From 63694a1eb7e9db83cdcac43ba704ffbb8bc8056f Mon Sep 17 00:00:00 2001 From: stropee Date: Fri, 12 Jun 2026 15:54:29 +0200 Subject: [PATCH 1/6] Fix build on system without filesystem Signed-off-by: stropee --- lib/system/policy.c | 3 +++ lib/tls/mbedtls/mbedtls-server.c | 4 ++++ lib/tls/mbedtls/wrapper/platform/ssl_pm.c | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/lib/system/policy.c b/lib/system/policy.c index e47c6a4405..7a0c938728 100644 --- a/lib/system/policy.c +++ b/lib/system/policy.c @@ -25,6 +25,7 @@ #include #if defined(LWS_WITH_NETWORK) +#if defined(LWS_WITH_FILE_OPS) static const char * const policy_paths[] = { "dns_base_dir", @@ -70,6 +71,7 @@ policy_cb(struct lejp_ctx *ctx, char reason) return 0; } + static const char *default_policy = "{\n" " \"dns_base_dir\": \"/var/dnssec\",\n" @@ -155,6 +157,7 @@ lws_system_parse_policy(struct lws_context *cx, const char *filepath, lws_system lws_system_policy_free(p); return 1; } +#endif void lws_system_policy_free(lws_system_policy_t *policy) diff --git a/lib/tls/mbedtls/mbedtls-server.c b/lib/tls/mbedtls/mbedtls-server.c index c524df23a6..43b3feb569 100644 --- a/lib/tls/mbedtls/mbedtls-server.c +++ b/lib/tls/mbedtls/mbedtls-server.c @@ -181,7 +181,11 @@ lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi, mbedtls_x509_crt_init(&extras); if (cert) +#if defined(MBEDTLS_FS_IO) n = mbedtls_x509_crt_parse_file(&extras, cert); +#else + n = -1; /* can't parse file if we don't have file I/O */ +#endif else if (mem_cert && mem_cert_len) n = mbedtls_x509_crt_parse(&extras, (const unsigned char *)mem_cert, diff --git a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c index add2596adf..29e2aeaf19 100755 --- a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c +++ b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c @@ -787,6 +787,7 @@ int x509_pm_load(X509 *x, const unsigned char *buffer, int len) int x509_pm_load_file(X509 *x, const char *path) { +#if defined(MBEDTLS_FS_IO) int ret; struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; @@ -813,11 +814,13 @@ int x509_pm_load_file(X509 *x, const char *path) ssl_mem_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; no_mem: +#endif return -1; } int x509_pm_load_path(X509 *x, const char *path) { +#if defined(MBEDTLS_FS_IO) int ret; struct x509_pm *x509_pm = (struct x509_pm *)x->x509_pm; @@ -844,6 +847,7 @@ int x509_pm_load_path(X509 *x, const char *path) ssl_mem_free(x509_pm->x509_crt); x509_pm->x509_crt = NULL; no_mem: +#endif return -1; } From 6eb871935d3ec2babe064ae630b84e1e3b92f029 Mon Sep 17 00:00:00 2001 From: stropee Date: Fri, 12 Jun 2026 15:54:47 +0200 Subject: [PATCH 2/6] server.c : Allow SO_REUSEADDR and IPV6_V6ONLY if defined with LwIP stack Signed-off-by: stropee --- lib/roles/http/server/server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/roles/http/server/server.c b/lib/roles/http/server/server.c index a442a75738..50b00e0067 100644 --- a/lib/roles/http/server/server.c +++ b/lib/roles/http/server/server.c @@ -111,7 +111,7 @@ _lws_vhost_init_server_af(struct vh_sock_args *a) lws_sockfd_type sockfd; struct lws *wsi; int m = 0, is = 0; -#if !defined(LWS_PLAT_FREERTOS) && defined(LWS_WITH_IPV6) && defined(IPV6_V6ONLY) +#if defined(LWS_WITH_IPV6) && defined(IPV6_V6ONLY) int value = 1; #endif @@ -257,7 +257,6 @@ _lws_vhost_init_server_af(struct vh_sock_args *a) return 1; } -#if !defined(LWS_PLAT_FREERTOS) #if defined(WIN32) && defined(LWS_WITH_UNIX_SOCK) if (a->af != AF_UNIX) { #endif @@ -280,6 +279,7 @@ _lws_vhost_init_server_af(struct vh_sock_args *a) } else #endif +#if defined(SO_REUSEADDR) /* * allow us to restart even if old sockets in TIME_WAIT */ @@ -289,6 +289,7 @@ _lws_vhost_init_server_af(struct vh_sock_args *a) compatible_close(sockfd); return -1; } +#endif #if defined(WIN32) && defined(LWS_WITH_UNIX_SOCK) } #endif @@ -326,7 +327,6 @@ _lws_vhost_init_server_af(struct vh_sock_args *a) // return -1; } #endif -#endif #if defined(LWS_WITH_UNIX_SOCK) lws_plat_set_socket_options(a->vhost, sockfd, a->af == AF_UNIX); #else From d9ef8cb1921ba64a28505814aab496b7daa517b4 Mon Sep 17 00:00:00 2001 From: stropee Date: Fri, 12 Jun 2026 15:55:48 +0200 Subject: [PATCH 3/6] Allow client connect with IPv6 link local address along with scope id in iface field on FreeRTOS/LwIP Signed-off-by: stropee --- lib/core-net/client/connect3.c | 15 +++++++++++++++ lib/core-net/network.c | 16 ++++++++++++++-- 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/lib/core-net/client/connect3.c b/lib/core-net/client/connect3.c index 3b73226776..e695a12cd1 100644 --- a/lib/core-net/client/connect3.c +++ b/lib/core-net/client/connect3.c @@ -520,6 +520,21 @@ lws_client_connect_3_connect(struct lws *wsi, const char *ads, goto try_next_dns_result_fds; } } + +#if defined(LWS_WITH_IPV6) && (defined(LWS_AMAZON_RTOS) || defined(LWS_ESP_PLATFORM)) + /* + * For IPv6 link-local addresses on FreeRTOS/lwIP, getaddrinfo() + * does not set sin6_scope_id. Set it from the iface stash so + * connect() can route to the correct network interface. + */ + if (iface && *iface && + wsi->sa46_peer.sa4.sin_family == AF_INET6 && + !wsi->sa46_peer.sa6.sin6_scope_id) { + unsigned long scope = lws_get_addr_scope(wsi, iface); + if (scope) + wsi->sa46_peer.sa6.sin6_scope_id = (uint32_t)scope; + } +#endif } #if defined(LWS_WITH_UNIX_SOCK) diff --git a/lib/core-net/network.c b/lib/core-net/network.c index 3ee9a905d8..32e475c87c 100644 --- a/lib/core-net/network.c +++ b/lib/core-net/network.c @@ -290,7 +290,7 @@ lws_socket_bind(struct lws_vhost *vhost, struct lws *wsi, #ifdef LWS_WITH_UNIX_SOCK struct sockaddr_un serv_unix; #endif -#if defined(LWS_WITH_IPV6) && !defined(LWS_PLAT_FREERTOS) && !defined(LWS_PLAT_OPTEE) +#if defined(LWS_WITH_IPV6) && !defined(LWS_PLAT_OPTEE) struct sockaddr_in6 serv_addr6; #endif struct sockaddr_in serv_addr4; @@ -337,7 +337,18 @@ lws_socket_bind(struct lws_vhost *vhost, struct lws *wsi, // lwsl_hexdump_notice(v, n); break; #endif -#if defined(LWS_WITH_IPV6) && !defined(LWS_PLAT_FREERTOS) +#if defined(LWS_WITH_IPV6) +#if defined(LWS_PLAT_FREERTOS) + case AF_INET6: + v = (struct sockaddr *)&serv_addr6; + n = sizeof(struct sockaddr_in6); + memset(&serv_addr6, 0, sizeof(serv_addr6)); + serv_addr6.sin6_family = AF_INET6; + serv_addr6.sin6_port = (uint16_t)htons((uint16_t)port); + if (iface) + serv_addr6.sin6_scope_id = (uint32_t)lws_get_addr_scope(wsi, iface); + break; +#else case AF_INET6: v = (struct sockaddr *)&serv_addr6; n = sizeof(struct sockaddr_in6); @@ -363,6 +374,7 @@ lws_socket_bind(struct lws_vhost *vhost, struct lws *wsi, serv_addr6.sin6_port = (uint16_t)htons((uint16_t)port); break; +#endif #endif case AF_INET: From 155efe7bef04bc8f29297a3db044a4774f7ed997 Mon Sep 17 00:00:00 2001 From: stropee Date: Fri, 12 Jun 2026 15:58:11 +0200 Subject: [PATCH 4/6] txpacer : add global ifdef for FreeRTOS/OPTEE/Baremetal system Signed-off-by: stropee --- lib/core-net/txpacer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/core-net/txpacer.c b/lib/core-net/txpacer.c index 4dc5bc5e22..98c827aab3 100644 --- a/lib/core-net/txpacer.c +++ b/lib/core-net/txpacer.c @@ -25,6 +25,7 @@ #include "private-lib-core.h" #if defined(LWS_HAVE_PTHREAD_H) +#if !defined(LWS_PLAT_OPTEE) && !defined(LWS_PLAT_BAREMETAL) && !defined(LWS_PLAT_FREERTOS) struct lws_txp { lws_txp_info_t txp_info; @@ -198,5 +199,5 @@ lws_txp_append(struct lws_txp *txp, uint8_t *buf, size_t len) pthread_mutex_unlock(&txp->lock); return ret; } - +#endif #endif /* LWS_HAVE_PTHREAD_H */ From d8b4769f07c460c68d988df81778790daf7842a3 Mon Sep 17 00:00:00 2001 From: Andy Green Date: Wed, 17 Jun 2026 07:56:41 +0100 Subject: [PATCH 5/6] sonarqube-fixes2 --- contrib/mcufont/encoder/encode_rlefont.cc | 3 +++ contrib/mcufont/encoder/freetype_import.cc | 4 ++-- .../api-tests/api-test-gencrypto/lws-genaes.c | 4 ++++ .../api-tests/api-test-gencrypto/lws-genrsa.c | 8 ++++---- minimal-examples-lowlevel/api-tests/api-test-x509/main.c | 4 ++-- minimal-examples/embedded/lhp/main.c | 1 + .../rt595/hello_world/project/source/sspc/system.c | 2 ++ .../protocol_lws_acme_client_core.c | 5 ++++- 8 files changed, 22 insertions(+), 9 deletions(-) diff --git a/contrib/mcufont/encoder/encode_rlefont.cc b/contrib/mcufont/encoder/encode_rlefont.cc index 40ccbd354c..f4198b89eb 100644 --- a/contrib/mcufont/encoder/encode_rlefont.cc +++ b/contrib/mcufont/encoder/encode_rlefont.cc @@ -256,6 +256,9 @@ static DictTreeNode *find_tree_node(DataFile::pixels_t::const_iterator begin, DictTreeNode *root) { DictTreeNode* node = root; + if (!node) + return nullptr; + while (begin != end) { uint8_t pixel = *begin++; diff --git a/contrib/mcufont/encoder/freetype_import.cc b/contrib/mcufont/encoder/freetype_import.cc index 27a0734d7d..bbec866df5 100644 --- a/contrib/mcufont/encoder/freetype_import.cc +++ b/contrib/mcufont/encoder/freetype_import.cc @@ -35,7 +35,7 @@ class _FT_Library { public: _FT_Library() { checkFT(FT_Init_FreeType(&m_lib)); } - ~_FT_Library() { checkFT(FT_Done_FreeType(m_lib)); } + ~_FT_Library() { FT_Done_FreeType(m_lib); } operator FT_Library() { return m_lib; } private: @@ -51,7 +51,7 @@ class _FT_Face checkFT(FT_New_Memory_Face(lib, (const unsigned char *)&data[0], data.size(), 0, &m_face)); } - ~_FT_Face() { checkFT(FT_Done_Face(m_face)); } + ~_FT_Face() { FT_Done_Face(m_face); } operator FT_Face() { return m_face; } FT_Face operator->() { return m_face; } diff --git a/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genaes.c b/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genaes.c index 17886791d1..b5f0956efa 100644 --- a/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genaes.c +++ b/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genaes.c @@ -1229,6 +1229,10 @@ test_genaes_branch_matrix(void) if (basic_cases[n].mode == LWS_GAESM_CTR || basic_cases[n].mode == LWS_GAESM_XTS) continue; +#endif +#if defined(LWS_WITH_MBEDTLS) && defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x04000000 + if (basic_cases[n].mode == LWS_GAESM_XTS) + continue; #endif if (lws_genaes_run_hex_case(&basic_cases[n])) { lwsl_err("%s: basic_cases[%d] failed\n", __func__, n); diff --git a/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genrsa.c b/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genrsa.c index 03722bc206..36ba678650 100644 --- a/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genrsa.c +++ b/minimal-examples-lowlevel/api-tests/api-test-gencrypto/lws-genrsa.c @@ -10,7 +10,7 @@ #include #include - #if !defined(LWS_WITH_GNUTLS) + #if !defined(LWS_WITH_GNUTLS) && !(defined(LWS_WITH_MBEDTLS) && defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000) static int test_genrsa_roundtrips(struct lws_context *context) { @@ -297,21 +297,21 @@ test_genrsa_fixed_vectors(struct lws_context *context) int test_genrsa(struct lws_context *context) { -#if !defined(LWS_WITH_GNUTLS) +#if !defined(LWS_WITH_GNUTLS) && !(defined(LWS_WITH_MBEDTLS) && defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000) if (test_genrsa_roundtrips(context)) goto bail; if (test_genrsa_fixed_vectors(context)) goto bail; #else - lwsl_notice("%s: Skipping RSA encrypt/decrypt tests (unsupported on GnuTLS)\n", __func__); + lwsl_notice("%s: Skipping RSA encrypt/decrypt tests (unsupported on this backend)\n", __func__); #endif lwsl_notice("%s: selftest OK\n", __func__); return 0; -#if !defined(LWS_WITH_GNUTLS) +#if !defined(LWS_WITH_GNUTLS) && !(defined(LWS_WITH_MBEDTLS) && defined(MBEDTLS_VERSION_NUMBER) && MBEDTLS_VERSION_NUMBER >= 0x03000000) bail: lwsl_err("%s: selftest failed ++++++++++++++++++++\n", __func__); diff --git a/minimal-examples-lowlevel/api-tests/api-test-x509/main.c b/minimal-examples-lowlevel/api-tests/api-test-x509/main.c index e81b327d3b..48d6e2b91f 100644 --- a/minimal-examples-lowlevel/api-tests/api-test-x509/main.c +++ b/minimal-examples-lowlevel/api-tests/api-test-x509/main.c @@ -77,8 +77,8 @@ int main(int argc, const char **argv) goto bail; } - if (memcmp(big + sizeof(*res) - sizeof(res->ns.name), - expected_spki, (size_t)res->ns.len)) { + size_t name_offset = (size_t)((uint8_t *)&res->ns.name - (uint8_t *)res); + if (memcmp(big + name_offset, expected_spki, (size_t)res->ns.len)) { lwsl_err("SPKI content mismatch\n"); ret = 1; goto bail; diff --git a/minimal-examples/embedded/lhp/main.c b/minimal-examples/embedded/lhp/main.c index 45cba065cf..78ba586250 100644 --- a/minimal-examples/embedded/lhp/main.c +++ b/minimal-examples/embedded/lhp/main.c @@ -103,6 +103,7 @@ static int do_reboot(void) { esp_restart(); + return 0; } static int diff --git a/minimal-examples/embedded/rt595/hello_world/project/source/sspc/system.c b/minimal-examples/embedded/rt595/hello_world/project/source/sspc/system.c index daf7413f3b..0aae7a8a48 100644 --- a/minimal-examples/embedded/rt595/hello_world/project/source/sspc/system.c +++ b/minimal-examples/embedded/rt595/hello_world/project/source/sspc/system.c @@ -237,6 +237,8 @@ int gettimeofday(struct timeval *tv, void *tx) tv->tv_sec = u / 1000000; tv->tv_usec = u - (tv->tv_sec * 1000000); + + return 0; } long long atoll(const char *s) diff --git a/plugins/protocol_lws_acme_client/protocol_lws_acme_client_core.c b/plugins/protocol_lws_acme_client/protocol_lws_acme_client_core.c index b5a0e48c68..14de99d32f 100644 --- a/plugins/protocol_lws_acme_client/protocol_lws_acme_client_core.c +++ b/plugins/protocol_lws_acme_client/protocol_lws_acme_client_core.c @@ -2339,7 +2339,10 @@ lws_acme_core_cert_aging(struct per_vhost_data__lws_acme_client *vhd, const struct lws_acme_cert_aging_args *caa) { if (!vhd || !vhd->cert_configs.head) { - lwsl_vhost_notice(vhd->vhost, "acme_aging: aborting, no vhd or cert_configs.head is empty\n"); + if (vhd) + lwsl_vhost_notice(vhd->vhost, "acme_aging: aborting, cert_configs.head is empty\n"); + else + lwsl_notice("acme_aging: aborting, no vhd\n"); return 0; } From 2343abf1db173d6b87e6fe681197120acea30fb8 Mon Sep 17 00:00:00 2001 From: stropee Date: Wed, 17 Jun 2026 15:19:53 +0200 Subject: [PATCH 6/6] lws_getaddrinfo46 : pass AI_NUMERICHOST to getaddrinfo if numero host is detected Signed-off-by: stropee --- lib/core-net/client/connect2.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lib/core-net/client/connect2.c b/lib/core-net/client/connect2.c index 7585000f94..854d410c2d 100644 --- a/lib/core-net/client/connect2.c +++ b/lib/core-net/client/connect2.c @@ -42,6 +42,7 @@ lws_getaddrinfo46(struct lws *wsi, const char *ads, struct addrinfo **result) char buckname[32]; #endif int n; + uint8_t naddr[16]; memset(&hints, 0, sizeof(hints)); *result = NULL; @@ -61,6 +62,15 @@ lws_getaddrinfo46(struct lws *wsi, const char *ads, struct addrinfo **result) hints.ai_family = PF_UNSPEC; } + /* + * If the address is already a numeric IPv4 or IPv6 literal, set + * AI_NUMERICHOST so that getaddrinfo() resolves it locally without + * issuing any DNS query (which would be wrong, and on lwIP/FreeRTOS + * would produce a spurious DNS A request for a link-local address). + */ + if (lws_parse_numeric_address(ads, naddr, sizeof(naddr)) > 0) + hints.ai_flags |= AI_NUMERICHOST; + #if defined(LWS_WITH_CONMON) wsi->conmon_datum = lws_now_usecs(); #endif