Bluewing Server update to build 34

• Fixed secure websocket hosting on Windows. After initial Lacewing messages (connect, implementation), no data would go through either way. The queue would hold the data indefinitely, breaking future SSL packets' decryptions.
This has been fixed by disabling the queue functionality, more as a stop-gap than a proper fix.
(Most of my Windows tests were checking HTML5 clients connected; the more complex tests were done on Unix servers, as those were more likely to go wrong, ironically.)
• Fixed large WebSocket packets (>126 bytes) causing a disconnect - browsers have a habit of sending a large packet starting with a network packet containing just the WebSocket header, and the parser recognised the absence of data and declared the size invalid. Now, it will just say it processed nothing, so the header is sent back to the parser again (with more of the data attached).
This is again not a proper fix; although a huge packet with >2 network packets will just loop to parser a 3rd time, it's not performant. But you shouldn't be sending huge packets over WebSocket anyway. So I'm not too fussed.

In previous commits:
• Fixed SSL/TLS error reporting from always_log to using the lw_server's error handler. This is better because the fake struct hack was removed.
I moved SSL client type from lw_stream to lw_server_client to let it be passed to the error handler; I may have to revert the change partially later, if Lacewing C++ SSL clients turn out to use the SSL structs I thought were server-only.
• Fixed Firefox HTML5 client compatibility - it would request "Connection: Keep-Alive, Upgrade", not straight "Upgrade", and fail the upgrade check.

Author: SortaCore

Lacewing/Lacewing.h

@@ -1700,7 +1700,7 @@ struct relayclientinternal;
 struct relayclient
 {
 public:
-	const static int buildnum = 100;
+	const static int buildnum = 101;
 
 	void * internaltag = nullptr, *tag = nullptr;
 
@@ -1924,7 +1924,7 @@ struct codepointsallowlist {
 struct relayserverinternal;
 struct relayserver
 {
-	static const int buildnum = 33;
+	static const int buildnum = 34;
 
 	void * internaltag, * tag = nullptr;
 

Lacewing/src/openssl/sslclient.c

@@ -33,6 +33,8 @@ struct _lwp_sslclient
 
 	void * tag;
 	lwp_sslclient_on_handshook on_handshook;
+	lw_server_client client;
+	void (*on_error)(lw_server_client client, lw_error error);
 
 	#ifdef _lacewing_npn
 	  unsigned char npn [32];
@@ -47,7 +49,7 @@ extern lw_streamdef def_downstream;
 
 static void pumpclient (lwp_sslclient);
 
-lwp_sslclient lwp_sslclient_new (SSL_CTX * server_context, lw_stream socket,
+lwp_sslclient lwp_sslclient_new (SSL_CTX * server_context, lw_server_client socket,
 								 lwp_sslclient_on_handshook on_handshook,
 								 void * tag)
 {
@@ -87,10 +89,10 @@ lwp_sslclient lwp_sslclient_new (SSL_CTX * server_context, lw_stream socket,
 	lwp_retain (&ctx->downstream, "lwp_sslclient downstream");
 
 	lw_stream_add_filter_upstream
-	  (socket, &ctx->upstream, lw_false, lw_false);
+	  ((lw_stream)socket, &ctx->upstream, lw_false, lw_false);
 
 	lw_stream_add_filter_downstream
-	  (socket, &ctx->downstream, lw_false, lw_false);
+	  ((lw_stream)socket, &ctx->downstream, lw_false, lw_false);
 
 	pumpclient (ctx);
 
@@ -151,7 +153,12 @@ static size_t downstream_sink_data (lw_stream downstream,
 
 	if (bytes < 0)
 	{
-	  always_log ("SSL downstream write error!");
+		lw_error err = lw_error_new();
+		lw_error_addf(err, "SSL downstream write error %d", SSL_get_error(ctx->ssl, bytes));
+
+		if (ctx->on_error)
+			ctx->on_error(ctx->client, err);
+		lw_error_delete (err);
 
 	  lw_stream_close (&ctx->downstream, lw_true);
 
@@ -195,8 +202,15 @@ static size_t upstream_sink_data (lw_stream upstream,
 	{
 	  if (error == SSL_ERROR_WANT_READ)
 		 ctx->write_condition = error;
+	  else
+	  {
+		  lw_error err = lw_error_new();
+		  lw_error_addf(err, "SSL upstream write error %d", error);
 
-	  always_log ("SSL upstream write error!");
+		  if (ctx->on_error)
+			  ctx->on_error(ctx->client, err);
+		  lw_error_delete(err);
+	  }
 
 	  return 0;
 	}

Lacewing/src/openssl/sslclient.h

@@ -15,7 +15,7 @@ typedef struct _lwp_sslclient * lwp_sslclient;
 
 typedef void (* lwp_sslclient_on_handshook) (lwp_sslclient, void * tag);
 
-lwp_sslclient lwp_sslclient_new (SSL_CTX * server_context, lw_stream socket,
+lwp_sslclient lwp_sslclient_new (SSL_CTX * server_context, lw_server_client socket,
 								 lwp_sslclient_on_handshook, void * tag);
 
 void lwp_sslclient_delete (lwp_sslclient);

Lacewing/src/stream.c

@@ -380,7 +380,36 @@ size_t lwp_stream_write (lw_stream ctx, const char * buffer, size_t size, int fl
 		}
 		else
 		{
-			queue_back (ctx, buffer + written, size - written);
+#if _WIN32
+			// Phi note 6th Jan 2023: queue_back() was indefinitely queued and wouldn't advance
+			// for secure websockets on Windows.
+			// Initial data - that is, the lacewing connect and response, including implementation, would work.
+			// But after that, no server-sent messages would go through, and received client messages
+			// would be received, but due to not processing and decrypting all the data prior, could not decrypt
+			// properly.
+			// Note the SECBUFFER_EXTRA data, which is initial TLS non-handshake data that is returned back by
+			// the handshake func, and is not yet decrypted, thus must be passed through to the encrypt func again;
+			// this extra data triggers this if(), as not all data "written" to the TLS stream was passed through,
+			// so written < size.
+			// Since we were getting an infinite recursion where written == 0, I check written is > 0 first.
+			// Fallback are queue_back(), which on Windows doesn't work and causes client to be kicked from timeout,
+			// but is better than recurring to death.
+			//
+			
+			// loop around and pass again
+			if (written > 0)
+			{
+				const size_t roundTwo = lwp_stream_write(ctx, buffer + written, size - written, flags);
+				if (roundTwo < size - written)
+				{
+					always_log("Failed to loop around initial TLS data. Attempting to queue_back().");
+					written -= roundTwo;
+					queue_back(ctx, buffer + written, size - written);
+				}
+			}
+			else // infinite loop of written == 0 is bad
+#endif // _WIN32
+				queue_back(ctx, buffer + written, size - written);
 		}
 	}
 

Lacewing/src/unix/server.c

@@ -74,6 +74,17 @@ struct _lw_server_client
 	lw_server_client * elem;
 };
 
+void on_ssl_error(lw_server_client client, lw_error error)
+{
+	lw_error_addf(error, "SSL error");
+
+	if (client->server->on_error)
+		client->server->on_error(client->server, error);
+
+	// SSL errors are generally unrecoverable
+	lw_stream_close((lw_stream)client, lw_true);
+}
+
 static lw_server_client lwp_server_client_new (lw_server ctx, lw_pump pump, int fd)
 {
 	lw_server_client client = (lw_server_client)calloc (sizeof (*client), 1);
@@ -99,7 +110,7 @@ static lw_server_client lwp_server_client_new (lw_server ctx, lw_pump pump, int
 
 		if (ctx->ssl_context)
 		{
-			client->ssl = lwp_sslclient_new (ctx->ssl_context, (lw_stream) client,
+			client->ssl = lwp_sslclient_new (ctx->ssl_context, client,
 											on_ssl_handshook, client);
 		}
 

Lacewing/src/webserver/webserver.c

@@ -149,9 +149,11 @@ size_t lw_webserver_sink_websocket(lw_ws webserver, lwp_ws_httpclient client, co
 			// Packet is too small to necessitate a 2-byte size
 			if (size < 2 + 4 + 126)
 			{
-				error = "message too small to be valid";
-				errorCode = 1002;
-				break;
+				// Pretend we haven't read anything, so this header comes back, but with more data behind it
+				// This is necessary due to Firefox sending big WS packets as one network packet with just WS header,
+				// with next packet data.
+				// TODO: Performance: WebSocket large packet processing will be faster if we actually store the read part here, like MessageReader does.
+				return 0;
 			}
 
 			packetLen = ntohs(*(unsigned short*)&data[0]);

Lacewing/src/windows/server.c

@@ -122,14 +122,15 @@ void * lw_server_tag (lw_server ctx)
 {
 	return ctx->tag;
 }
-void on_ssl_error (lw_server ctx, lw_stream client, lw_error error)
+void on_ssl_error (lw_server_client client, lw_error error)
 {
-	lw_error_addf(error, "SSL client error");
-	if (ctx->on_error)
-		ctx->on_error(ctx, error);
+	lw_error_addf(error, "SSL error");
+	
+	if (client->server->on_error)
+		client->server->on_error(client->server, error);
 
 	// SSL errors are generally unrecoverable
-	lw_stream_close(client, lw_true);
+	lw_stream_close((lw_stream)client, lw_true);
 }
 
 lw_server_client lwp_server_client_new (lw_server ctx, SOCKET socket)
@@ -153,7 +154,6 @@ lw_server_client lwp_server_client_new (lw_server ctx, SOCKET socket)
 	if (ctx->cert_loaded)
 	{
 	  lwp_serverssl_init (&client->ssl, ctx->ssl_creds, client);
-	  client->ssl.ssl.server = ctx;
 	  client->ssl.ssl.handle_error = on_ssl_error;
 	}
 

Lacewing/src/windows/ssl/serverssl.c

@@ -13,32 +13,6 @@
 #include "serverssl.h"
 #include "../fdstream.h"
 
-// TODO: These fake structs are a hack to get around the otherwise opaque pointers, to get the error handler
-// Can't clone the handler's address, in case it's changed; can copy server, though, but can't get the handler from that
-// Maybe an extra internal function
-
-struct _lw_server_fake
-{
-	lwp_refcounted;
-
-	SOCKET socket;
-
-	lw_pump pump;
-	lw_pump_watch pump_watch;
-
-	lw_server_hook_connect on_connect;
-	lw_server_hook_disconnect on_disconnect;
-	lw_server_hook_data on_data;
-	lw_server_hook_error on_error;
-	// ... not the real struct, which is defined in a .c file
-};
-struct _lw_server_client_fake
-{
-	struct _lw_fdstream fdstream;
-
-	struct _lw_server_fake* server;
-	// ... not the real struct, which is defined in a .c file
-};
 static size_t proc_handshake_data (lwp_ssl ssl, const char * buffer, size_t size);
 
 void lwp_serverssl_init (lwp_serverssl ctx,
@@ -47,7 +21,7 @@ void lwp_serverssl_init (lwp_serverssl ctx,
 {
 	ctx->server_creds = server_creds;
 	ctx->socket = socket;
-	lwp_ssl_init (&ctx->ssl, (lw_stream) socket);
+	lwp_ssl_init (&ctx->ssl, socket);
 
 	ctx->ssl.proc_handshake_data = proc_handshake_data;
 }
@@ -124,13 +98,11 @@ size_t proc_handshake_data (lwp_ssl ssl, const char * buffer, size_t size)
 	  lw_error_add(error, GetLastError() );
 	  lw_error_addf(error, "Secure handshake failure");
 
-	  struct _lw_server_client_fake* sock = (struct _lw_server_client_fake *)ctx->socket;
-	  if (sock->server->on_error)
-		  sock->server->on_error((lw_server)sock->server, error);
+	  if (ctx->ssl.handle_error)
+		 ctx->ssl.handle_error(ctx->socket, error);
 
 	  lw_error_delete(error);
 
-	  lw_stream_close(&sock->fdstream.stream, lw_false);
 	  return size;
 	}
 

Lacewing/src/windows/ssl/ssl.c

@@ -55,7 +55,7 @@ static size_t def_upstream_sink_data (lw_stream upstream,
 		lw_error_add(err, status);
 		lw_error_addf(err, "Encrypting message failed");
 		if (ctx->handle_error)
-			ctx->handle_error(ctx->server, ctx->orig_stream, err);
+			ctx->handle_error(ctx->client, err);
 		lw_error_delete(err);
 
 		return size;
@@ -99,7 +99,7 @@ static size_t def_downstream_sink_data (lw_stream downstream,
 		 lw_error_add(err, ctx->status);
 		 lw_error_addf(err, "Secure handshake failure");
 		 if (ctx->handle_error)
-			 ctx->handle_error(ctx->server, ctx->orig_stream, err);
+			 ctx->handle_error(ctx->client, err);
 		 lw_error_delete(err);
 		 return size;
 	  }
@@ -142,7 +142,7 @@ size_t proc_message_data (lwp_ssl ctx, const char * buffer, size_t size)
 		lw_error_add(err, ctx->status);
 		lw_error_addf(err, "Secure content expired");
 		if (ctx->handle_error)
-			ctx->handle_error(ctx->server, ctx->orig_stream, err);
+			ctx->handle_error(ctx->client, err);
 		lw_error_delete(err);
 		return size;
 	}
@@ -173,7 +173,7 @@ size_t proc_message_data (lwp_ssl ctx, const char * buffer, size_t size)
 		lw_error_add(err, ctx->status);
 		lw_error_addf(err, "Error decrypting the message");
 		if (ctx->handle_error)
-			ctx->handle_error(ctx->server, ctx->orig_stream, err);
+			ctx->handle_error(ctx->client, err);
 		lw_error_delete(err);
 		return size;
 	}
@@ -231,7 +231,7 @@ const static lw_streamdef def_downstream =
 	0  /* cleanup */
 };
 
-void lwp_ssl_init (lwp_ssl ctx, lw_stream socket)
+void lwp_ssl_init (lwp_ssl ctx, lw_server_client socket)
 {
 	memset (ctx, 0, sizeof (*ctx));
 

Lacewing/src/windows/ssl/ssl.h

@@ -16,9 +16,8 @@
 typedef struct _lwp_ssl
 {
 	DWORD status;
-	lw_server server;
-	lw_stream orig_stream;
-	void (*handle_error)(lw_server, lw_stream, lw_error);
+	lw_server_client client;
+	void (*handle_error)(lw_server_client, lw_error);
 	lw_bool handshake_complete;
 
 	lw_bool got_context;
@@ -37,7 +36,7 @@ typedef struct _lwp_ssl
 
 } * lwp_ssl;
 
-void lwp_ssl_init (lwp_ssl, lw_stream socket);
+void lwp_ssl_init (lwp_ssl, lw_server_client socket);
 void lwp_ssl_cleanup (lwp_ssl);
 
 #endif