[Libwebsockets] WebSocket Server, SSL Operation

Larry Hayes larry.hayes at prodeasystems.com
Mon Jan 14 17:53:41 CET 2013 

Hello,

 

I am using a slightly older version of web sockets, but don't see any
changes in the release0.6 that seem to affect the issue I ran into.

(libwebsockets-71e53691756fd420c409538c71b010997f06f414 is the version I
am using).

 

 

I run a web socket server that requires clients to present a
certificate.

 

context_ssl_ = libwebsocket_create_context(wssPort_, wssIpAddr_.c_str(),
protocols_ssl,

                           libwebsocket_internal_extensions,

                           cert_path.c_str(), key_path.c_str(), -1, -1, 

LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT);

 

I am getting a crash in the OpenSSL_verify_callback().

The SSL_get_ex_data() call is returning NULL

 

I could not find a call to SSL_set_ex_data() for server mode operation.

 

Has anyone seen this crash in the newer versions?

 

 

I have not been able to get my build env setup to build the latest
version

Or I would have verified and written a bug for it.

 

Thanks

 

Larry

 

 

Patch I used to fix:

---
libwebsockets-71e53691756fd420c409538c71b010997f06f414.orig/lib/libwebso
ckets.c 2012-06-03 20:04:10.000000000 -0500

+++
libwebsockets-71e53691756fd420c409538c71b010997f06f414/lib/libwebsockets
.c  2012-08-14 13:06:09.000000000 -0500

@@ -1580,6 +1580,10 @@ libwebsocket_service_fd(struct libwebsoc

                break;

            }

 

+           SSL_set_ex_data(new_wsi->ssl,

+                               openssl_websocket_private_data_index,

+                                                  context);

+

            SSL_set_fd(new_wsi->ssl, accept_fd);

 

            n = SSL_accept(new_wsi->ssl);




This message is confidential to Prodea Systems, Inc unless otherwise indicated

or apparent from its nature. This message is directed to the intended recipient

only, who may be readily determined by the sender of this message and its

contents. If the reader of this message is not the intended recipient, or an

employee or agent responsible for delivering this message to the intended

recipient:(a)any dissemination or copying of this message is strictly

prohibited; and(b)immediately notify the sender by return message and destroy

any copies of this message in any form(electronic, paper or otherwise) that you

have.The delivery of this message and its information is neither intended to be

nor constitutes a disclosure or waiver of any trade secrets, intellectual

property, attorney work product, or attorney-client communications. The

authority of the individual sending this message to legally bind Prodea Systems 

is neither apparent nor implied,and must be independently verified.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20130114/0edaf5ff/attachment.html>

More information about the Libwebsockets mailing list