Bluewing Server update to build 33

This is mostly bugfixes to build 32, but a couple improvements in there.
Fixed incorrect client flag address being read - causing server to half-handshake and not respond to any clients for entirety of hosting, dependent on server's memory address... (Build 32 is considered unstable due to this)
Fixed already-connected clients not being disconnected on unhost.
Fixed wrong websocket server (secure vs not) being passed to relayserver's disconnect handler and connect handler.
Fixed loading server cert files with one combined PFX being disallowed.
Added lw_ws_cert_expiry_time() and lw_server_cert_expiry_time().
Due to PFX password functions using WCHAR only, made the lw_char_to_wchar available in non-Unicode Windows builds as well. We target XP+, so no real reason to support non-Unicode... may be removed in future when Fusion 3.0 is out, since this repo is tied to MMF2Exts repo.
Added openssl headers from OpenSSL 1.1.1s. Unix build should use OS libraries anyway.
No longer defines ENABLE_SSL by default. It made SSL libraries required even when not in use.
Moved relayserver's websocket hosting and unhosting to their own functions so they can properly work with the regular socket server and unhost both websocket servers in one call. New functions are relayserver::host_websocket() and relayserver::unhost_websocket().
Fixed some elements not being removed from event queue (bug from liblacewing days).
Moved port number types from long to int.
Changed Windows system store cert loading (load_sys_cert) parameters from "store, location, common" to "common, location, store".
Improved expiry time logging to console.
Removed or debug-only some tracing from event queue.
Some formatting clean-up.

Author: SortaCore

Lacewing/Lacewing.h

@@ -487,10 +487,11 @@ typedef lw_i8 lw_bool;
 	lw_import				void  lw_server_host_filter		(lw_server, lw_filter);
 	lw_import				void  lw_server_unhost			(lw_server);
 	lw_import			 lw_bool  lw_server_hosting			(lw_server);
-	lw_import				long  lw_server_port			(lw_server);
-	lw_import			 lw_bool  lw_server_load_cert_file	(lw_server, const char * filename_certchain, const char* filename_privkey, const char * passphrase);
-	lw_import			 lw_bool  lw_server_load_sys_cert	(lw_server, const char * store_name, const char * common_name, const char * location);
+	lw_import				 int  lw_server_port			(lw_server);
+	lw_import			 lw_bool  lw_server_load_cert_file	(lw_server, const char * filename_certchain, const char * filename_privkey, const char * passphrase);
+	lw_import			 lw_bool  lw_server_load_sys_cert	(lw_server, const char * common_name, const char * location, const char * store_name);
 	lw_import			 lw_bool  lw_server_cert_loaded		(lw_server);
+	lw_import			  time_t  lw_server_cert_expiry_time(lw_server);
 	lw_import			 lw_bool  lw_server_can_npn			(lw_server);
 	lw_import				void  lw_server_add_npn			(lw_server, const char * protocol);
 	lw_import		const char *  lw_server_client_npn		(lw_server_client);
@@ -560,11 +561,12 @@ typedef lw_i8 lw_bool;
 	lw_import				void  lw_ws_unhost_secure			(lw_ws);
 	lw_import			 lw_bool  lw_ws_hosting					(lw_ws);
 	lw_import			 lw_bool  lw_ws_hosting_secure			(lw_ws);
-	lw_import				long  lw_ws_port					(lw_ws);
-	lw_import				long  lw_ws_port_secure				(lw_ws);
-	lw_import			 lw_bool  lw_ws_load_cert_file			(lw_ws, const char * filename_certchain, const char* filename_privkey, const char * passphrase);
-	lw_import			 lw_bool  lw_ws_load_sys_cert			(lw_ws, const char * store_name, const char * common_name, const char * location);
+	lw_import				 int  lw_ws_port					(lw_ws);
+	lw_import				 int  lw_ws_port_secure				(lw_ws);
+	lw_import			 lw_bool  lw_ws_load_cert_file			(lw_ws, const char * filename_certchain, const char * filename_privkey, const char * passphrase);
+	lw_import			 lw_bool  lw_ws_load_sys_cert			(lw_ws, const char * common_name, const char * location, const char * store_name);
 	lw_import			 lw_bool  lw_ws_cert_loaded				(lw_ws);
+	lw_import			  time_t  lw_ws_cert_expiry_time		(lw_ws);
 	lw_import				void  lw_ws_session_close			(lw_ws, const char * id);
 	lw_import				void  lw_ws_enable_manual_finish	(lw_ws);
 	lw_import				long  lw_ws_idle_timeout			(lw_ws);
@@ -726,7 +728,7 @@ std::string lw_u8str_simplify(const std::string_view first, bool destructive = t
 ///			  Both control and whitespace category will always be removed. </remarks>
 std::string_view lw_u8str_trim(std::string_view toTrim, bool abortOnTrimNeeded = false);
 
-#if defined(_WIN32) && defined(_UNICODE)
+#if defined(_WIN32)
 // For Unicode support on Windows.
 // Returns null or a wide-converted version of the U8 string passed. Free it with free(). Pass size -1 for null-terminated strings.
 extern "C" lw_import wchar_t * lw_char_to_wchar(const char * u8str, int size);
@@ -1161,11 +1163,11 @@ struct _server
 	lw_import long port	();
 
 	lw_import bool load_cert_file
-		(const char * filename_certchain, const char* filename_privkey, const char * passphrase = "");
+		(const char * filename_certchain, const char * filename_privkey, const char * passphrase = "");
 
 	lw_import bool load_sys_cert
-		(const char * storename, const char * common_name,
-		 const char * location = "CurrentUser");
+		(const char * common_name, const char * location = "CurrentUser",
+			const char * store_name = "My");
 
 	lw_import bool cert_loaded ();
 
@@ -1271,17 +1273,18 @@ struct _webserver
 	lw_import bool hosting ();
 	lw_import bool hosting_secure ();
 
-	lw_import long port ();
-	lw_import long port_secure ();
+	lw_import int port ();
+	lw_import int port_secure ();
 
 	lw_import bool load_cert_file
 		(const char * filename_certchain, const char* filename_privkey, const char * passphrase = "");
 
 	lw_import bool load_sys_cert
-		(const char * store_name, const char * common_name,
-		 const char * location = "CurrentUser");
+		(const char* common_name, const char* location = "CurrentUser",
+			const char* store_name = "My");
 
 	lw_import bool cert_loaded ();
+	lw_import time_t cert_expiry_time ();
 
 	lw_import void enable_manual_finish ();
 
@@ -1921,7 +1924,7 @@ struct codepointsallowlist {
 struct relayserverinternal;
 struct relayserver
 {
-	static const int buildnum = 32;
+	static const int buildnum = 33;
 
 	void * internaltag, * tag = nullptr;
 
@@ -1938,6 +1941,8 @@ struct relayserver
 	void host_websocket(lw_ui16 portNonSecure = 80, lw_ui16 portSecure = 443);
 	void host_websocket(lacewing::filter& filterNonSecure, lacewing::filter& filterSecure);
 	void unhost();
+	// This works with clients of regular server, so you should use this instead of websocket->unhost/unhost_secure
+	void unhost_websocket(bool insecure, bool secure);
 
 	bool hosting();
 	lw_ui16 port();
@@ -2095,7 +2100,7 @@ struct relayserver
 		// Can't use socket->address, as when server_client is free'd it is no longer valid
 		// Since there's a logical use for looking up address during closing, we'll keep a copy.
 		std::string address;
-		in6_addr addressInt = {0};
+		in6_addr addressInt = {};
 		// Time the Relay connection was approved - zero timepoint if not yet approved
 		::std::chrono::high_resolution_clock::time_point connectRequestApprovedTime;
 		::std::chrono::steady_clock::time_point lasttcpmessagetime;

Lacewing/RelayServer.cc

@@ -269,13 +269,13 @@ struct relayserverinternal
 			if (std::find(clients.begin(), clients.end(), client) != clients.end())
 			{
 				serverReadLock.lw_unlock();
-				//auto clientWriteLock = clientsocket->lock.createWriteLock();
+				auto clientWriteLock = client->lock.createWriteLock();
 				if (client->_readonly)
 					continue;
 				client->_readonly = true;
 
 				auto error = lacewing::error_new();
-				error->add("Disconnecting client ID %i due to ping timeout", client->_id);
+				error->add("Disconnecting client ID %hu due to ping timeout", client->_id);
 				handlererror(this->server, error);
 				lacewing::error_delete(error);
 
@@ -314,7 +314,8 @@ struct relayserverinternal
 			if (std::find(clients.begin(), clients.end(), client) != clients.end())
 			{
 				serverReadLock.lw_unlock();
-				//auto clientWriteLock = clientsocket->lock.createWriteLock();
+
+				auto clientWriteLock = client->lock.createWriteLock();
 				if (client->_readonly)
 					continue;
 
@@ -323,12 +324,14 @@ struct relayserverinternal
 					impl.erase(impl.cend());
 
 				auto error = lacewing::error_new();
-				error->add("Disconnecting client ID %i due to inactivity timeout; client impl \"%s\".", client->_id, impl.c_str());
+				error->add("Disconnecting client ID %hu due to inactivity timeout; client impl \"%s\".", client->_id, impl.c_str());
 				handlererror(this->server, error);
 				lacewing::error_delete(error);
 
+				// Don't send warning to a client that hasn't even sent Lacewing handshake after connecting
 				if (client->gotfirstbyte)
 					client->send(0, "You're being kicked for inactivity.", 0);
+
 				if (client->socket->is_websocket())
 					client->disconnect(1000);
 				else // Close nicely - if client has not got first byte, e.g. non-Lacewing, close immediately
@@ -1178,18 +1181,18 @@ void handlerwebserverget(lacewing::webserver webserver, lacewing::webserver_requ
 			char sha1[20];
 			lw_sha1(sha1, webSocketKey.data(), webSocketKey.size());
 			const std::string webSocketKeyResponse = b64encode(sha1, sizeof(sha1));
-
-			auto c = ((struct _lw_ws_req*)req)->client;
-			c->websocket = lw_true;
-			c->ws->timeout = 0; // disable timeout - next used when server inits a disconnect and is waiting for WebSocket close packet back
+			
+			lwp_ws_client reqClient = ((struct _lw_ws_req*)req)->client;
+			reqClient->websocket = lw_true;
+			reqClient->ws->timeout = 0; // disable timeout - next used when server inits a disconnect and is waiting for WebSocket close packet back
 
 			lw_server server;
-			if (c->secure)
-				server = ((lw_ws)webserver)->socket;
-			else
+			if (reqClient->secure)
 				server = ((lw_ws)webserver)->socket_secure;
-			lw_server_client_set_websocket(c->socket, lw_true);
-			internal.generic_handlerconnect((lacewing::server)server, (lacewing::server_client)c->socket);
+			else
+				server = ((lw_ws)webserver)->socket;
+			lw_server_client_set_websocket(reqClient->socket, lw_true);
+			internal.generic_handlerconnect((lacewing::server)server, (lacewing::server_client)reqClient->socket);
 
 			req->header("Upgrade", "WebSocket");
 			req->header("Connection", "Upgrade");
@@ -1268,9 +1271,9 @@ void handlerwebserverdisconnect(lacewing::webserver webserver, lacewing::webserv
 		return; // not websocket - just some dumb client, don't pass to relayserver
 	lw_server server;
 	if (client->secure)
-		server = ((lw_ws)webserver)->socket;
-	else
 		server = ((lw_ws)webserver)->socket_secure;
+	else
+		server = ((lw_ws)webserver)->socket;
 	internal.generic_handlerdisconnect((lacewing::server)server, (lacewing::server_client)client->socket);
 }
 
@@ -1394,6 +1397,9 @@ void relayserver::host_websocket(lw_ui16 portNonSecure, lw_ui16 portSecure)
 		websocket->host_secure(portSecure);
 		assert(websocket->hosting_secure());
 	}
+
+	relayserverinternal* serverInternal = (relayserverinternal*)internaltag;
+	serverInternal->pingtimer->start(serverInternal->tcpPingMS);
 }
 void relayserver::host_websocket(lacewing::filter& filterNonSecure, lacewing::filter& filterSecure)
 {
@@ -1410,44 +1416,99 @@ void relayserver::host_websocket(lacewing::filter& filterNonSecure, lacewing::fi
 		websocket->host_secure(filterSecure);
 		assert(websocket->hosting_secure());
 	}
+
+	relayserverinternal* serverInternal = (relayserverinternal*)internaltag;
+	serverInternal->pingtimer->start(serverInternal->tcpPingMS);
 }
 
 void relayserver::unhost()
 {
-	socket->unhost();
-	udp->unhost();
-	websocket->unhost();
-	websocket->unhost_secure();
+	// websocket and flash are unhosted explicitly only, as they're hosted explicitly
+	// flash only points to regular server, so it has no client list itself
 
 	relayserverinternal* serverInternal = (relayserverinternal*)internaltag;
-	serverInternal->pingtimer->stop();
+	const bool isWebSocketActive = websocket->hosting() || websocket->hosting_secure();
+	if (!isWebSocketActive)
+		serverInternal->pingtimer->stop();
 
 	// This will drop all clients, by doing so drop all channels
 	// and both of those will free the IDs
-	// We'll set them all as readonly so peer leave messages aren't sent as the clients leave their channels
-	for (auto &c : serverInternal->clients)
-		c->_readonly = true; // unhost() has already made clients inaccessible
+	// We'll set the leavers all as readonly before closing channels, so peer leave messages aren't sent to them
+	// as the clients leave their channels
+	for (auto& c : serverInternal->clients)
+	{
+		if (!c->socket->is_websocket())
+			c->_readonly = true; // unhost() has already made clients inaccessible
+	}
 
 	// Prevent the channel_close handler from being run
-	const auto handler = serverInternal->handlerchannel_close;
-	serverInternal->handlerchannel_close = nullptr;
+	// const auto handler = serverInternal->handlerchannel_close;
+	// serverInternal->handlerchannel_close = nullptr;
+
+	// disconnect handlers check server that ran them is still hosting
+	socket->unhost();
+	udp->unhost();
+
+	// Reinstate for next host() call
+	// serverInternal->handlerchannel_close = handler;
+}
+void relayserver::unhost_websocket(bool insecure, bool secure)
+{
+	// Turn off parameters for servers that aren't hosting
+	insecure &= websocket->hosting();
+	secure &= websocket->hosting_secure();
+
+	if (!insecure && !secure)
+		return;
 
-	while (!serverInternal->clients.empty())
+	// disconnect handlers check server that ran them is still hosting
+	relayserverinternal* serverInternal = (relayserverinternal*)internaltag;
+	// If we've got a different server up (and we're not about to unhost it here), then keep ping timer running
+	const bool isOtherHosting = socket->hosting() || (!insecure && websocket->hosting()) || (!secure && websocket->hosting_secure());
+	if (!isOtherHosting)
+		serverInternal->pingtimer->stop();
+
+	// We'll set the leavers all as readonly before closing channels, so peer leave messages aren't sent to leavers
+	// as the clients leave their channels
+	// (they're still sent to clients on still-hosting servers, obviously)
+	if (insecure)
 	{
-		auto& c = serverInternal->clients.back();
-		serverInternal->close_client(c);
+		for (auto c = lw_server_client_first(((lw_ws)websocket)->socket); c; c = lw_server_client_next(c))
+		{
+			relayserver::client* client = (relayserver::client*)lw_server_client_get_relay_tag(c);
+			if (client)
+				client->_readonly = true;
+		}
 	}
-
-	// any with autoclose on
-	while (!serverInternal->channels.empty())
+	if (secure)
 	{
-		auto& c = serverInternal->channels.back();
-		c->_readonly = true;
-		serverInternal->close_channel(c);
+		for (auto c = lw_server_client_first(((lw_ws)websocket)->socket_secure); c; c = lw_server_client_next(c))
+		{
+			relayserver::client* client = (relayserver::client*)lw_server_client_get_relay_tag(c);
+			if (client)
+				client->_readonly = true;
+		}
 	}
 
-	// Reinstate for next host() call
-	serverInternal->handlerchannel_close = handler;
+	// Prevent the channel_close handler from being run
+	// const auto handler = server->handlerchannel_close;
+	// serverInternal->handlerchannel_close = nullptr;
+
+	// This will drop clients, by doing so drop all channels and both of those will free the IDs
+	//
+	// The lower-level handler (lacewing::handlerdisconnect) will be triggered, but will not call the RelayServer disconnect handler,
+	// as that will check server is hosting before calling it
+	// note: unhost calls handlerdisconnect, which:
+	// expects client still in server list
+	// calls close_client
+	// resets relay tag to null
+	if (insecure)
+		websocket->unhost();
+	if (secure)
+		websocket->unhost_secure();
+
+	// Resume close handler
+	// serverInternal->handlerchannel_close = handler;
 }
 
 bool relayserver::hosting()
@@ -2438,7 +2499,7 @@ bool relayserverinternal::client_messagehandler(std::shared_ptr<relayserver::cli
 		case 10: /* implementation response */
 		{
 			const std::string_view impl = reader.get(reader.bytesleft());
-			if (reader.failed || impl.empty())
+			if (reader.failed || impl.empty() || !lw_u8str_validate(impl))
 			{
 				errStr << "Failed to read implementation response"sv;
 				trustedClient = false;
@@ -2462,14 +2523,17 @@ bool relayserverinternal::client_messagehandler(std::shared_ptr<relayserver::cli
 			}
 			else if (impl.find("Android"sv) != std::string_view::npos)
 				client->clientImpl = relayserver::client::clientimpl::Android;
-			else if (impl.find("Flash"sv) != std::string_view::npos)
-				client->clientImpl = relayserver::client::clientimpl::Flash;
 			else if (impl.find("iOS"sv) != std::string_view::npos)
 				client->clientImpl = relayserver::client::clientimpl::iOS;
-			else if (impl.find("Macintosh"sv) != std::string_view::npos)
-				client->clientImpl = relayserver::client::clientimpl::Macintosh;
+			// First test in client build 99, first release as build 100
 			else if (impl.find("HTML5"sv) != std::string_view::npos)
 				client->clientImpl = relayserver::client::clientimpl::HTML5;
+			// While supported, Blue Flash never existed, and Relay Flash won't return a implementation response
+			else if (impl.find("Flash"sv) != std::string_view::npos)
+				client->clientImpl = relayserver::client::clientimpl::Flash;
+			// While supported, not created yet
+			else if (impl.find("Macintosh"sv) != std::string_view::npos)
+				client->clientImpl = relayserver::client::clientimpl::Macintosh;
 			else
 			{
 				errStr << "Failed to recognise platform of implementation \""sv << impl << "\". Leaving it as Unknown."sv;
@@ -3004,9 +3068,11 @@ void relayserver::connect_response(
 
 	framebuilder builder(true);
 
-	// Force a connect refusal if not hosting serevr
+	// Force a connect refusal if not hosting server
+	// TODO: Is this necessary? Client should've been d/c'd on unhost
+	// If it is necessary, the HTML5 server hosting check is borked, client could be on the other  server
 	std::string_view denyReason = passedDenyReason;
-	if (denyReason.empty() && !hosting())
+	if (denyReason.empty() && (client->socket->is_websocket() ? !websocket->hosting() && !websocket->hosting_secure() : !hosting()))
 		denyReason = "Server has shut down."sv;
 
 	// Connect request denied
@@ -3026,7 +3092,7 @@ void relayserver::connect_response(
 
 	// Connect request accepted
 
-	lw_trace("Connect request accepted in relayserver::connectresponse");
+	lwp_trace("Connect request accepted in relayserver::connectresponse");
 	client->connectRequestApproved = true;
 	client->connectRequestApprovedTime = decltype(client->connectRequestApprovedTime)::clock::now();
 	client->clientImpl = relayserver::client::clientimpl::Unknown;