers;
+                headers["Server"] = userAgent();
+
+                // Log request
+                std::stringstream ss;
+                ss << connectionState->getRemoteIp() << ":" << connectionState->getRemotePort()
+                   << " " << request->method << " " << request->headers["User-Agent"] << " "
+                   << request->uri;
+                logInfo(ss.str());
+
+                if (request->method == "POST")
+                {
+                    return std::make_shared<HttpResponse>(
+                        200, "OK", HttpErrorCode::Ok, headers, std::string());
+                }
+
+                headers["Location"] = redirectUrl;
+
+                return std::make_shared<HttpResponse>(
+                    301, "OK", HttpErrorCode::Ok, headers, std::string());
+            });
+    }
+
+    //
+    // Display the client parameter and body on the console
+    //
+    void HttpServer::makeDebugServer()
+    {
+        setOnConnectionCallback(
+            [this](HttpRequestPtr request,
+                   std::shared_ptr<ConnectionState> connectionState) -> HttpResponsePtr {
+                WebSocketHttpHeaders headers;
+                headers["Server"] = userAgent();
+
+                // Log request
+                std::stringstream ss;
+                ss << connectionState->getRemoteIp() << ":" << connectionState->getRemotePort()
+                   << " " << request->method << " " << request->headers["User-Agent"] << " "
+                   << request->uri;
+                logInfo(ss.str());
+
+                logInfo("== Headers == ");
+                for (auto&& it : request->headers)
+                {
+                    std::ostringstream oss;
+                    oss << it.first << ": " << it.second;
+                    logInfo(oss.str());
+                }
+                logInfo("");
+
+                logInfo("== Body == ");
+                logInfo(request->body);
+                logInfo("");
+
+                return std::make_shared<HttpResponse>(
+                    200, "OK", HttpErrorCode::Ok, headers, std::string("OK"));
+            });
+    }
+} // namespace ix

ixwebsocket/IXHttpServer.h

@@ -28,19 +28,28 @@ namespace ix
         HttpServer(int port = SocketServer::kDefaultPort,
                    const std::string& host = SocketServer::kDefaultHost,
                    int backlog = SocketServer::kDefaultTcpBacklog,
-                   size_t maxConnections = SocketServer::kDefaultMaxConnections);
+                   size_t maxConnections = SocketServer::kDefaultMaxConnections,
+                   int addressFamily = SocketServer::kDefaultAddressFamily,
+                   int timeoutSecs = HttpServer::kDefaultTimeoutSecs);
         virtual ~HttpServer();
         virtual void stop() final;
 
         void setOnConnectionCallback(const OnConnectionCallback& callback);
 
+        void makeRedirectServer(const std::string& redirectUrl);
+
+        void makeDebugServer();
+
     private:
         // Member variables
         OnConnectionCallback _onConnectionCallback;
         std::atomic<int> _connectedClientsCount;
 
+        const static int kDefaultTimeoutSecs;
+        int _timeoutSecs;
+
         // Methods
-        virtual void handleConnection(int fd,
+        virtual void handleConnection(std::unique_ptr<Socket>,
                                       std::shared_ptr<ConnectionState> connectionState) final;
         virtual size_t getConnectedClientsCount() final;
 

ixwebsocket/IXNetSystem.cpp

@@ -42,10 +42,10 @@ namespace ix
     //
     // So we make it a select wrapper
     //
-    int poll(struct pollfd *fds, nfds_t nfds, int timeout)
+    int poll(struct pollfd* fds, nfds_t nfds, int timeout)
     {
 #ifdef _WIN32
-        int maxfd = 0;
+        socket_t maxfd = 0;
         fd_set readfds, writefds, errorfds;
         FD_ZERO(&readfds);
         FD_ZERO(&writefds);
@@ -53,7 +53,7 @@ namespace ix
 
         for (nfds_t i = 0; i < nfds; ++i)
         {
-            struct pollfd *fd = &fds[i];
+            struct pollfd* fd = &fds[i];
 
             if (fd->fd > maxfd)
             {
@@ -77,8 +77,7 @@ namespace ix
         tv.tv_sec = timeout / 1000;
         tv.tv_usec = (timeout % 1000) * 1000;
 
-        int ret = select(maxfd + 1, &readfds, &writefds, &errorfds,
-                         timeout != -1 ? &tv : NULL);
+        int ret = select(maxfd + 1, &readfds, &writefds, &errorfds, timeout != -1 ? &tv : NULL);
 
         if (ret < 0)
         {
@@ -87,7 +86,7 @@ namespace ix
 
         for (nfds_t i = 0; i < nfds; ++i)
         {
-            struct pollfd *fd = &fds[i];
+            struct pollfd* fd = &fds[i];
             fd->revents = 0;
 
             if (FD_ISSET(fd->fd, &readfds))
@@ -106,7 +105,22 @@ namespace ix
 
         return ret;
 #else
-        return ::poll(fds, nfds, timeout);
+        //
+        // It was reported that on Android poll can fail and return -1 with
+        // errno == EINTR, which should be a temp error and should typically
+        // be handled by retrying in a loop.
+        // Maybe we need to put all syscall / C functions in
+        // a new IXSysCalls.cpp and wrap them all.
+        //
+        // The style from libuv is as such.
+        //
+        int ret = -1;
+        do
+        {
+            ret = ::poll(fds, nfds, timeout);
+        } while (ret == -1 && errno == EINTR);
+
+        return ret;
 #endif
     }
 

ixwebsocket/IXNetSystem.h

@@ -19,7 +19,10 @@ typedef unsigned long int nfds_t;
 #else
 #include <arpa/inet.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
+#include <netinet/in.h>
+#include <netinet/ip.h>
 #include <netinet/tcp.h>
 #include <poll.h>
 #include <sys/select.h>
@@ -31,6 +34,12 @@ typedef unsigned long int nfds_t;
 
 namespace ix
 {
+#ifdef _WIN32
+    typedef SOCKET socket_t;
+#else
+    typedef int socket_t;
+#endif
+
     bool initNetSystem();
     bool uninitNetSystem();
 

ixwebsocket/IXSelectInterrupt.cpp

@@ -8,6 +8,9 @@
 
 namespace ix
 {
+    const uint64_t SelectInterrupt::kSendRequest = 1;
+    const uint64_t SelectInterrupt::kCloseRequest = 2;
+
     SelectInterrupt::SelectInterrupt()
     {
         ;
@@ -42,5 +45,4 @@ namespace ix
     {
         return -1;
     }
-}
-
+} // namespace ix

ixwebsocket/IXSelectInterrupt.h

@@ -6,6 +6,7 @@
 
 #pragma once
 
+#include <memory>
 #include <stdint.h>
 #include <string>
 
@@ -23,5 +24,11 @@ namespace ix
         virtual bool clear();
         virtual uint64_t read();
         virtual int getFd() const;
+
+        // Used as special codes for pipe communication
+        static const uint64_t kSendRequest;
+        static const uint64_t kCloseRequest;
     };
+
+    using SelectInterruptPtr = std::unique_ptr<SelectInterrupt>;
 } // namespace ix

ixwebsocket/IXSelectInterruptEventFd.cpp

@@ -1,116 +0,0 @@
-/*
- *  IXSelectInterruptEventFd.cpp
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2018-2019 Machine Zone, Inc. All rights reserved.
- */
-
-//
-// On Linux we use eventd to wake up select.
-//
-
-//
-// Linux/Android has a special type of virtual files. select(2) will react
-// when reading/writing to those files, unlike closing sockets.
-//
-// https://linux.die.net/man/2/eventfd
-// http://www.sourcexr.com/articles/2013/10/26/lightweight-inter-process-signaling-with-eventfd
-//
-// eventfd was added in Linux kernel 2.x, and our oldest Android (Kitkat 4.4)
-// is on Kernel 3.x
-//
-// cf Android/Kernel table here
-// https://android.stackexchange.com/questions/51651/which-android-runs-which-linux-kernel
-//
-// On macOS we use UNIX pipes to wake up select.
-//
-
-#include "IXSelectInterruptEventFd.h"
-
-#include <sys/eventfd.h>
-
-#include <unistd.h> // for write
-#include <string.h> // for strerror
-#include <fcntl.h>
-#include <errno.h>
-#include <assert.h>
-#include <sstream>
-
-namespace ix
-{
-    SelectInterruptEventFd::SelectInterruptEventFd()
-    {
-        _eventfd = -1;
-    }
-
-    SelectInterruptEventFd::~SelectInterruptEventFd()
-    {
-        ::close(_eventfd);
-    }
-
-    bool SelectInterruptEventFd::init(std::string& errorMsg)
-    {
-        // calling init twice is a programming error
-        assert(_eventfd == -1);
-
-        _eventfd = eventfd(0, 0);
-        if (_eventfd < 0)
-        {
-            std::stringstream ss;
-            ss << "SelectInterruptEventFd::init() failed in eventfd()"
-               << " : " << strerror(errno);
-            errorMsg = ss.str();
-
-            _eventfd = -1;
-            return false;
-        }
-
-        if (fcntl(_eventfd, F_SETFL, O_NONBLOCK) == -1)
-        {
-            std::stringstream ss;
-            ss << "SelectInterruptEventFd::init() failed in fcntl() call"
-               << " : " << strerror(errno);
-            errorMsg = ss.str();
-
-            _eventfd = -1;
-            return false;
-        }
-
-        return true;
-    }
-
-    bool SelectInterruptEventFd::notify(uint64_t value)
-    {
-        int fd = _eventfd;
-
-        if (fd == -1) return false;
-
-        // we should write 8 bytes for an uint64_t
-        return write(fd, &value, sizeof(value)) == 8;
-    }
-
-    // TODO: return max uint64_t for errors ?
-    uint64_t SelectInterruptEventFd::read()
-    {
-        int fd = _eventfd;
-
-        uint64_t value = 0;
-        ::read(fd, &value, sizeof(value));
-        return value;
-    }
-
-    bool SelectInterruptEventFd::clear()
-    {
-        if (_eventfd == -1) return false;
-
-        // 0 is a special value ; select will not wake up
-        uint64_t value = 0;
-
-        // we should write 8 bytes for an uint64_t
-        return write(_eventfd, &value, sizeof(value)) == 8;
-    }
-
-    int SelectInterruptEventFd::getFd() const
-    {
-        return _eventfd;
-    }
-}

ixwebsocket/IXSelectInterruptEventFd.h

@@ -1,31 +0,0 @@
-/*
- *  IXSelectInterruptEventFd.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2018-2019 Machine Zone, Inc. All rights reserved.
- */
-
-#pragma once
-
-#include "IXSelectInterrupt.h"
-#include <stdint.h>
-#include <string>
-
-namespace ix
-{
-    class SelectInterruptEventFd final : public SelectInterrupt
-    {
-    public:
-        SelectInterruptEventFd();
-        virtual ~SelectInterruptEventFd();
-
-        bool init(std::string& errorMsg) final;
-
-        bool notify(uint64_t value) final;
-        bool clear() final;
-        uint64_t read() final;
-        int getFd() const final;
-
-    private:
-        int _eventfd;
-    };
-} // namespace ix

ixwebsocket/IXSelectInterruptFactory.cpp

@@ -6,20 +6,21 @@
 
 #include "IXSelectInterruptFactory.h"
 
+#include "IXUniquePtr.h"
 #if defined(__linux__) || defined(__APPLE__)
-# include <ixwebsocket/IXSelectInterruptPipe.h>
+#include "IXSelectInterruptPipe.h"
 #else
-# include <ixwebsocket/IXSelectInterrupt.h>
+#include "IXSelectInterrupt.h"
 #endif
 
 namespace ix
 {
-    std::shared_ptr<SelectInterrupt> createSelectInterrupt()
+    SelectInterruptPtr createSelectInterrupt()
     {
 #if defined(__linux__) || defined(__APPLE__)
-        return std::make_shared<SelectInterruptPipe>();
+        return ix::make_unique<SelectInterruptPipe>();
 #else
-        return std::make_shared<SelectInterrupt>();
+        return ix::make_unique<SelectInterrupt>();
 #endif
     }
-}
+} // namespace ix

ixwebsocket/IXSelectInterruptFactory.h

@@ -11,5 +11,6 @@
 namespace ix
 {
     class SelectInterrupt;
-    std::shared_ptr<SelectInterrupt> createSelectInterrupt();
+    using SelectInterruptPtr = std::unique_ptr<SelectInterrupt>;
+    SelectInterruptPtr createSelectInterrupt();
 } // namespace ix

ixwebsocket/IXSelectInterruptPipe.cpp

@@ -5,17 +5,19 @@
  */
 
 //
-// On macOS we use UNIX pipes to wake up select.
+// On UNIX we use pipes to wake up select. There is no way to do that
+// on Windows so this file is compiled out on Windows.
 //
+#ifndef _WIN32
 
 #include "IXSelectInterruptPipe.h"
 
-#include <unistd.h> // for write
-#include <string.h> // for strerror
-#include <fcntl.h>
-#include <errno.h>
 #include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
 #include <sstream>
+#include <string.h> // for strerror
+#include <unistd.h> // for write
 
 namespace ix
 {
@@ -115,8 +117,14 @@ namespace ix
         int fd = _fildes[kPipeWriteIndex];
         if (fd == -1) return false;
 
+        ssize_t ret = -1;
+        do
+        {
+            ret = ::write(fd, &value, sizeof(value));
+        } while (ret == -1 && errno == EINTR);
+
         // we should write 8 bytes for an uint64_t
-        return write(fd, &value, sizeof(value)) == 8;
+        return ret == 8;
     }
 
     // TODO: return max uint64_t for errors ?
@@ -127,7 +135,12 @@ namespace ix
         int fd = _fildes[kPipeReadIndex];
 
         uint64_t value = 0;
-        ::read(fd, &value, sizeof(value));
+
+        ssize_t ret = -1;
+        do
+        {
+            ret = ::read(fd, &value, sizeof(value));
+        } while (ret == -1 && errno == EINTR);
 
         return value;
     }
@@ -143,4 +156,6 @@ namespace ix
 
         return _fildes[kPipeReadIndex];
     }
-}
+} // namespace ix
+
+#endif // !_WIN32

ixwebsocket/IXSetThreadName.cpp

@@ -0,0 +1,81 @@
+/*
+ *  IXSetThreadName.cpp
+ *  Author: Benjamin Sergeant
+ *  Copyright (c) 2018 2020 Machine Zone, Inc. All rights reserved.
+ */
+#include "IXSetThreadName.h"
+
+// unix systems
+#if defined(__APPLE__) || defined(__linux__) || defined(BSD)
+#include <pthread.h>
+#endif
+
+// freebsd needs this header as well
+#if defined(BSD)
+#include <pthread_np.h>
+#endif
+
+// Windows
+#ifdef _WIN32
+#include <Windows.h>
+#endif
+
+namespace ix
+{
+#ifdef _WIN32
+    const DWORD MS_VC_EXCEPTION = 0x406D1388;
+
+#pragma pack(push, 8)
+    typedef struct tagTHREADNAME_INFO
+    {
+        DWORD dwType;     // Must be 0x1000.
+        LPCSTR szName;    // Pointer to name (in user addr space).
+        DWORD dwThreadID; // Thread ID (-1=caller thread).
+        DWORD dwFlags;    // Reserved for future use, must be zero.
+    } THREADNAME_INFO;
+#pragma pack(pop)
+
+    void SetThreadName(DWORD dwThreadID, const char* threadName)
+    {
+        THREADNAME_INFO info;
+        info.dwType = 0x1000;
+        info.szName = threadName;
+        info.dwThreadID = dwThreadID;
+        info.dwFlags = 0;
+
+        __try
+        {
+            RaiseException(
+                MS_VC_EXCEPTION, 0, sizeof(info) / sizeof(ULONG_PTR), (ULONG_PTR*) &info);
+        }
+        __except (EXCEPTION_EXECUTE_HANDLER)
+        {
+        }
+    }
+#endif
+
+    void setThreadName(const std::string& name)
+    {
+#if defined(__APPLE__)
+        //
+        // Apple reserves 16 bytes for its thread names
+        // Notice that the Apple version of pthread_setname_np
+        // does not take a pthread_t argument
+        //
+        pthread_setname_np(name.substr(0, 63).c_str());
+#elif defined(__linux__)
+        //
+        // Linux only reserves 16 bytes for its thread names
+        // See prctl and PR_SET_NAME property in
+        // http://man7.org/linux/man-pages/man2/prctl.2.html
+        //
+        pthread_setname_np(pthread_self(), name.substr(0, 15).c_str());
+#elif defined(_WIN32)
+        SetThreadName(-1, name.c_str());
+#elif defined(BSD)
+        pthread_set_name_np(pthread_self(), name.substr(0, 15).c_str());
+#else
+        // ... assert here ?
+#endif
+    }
+} // namespace ix

ixwebsocket/IXSocket.cpp

@@ -5,20 +5,21 @@
  */
 
 #include "IXSocket.h"
-#include "IXSocketConnect.h"
+
 #include "IXNetSystem.h"
 #include "IXSelectInterrupt.h"
 #include "IXSelectInterruptFactory.h"
-
+#include "IXSocketConnect.h"
+#include <algorithm>
+#include <array>
+#include <assert.h>
+#include <fcntl.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <assert.h>
-#include <stdint.h>
-#include <fcntl.h>
 #include <sys/types.h>
-
-#include <algorithm>
+#include <vector>
 
 #ifdef min
 #undef min
@@ -28,13 +29,10 @@ namespace ix
 {
     const int Socket::kDefaultPollNoTimeout = -1; // No poll timeout by default
     const int Socket::kDefaultPollTimeout = kDefaultPollNoTimeout;
-    const uint64_t Socket::kSendRequest = 1;
-    const uint64_t Socket::kCloseRequest = 2;
-    constexpr size_t Socket::kChunkSize;
 
-    Socket::Socket(int fd) :
-        _sockfd(fd),
-        _selectInterrupt(createSelectInterrupt())
+    Socket::Socket(int fd)
+        : _sockfd(fd)
+        , _selectInterrupt(createSelectInterrupt())
     {
         ;
     }
@@ -47,22 +45,25 @@ namespace ix
     PollResultType Socket::poll(bool readyToRead,
                                 int timeoutMs,
                                 int sockfd,
-                                std::shared_ptr<SelectInterrupt> selectInterrupt)
+                                const SelectInterruptPtr& selectInterrupt)
     {
         //
-        // We used to use ::select to poll but on Android 9 we get large fds out of ::connect
-        // which crash in FD_SET as they are larger than FD_SETSIZE.
-        // Switching to ::poll does fix that.
+        // We used to use ::select to poll but on Android 9 we get large fds out of
+        // ::connect which crash in FD_SET as they are larger than FD_SETSIZE. Switching
+        // to ::poll does fix that.
         //
-        // However poll isn't as portable as select and has bugs on Windows, so we should write a
-        // shim to fallback to select on those platforms.
-        // See https://github.com/mpv-player/mpv/pull/5203/files for such a select wrapper.
+        // However poll isn't as portable as select and has bugs on Windows, so we
+        // have a shim to fallback to select on those platforms. See
+        // https://github.com/mpv-player/mpv/pull/5203/files for such a select wrapper.
         //
         nfds_t nfds = 1;
         struct pollfd fds[2];
+        memset(fds, 0, sizeof(fds));
 
         fds[0].fd = sockfd;
         fds[0].events = (readyToRead) ? POLLIN : POLLOUT;
+
+        // this is ignored by poll, but our select based poll wrapper on Windows needs it
         fds[0].events |= POLLERR;
 
         // File descriptor used to interrupt select when needed
@@ -94,11 +95,11 @@ namespace ix
         {
             uint64_t value = selectInterrupt->read();
 
-            if (value == kSendRequest)
+            if (value == SelectInterrupt::kSendRequest)
             {
                 pollResult = PollResultType::SendRequest;
             }
-            else if (value == kCloseRequest)
+            else if (value == SelectInterrupt::kCloseRequest)
             {
                 pollResult = PollResultType::CloseRequest;
             }
@@ -123,8 +124,7 @@ namespace ix
 
             // getsockopt() puts the errno value for connect into optval so 0
             // means no-error.
-            if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1 ||
-                optval != 0)
+            if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1 || optval != 0)
             {
                 pollResult = PollResultType::Error;
 
@@ -134,6 +134,11 @@ namespace ix
             }
 #endif
         }
+        else if (sockfd != -1 && (fds[0].revents & POLLERR || fds[0].revents & POLLHUP ||
+                                  fds[0].revents & POLLNVAL))
+        {
+            pollResult = PollResultType::Error;
+        }
 
         return pollResult;
     }
@@ -166,6 +171,16 @@ namespace ix
         return _selectInterrupt->notify(wakeUpCode);
     }
 
+    bool Socket::accept(std::string& errMsg)
+    {
+        if (_sockfd == -1)
+        {
+            errMsg = "Socket is uninitialized";
+            return false;
+        }
+        return true;
+    }
+
     bool Socket::connect(const std::string& host,
                          int port,
                          std::string& errMsg,
@@ -201,7 +216,7 @@ namespace ix
 
     ssize_t Socket::send(const std::string& buffer)
     {
-        return send((char*)&buffer[0], buffer.size());
+        return send((char*) &buffer[0], buffer.size());
     }
 
     ssize_t Socket::recv(void* buffer, size_t length)
@@ -263,7 +278,7 @@ namespace ix
         {
             if (isCancellationRequested && isCancellationRequested()) return false;
 
-            ssize_t ret = send((char*)&str[offset], len);
+            ssize_t ret = send((char*) &str[offset], len);
 
             // We wrote some bytes, as needed, all good.
             if (ret > 0)
@@ -292,8 +307,7 @@ namespace ix
         }
     }
 
-    bool Socket::readByte(void* buffer,
-                          const CancellationRequest& isCancellationRequested)
+    bool Socket::readByte(void* buffer, const CancellationRequest& isCancellationRequested)
     {
         while (true)
         {
@@ -332,7 +346,7 @@ namespace ix
         std::string line;
         line.reserve(64);
 
-        for (int i = 0; i < 2 || (line[i-2] != '\r' && line[i-1] != '\n'); ++i)
+        for (int i = 0; i < 2 || (line[i - 2] != '\r' && line[i - 1] != '\n'); ++i)
         {
             if (!readByte(&c, isCancellationRequested))
             {
@@ -351,32 +365,28 @@ namespace ix
         const OnProgressCallback& onProgressCallback,
         const CancellationRequest& isCancellationRequested)
     {
-        if (_readBuffer.empty())
-        {
-            _readBuffer.resize(kChunkSize);
-        }
+        std::array<uint8_t, 1 << 14> readBuffer;
 
         std::vector<uint8_t> output;
         while (output.size() != length)
         {
             if (isCancellationRequested && isCancellationRequested())
             {
-                return std::make_pair(false, std::string());
+                const std::string errorMsg("Cancellation Requested");
+                return std::make_pair(false, errorMsg);
             }
 
-            size_t size = std::min(kChunkSize, length - output.size());
-            ssize_t ret = recv((char*)&_readBuffer[0], size);
+            size_t size = std::min(readBuffer.size(), length - output.size());
+            ssize_t ret = recv((char*) &readBuffer[0], size);
 
-            if (ret <= 0 && !Socket::isWaitNeeded())
+            if (ret > 0)
             {
-                // Error
-                return std::make_pair(false, std::string());
+                output.insert(output.end(), readBuffer.begin(), readBuffer.begin() + ret);
             }
-            else
+            else if (ret <= 0 && !Socket::isWaitNeeded())
             {
-                output.insert(output.end(),
-                              _readBuffer.begin(),
-                              _readBuffer.begin() + ret);
+                const std::string errorMsg("Recv Error");
+                return std::make_pair(false, errorMsg);
             }
 
             if (onProgressCallback) onProgressCallback((int) output.size(), (int) length);
@@ -385,11 +395,11 @@ namespace ix
             // This way we are not busy looping
             if (isReadyToRead(1) == PollResultType::Error)
             {
-                return std::make_pair(false, std::string());
+                const std::string errorMsg("Poll Error");
+                return std::make_pair(false, errorMsg);
             }
         }
 
-        return std::make_pair(true, std::string(output.begin(),
-                                                output.end()));
+        return std::make_pair(true, std::string(output.begin(), output.end()));
     }
-}
+} // namespace ix

ixwebsocket/IXSocket.h

@@ -11,7 +11,6 @@
 #include <memory>
 #include <mutex>
 #include <string>
-#include <vector>
 
 #ifdef _WIN32
 #include <BaseTsd.h>
@@ -34,11 +33,10 @@ typedef SSIZE_T ssize_t;
 
 #include "IXCancellationRequest.h"
 #include "IXProgressCallback.h"
+#include "IXSelectInterrupt.h"
 
 namespace ix
 {
-    class SelectInterrupt;
-
     enum class PollResultType
     {
         ReadyForRead = 0,
@@ -64,14 +62,16 @@ namespace ix
         PollResultType isReadyToRead(int timeoutMs);
 
         // Virtual methods
-        virtual bool connect(const std::string& url,
+        virtual bool accept(std::string& errMsg);
+
+        virtual bool connect(const std::string& host,
                              int port,
                              std::string& errMsg,
                              const CancellationRequest& isCancellationRequested);
         virtual void close();
 
         virtual ssize_t send(char* buffer, size_t length);
-        virtual ssize_t send(const std::string& buffer);
+        ssize_t send(const std::string& buffer);
         virtual ssize_t recv(void* buffer, size_t length);
 
         // Blocking and cancellable versions, working with socket that can be set
@@ -91,12 +91,7 @@ namespace ix
         static PollResultType poll(bool readyToRead,
                                    int timeoutMs,
                                    int sockfd,
-                                   std::shared_ptr<SelectInterrupt> selectInterrupt = nullptr);
-
-
-        // Used as special codes for pipe communication
-        static const uint64_t kSendRequest;
-        static const uint64_t kCloseRequest;
+                                   const SelectInterruptPtr& selectInterrupt);
 
     protected:
         std::atomic<int> _sockfd;
@@ -106,10 +101,6 @@ namespace ix
         static const int kDefaultPollTimeout;
         static const int kDefaultPollNoTimeout;
 
-        // Buffer for reading from our socket. That buffer is never resized.
-        std::vector<uint8_t> _readBuffer;
-        static constexpr size_t kChunkSize = 1 << 15;
-
-        std::shared_ptr<SelectInterrupt> _selectInterrupt;
+        SelectInterruptPtr _selectInterrupt;
     };
 } // namespace ix

ixwebsocket/IXSocketAppleSSL.cpp

@@ -1,16 +1,20 @@
 /*
  *  IXSocketAppleSSL.cpp
  *  Author: Benjamin Sergeant
- *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ *  Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved.
  *
  *  Adapted from Satori SDK Apple SSL code.
  */
-#include "IXSocketAppleSSL.h"
-#include "IXSocketConnect.h"
+#ifdef IXWEBSOCKET_USE_SECURE_TRANSPORT
 
+#include "IXSocketAppleSSL.h"
+
+#include "IXSocketConnect.h"
+#include <errno.h>
 #include <fcntl.h>
 #include <netdb.h>
 #include <netinet/tcp.h>
+#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -18,131 +22,16 @@
 #include <sys/time.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include <stdint.h>
-
-#include <errno.h>
 #define socketerrno errno
 
 #include <Security/SecureTransport.h>
 
-namespace {
-
-OSStatus read_from_socket(SSLConnectionRef connection, void *data, size_t *len)
-{
-    int fd = (int) (long) connection;
-    if (fd < 0)
-        return errSSLInternal;
-
-    assert(data != nullptr);
-    assert(len != nullptr);
-
-    size_t requested_sz = *len;
-
-    ssize_t status = read(fd, data, requested_sz);
-
-    if (status > 0)
-    {
-        *len = (size_t) status;
-        if (requested_sz > *len)
-            return errSSLWouldBlock;
-        else
-            return noErr;
-    }
-    else if (0 == status)
-    {
-        *len = 0;
-        return errSSLClosedGraceful;
-    }
-    else
-    {
-        *len = 0;
-        switch (errno) {
-            case ENOENT:
-                return errSSLClosedGraceful;
-
-            case EAGAIN:
-                return errSSLWouldBlock;
-
-            case ECONNRESET:
-                return errSSLClosedAbort;
-
-            default:
-                return errSecIO;
-        }
-    }
-}
-
-OSStatus write_to_socket(SSLConnectionRef connection, const void *data, size_t *len)
-{
-    int fd = (int) (long) connection;
-    if (fd < 0)
-        return errSSLInternal;
-
-    assert(data != nullptr);
-    assert(len != nullptr);
-
-    size_t to_write_sz = *len;
-    ssize_t status = write(fd, data, to_write_sz);
-
-    if (status > 0)
-    {
-        *len = (size_t) status;
-        if (to_write_sz > *len)
-            return errSSLWouldBlock;
-        else
-            return noErr;
-    }
-    else if (0 == status)
-    {
-        *len = 0;
-        return errSSLClosedGraceful;
-    }
-    else
-    {
-        *len = 0;
-        if (EAGAIN == errno)
-        {
-            return errSSLWouldBlock;
-        }
-        else
-        {
-            return errSecIO;
-        }
-    }
-}
-
-std::string getSSLErrorDescription(OSStatus status)
-{
-    std::string errMsg("Unknown SSL error.");
-
-    CFErrorRef error = CFErrorCreate(kCFAllocatorDefault, kCFErrorDomainOSStatus, status, NULL);
-    if (error)
-    {
-        CFStringRef message = CFErrorCopyDescription(error);
-        if (message)
-        {
-            char localBuffer[128];
-            Boolean success;
-            success = CFStringGetCString(message, localBuffer, 128,
-                                         CFStringGetSystemEncoding());
-            if (success)
-            {
-                errMsg = localBuffer;
-            }
-            CFRelease(message);
-        }
-        CFRelease(error);
-    }
-
-    return errMsg;
-}
-
-} // anonymous namespace
-
 namespace ix
 {
-    SocketAppleSSL::SocketAppleSSL(int fd) : Socket(fd),
-        _sslContext(nullptr)
+    SocketAppleSSL::SocketAppleSSL(const SocketTLSOptions& tlsOptions, int fd)
+        : Socket(fd)
+        , _sslContext(nullptr)
+        , _tlsOptions(tlsOptions)
     {
         ;
     }
@@ -152,6 +41,151 @@ namespace ix
         SocketAppleSSL::close();
     }
 
+    std::string SocketAppleSSL::getSSLErrorDescription(OSStatus status)
+    {
+        std::string errMsg("Unknown SSL error.");
+
+        CFErrorRef error = CFErrorCreate(kCFAllocatorDefault, kCFErrorDomainOSStatus, status, NULL);
+        if (error)
+        {
+            CFStringRef message = CFErrorCopyDescription(error);
+            if (message)
+            {
+                char localBuffer[128];
+                Boolean success;
+                success = CFStringGetCString(message, localBuffer, 128, kCFStringEncodingUTF8);
+                if (success)
+                {
+                    errMsg = localBuffer;
+                }
+                CFRelease(message);
+            }
+            CFRelease(error);
+        }
+
+        return errMsg;
+    }
+
+    OSStatus SocketAppleSSL::readFromSocket(SSLConnectionRef connection, void* data, size_t* len)
+    {
+        int fd = (int) (long) connection;
+        if (fd < 0) return errSSLInternal;
+
+        assert(data != nullptr);
+        assert(len != nullptr);
+
+        size_t requested_sz = *len;
+
+        ssize_t status = read(fd, data, requested_sz);
+
+        if (status > 0)
+        {
+            *len = (size_t) status;
+            if (requested_sz > *len)
+            {
+                return errSSLWouldBlock;
+            }
+            else
+            {
+                return noErr;
+            }
+        }
+        else if (status == 0)
+        {
+            *len = 0;
+            return errSSLClosedGraceful;
+        }
+        else
+        {
+            *len = 0;
+            switch (errno)
+            {
+                case ENOENT: return errSSLClosedGraceful;
+
+                case EAGAIN: return errSSLWouldBlock; // EWOULDBLOCK is a define for EAGAIN on osx
+                case EINPROGRESS: return errSSLWouldBlock;
+
+                case ECONNRESET: return errSSLClosedAbort;
+
+                default: return errSecIO;
+            }
+        }
+    }
+
+    OSStatus SocketAppleSSL::writeToSocket(SSLConnectionRef connection,
+                                           const void* data,
+                                           size_t* len)
+    {
+        int fd = (int) (long) connection;
+        if (fd < 0) return errSSLInternal;
+
+        assert(data != nullptr);
+        assert(len != nullptr);
+
+        size_t to_write_sz = *len;
+        ssize_t status = write(fd, data, to_write_sz);
+
+        if (status > 0)
+        {
+            *len = (size_t) status;
+            if (to_write_sz > *len)
+            {
+                return errSSLWouldBlock;
+            }
+            else
+            {
+                return noErr;
+            }
+        }
+        else if (status == 0)
+        {
+            *len = 0;
+            return errSSLClosedGraceful;
+        }
+        else
+        {
+            *len = 0;
+            switch (errno)
+            {
+                case ENOENT: return errSSLClosedGraceful;
+
+                case EAGAIN: return errSSLWouldBlock; // EWOULDBLOCK is a define for EAGAIN on osx
+                case EINPROGRESS: return errSSLWouldBlock;
+
+                case ECONNRESET: return errSSLClosedAbort;
+
+                default: return errSecIO;
+            }
+        }
+    }
+
+
+    bool SocketAppleSSL::accept(std::string& errMsg)
+    {
+        errMsg = "TLS not supported yet in server mode with apple ssl backend";
+        return false;
+    }
+
+    OSStatus SocketAppleSSL::tlsHandShake(std::string& errMsg,
+                                          const CancellationRequest& isCancellationRequested)
+    {
+        OSStatus status;
+
+        do
+        {
+            status = SSLHandshake(_sslContext);
+
+            // Interrupt the handshake
+            if (isCancellationRequested())
+            {
+                errMsg = "Cancellation requested";
+                return errSSLInternal;
+            }
+        } while (status == errSSLWouldBlock || status == errSSLServerAuthCompleted);
+
+        return status;
+    }
+
     // No wait support
     bool SocketAppleSSL::connect(const std::string& host,
                                  int port,
@@ -167,18 +201,32 @@ namespace ix
 
             _sslContext = SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType);
 
-            SSLSetIOFuncs(_sslContext, read_from_socket, write_to_socket);
-            SSLSetConnection(_sslContext, (SSLConnectionRef) (long) _sockfd);
+            SSLSetIOFuncs(
+                _sslContext, SocketAppleSSL::readFromSocket, SocketAppleSSL::writeToSocket);
+            SSLSetConnection(_sslContext, (SSLConnectionRef)(long) _sockfd);
             SSLSetProtocolVersionMin(_sslContext, kTLSProtocol12);
             SSLSetPeerDomainName(_sslContext, host.c_str(), host.size());
 
-            do {
-                status = SSLHandshake(_sslContext);
-            } while (errSSLWouldBlock == status ||
-                     errSSLServerAuthCompleted == status);
+            if (_tlsOptions.isPeerVerifyDisabled())
+            {
+                Boolean option(1);
+                SSLSetSessionOption(_sslContext, kSSLSessionOptionBreakOnServerAuth, option);
+
+                status = tlsHandShake(errMsg, isCancellationRequested);
+
+                if (status == errSSLServerAuthCompleted)
+                {
+                    // proceed with the handshake
+                    status = tlsHandShake(errMsg, isCancellationRequested);
+                }
+            }
+            else
+            {
+                status = tlsHandShake(errMsg, isCancellationRequested);
+            }
         }
 
-        if (noErr != status)
+        if (status != noErr)
         {
             errMsg = getSSLErrorDescription(status);
             close();
@@ -202,45 +250,19 @@ namespace ix
     }
 
     ssize_t SocketAppleSSL::send(char* buf, size_t nbyte)
-    {
-        ssize_t ret = 0;
-        OSStatus status;
-        do {
-            size_t processed = 0;
-            std::lock_guard<std::mutex> lock(_mutex);
-            status = SSLWrite(_sslContext, buf, nbyte, &processed);
-            ret += processed;
-            buf += processed;
-            nbyte -= processed;
-        } while (nbyte > 0 && errSSLWouldBlock == status);
-
-        if (ret == 0 && errSSLClosedAbort != status)
-            ret = -1;
-        return ret;
-    }
-
-    ssize_t SocketAppleSSL::send(const std::string& buffer)
-    {
-        return send((char*)&buffer[0], buffer.size());
-    }
-
-    // No wait support
-    ssize_t SocketAppleSSL::recv(void* buf, size_t nbyte)
     {
         OSStatus status = errSSLWouldBlock;
-        while (errSSLWouldBlock == status)
+        while (status == errSSLWouldBlock)
         {
             size_t processed = 0;
             std::lock_guard<std::mutex> lock(_mutex);
-            status = SSLRead(_sslContext, buf, nbyte, &processed);
+            status = SSLWrite(_sslContext, buf, nbyte, &processed);
 
-            if (processed > 0)
-                return (ssize_t) processed;
+            if (processed > 0) return (ssize_t) processed;
 
             // The connection was reset, inform the caller that this
             // Socket should close
-            if (status == errSSLClosedGraceful ||
-                status == errSSLClosedNoNotify ||
+            if (status == errSSLClosedGraceful || status == errSSLClosedNoNotify ||
                 status == errSSLClosedAbort)
             {
                 errno = ECONNRESET;
@@ -256,4 +278,36 @@ namespace ix
         return -1;
     }
 
-}
+    // No wait support
+    ssize_t SocketAppleSSL::recv(void* buf, size_t nbyte)
+    {
+        OSStatus status = errSSLWouldBlock;
+        while (status == errSSLWouldBlock)
+        {
+            size_t processed = 0;
+            std::lock_guard<std::mutex> lock(_mutex);
+            status = SSLRead(_sslContext, buf, nbyte, &processed);
+
+            if (processed > 0) return (ssize_t) processed;
+
+            // The connection was reset, inform the caller that this
+            // Socket should close
+            if (status == errSSLClosedGraceful || status == errSSLClosedNoNotify ||
+                status == errSSLClosedAbort)
+            {
+                errno = ECONNRESET;
+                return -1;
+            }
+
+            if (status == errSSLWouldBlock)
+            {
+                errno = EWOULDBLOCK;
+                return -1;
+            }
+        }
+        return -1;
+    }
+
+} // namespace ix
+
+#endif // IXWEBSOCKET_USE_SECURE_TRANSPORT

ixwebsocket/IXSocketAppleSSL.h

@@ -1,13 +1,15 @@
 /*
  *  IXSocketAppleSSL.h
  *  Author: Benjamin Sergeant
- *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ *  Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved.
  */
+#ifdef IXWEBSOCKET_USE_SECURE_TRANSPORT
 
 #pragma once
 
 #include "IXCancellationRequest.h"
 #include "IXSocket.h"
+#include "IXSocketTLSOptions.h"
 #include <Security/SecureTransport.h>
 #include <Security/Security.h>
 #include <mutex>
@@ -17,9 +19,11 @@ namespace ix
     class SocketAppleSSL final : public Socket
     {
     public:
-        SocketAppleSSL(int fd = -1);
+        SocketAppleSSL(const SocketTLSOptions& tlsOptions, int fd = -1);
         ~SocketAppleSSL();
 
+        virtual bool accept(std::string& errMsg) final;
+
         virtual bool connect(const std::string& host,
                              int port,
                              std::string& errMsg,
@@ -27,12 +31,22 @@ namespace ix
         virtual void close() final;
 
         virtual ssize_t send(char* buffer, size_t length) final;
-        virtual ssize_t send(const std::string& buffer) final;
         virtual ssize_t recv(void* buffer, size_t length) final;
 
     private:
+        static std::string getSSLErrorDescription(OSStatus status);
+        static OSStatus writeToSocket(SSLConnectionRef connection, const void* data, size_t* len);
+        static OSStatus readFromSocket(SSLConnectionRef connection, void* data, size_t* len);
+
+        OSStatus tlsHandShake(std::string& errMsg,
+                              const CancellationRequest& isCancellationRequested);
+
         SSLContextRef _sslContext;
         mutable std::mutex _mutex; // AppleSSL routines are not thread-safe
+
+        SocketTLSOptions _tlsOptions;
     };
 
 } // namespace ix
+
+#endif // IXWEBSOCKET_USE_SECURE_TRANSPORT

ixwebsocket/IXSocketConnect.cpp

@@ -5,36 +5,37 @@
  */
 
 #include "IXSocketConnect.h"
+
 #include "IXDNSLookup.h"
 #include "IXNetSystem.h"
+#include "IXSelectInterrupt.h"
 #include "IXSocket.h"
-
-#include <string.h>
+#include "IXUniquePtr.h"
 #include <fcntl.h>
+#include <string.h>
 #include <sys/types.h>
 
 // Android needs extra headers for TCP_NODELAY and IPPROTO_TCP
 #ifdef ANDROID
-# include <linux/in.h>
-# include <linux/tcp.h>
+#include <linux/in.h>
+#include <linux/tcp.h>
 #endif
 
 namespace ix
 {
     //
     // This function can be cancelled every 50 ms
-    // This is important so that we don't block the main UI thread when shutting down a connection which is
-    // already trying to reconnect, and can be blocked waiting for ::connect to respond.
+    // This is important so that we don't block the main UI thread when shutting down a
+    // connection which is already trying to reconnect, and can be blocked waiting for
+    // ::connect to respond.
     //
-    int SocketConnect::connectToAddress(const struct addrinfo *address,
+    int SocketConnect::connectToAddress(const struct addrinfo* address,
                                         std::string& errMsg,
                                         const CancellationRequest& isCancellationRequested)
     {
         errMsg = "no error";
 
-        int fd = socket(address->ai_family,
-                        address->ai_socktype,
-                        address->ai_protocol);
+        socket_t fd = socket(address->ai_family, address->ai_socktype, address->ai_protocol);
         if (fd < 0)
         {
             errMsg = "Cannot create a socket";
@@ -65,7 +66,8 @@ namespace ix
 
             int timeoutMs = 10;
             bool readyToRead = false;
-            PollResultType pollResult = Socket::poll(readyToRead, timeoutMs, fd);
+            auto selectInterrupt = ix::make_unique<SelectInterrupt>();
+            PollResultType pollResult = Socket::poll(readyToRead, timeoutMs, fd, selectInterrupt);
 
             if (pollResult == PollResultType::Timeout)
             {
@@ -74,8 +76,7 @@ namespace ix
             else if (pollResult == PollResultType::Error)
             {
                 Socket::closeSocket(fd);
-                errMsg = std::string("Connect error: ") +
-                            strerror(Socket::getErrno());
+                errMsg = std::string("Connect error: ") + strerror(Socket::getErrno());
                 return -1;
             }
             else if (pollResult == PollResultType::ReadyForWrite)
@@ -85,8 +86,7 @@ namespace ix
             else
             {
                 Socket::closeSocket(fd);
-                errMsg = std::string("Connect error: ") +
-                            strerror(Socket::getErrno());
+                errMsg = std::string("Connect error: ") + strerror(Socket::getErrno());
                 return -1;
             }
         }
@@ -105,7 +105,7 @@ namespace ix
         // First do DNS resolution
         //
         auto dnsLookup = std::make_shared<DNSLookup>(hostname, port);
-        struct addrinfo *res = dnsLookup->resolve(errMsg, isCancellationRequested);
+        struct addrinfo* res = dnsLookup->resolve(errMsg, isCancellationRequested);
         if (res == nullptr)
         {
             return -1;
@@ -114,7 +114,7 @@ namespace ix
         int sockfd = -1;
 
         // iterate through the records to find a working peer
-        struct addrinfo *address;
+        struct addrinfo* address;
         for (address = res; address != nullptr; address = address->ai_next)
         {
             //
@@ -149,8 +149,7 @@ namespace ix
         // 3. (apple) prevent SIGPIPE from being emitted when the remote end disconnect
 #ifdef SO_NOSIGPIPE
         int value = 1;
-        setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE,
-                   (void *)&value, sizeof(value));
+        setsockopt(sockfd, SOL_SOCKET, SO_NOSIGPIPE, (void*) &value, sizeof(value));
 #endif
     }
-}
+} // namespace ix

ixwebsocket/IXSocketFactory.cpp

@@ -6,48 +6,48 @@
 
 #include "IXSocketFactory.h"
 
+#include "IXUniquePtr.h"
 #ifdef IXWEBSOCKET_USE_TLS
 
-# ifdef IXWEBSOCKET_USE_MBED_TLS
-#  include <ixwebsocket/IXSocketMbedTLS.h>
-# elif __APPLE__
-#  include <ixwebsocket/IXSocketAppleSSL.h>
-# elif defined(_WIN32)
-#  include <ixwebsocket/IXSocketSChannel.h>
-# elif defined(IXWEBSOCKET_USE_OPEN_SSL)
-#  include <ixwebsocket/IXSocketOpenSSL.h>
-# endif
+#ifdef IXWEBSOCKET_USE_MBED_TLS
+#include "IXSocketMbedTLS.h"
+#elif defined(IXWEBSOCKET_USE_OPEN_SSL)
+#include "IXSocketOpenSSL.h"
+#elif __APPLE__
+#include "IXSocketAppleSSL.h"
+#endif
 
 #else
 
-#include <ixwebsocket/IXSocket.h>
+#include "IXSocket.h"
 
 #endif
 
 namespace ix
 {
-    std::shared_ptr<Socket> createSocket(bool tls,
-                                         std::string& errorMsg)
+    std::unique_ptr<Socket> createSocket(bool tls,
+                                         int fd,
+                                         std::string& errorMsg,
+                                         const SocketTLSOptions& tlsOptions)
     {
+        (void) tlsOptions;
         errorMsg.clear();
-        std::shared_ptr<Socket> socket;
+        std::unique_ptr<Socket> socket;
 
         if (!tls)
         {
-            socket = std::make_shared<Socket>();
+            socket = ix::make_unique<Socket>(fd);
         }
         else
         {
 #ifdef IXWEBSOCKET_USE_TLS
-# if defined(IXWEBSOCKET_USE_MBED_TLS)
-            socket = std::make_shared<SocketMbedTLS>();
-# elif defined(__APPLE__)
-            socket = std::make_shared<SocketAppleSSL>();
-# elif defined(_WIN32)
-            socket = std::make_shared<SocketSChannel>();
-# else
-            socket = std::make_shared<SocketOpenSSL>();
-# endif
+#if defined(IXWEBSOCKET_USE_MBED_TLS)
+            socket = ix::make_unique<SocketMbedTLS>(tlsOptions, fd);
+#elif defined(IXWEBSOCKET_USE_OPEN_SSL)
+            socket = ix::make_unique<SocketOpenSSL>(tlsOptions, fd);
+#elif defined(__APPLE__)
+            socket = ix::make_unique<SocketAppleSSL>(tlsOptions, fd);
+#endif
 #else
             errorMsg = "TLS support is not enabled on this platform.";
             return nullptr;
@@ -61,18 +61,4 @@ namespace ix
 
         return socket;
     }
-
-    std::shared_ptr<Socket> createSocket(int fd,
-                                         std::string& errorMsg)
-    {
-        errorMsg.clear();
-
-        std::shared_ptr<Socket> socket = std::make_shared<Socket>(fd);
-        if (!socket->init(errorMsg))
-        {
-            socket.reset();
-        }
-
-        return socket;
-    }
-}
+} // namespace ix

ixwebsocket/IXSocketFactory.h

@@ -7,13 +7,15 @@
 
 #pragma once
 
+#include "IXSocketTLSOptions.h"
 #include <memory>
 #include <string>
 
 namespace ix
 {
     class Socket;
-    std::shared_ptr<Socket> createSocket(bool tls, std::string& errorMsg);
-
-    std::shared_ptr<Socket> createSocket(int fd, std::string& errorMsg);
+    std::unique_ptr<Socket> createSocket(bool tls,
+                                         int fd,
+                                         std::string& errorMsg,
+                                         const SocketTLSOptions& tlsOptions);
 } // namespace ix

ixwebsocket/IXSocketMbedTLS.cpp

@@ -1,42 +1,108 @@
 /*
  *  IXSocketMbedTLS.cpp
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
+ *  Author: Benjamin Sergeant, Max Weisel
+ *  Copyright (c) 2019-2020 Machine Zone, Inc. All rights reserved.
  *
  *  Some code taken from
  *  https://github.com/rottor12/WsClientLib/blob/master/lib/src/WsClientLib.cpp
  *  and mini_client.c example from mbedtls
  */
+#ifdef IXWEBSOCKET_USE_MBED_TLS
 
 #include "IXSocketMbedTLS.h"
-#include "IXSocketConnect.h"
+
 #include "IXNetSystem.h"
 #include "IXSocket.h"
-
+#include "IXSocketConnect.h"
 #include <string.h>
 
 namespace ix
 {
-    SocketMbedTLS::~SocketMbedTLS()
+    SocketMbedTLS::SocketMbedTLS(const SocketTLSOptions& tlsOptions, int fd)
+        : Socket(fd)
+        , _tlsOptions(tlsOptions)
     {
-        close();
+        initMBedTLS();
     }
 
-    bool SocketMbedTLS::init(const std::string& host, std::string& errMsg)
+    SocketMbedTLS::~SocketMbedTLS()
+    {
+        SocketMbedTLS::close();
+    }
+
+    void SocketMbedTLS::initMBedTLS()
     {
         std::lock_guard<std::mutex> lock(_mutex);
 
         mbedtls_ssl_init(&_ssl);
         mbedtls_ssl_config_init(&_conf);
         mbedtls_ctr_drbg_init(&_ctr_drbg);
-
-        const char *pers = "IXSocketMbedTLS";
-
         mbedtls_entropy_init(&_entropy);
+        mbedtls_x509_crt_init(&_cacert);
+        mbedtls_x509_crt_init(&_cert);
+        mbedtls_pk_init(&_pkey);
+    }
+
+    bool SocketMbedTLS::loadSystemCertificates(std::string& errorMsg)
+    {
+#ifdef _WIN32
+        DWORD flags = CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG |
+                      CERT_SYSTEM_STORE_CURRENT_USER;
+        HCERTSTORE systemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, flags, L"Root");
+
+        if (!systemStore)
+        {
+            errorMsg = "CertOpenStore failed with ";
+            errorMsg += std::to_string(GetLastError());
+            return false;
+        }
+
+        PCCERT_CONTEXT certificateIterator = NULL;
+
+        int certificateCount = 0;
+        while (certificateIterator = CertEnumCertificatesInStore(systemStore, certificateIterator))
+        {
+            if (certificateIterator->dwCertEncodingType & X509_ASN_ENCODING)
+            {
+                int ret = mbedtls_x509_crt_parse(&_cacert,
+                                                 certificateIterator->pbCertEncoded,
+                                                 certificateIterator->cbCertEncoded);
+                if (ret == 0)
+                {
+                    ++certificateCount;
+                }
+            }
+        }
+
+        CertFreeCertificateContext(certificateIterator);
+        CertCloseStore(systemStore, 0);
+
+        if (certificateCount == 0)
+        {
+            errorMsg = "No certificates found";
+            return false;
+        }
+
+        return true;
+#else
+        // On macOS we can query the system cert location from the keychain
+        // On Linux we could try to fetch some local files based on the distribution
+        // On Android we could use JNI to get to the system certs
+        return false;
+#endif
+    }
+
+    bool SocketMbedTLS::init(const std::string& host, bool isClient, std::string& errMsg)
+    {
+        initMBedTLS();
+        std::lock_guard<std::mutex> lock(_mutex);
+
+        const char* pers = "IXSocketMbedTLS";
+
         if (mbedtls_ctr_drbg_seed(&_ctr_drbg,
                                   mbedtls_entropy_func,
                                   &_entropy,
-                                  (const unsigned char *) pers,
+                                  (const unsigned char*) pers,
                                   strlen(pers)) != 0)
         {
             errMsg = "Setting entropy seed failed";
@@ -44,9 +110,9 @@ namespace ix
         }
 
         if (mbedtls_ssl_config_defaults(&_conf,
-                                        MBEDTLS_SSL_IS_CLIENT,
+                                        (isClient) ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
                                         MBEDTLS_SSL_TRANSPORT_STREAM,
-                                        MBEDTLS_SSL_PRESET_DEFAULT ) != 0)
+                                        MBEDTLS_SSL_PRESET_DEFAULT) != 0)
         {
             errMsg = "Setting config default failed";
             return false;
@@ -54,8 +120,65 @@ namespace ix
 
         mbedtls_ssl_conf_rng(&_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
 
-        // FIXME: cert verification is disabled
-        mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_NONE);
+        if (_tlsOptions.hasCertAndKey())
+        {
+            if (mbedtls_x509_crt_parse_file(&_cert, _tlsOptions.certFile.c_str()) < 0)
+            {
+                errMsg = "Cannot parse cert file '" + _tlsOptions.certFile + "'";
+                return false;
+            }
+            if (mbedtls_pk_parse_keyfile(&_pkey, _tlsOptions.keyFile.c_str(), "") < 0)
+            {
+                errMsg = "Cannot parse key file '" + _tlsOptions.keyFile + "'";
+                return false;
+            }
+            if (mbedtls_ssl_conf_own_cert(&_conf, &_cert, &_pkey) < 0)
+            {
+                errMsg = "Problem configuring cert '" + _tlsOptions.certFile + "'";
+                return false;
+            }
+        }
+
+        if (_tlsOptions.isPeerVerifyDisabled())
+        {
+            mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_NONE);
+        }
+        else
+        {
+            // FIXME: should we call mbedtls_ssl_conf_verify ?
+            mbedtls_ssl_conf_authmode(&_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+
+            if (_tlsOptions.isUsingSystemDefaults())
+            {
+                if (!loadSystemCertificates(errMsg))
+                {
+                    return false;
+                }
+            }
+            else
+            {
+                if (_tlsOptions.isUsingInMemoryCAs())
+                {
+                    const char* buffer = _tlsOptions.caFile.c_str();
+                    size_t bufferSize =
+                        _tlsOptions.caFile.size() + 1; // Needs to include null terminating
+                                                       // character otherwise mbedtls will fail.
+                    if (mbedtls_x509_crt_parse(
+                            &_cacert, (const unsigned char*) buffer, bufferSize) < 0)
+                    {
+                        errMsg = "Cannot parse CA from memory.";
+                        return false;
+                    }
+                }
+                else if (mbedtls_x509_crt_parse_file(&_cacert, _tlsOptions.caFile.c_str()) < 0)
+                {
+                    errMsg = "Cannot parse CA file '" + _tlsOptions.caFile + "'";
+                    return false;
+                }
+            }
+
+            mbedtls_ssl_conf_ca_chain(&_conf, &_cacert, NULL);
+        }
 
         if (mbedtls_ssl_setup(&_ssl, &_conf) != 0)
         {
@@ -63,7 +186,7 @@ namespace ix
             return false;
         }
 
-        if (mbedtls_ssl_set_hostname(&_ssl, host.c_str()) != 0)
+        if (!host.empty() && mbedtls_ssl_set_hostname(&_ssl, host.c_str()) != 0)
         {
             errMsg = "SNI setup failed";
             return false;
@@ -72,6 +195,50 @@ namespace ix
         return true;
     }
 
+    bool SocketMbedTLS::accept(std::string& errMsg)
+    {
+        bool isClient = false;
+        bool initialized = init(std::string(), isClient, errMsg);
+        if (!initialized)
+        {
+            close();
+            return false;
+        }
+
+        mbedtls_ssl_set_bio(&_ssl, &_sockfd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+        int res;
+        do
+        {
+            std::lock_guard<std::mutex> lock(_mutex);
+            res = mbedtls_ssl_handshake(&_ssl);
+        } while (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+        if (res != 0)
+        {
+            char buf[256];
+            mbedtls_strerror(res, buf, sizeof(buf));
+
+            errMsg = "error in handshake : ";
+            errMsg += buf;
+
+            if (res == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED)
+            {
+                char verifyBuf[512];
+                uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
+
+                mbedtls_x509_crt_verify_info(verifyBuf, sizeof(verifyBuf), "  ! ", flags);
+                errMsg += " : ";
+                errMsg += verifyBuf;
+            }
+
+            close();
+            return false;
+        }
+
+        return true;
+    }
+
     bool SocketMbedTLS::connect(const std::string& host,
                                 int port,
                                 std::string& errMsg,
@@ -83,7 +250,9 @@ namespace ix
             if (_sockfd == -1) return false;
         }
 
-        if (!init(host, errMsg))
+        bool isClient = true;
+        bool initialized = init(host, isClient, errMsg);
+        if (!initialized)
         {
             close();
             return false;
@@ -94,10 +263,18 @@ namespace ix
         int res;
         do
         {
-            std::lock_guard<std::mutex> lock(_mutex);
-            res = mbedtls_ssl_handshake(&_ssl);
-        }
-        while (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE);
+            {
+                std::lock_guard<std::mutex> lock(_mutex);
+                res = mbedtls_ssl_handshake(&_ssl);
+            }
+
+            if (isCancellationRequested())
+            {
+                errMsg = "Cancellation requested";
+                close();
+                return false;
+            }
+        } while (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE);
 
         if (res != 0)
         {
@@ -122,36 +299,31 @@ namespace ix
         mbedtls_ssl_config_free(&_conf);
         mbedtls_ctr_drbg_free(&_ctr_drbg);
         mbedtls_entropy_free(&_entropy);
+        mbedtls_x509_crt_free(&_cacert);
+        mbedtls_x509_crt_free(&_cert);
 
         Socket::close();
     }
 
     ssize_t SocketMbedTLS::send(char* buf, size_t nbyte)
     {
-        ssize_t sent = 0;
+        std::lock_guard<std::mutex> lock(_mutex);
 
-        while (nbyte > 0)
+        ssize_t res = mbedtls_ssl_write(&_ssl, (unsigned char*) buf, nbyte);
+
+        if (res > 0)
         {
-            std::lock_guard<std::mutex> lock(_mutex);
-
-            ssize_t res = mbedtls_ssl_write(&_ssl, (unsigned char*) buf, nbyte);
-
-            if (res > 0) {
-                nbyte -= res;
-                sent += res;
-            } else if (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE) {
-                errno = EWOULDBLOCK;
-                return -1;
-            } else {
-                return -1;
-            }
+            return res;
+        }
+        else if (res == MBEDTLS_ERR_SSL_WANT_READ || res == MBEDTLS_ERR_SSL_WANT_WRITE)
+        {
+            errno = EWOULDBLOCK;
+            return -1;
+        }
+        else
+        {
+            return -1;
         }
-        return sent;
-    }
-
-    ssize_t SocketMbedTLS::send(const std::string& buffer)
-    {
-        return send((char*)&buffer[0], buffer.size());
     }
 
     ssize_t SocketMbedTLS::recv(void* buf, size_t nbyte)
@@ -175,4 +347,6 @@ namespace ix
         }
     }
 
-}
+} // namespace ix
+
+#endif // IXWEBSOCKET_USE_MBED_TLS

ixwebsocket/IXSocketMbedTLS.h

@@ -1,18 +1,22 @@
 /*
  *  IXSocketMbedTLS.h
  *  Author: Benjamin Sergeant
- *  Copyright (c) 2019 Machine Zone, Inc. All rights reserved.
+ *  Copyright (c) 2019-2020 Machine Zone, Inc. All rights reserved.
  */
+#ifdef IXWEBSOCKET_USE_MBED_TLS
 
 #pragma once
 
 #include "IXSocket.h"
+#include "IXSocketTLSOptions.h"
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/debug.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/error.h>
 #include <mbedtls/net.h>
 #include <mbedtls/platform.h>
+#include <mbedtls/x509.h>
+#include <mbedtls/x509_crt.h>
 #include <mutex>
 
 namespace ix
@@ -20,9 +24,11 @@ namespace ix
     class SocketMbedTLS final : public Socket
     {
     public:
-        SocketMbedTLS() = default;
+        SocketMbedTLS(const SocketTLSOptions& tlsOptions, int fd = -1);
         ~SocketMbedTLS();
 
+        virtual bool accept(std::string& errMsg) final;
+
         virtual bool connect(const std::string& host,
                              int port,
                              std::string& errMsg,
@@ -30,7 +36,6 @@ namespace ix
         virtual void close() final;
 
         virtual ssize_t send(char* buffer, size_t length) final;
-        virtual ssize_t send(const std::string& buffer) final;
         virtual ssize_t recv(void* buffer, size_t length) final;
 
     private:
@@ -38,10 +43,18 @@ namespace ix
         mbedtls_ssl_config _conf;
         mbedtls_entropy_context _entropy;
         mbedtls_ctr_drbg_context _ctr_drbg;
+        mbedtls_x509_crt _cacert;
+        mbedtls_x509_crt _cert;
+        mbedtls_pk_context _pkey;
 
         std::mutex _mutex;
+        SocketTLSOptions _tlsOptions;
 
-        bool init(const std::string& host, std::string& errMsg);
+        bool init(const std::string& host, bool isClient, std::string& errMsg);
+        void initMBedTLS();
+        bool loadSystemCertificates(std::string& errMsg);
     };
 
 } // namespace ix
+
+#endif // IXWEBSOCKET_USE_MBED_TLS

ixwebsocket/IXSocketOpenSSL.cpp

@@ -1,30 +1,99 @@
 /*
  *  IXSocketOpenSSL.cpp
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ *  Author: Benjamin Sergeant, Matt DeBoer, Max Weisel
+ *  Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved.
  *
  *  Adapted from Satori SDK OpenSSL code.
  */
+#ifdef IXWEBSOCKET_USE_OPEN_SSL
 
 #include "IXSocketOpenSSL.h"
+
 #include "IXSocketConnect.h"
-
+#include "IXUniquePtr.h"
 #include <cassert>
-
-#include <openssl/x509v3.h>
-
-#include <fnmatch.h>
 #include <errno.h>
+#include <vector>
+#ifdef _WIN32
+#include <Shlwapi.h>
+#else
+#include <fnmatch.h>
+#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#include <openssl/x509v3.h>
+#endif
 #define socketerrno errno
 
+#ifdef _WIN32
+namespace
+{
+    bool loadWindowsSystemCertificates(SSL_CTX* ssl, std::string& errorMsg)
+    {
+        DWORD flags = CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG |
+                      CERT_SYSTEM_STORE_CURRENT_USER;
+        HCERTSTORE systemStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, flags, L"Root");
+
+        if (!systemStore)
+        {
+            errorMsg = "CertOpenStore failed with ";
+            errorMsg += std::to_string(GetLastError());
+            return false;
+        }
+
+        PCCERT_CONTEXT certificateIterator = NULL;
+        X509_STORE* opensslStore = SSL_CTX_get_cert_store(ssl);
+
+        int certificateCount = 0;
+        while (certificateIterator = CertEnumCertificatesInStore(systemStore, certificateIterator))
+        {
+            X509* x509 = d2i_X509(NULL,
+                                  (const unsigned char**) &certificateIterator->pbCertEncoded,
+                                  certificateIterator->cbCertEncoded);
+
+            if (x509)
+            {
+                if (X509_STORE_add_cert(opensslStore, x509) == 1)
+                {
+                    ++certificateCount;
+                }
+
+                X509_free(x509);
+            }
+        }
+
+        CertFreeCertificateContext(certificateIterator);
+        CertCloseStore(systemStore, 0);
+
+        if (certificateCount == 0)
+        {
+            errorMsg = "No certificates found";
+            return false;
+        }
+
+        return true;
+    }
+} // namespace
+#endif
+
 namespace ix
 {
+    const std::string kDefaultCiphers =
+        "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA "
+        "ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 "
+        "ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA "
+        "ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 "
+        "DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA "
+        "DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 AES128-SHA";
+
     std::atomic<bool> SocketOpenSSL::_openSSLInitializationSuccessful(false);
     std::once_flag SocketOpenSSL::_openSSLInitFlag;
+    std::vector<std::unique_ptr<std::mutex>> openSSLMutexes;
 
-    SocketOpenSSL::SocketOpenSSL(int fd) : Socket(fd),
-        _ssl_connection(nullptr),
-        _ssl_context(nullptr)
+    SocketOpenSSL::SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd)
+        : Socket(fd)
+        , _ssl_connection(nullptr)
+        , _ssl_context(nullptr)
+        , _tlsOptions(tlsOptions)
     {
         std::call_once(_openSSLInitFlag, &SocketOpenSSL::openSSLInitialize, this);
     }
@@ -40,6 +109,16 @@ namespace ix
         if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, nullptr)) return;
 #else
         (void) OPENSSL_config(nullptr);
+
+        if (CRYPTO_get_locking_callback() == nullptr)
+        {
+            openSSLMutexes.clear();
+            for (int i = 0; i < CRYPTO_num_locks(); ++i)
+            {
+                openSSLMutexes.push_back(ix::make_unique<std::mutex>());
+            }
+            CRYPTO_set_locking_callback(SocketOpenSSL::openSSLLockingCallback);
+        }
 #endif
 
         (void) OpenSSL_add_ssl_algorithms();
@@ -48,6 +127,21 @@ namespace ix
         _openSSLInitializationSuccessful = true;
     }
 
+    void SocketOpenSSL::openSSLLockingCallback(int mode,
+                                               int type,
+                                               const char* /*file*/,
+                                               int /*line*/)
+    {
+        if (mode & CRYPTO_LOCK)
+        {
+            openSSLMutexes[type]->lock();
+        }
+        else
+        {
+            openSSLMutexes[type]->unlock();
+        }
+    }
+
     std::string SocketOpenSSL::getSSLError(int ret)
     {
         unsigned long e;
@@ -114,32 +208,98 @@ namespace ix
         SSL_CTX* ctx = SSL_CTX_new(_ssl_method);
         if (ctx)
         {
-            // To skip verification, pass in SSL_VERIFY_NONE
-            SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER,
-                               [](int preverify, X509_STORE_CTX*) -> int
-                               {
-                                   return preverify;
-                               });
+            SSL_CTX_set_mode(ctx,
+                             SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 
-            SSL_CTX_set_verify_depth(ctx, 4);
-            SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+            int options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_CIPHER_SERVER_PREFERENCE;
+
+#ifdef SSL_OP_NO_TLSv1_3
+            // (partially?) work around hang in openssl 1.1.1b, by disabling TLS V1.3
+            // https://github.com/openssl/openssl/issues/7967
+            options |= SSL_OP_NO_TLSv1_3;
+#endif
+            SSL_CTX_set_options(ctx, options);
         }
         return ctx;
     }
 
+    bool SocketOpenSSL::openSSLAddCARootsFromString(const std::string roots)
+    {
+        // Create certificate store
+        X509_STORE* certificate_store = SSL_CTX_get_cert_store(_ssl_context);
+        if (certificate_store == nullptr) return false;
+
+        // Configure to allow intermediate certs
+        X509_STORE_set_flags(certificate_store,
+                             X509_V_FLAG_TRUSTED_FIRST | X509_V_FLAG_PARTIAL_CHAIN);
+
+        // Create a new buffer and populate it with the roots
+        BIO* buffer = BIO_new_mem_buf((void*) roots.c_str(), static_cast<int>(roots.length()));
+        if (buffer == nullptr) return false;
+
+        // Read each root in the buffer and add to the certificate store
+        bool success = true;
+        size_t number_of_roots = 0;
+
+        while (true)
+        {
+            // Read the next root in the buffer
+            X509* root = PEM_read_bio_X509_AUX(buffer, nullptr, nullptr, (void*) "");
+            if (root == nullptr)
+            {
+                // No more certs left in the buffer, we're done.
+                ERR_clear_error();
+                break;
+            }
+
+            // Try adding the root to the certificate store
+            ERR_clear_error();
+            if (!X509_STORE_add_cert(certificate_store, root))
+            {
+                // Failed to add. If the error is unrelated to the x509 lib or the cert already
+                // exists, we're safe to continue.
+                unsigned long error = ERR_get_error();
+                if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
+                    ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+                {
+                    // Failed. Clean up and bail.
+                    success = false;
+                    X509_free(root);
+                    break;
+                }
+            }
+
+            // Clean up and loop
+            X509_free(root);
+            number_of_roots++;
+        }
+
+        // Clean up buffer
+        BIO_free(buffer);
+
+        // Make sure we loaded at least one certificate.
+        if (number_of_roots == 0) success = false;
+
+        return success;
+    }
+
     /**
      * Check whether a hostname matches a pattern
      */
-    bool SocketOpenSSL::checkHost(const std::string& host, const char *pattern)
+    bool SocketOpenSSL::checkHost(const std::string& host, const char* pattern)
     {
+#ifdef _WIN32
+        return PathMatchSpecA(host.c_str(), pattern);
+#else
         return fnmatch(pattern, host.c_str(), 0) != FNM_NOMATCH;
+#endif
     }
 
-    bool SocketOpenSSL::openSSLCheckServerCert(SSL *ssl,
+    bool SocketOpenSSL::openSSLCheckServerCert(SSL* ssl,
                                                const std::string& hostname,
                                                std::string& errMsg)
     {
-        X509 *server_cert = SSL_get_peer_certificate(ssl);
+        X509* server_cert = SSL_get_peer_certificate(ssl);
         if (server_cert == nullptr)
         {
             errMsg = "OpenSSL failed - peer didn't present a X509 certificate.";
@@ -149,18 +309,17 @@ namespace ix
 #if OPENSSL_VERSION_NUMBER < 0x10100000L
         // Check server name
         bool hostname_verifies_ok = false;
-        STACK_OF(GENERAL_NAME) *san_names =
-            (STACK_OF(GENERAL_NAME)*) X509_get_ext_d2i((X509 *)server_cert,
-                                                       NID_subject_alt_name, NULL, NULL);
+        STACK_OF(GENERAL_NAME)* san_names = (STACK_OF(GENERAL_NAME)*) X509_get_ext_d2i(
+            (X509*) server_cert, NID_subject_alt_name, NULL, NULL);
         if (san_names)
         {
-            for (int i=0; i<sk_GENERAL_NAME_num(san_names); i++)
+            for (int i = 0; i < sk_GENERAL_NAME_num(san_names); i++)
             {
-                const GENERAL_NAME *sk_name = sk_GENERAL_NAME_value(san_names, i);
+                const GENERAL_NAME* sk_name = sk_GENERAL_NAME_value(san_names, i);
                 if (sk_name->type == GEN_DNS)
                 {
-                    char *name = (char *)ASN1_STRING_data(sk_name->d.dNSName);
-                    if ((size_t)ASN1_STRING_length(sk_name->d.dNSName) == strlen(name) &&
+                    char* name = (char*) ASN1_STRING_data(sk_name->d.dNSName);
+                    if ((size_t) ASN1_STRING_length(sk_name->d.dNSName) == strlen(name) &&
                         checkHost(hostname, name))
                     {
                         hostname_verifies_ok = true;
@@ -173,20 +332,20 @@ namespace ix
 
         if (!hostname_verifies_ok)
         {
-            int cn_pos = X509_NAME_get_index_by_NID(X509_get_subject_name((X509 *)server_cert),
-                                                    NID_commonName, -1);
+            int cn_pos = X509_NAME_get_index_by_NID(
+                X509_get_subject_name((X509*) server_cert), NID_commonName, -1);
             if (cn_pos)
             {
-                X509_NAME_ENTRY *cn_entry = X509_NAME_get_entry(
-                    X509_get_subject_name((X509 *)server_cert), cn_pos);
+                X509_NAME_ENTRY* cn_entry =
+                    X509_NAME_get_entry(X509_get_subject_name((X509*) server_cert), cn_pos);
 
                 if (cn_entry)
                 {
-                    ASN1_STRING *cn_asn1 = X509_NAME_ENTRY_get_data(cn_entry);
-                    char *cn = (char *)ASN1_STRING_data(cn_asn1);
+                    ASN1_STRING* cn_asn1 = X509_NAME_ENTRY_get_data(cn_entry);
+                    char* cn = (char*) ASN1_STRING_data(cn_asn1);
 
-                    if ((size_t)ASN1_STRING_length(cn_asn1) == strlen(cn) &&
-                       checkHost(hostname, cn))
+                    if ((size_t) ASN1_STRING_length(cn_asn1) == strlen(cn) &&
+                        checkHost(hostname, cn))
                     {
                         hostname_verifies_ok = true;
                     }
@@ -205,7 +364,9 @@ namespace ix
         return true;
     }
 
-    bool SocketOpenSSL::openSSLHandshake(const std::string& host, std::string& errMsg)
+    bool SocketOpenSSL::openSSLClientHandshake(const std::string& host,
+                                               std::string& errMsg,
+                                               const CancellationRequest& isCancellationRequested)
     {
         while (true)
         {
@@ -214,6 +375,12 @@ namespace ix
                 return false;
             }
 
+            if (isCancellationRequested())
+            {
+                errMsg = "Cancellation requested";
+                return false;
+            }
+
             ERR_clear_error();
             int connect_result = SSL_connect(_ssl_connection);
             if (connect_result == 1)
@@ -240,6 +407,301 @@ namespace ix
         }
     }
 
+    bool SocketOpenSSL::openSSLServerHandshake(std::string& errMsg)
+    {
+        while (true)
+        {
+            if (_ssl_connection == nullptr || _ssl_context == nullptr)
+            {
+                return false;
+            }
+
+            ERR_clear_error();
+            int accept_result = SSL_accept(_ssl_connection);
+            if (accept_result == 1)
+            {
+                return true;
+            }
+            int reason = SSL_get_error(_ssl_connection, accept_result);
+
+            bool rc = false;
+            if (reason == SSL_ERROR_WANT_READ || reason == SSL_ERROR_WANT_WRITE)
+            {
+                rc = true;
+            }
+            else
+            {
+                errMsg = getSSLError(accept_result);
+                rc = false;
+            }
+
+            if (!rc)
+            {
+                return false;
+            }
+        }
+    }
+
+    bool SocketOpenSSL::handleTLSOptions(std::string& errMsg)
+    {
+        ERR_clear_error();
+        if (_tlsOptions.hasCertAndKey())
+        {
+            if (SSL_CTX_use_certificate_chain_file(_ssl_context, _tlsOptions.certFile.c_str()) != 1)
+            {
+                auto sslErr = ERR_get_error();
+                errMsg = "OpenSSL failed - SSL_CTX_use_certificate_chain_file(\"" +
+                         _tlsOptions.certFile + "\") failed: ";
+                errMsg += ERR_error_string(sslErr, nullptr);
+            }
+            else if (SSL_CTX_use_PrivateKey_file(
+                         _ssl_context, _tlsOptions.keyFile.c_str(), SSL_FILETYPE_PEM) != 1)
+            {
+                auto sslErr = ERR_get_error();
+                errMsg = "OpenSSL failed - SSL_CTX_use_PrivateKey_file(\"" + _tlsOptions.keyFile +
+                         "\") failed: ";
+                errMsg += ERR_error_string(sslErr, nullptr);
+            }
+            else if (!SSL_CTX_check_private_key(_ssl_context))
+            {
+                auto sslErr = ERR_get_error();
+                errMsg = "OpenSSL failed - cert/key mismatch(\"" + _tlsOptions.certFile + ", " +
+                         _tlsOptions.keyFile + "\")";
+                errMsg += ERR_error_string(sslErr, nullptr);
+            }
+        }
+
+        ERR_clear_error();
+        if (!_tlsOptions.isPeerVerifyDisabled())
+        {
+            if (_tlsOptions.isUsingSystemDefaults())
+            {
+#ifdef _WIN32
+                if (!loadWindowsSystemCertificates(_ssl_context, errMsg))
+                {
+                    return false;
+                }
+#else
+                if (SSL_CTX_set_default_verify_paths(_ssl_context) == 0)
+                {
+                    auto sslErr = ERR_get_error();
+                    errMsg = "OpenSSL failed - SSL_CTX_default_verify_paths loading failed: ";
+                    errMsg += ERR_error_string(sslErr, nullptr);
+                    return false;
+                }
+#endif
+            }
+            else
+            {
+                if (_tlsOptions.isUsingInMemoryCAs())
+                {
+                    // Load from memory
+                    openSSLAddCARootsFromString(_tlsOptions.caFile);
+                }
+                else
+                {
+                    if (SSL_CTX_load_verify_locations(
+                            _ssl_context, _tlsOptions.caFile.c_str(), NULL) != 1)
+                    {
+                        auto sslErr = ERR_get_error();
+                        errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" +
+                                 _tlsOptions.caFile + "\") failed: ";
+                        errMsg += ERR_error_string(sslErr, nullptr);
+                        return false;
+                    }
+                }
+            }
+
+            SSL_CTX_set_verify(_ssl_context,
+                               SSL_VERIFY_PEER,
+                               [](int preverify, X509_STORE_CTX*) -> int { return preverify; });
+            SSL_CTX_set_verify_depth(_ssl_context, 4);
+        }
+        else
+        {
+            SSL_CTX_set_verify(_ssl_context, SSL_VERIFY_NONE, nullptr);
+        }
+
+        if (_tlsOptions.isUsingDefaultCiphers())
+        {
+            if (SSL_CTX_set_cipher_list(_ssl_context, kDefaultCiphers.c_str()) != 1)
+            {
+                auto sslErr = ERR_get_error();
+                errMsg = "OpenSSL failed - SSL_CTX_set_cipher_list(\"" + kDefaultCiphers +
+                         "\") failed: ";
+                errMsg += ERR_error_string(sslErr, nullptr);
+                return false;
+            }
+        }
+        else if (SSL_CTX_set_cipher_list(_ssl_context, _tlsOptions.ciphers.c_str()) != 1)
+        {
+            auto sslErr = ERR_get_error();
+            errMsg = "OpenSSL failed - SSL_CTX_set_cipher_list(\"" + _tlsOptions.ciphers +
+                     "\") failed: ";
+            errMsg += ERR_error_string(sslErr, nullptr);
+            return false;
+        }
+
+        return true;
+    }
+
+    bool SocketOpenSSL::accept(std::string& errMsg)
+    {
+        bool handshakeSuccessful = false;
+        {
+            std::lock_guard<std::mutex> lock(_mutex);
+
+            if (!_openSSLInitializationSuccessful)
+            {
+                errMsg = "OPENSSL_init_ssl failure";
+                return false;
+            }
+
+            if (_sockfd == -1)
+            {
+                return false;
+            }
+
+            {
+                const SSL_METHOD* method = SSLv23_server_method();
+                if (method == nullptr)
+                {
+                    errMsg = "SSLv23_server_method failure";
+                    _ssl_context = nullptr;
+                }
+                else
+                {
+                    _ssl_method = method;
+
+                    _ssl_context = SSL_CTX_new(_ssl_method);
+                    if (_ssl_context)
+                    {
+                        SSL_CTX_set_mode(_ssl_context, SSL_MODE_ENABLE_PARTIAL_WRITE);
+                        SSL_CTX_set_mode(_ssl_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+                        SSL_CTX_set_options(_ssl_context,
+                                            SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+                    }
+                }
+            }
+
+            if (_ssl_context == nullptr)
+            {
+                return false;
+            }
+
+            ERR_clear_error();
+            if (_tlsOptions.hasCertAndKey())
+            {
+                if (SSL_CTX_use_certificate_chain_file(_ssl_context,
+                                                       _tlsOptions.certFile.c_str()) != 1)
+                {
+                    auto sslErr = ERR_get_error();
+                    errMsg = "OpenSSL failed - SSL_CTX_use_certificate_chain_file(\"" +
+                             _tlsOptions.certFile + "\") failed: ";
+                    errMsg += ERR_error_string(sslErr, nullptr);
+                }
+                else if (SSL_CTX_use_PrivateKey_file(
+                             _ssl_context, _tlsOptions.keyFile.c_str(), SSL_FILETYPE_PEM) != 1)
+                {
+                    auto sslErr = ERR_get_error();
+                    errMsg = "OpenSSL failed - SSL_CTX_use_PrivateKey_file(\"" +
+                             _tlsOptions.keyFile + "\") failed: ";
+                    errMsg += ERR_error_string(sslErr, nullptr);
+                }
+            }
+
+
+            ERR_clear_error();
+            if (!_tlsOptions.isPeerVerifyDisabled())
+            {
+                if (_tlsOptions.isUsingSystemDefaults())
+                {
+                    if (SSL_CTX_set_default_verify_paths(_ssl_context) == 0)
+                    {
+                        auto sslErr = ERR_get_error();
+                        errMsg = "OpenSSL failed - SSL_CTX_default_verify_paths loading failed: ";
+                        errMsg += ERR_error_string(sslErr, nullptr);
+                    }
+                }
+                else
+                {
+                    if (_tlsOptions.isUsingInMemoryCAs())
+                    {
+                        // Load from memory
+                        openSSLAddCARootsFromString(_tlsOptions.caFile);
+                    }
+                    else
+                    {
+                        const char* root_ca_file = _tlsOptions.caFile.c_str();
+                        STACK_OF(X509_NAME) * rootCAs;
+                        rootCAs = SSL_load_client_CA_file(root_ca_file);
+                        if (rootCAs == NULL)
+                        {
+                            auto sslErr = ERR_get_error();
+                            errMsg = "OpenSSL failed - SSL_load_client_CA_file('" +
+                                     _tlsOptions.caFile + "') failed: ";
+                            errMsg += ERR_error_string(sslErr, nullptr);
+                        }
+                        else
+                        {
+                            SSL_CTX_set_client_CA_list(_ssl_context, rootCAs);
+                            if (SSL_CTX_load_verify_locations(
+                                    _ssl_context, root_ca_file, nullptr) != 1)
+                            {
+                                auto sslErr = ERR_get_error();
+                                errMsg = "OpenSSL failed - SSL_CTX_load_verify_locations(\"" +
+                                         _tlsOptions.caFile + "\") failed: ";
+                                errMsg += ERR_error_string(sslErr, nullptr);
+                            }
+                        }
+                    }
+                }
+
+                SSL_CTX_set_verify(
+                    _ssl_context, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);
+                SSL_CTX_set_verify_depth(_ssl_context, 4);
+            }
+            else
+            {
+                SSL_CTX_set_verify(_ssl_context, SSL_VERIFY_NONE, nullptr);
+            }
+            if (_tlsOptions.isUsingDefaultCiphers())
+            {
+                if (SSL_CTX_set_cipher_list(_ssl_context, kDefaultCiphers.c_str()) != 1)
+                {
+                    return false;
+                }
+            }
+            else if (SSL_CTX_set_cipher_list(_ssl_context, _tlsOptions.ciphers.c_str()) != 1)
+            {
+                return false;
+            }
+
+            _ssl_connection = SSL_new(_ssl_context);
+            if (_ssl_connection == nullptr)
+            {
+                errMsg = "OpenSSL failed to connect";
+                SSL_CTX_free(_ssl_context);
+                _ssl_context = nullptr;
+                return false;
+            }
+
+            SSL_set_ecdh_auto(_ssl_connection, 1);
+
+            SSL_set_fd(_ssl_connection, _sockfd);
+
+            handshakeSuccessful = openSSLServerHandshake(errMsg);
+        }
+
+        if (!handshakeSuccessful)
+        {
+            close();
+            return false;
+        }
+
+        return true;
+    }
+
     bool SocketOpenSSL::connect(const std::string& host,
                                 int port,
                                 std::string& errMsg,
@@ -264,13 +726,9 @@ namespace ix
                 return false;
             }
 
-            ERR_clear_error();
-            int cert_load_result = SSL_CTX_set_default_verify_paths(_ssl_context);
-            if (cert_load_result == 0)
+            if (!handleTLSOptions(errMsg))
             {
-                unsigned long ssl_err = ERR_get_error();
-                errMsg = "OpenSSL failed - SSL_CTX_default_verify_paths loading failed: ";
-                errMsg += ERR_error_string(ssl_err, nullptr);
+                return false;
             }
 
             _ssl_connection = SSL_new(_ssl_context);
@@ -289,13 +747,12 @@ namespace ix
 #if OPENSSL_VERSION_NUMBER >= 0x10002000L
             // Support for server name verification
             // (The docs say that this should work from 1.0.2, and is the default from
-            // 1.1.0, but it does not. To be on the safe side, the manual test below is
-            // enabled for all versions prior to 1.1.0.)
-            X509_VERIFY_PARAM *param = SSL_get0_param(_ssl_connection);
+            // 1.1.0, but it does not. To be on the safe side, the manual test
+            // below is enabled for all versions prior to 1.1.0.)
+            X509_VERIFY_PARAM* param = SSL_get0_param(_ssl_connection);
             X509_VERIFY_PARAM_set1_host(param, host.c_str(), 0);
 #endif
-
-            handshakeSuccessful = openSSLHandshake(host, errMsg);
+            handshakeSuccessful = openSSLClientHandshake(host, errMsg, isCancellationRequested);
         }
 
         if (!handshakeSuccessful)
@@ -327,37 +784,30 @@ namespace ix
 
     ssize_t SocketOpenSSL::send(char* buf, size_t nbyte)
     {
-        ssize_t sent = 0;
+        std::lock_guard<std::mutex> lock(_mutex);
 
-        while (nbyte > 0)
+        if (_ssl_connection == nullptr || _ssl_context == nullptr)
         {
-            std::lock_guard<std::mutex> lock(_mutex);
-
-            if (_ssl_connection == nullptr || _ssl_context == nullptr)
-            {
-                return 0;
-            }
-
-            ERR_clear_error();
-            ssize_t write_result = SSL_write(_ssl_connection, buf + sent, (int) nbyte);
-            int reason = SSL_get_error(_ssl_connection, (int) write_result);
-
-            if (reason == SSL_ERROR_NONE) {
-                nbyte -= write_result;
-                sent += write_result;
-            } else if (reason == SSL_ERROR_WANT_READ || reason == SSL_ERROR_WANT_WRITE) {
-                errno = EWOULDBLOCK;
-                return -1;
-            } else {
-                return -1;
-            }
+            return 0;
         }
-        return sent;
-    }
 
-    ssize_t SocketOpenSSL::send(const std::string& buffer)
-    {
-        return send((char*)&buffer[0], buffer.size());
+        ERR_clear_error();
+        ssize_t write_result = SSL_write(_ssl_connection, buf, (int) nbyte);
+        int reason = SSL_get_error(_ssl_connection, (int) write_result);
+
+        if (reason == SSL_ERROR_NONE)
+        {
+            return write_result;
+        }
+        else if (reason == SSL_ERROR_WANT_READ || reason == SSL_ERROR_WANT_WRITE)
+        {
+            errno = EWOULDBLOCK;
+            return -1;
+        }
+        else
+        {
+            return -1;
+        }
     }
 
     ssize_t SocketOpenSSL::recv(void* buf, size_t nbyte)
@@ -389,4 +839,6 @@ namespace ix
         }
     }
 
-}
+} // namespace ix
+
+#endif // IXWEBSOCKET_USE_OPEN_SSL

ixwebsocket/IXSocketOpenSSL.h

@@ -1,13 +1,15 @@
 /*
  *  IXSocketOpenSSL.h
- *  Author: Benjamin Sergeant
- *  Copyright (c) 2017-2018 Machine Zone, Inc. All rights reserved.
+ *  Author: Benjamin Sergeant, Matt DeBoer
+ *  Copyright (c) 2017-2020 Machine Zone, Inc. All rights reserved.
  */
+#ifdef IXWEBSOCKET_USE_OPEN_SSL
 
 #pragma once
 
 #include "IXCancellationRequest.h"
 #include "IXSocket.h"
+#include "IXSocketTLSOptions.h"
 #include <mutex>
 #include <openssl/bio.h>
 #include <openssl/conf.h>
@@ -20,9 +22,11 @@ namespace ix
     class SocketOpenSSL final : public Socket
     {
     public:
-        SocketOpenSSL(int fd = -1);
+        SocketOpenSSL(const SocketTLSOptions& tlsOptions, int fd = -1);
         ~SocketOpenSSL();
 
+        virtual bool accept(std::string& errMsg) final;
+
         virtual bool connect(const std::string& host,
                              int port,
                              std::string& errMsg,
@@ -30,20 +34,29 @@ namespace ix
         virtual void close() final;
 
         virtual ssize_t send(char* buffer, size_t length) final;
-        virtual ssize_t send(const std::string& buffer) final;
         virtual ssize_t recv(void* buffer, size_t length) final;
 
     private:
         void openSSLInitialize();
         std::string getSSLError(int ret);
         SSL_CTX* openSSLCreateContext(std::string& errMsg);
-        bool openSSLHandshake(const std::string& hostname, std::string& errMsg);
+        bool openSSLAddCARootsFromString(const std::string roots);
+        bool openSSLClientHandshake(const std::string& hostname,
+                                    std::string& errMsg,
+                                    const CancellationRequest& isCancellationRequested);
         bool openSSLCheckServerCert(SSL* ssl, const std::string& hostname, std::string& errMsg);
         bool checkHost(const std::string& host, const char* pattern);
+        bool handleTLSOptions(std::string& errMsg);
+        bool openSSLServerHandshake(std::string& errMsg);
+
+        // Required for OpenSSL < 1.1
+        static void openSSLLockingCallback(int mode, int type, const char* /*file*/, int /*line*/);
 
         SSL* _ssl_connection;
         SSL_CTX* _ssl_context;
         const SSL_METHOD* _ssl_method;
+        SocketTLSOptions _tlsOptions;
+
         mutable std::mutex _mutex; // OpenSSL routines are not thread-safe
 
         static std::once_flag _openSSLInitFlag;
@@ -51,3 +64,5 @@ namespace ix
     };
 
 } // namespace ix
+
+#endif // IXWEBSOCKET_USE_OPEN_SSL