* Update TLS protocol support
TLS1.0 is past PCI's EOL; BEAST is no more
Enable elliptic curve key exchanges
Do not enable the smallest ECs for security
Do not enable the largest ECs for computational time
Do not enable 25519 (sad) because it doesn't go across the wire
Drop non-PFS key exchanges
Drop ARC4, Blowfish, DES, genprime, XTEA code
Drop renegotiation support completely
It takes so much heap that it's not likely to work out well
Tidy handling of SSL_BUFFER_SIZE
Update docs
Drop mention of startcom, since they are no more, for letsencrypt
* Update mbedtls to 2.7.7
Preserve our vsnprintf and platform hacks
* Introduce TLS maximum fragment size knob
Reduce buffer size to 4Ki by default and advertize that. That's the
largest we can advertize with the TLS MFL extension, so there's no
point in making them larger. The truly adventurous can re-raise
SSL_BUFFER_SIZE and undefine the SSL_MAX_FRAGMENT_LENGTH_CODE and get
back to the earlier behavior.
* Default to mbedTLS debug with DEVELOP_VERSION
* Add spi.set_clock_div
This will allow the SPI clock divider to be changed relatively simply,
to better support multiple devices with varying SPI clock rate support
* Add documentation
* Download pre-built toolchains
* Updated to include the platform in the name of the pre-built toolchain
* Download archive into cache/
* Update Travis configuration to use pre-built toolchain via make
* MQTT: handle large/chunked/fragmented messages properly
If a message spans multiple TCP packets it must be buffered before
delivered to LUA. Prior code did not do this at all, so this "patch"
really adds proper handling of fragmented MQTT packets.
This could also occur if multiple small messages was sent in a
single TCP packet, and the last message did not completely fit in that
packet.
Introduces a new option to the mqtt.Client constructor:
max_publish_length which defaults to 1024
Introduces a new 'overflow' callback.
Fixes issue #2308 and proper fix for PR #2544.
* mqtt.md: clarified heap allocation
* mqtt: ensure ack is sent for overflowed publish
If QoS is used we should still acknowledge that we received it, or server might retransmit it later.
The volume returned by file.mount() could not be unmounted, because vol:umount() would fail with a cryptic error about the uncallable nature of the volume userdata object. This was due to the wrong metatable name being used for setting up the volume structure. The correct name, as registered elsewhere in file.c, is now used, and vol:umount() is callable.
Any TCP packet with more than 1024 bytes of payload was silently
dropped. With MTU of 1500 the TCP payload can be up to 1460 bytes
(1500 - 20(IP hdr) - 20(TCP hdr))
- Optimise ROTable accesses and interface
This includes some refinements to the ROTable cache which remove the linker cludges on the CROSS_COMPILE builds. Also keyhole tweaks to some of the Lua VM code to implrove runtimes.
I also noticed some compile time warnings during the build; the change to uz_unzip.c doesn't impact the compiled code, but does remove the compiler warnings.