[Libwebsockets] WebSocket Server, SSL Operation
Larry Hayes
larry.hayes at prodeasystems.com
Mon Jan 14 17:53:41 CET 2013
Hello,
I am using a slightly older version of web sockets, but don't see any
changes in the release0.6 that seem to affect the issue I ran into.
(libwebsockets-71e53691756fd420c409538c71b010997f06f414 is the version I
am using).
I run a web socket server that requires clients to present a
certificate.
context_ssl_ = libwebsocket_create_context(wssPort_, wssIpAddr_.c_str(),
protocols_ssl,
libwebsocket_internal_extensions,
cert_path.c_str(), key_path.c_str(), -1, -1,
LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT);
I am getting a crash in the OpenSSL_verify_callback().
The SSL_get_ex_data() call is returning NULL
I could not find a call to SSL_set_ex_data() for server mode operation.
Has anyone seen this crash in the newer versions?
I have not been able to get my build env setup to build the latest
version
Or I would have verified and written a bug for it.
Thanks
Larry
Patch I used to fix:
---
libwebsockets-71e53691756fd420c409538c71b010997f06f414.orig/lib/libwebso
ckets.c 2012-06-03 20:04:10.000000000 -0500
+++
libwebsockets-71e53691756fd420c409538c71b010997f06f414/lib/libwebsockets
.c 2012-08-14 13:06:09.000000000 -0500
@@ -1580,6 +1580,10 @@ libwebsocket_service_fd(struct libwebsoc
break;
}
+ SSL_set_ex_data(new_wsi->ssl,
+ openssl_websocket_private_data_index,
+ context);
+
SSL_set_fd(new_wsi->ssl, accept_fd);
n = SSL_accept(new_wsi->ssl);
This message is confidential to Prodea Systems, Inc unless otherwise indicated
or apparent from its nature. This message is directed to the intended recipient
only, who may be readily determined by the sender of this message and its
contents. If the reader of this message is not the intended recipient, or an
employee or agent responsible for delivering this message to the intended
recipient:(a)any dissemination or copying of this message is strictly
prohibited; and(b)immediately notify the sender by return message and destroy
any copies of this message in any form(electronic, paper or otherwise) that you
have.The delivery of this message and its information is neither intended to be
nor constitutes a disclosure or waiver of any trade secrets, intellectual
property, attorney work product, or attorney-client communications. The
authority of the individual sending this message to legally bind Prodea Systems
is neither apparent nor implied,and must be independently verified.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20130114/0edaf5ff/attachment.html>
More information about the Libwebsockets
mailing list