Sync with upstream 1.8.0

.github/workflows/codeql-analysis.yml

@@ -13,12 +13,12 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [master]
   schedule:
-    - cron: '27 2 * * 2'
+    - cron: "27 2 * * 2"
 
 jobs:
   analyze:
@@ -32,41 +32,41 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'cpp' ]
+        language: ["cpp"]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
         # Learn more:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@v2
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-        queries: +security-and-quality
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+          # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+      #    and modify them (or add more) to build your code if your project
+      #    uses a compiled language
 
-    #- run: |
-    #   make bootstrap
-    #   make release
+      #- run: |
+      #   make bootstrap
+      #   make release
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.gitmodules

@@ -1,6 +1,3 @@
-[submodule "extern/nng-wolfssl"]
-	path = extern/nng-wolfssl
-	url = https://github.com/staysail/nng-wolfssl
 [submodule "extern/msquic"]
 	path = extern/msquic
 	url = https://github.com/microsoft/msquic.git

CMakeLists.txt

@@ -25,7 +25,7 @@
 #   IN THE SOFTWARE.
 #
 
-cmake_minimum_required(VERSION 3.13)
+cmake_minimum_required(VERSION 3.15)
 
 project(nng C)
 include(CheckCCompilerFlag)

cmake/FindwolfSSL.cmake

@@ -0,0 +1,66 @@
+#
+# Copyright 2024 Staysail Systems, Inc. <[email protected]>
+#
+# This software is supplied under the terms of the MIT License, a
+# copy of which should be located in the distribution where this
+# file was obtained (LICENSE.txt).  A copy of the license may also be
+# found online at https://opensource.org/licenses/MIT.
+#
+
+#
+# Try to find the wolfSSL library.  We only support modern wolfSSL,
+# not the older CyaSSL.
+#
+# Sets the following:
+#
+#  WOLFSSL_INCLUDE_DIR  - Where to find wolfssl/ssl.h, etc.
+#  WOLFSSL_FOUND        - True if we found wolfSSL.
+#  WOLFSSL_LIBRARIES    - The wolfSSL library (libwolfssl).
+#  WOLFSSL_LIBRARY      - The wolfSSL library (libwolfssl).
+#  WOLFSSL_VERSION      - $major.$minor.$revision (e.g. ``3.13.0``).
+#
+# Adds wolfSSL::wolfssl target for the library.
+#
+# Hints:
+#
+# Set ``WOLFSSL_ROOT_DIR`` to the root directory of wolfSSL installation.
+#
+
+set(_WOLFSSL_ROOT_HINTS ${WOLFSSL_ROOT_DIR} ENV WOLFSSL_ROOT_DIR)
+
+include(FindPackageHandleStandardArgs)
+include(CMakePushCheckState)
+
+find_path(WOLFSSL_INCLUDE_DIR
+    NAMES wolfssl/ssl.h
+    HINTS ${_WOLFSSL_ROOT_HINTS}
+    PATHS /usr/local
+    PATH_SUFFIXES include)
+
+find_library(WOLFSSL_LIBRARY
+    NAMES wolfssl
+    HINTS ${_WOLFSSL_ROOT_HINTS}
+    PATHS /usr/local
+    PATH_SUFFIXES lib)
+
+set(WOLFSSL_LIBRARIES ${WOLFSSL_LIBRARY})
+if (${WOLFSSL_LIBRARY-NOTFOUND})
+    message(FATAL_ERROR "Failed to find wolfSSL library")
+endif()
+
+mark_as_advanced(WOLFSSL_INCLUDE_DIR WOLFSSL_LIBRARY)
+
+# Extract the version from the header... hopefully it matches the library.
+file(STRINGS ${WOLFSSL_INCLUDE_DIR}/wolfssl/version.h _WOLFSSL_VERLINE
+    REGEX "^#define[ \t]+LIBWOLFSSL_VERSION_STRING[\t ].*")
+string(REGEX REPLACE ".*WOLFSSL_VERSION_STRING[\t ]+\"(.*)\"" "\\1" WOLFSSL_VERSION ${_WOLFSSL_VERLINE})
+
+add_library(wolfSSL::wolfssl UNKNOWN IMPORTED)
+
+set_target_properties(wolfSSL::wolfssl PROPERTIES INTERFACE_INCLUDE_DIRECTORIES "${WOLFSSL_INCLUDE_DIR}")
+set_target_properties(wolfSSL::wolfssl PROPERTIES IMPORTED_LOCATION "${WOLFSSL_LIBRARY}")
+
+set(wolfSSL_TARGET wolfssl::wolfssl)
+
+find_package_handle_standard_args(wolfSSL
+    REQUIRED_VARS WOLFSSL_LIBRARY WOLFSSL_INCLUDE_DIR VERSION_VAR WOLFSSL_VERSION)

docs/BUILD_TLS.md

@@ -0,0 +1,80 @@
+# Building for TLS Support
+
+If you want to include support for Transport Layer Security
+(`tls+tcp://` and `wss://` URLs) you should follow these directions.
+
+TLS support in NNG depends on either the [Mbed TLS](https://tls.mbed.org/)
+or [WolfSSL](https://www.wolfssl.com/) library (your choice).
+
+> [!IMPORTANT]
+> These libraries are licensed under different terms than NNG.
+> You are responsible for reading those license terms, and ensuring
+> that your use conforms to them.
+
+> [!TIP]
+> This project receives no compensation or support in any other form
+> from either ARM (owners of the Mbed TLS project) or WolfSSL.
+> Thus, as a special request, if you're paying for commercial licenses for
+> either Mbed TLS or WolfSSL for use with NNG, please consider also sponsoring
+> this project or obtaining a commercial support contract from
+> [Staysail Systems, Inc.](https://www.staysail.tech/)
+> You can enquire about support contracts at [email protected].
+> Sponsorship information is available on our
+> [GitHub page](https://github.com/nanomsg/nng). Thank you!
+
+On many distributions you may be able to install a pre-packaged version
+of either library. We recommend doing so if this is an option for you.
+For example, Ubuntu users can install the `libmbedtls-dev` package.
+
+You can also build these from source; if you choose to do so,
+please make sure you also _install_ it somewhere (even a temporary
+staging directory).
+
+## Configuring NNG with TLS
+
+TLS support is not enabled by default, but can be enabled by configuring
+with the CMake option `NNG_ENABLE_TLS=ON`.
+
+You can select which library to use by using `NNG_TLS_ENGINE=mbed` or
+`NNG_TLS_ENGINE=wolf`. If you specify neither, then Mbed TLS will be assumed
+by default.
+
+By default NNG searches for an installed components in `/usr/local`,
+as well as the normal installation directories for libraries on your system.
+
+If you have installed Mbed TLS elsewhere, you can direct the NNG configuration
+to it by setting the `MBEDTLS_ROOT_DIR` or `WOLFSSL_ROOT_DIR` CMake variable
+as appropriate.
+
+## Example
+
+The following example would work on either Linux or macOS, and assumes
+that we have checked out github source trees into `$HOME/work`.
+It also assumes that Mbed TLS is already installed in `/usr/local` or
+a standard search path.
+
+```
+
+$ export NNGDIR=$HOME/work/nng
+$ mkdir build
+$ cd build
+
+$ cmake -G Ninja -DNNG_ENABLE_TLS=ON ..
+
+... (lots of lines of output from cmake...)
+
+$ ninja build
+
+... (lots of lines of output from ninja...)
+
+$ ./src/supplemental/tls/tls_test -v
+
+... (lots of lines of output from the test ...)
+
+Summary:
+  Count of all unit tests:        9
+  Count of run unit tests:        9
+  Count of failed unit tests:     0
+  Count of skipped unit tests:    0
+SUCCESS: All unit tests have passed.
+```

docs/man/CMakeLists.txt

@@ -340,6 +340,7 @@ if (NNG_ENABLE_DOC)
             nng_tls_config_free
             nng_tls_config_hold
             nng_tls_config_own_cert
+            nng_tls_config_psk
             nng_tls_config_server_name
             nng_tls_engine_description
             nng_tls_engine_fips_mode

docs/man/libnng.3.adoc

@@ -1,6 +1,6 @@
 = libnng(3)
 //
-// Copyright 2023 Staysail Systems, Inc. <[email protected]>
+// Copyright 2024 Staysail Systems, Inc. <[email protected]>
 // Copyright 2018 Capitar IT Group BV <[email protected]>
 // Copyright 2019 Devolutions <[email protected]>
 // Copyright 2020 Dirac Research <[email protected]>
@@ -461,6 +461,7 @@ with TLS support.
 |xref:nng_tls_config_ca_chain.3tls.adoc[nng_tls_config_ca_chain()]|set certificate authority chain
 |xref:nng_tls_config_ca_file.3tls.adoc[nng_tls_config_ca_file()]|load certificate authority from file
 |xref:nng_tls_config_cert_key_file.3tls.adoc[nng_tls_config_cert_key_file()]|load own certificate and key from file
+|xref:nng_tls_config_psk.3tls.adoc[nng_tls_config_psk()]|set pre-shared key and identity
 |xref:nng_tls_config_own_cert.3tls.adoc[nng_tls_config_own_cert()]|set own certificate and key
 |xref:nng_tls_config_free.3tls.adoc[nng_tls_config_free()]|free TLS configuration
 |xref:nng_tls_config_server_name.3tls.adoc[nng_tls_config_server_name()]|set remote server name

docs/man/nng_clock.3supp.adoc

@@ -1,6 +1,6 @@
 = nng_clock(3supp)
 //
-// Copyright 2018 Staysail Systems, Inc. <[email protected]>
+// Copyright 2024 Staysail Systems, Inc. <[email protected]>
 // Copyright 2018 Capitar IT Group BV <[email protected]>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -18,7 +18,6 @@ nng_clock - get time
 [source, c]
 ----
 #include <nng/nng.h>
-#include <nng/supplemental/util/platform.h>
 
 typedef uint64_t nng_time;
 
@@ -37,8 +36,7 @@ very fine-grained values.
 IMPORTANT: The reference time will be the same for a given program,
 but different programs may have different references.
 
-TIP: This function is intended mostly to help with setting appropriate
-timeouts using xref:nng_cv_until.3supp.adoc[`nng_cv_until()`].
+TIP: This function should help with setting appropriate timeouts.
 
 == RETURN VALUES
 

docs/man/nng_cv_alloc.3supp.adoc

@@ -1,6 +1,6 @@
 = nng_cv_alloc(3supp)
 //
-// Copyright 2018 Staysail Systems, Inc. <[email protected]>
+// Copyright 2024 Staysail Systems, Inc. <[email protected]>
 // Copyright 2018 Capitar IT Group BV <[email protected]>
 //
 // This document is supplied under the terms of the MIT License, a
@@ -18,7 +18,6 @@ nng_cv_alloc - allocate condition variable
 [source, c]
 ----
 #include <nng/nng.h>
-#include <nng/supplemental/util/platform.h>
 
 typedef struct nng_cv nng_cv;