Project homepage Mailing List  Warmcat.com  API Docs  Github Mirror 
{"schema":"libjg2-1", "vpath":"/git/", "avatar":"/git/avatar/", "alang":"", "gen_ut":1752331983, "reponame":"libwebsockets", "desc":"libwebsockets lightweight C networking library", "owner": { "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" },"url":"https://libwebsockets.org/repo/libwebsockets", "f":3, "items": [ {"schema":"libjg2-1", "cid":"fcf3dd20cd8fa40699c08918fdf935dc", "commit": {"type":"commit", "time": 1584377957, "time_ofs": 0, "oid_tree": { "oid": "d3b973cf97a2768e0ef150d5b64d97c041173f6c", "alias": []}, "oid":{ "oid": "cf2ed9f758407827e772ad9ade89d4cd4767e060", "alias": []}, "msg": "ss: use system trust store if none given in policy", "sig_commit": { "git_time": { "time": 1584377957, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }, "sig_author": { "git_time": { "time": 1584377957, "offset": 0 }, "name": "Andy Green", "email": "andy@warmcat.com", "md5": "c50933ca2aa61e0fe2c43d46bb6b59cb" }}, "body": "ss: use system trust store if none given in policy\n\nFor general OpenSSL case, we leave connection validity to system trust\nstore bundle to decide; even for mbedtls it may have been passed a\nbundle externally and we don't want to have to list the x.509 stack\nexplicitly for a server we don't have any control over.\n\nInstead of erroring out, allow the case no trust store is specified,\njust use vhost[0] and let the system trust store decide if it likes\nthe server's cert or not.\n\n\nNo ABI change.\n" , "diff": "diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c\nindex 8de02b9..c457886 100644\n--- a/lib/secure-streams/secure-streams.c\n+++ b/lib/secure-streams/secure-streams.c\n@@ -212,19 +212,17 @@ lws_ss_client_connect(lws_ss_handle_t *h)\n \t\tlwsl_info(\u0022%s: using tls\u005cn\u0022, __func__);\n \t\ti.ssl_connection \u003d LCCSCF_USE_SSL;\n \n-\t\tif (!h-\u003epolicy-\u003etrust_store) {\n-\t\t\tlwsl_err(\u0022%s: tls required but no policy trust store\u005cn\u0022,\n-\t\t\t\t __func__);\n+\t\tif (!h-\u003epolicy-\u003etrust_store)\n+\t\t\tlwsl_info(\u0022%s: using platform trust store\u005cn\u0022, __func__);\n+\t\telse {\n \n-\t\t\treturn -1;\n-\t\t}\n-\n-\t\ti.vhost \u003d lws_get_vhost_by_name(h-\u003econtext,\n-\t\t\t\t\t\th-\u003epolicy-\u003etrust_store-\u003ename);\n-\t\tif (!i.vhost) {\n-\t\t\tlwsl_err(\u0022%s: missing vh for policy ca\u005cn\u0022, __func__);\n+\t\t\ti.vhost \u003d lws_get_vhost_by_name(h-\u003econtext,\n+\t\t\t\t\t\t\th-\u003epolicy-\u003etrust_store-\u003ename);\n+\t\t\tif (!i.vhost) {\n+\t\t\t\tlwsl_err(\u0022%s: missing vh for policy ca\u005cn\u0022, __func__);\n \n-\t\t\treturn -1;\n+\t\t\t\treturn -1;\n+\t\t\t}\n \t\t}\n \t}\n \n","s":{"c":1752331983,"u": 3074}} ],"g": 3909,"chitpc": 0,"ehitpc": 0,"indexed":0 , "ab": 0, "si": 0, "db":0, "di":0, "sat":0, "lfc": "0000"}