libwebsockets/minimal-examples/client/hello_world/README.md
Andy Green dd1e07b28a ss: hello_world uses default policy
This switches the current hello_world to be hello_world-policy now,
and hello_world is simplified to use the __default policy without any
explicit policy of its own.

Using the default policy means it relies on the system tls library to
validate the tls connections using system trust arrangements, that won't
work in cases where the configured tls library does not have its own trust
store.
2022-02-22 14:37:10 +00:00

2.2 KiB

SS Example "hello_world"

This is the simplest example, showing how to do an https transaction using Secure Streams (SS) and the default policy. Because it doesn't specify a CA for the tls library to trust, it only works on systems where the tls library has its own trust store, like openssl typically. See hello_world-policy for a similar example that specifies the CA to trust for the connection in the policy.

SS' approach is to segregate "policy" (where and how to connect and authenticate for particular kinds of connection) from payloads that are transferred on the connection. In this case, all the information about the example's policy is in example-policy.json.

Source Purpose
main.c boilerplate to create the lws_context and event loop
hello_world-ss.c the secure stream user code
example-policy.json the example policy

Build

You should build and install lws itself first. Then with this directory as the cwd, you can use cmake . && make to build the example. This produces ./lws-minimal-ss-hello_world.

If lws was configured to support SS Proxying with -DLWS_WITH_SECURE_STREAMS_PROXY_API=1, then a second executable is also produced ./lws-minimal-ss-hello_world-client. This does not try to do its own networking, but instead wants to connect to an SS Proxy process that will fulfil connections itself using its own policy.

Running

You should be able to run ./lws-minimal-ss-hello_world directly and see it fetch a webpage (just the start and end of each chunk are logged).

To go via the SS Proxy, run ./lws-minimal-ss-hello_world-client and an SS Proxy, eg, the example one found in ./minimal-examples/ssproxy/ssproxy-socket.

Options

Commandline option Meaning
-d <bitmap> Enable logging levels (default 1031 (USER, ERR, WARN, NOTICE), 1039 = +INFO, 1151 = +INFO, DEBUG), -DCMAKE_BUILD_TYPE=DEBUG needed for logs more verbose that NOTICE
--ssproxy-port <port> If going via an SS Proxy, default is Unix Domain Socket @proxy.ss.lws, you can force a different proxy's TCP port with this
--ssproxy-ads <ads> Set non-default hostname or IP address proxy is on
--ssproxy-iface <iface> Set non-default UDS path if starts with +, else interface to bind TCP connection to for proxy