This MR is intended to fix incorrect parsing of HTTP requests when empty header values are present.
The issue is was due to asymmetric behavior of `http_parser` library, which in case of:
non-empty header values : invokes callbacks with the pointer to the start of a value
empty header values : invokes callbacks with pointer to the start of next header or section
Since HTTP server relies on this pointer (along with length of the value) to locate the end of a value, and replace the line terminators (CRLFs) with null characters, the second case needed to be handled correctly.
Closes IDFGH-1539
Closes https://github.com/espressif/esp-idf/issues/3803
If httpd_sess_trigger_close() gets called twice for the same socket,
the first httpd_sess_close() cb closes the correct socket, but the second
invocation closes the wrong socket which was just accepted and added to
the socket db. Checking for the lru counter will help identify this as the
counter is set only for requests actually served.
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
open_fn() was introduced in the context of HTTPS server, as a configurable callback function that is called by the HTTP server, on every newly created socket. It is responsible of allocating resources for per session transport security.
Earlier, if open_fn were to fail, the newly created socket would be closed by the server but the corresponding entry, for the now invalid socket, will remain in the internal socket database until that invalid socket is detected due to error when calling select(). Because of this delayed closing of sockets, the HTTPS server would quickly face shortage of available sessions when a lot of SSL handshake errors are happening (this typically occurs when a browser finds that the server certificate is self signed). This changes in this MR fix this issue by clearing up the socket from internal database, right after open_fn fails.
Closes https://github.com/espressif/esp-idf/issues/3479
List of changes:
* Kconfig option HTTPD_LOG_PURGE_DATA enables logging of purged data
* Kconfig option HTTPD_PURGE_BUF_LEN sets purge buffer length
* Purged data is logged in hex
Closes https://github.com/espressif/esp-idf/issues/3359
Issue : Restarting the server without 30sec delay between httpd_stop() and httpd_start() causes EADDRINUSE error
Resolution : Use setsockopt() to enable SO_REUSEADDR on listener socket
Closes https://github.com/espressif/esp-idf/issues/3381
This fix prevents HTTP server from accepting new connections when the total count of connected
sockets has reached the max_open_sockets limit set during configuration. The pending connections
are kept in backlog until atleast one of the connected sockets is closed. The maximum number of
connection requests that can kept in backlog is specified as backlog_conn configuration option.
Note that this modification has no effect when LRU purge is enabled.
Also added sanity check on setting for max_open_sockets during configuration.
Solution suggested by jimparis https://github.com/espressif/esp-idf/issues/3183#issue-421234265
Closes https://github.com/espressif/esp-idf/issues/3183
List of changes:
* When parsing requests, count termination from LF characters only
* Correct memcpy() length parameter in httpd_unrecv() (pointed out by jimparis in GitHub issue thread)
* Use ssize_t to store results of length subtractions during parsing
* Modify some comments to reduce ambiguity
Closes https://github.com/espressif/esp-idf/issues/3182
The task that runs the HTTP server can now be pinned to a particular core by setting `core_id`
in the HTTP server configuration. By default, the core is set to `tskNO_AFFINITY`, meaning
it can run on any core.
Merges https://github.com/espressif/esp-idf/pull/3190
By default, if a URI handler changes the http session context,
the webserver internally clears the older context after the handler
returns. However, if applications want to change this behavior and
manage the allocation/de-allocation/freeing themselves and let the
server handle only the "socket close" case, this commit provides such
an option.
Added APIs :
* httpd_resp_send_err() : for sending HTTP error responses for error codes given by httpd_err_code_t. It uses TCP_NODELAY option to ensure that HTTP error responses reach the client before socket is closed.
* httpd_register_err_handler() : for registering HTTP error handler functions of type httpd_err_handler_func_t.
The default behavior, on encountering errors during processing of HTTP requests, is now to send HTTP error response (if possible) and close the underlying socket. User configurable handlers can be used to override this behavior for each error individually (except for 500 Internal Server Error).
Also fixed some typos.
Closes https://github.com/espressif/esp-idf/issues/3005
Note : In future consider deprecating usage of -1 for setting
buffer length equal to string length in APIs httpd_resp_send()
and httpd_resp_send_chunk()
New unity component can be used for testing other applications.
Upstream version of Unity is included as a submodule.
Utilities specific to ESP-IDF unit tests (partitions, leak checking
setup/teardown functions, etc) are kept only in unit-test-app.
Kconfig options are added to allow disabling certain Unity features.
* http_sess_set_*_override APIs are now the only ones available to set custom recv/send/pending functions
* Fixed side effects to using http_sess_set/get_context inside URI handlers
Changes:
- renamed `httpd_free_sess_ctx_fn_t` to `httpd_free_ctx_fn_t`
- added a `httpd_handle_t` argument to `httpd_send_func_t` and `httpd_recv_func_t`
- internal function `httpd_sess_get()` is no longer static, as it's used in other
files besides httpd_sess.c
Bug fixes:
- removed a trailing semicolon from `HTTPD_DEFAULT_CONFIG()`
- fixed issue with failed `select()`, now it automatically closes invalid sockets
instead of shutting down the entire server
New features:
- `httpd_resp_send()` and `httpd_resp_send_chunk()` now accept -1 as length to use
`strlen()` internally
- added `httpd_sess_set_ctx()` to accompany `httpd_sess_get_ctx()`
- added a "transport context" to the session structure (next to user context)
- added `httpd_sess_{get,set}_transport_ctx()` to work with this transport context
- added "global user context" and "global transport context" stored in the server
config (and then the handle); supports a user-provided free_fn
- added a "pending func" to e.g. check for data in the transport layer receive
buffer
- added functions `httpd_set_sess_{send,recv,pending}_override()` that target
a session by ID (i.e. not using a request object)
- added `httpd_set_pending_override()`
- added a "open_fn" and "close_fn" - functions called when creating and closing
a session. These may be used to set up transport layer encryption or some other
session-wide feature
