[Libwebsockets] turn off server certificate validation

Andy Green andy at warmcat.com
Wed Aug 13 11:51:59 CEST 2014



On 13 August 2014 17:45:16 GMT+08:00, Subi S S <subi.s at cambiumnetworks.com> wrote:
>I guess it is bit issue with 4096 cert it didn't work, but with 2048
>key it worked.

Maybe but hard to see how it's directly related, lws uses the SSL library to deal with everything about the cert.

Maybe the cert is bigger and exposes a bug where we don't handle SSL_WANT when we should... but then it would just fail out you would think, before checking the cert...

-Andy

>-----Original Message-----
>From: Subi S S 
>Sent: Wednesday, August 13, 2014 2:54 PM
>To: 'Andy Green'; libwebsockets at ml.libwebsockets.org
>Subject: RE: [Libwebsockets] turn off server certificate validation
>
>No it is not solving the issue :( 
>
>-----Original Message-----
>From: Andy Green [mailto:extracats at googlemail.com] On Behalf Of Andy
>Green
>Sent: Wednesday, August 13, 2014 2:41 PM
>To: Subi S S; libwebsockets at ml.libwebsockets.org
>Subject: RE: [Libwebsockets] turn off server certificate validation
>
>
>
>On 13 August 2014 17:01:45 GMT+08:00, Subi S S
><subi.s at cambiumnetworks.com> wrote:
>>[122:4758] INFO: SSL_connect WANT_... retrying [122:4759] INFO: 
>>SSL_connect WANT_... retrying [122:4759] INFO: SSL_connect WANT_... 
>>retrying [122:4759] INFO: SSL_connect WANT_... retrying [122:4759]
>>INFO: SSL_connect WANT_... retrying [122:4916] ERR: server's cert 
>>didn't look good 20
>
>I think if you set the Ssl parameter of the client connect api to 2, he
>will not complain if the cert cannot be validated by the client.
>
>-Andy
>
>>-----Original Message-----
>>From: Andy Green [mailto:extracats at googlemail.com] On Behalf Of Andy 
>>Green
>>Sent: Wednesday, August 13, 2014 2:31 PM
>>To: Subi S S; libwebsockets at ml.libwebsockets.org
>>Subject: Re: [Libwebsockets] turn off server certificate validation
>>
>>
>>
>>On 13 August 2014 16:55:20 GMT+08:00, Subi S S 
>><subi.s at cambiumnetworks.com> wrote:
>>>Hi ,
>>>
>>>I am using libwebsocket client to connect to server having self
>signed
>>
>>>certificate.
>>>Is there a way to turn off server certificate validation in 
>>>Libwebsocket  ?
>>
>>The test server also generates and uses a selfsigned cert... that
>works 
>>okay.
>>
>>What's your actual problem you're seeing?
>>
>>-Andy
>>
>>>Thanks,
>>>Subi
>>>
>>>
>>>----------------------------------------------------------------------
>>>-
>>>-
>>>
>>>_______________________________________________
>>>Libwebsockets mailing list
>>>Libwebsockets at ml.libwebsockets.org
>>>http://ml.libwebsockets.org/mailman/listinfo/libwebsockets




More information about the Libwebsockets mailing list