[Libwebsockets] turn off server certificate validation

Andy Green andy at warmcat.com
Wed Aug 13 12:22:29 CEST 2014



On 13 August 2014 17:51:59 GMT+08:00, Andy Green <andy at warmcat.com> wrote:
>
>
>On 13 August 2014 17:45:16 GMT+08:00, Subi S S
><subi.s at cambiumnetworks.com> wrote:
>>I guess it is bit issue with 4096 cert it didn't work, but with 2048
>>key it worked.
>
>Maybe but hard to see how it's directly related, lws uses the SSL
>library to deal with everything about the cert.
>
>Maybe the cert is bigger and exposes a bug where we don't handle
>SSL_WANT when we should... but then it would just fail out you would
>think, before checking the cert...

I cannot reproduce that problem.

I changed the keysize to 4096 in cmake and recook, local client can connect perfectly well to that server and a client on an Arm box in the same LAN is also OK.

-Andy

>-Andy
>
>>-----Original Message-----
>>From: Subi S S 
>>Sent: Wednesday, August 13, 2014 2:54 PM
>>To: 'Andy Green'; libwebsockets at ml.libwebsockets.org
>>Subject: RE: [Libwebsockets] turn off server certificate validation
>>
>>No it is not solving the issue :( 
>>
>>-----Original Message-----
>>From: Andy Green [mailto:extracats at googlemail.com] On Behalf Of Andy
>>Green
>>Sent: Wednesday, August 13, 2014 2:41 PM
>>To: Subi S S; libwebsockets at ml.libwebsockets.org
>>Subject: RE: [Libwebsockets] turn off server certificate validation
>>
>>
>>
>>On 13 August 2014 17:01:45 GMT+08:00, Subi S S
>><subi.s at cambiumnetworks.com> wrote:
>>>[122:4758] INFO: SSL_connect WANT_... retrying [122:4759] INFO: 
>>>SSL_connect WANT_... retrying [122:4759] INFO: SSL_connect WANT_... 
>>>retrying [122:4759] INFO: SSL_connect WANT_... retrying [122:4759]
>>>INFO: SSL_connect WANT_... retrying [122:4916] ERR: server's cert 
>>>didn't look good 20
>>
>>I think if you set the Ssl parameter of the client connect api to 2,
>he
>>will not complain if the cert cannot be validated by the client.
>>
>>-Andy
>>
>>>-----Original Message-----
>>>From: Andy Green [mailto:extracats at googlemail.com] On Behalf Of Andy 
>>>Green
>>>Sent: Wednesday, August 13, 2014 2:31 PM
>>>To: Subi S S; libwebsockets at ml.libwebsockets.org
>>>Subject: Re: [Libwebsockets] turn off server certificate validation
>>>
>>>
>>>
>>>On 13 August 2014 16:55:20 GMT+08:00, Subi S S 
>>><subi.s at cambiumnetworks.com> wrote:
>>>>Hi ,
>>>>
>>>>I am using libwebsocket client to connect to server having self
>>signed
>>>
>>>>certificate.
>>>>Is there a way to turn off server certificate validation in 
>>>>Libwebsocket  ?
>>>
>>>The test server also generates and uses a selfsigned cert... that
>>works 
>>>okay.
>>>
>>>What's your actual problem you're seeing?
>>>
>>>-Andy
>>>
>>>>Thanks,
>>>>Subi
>>>>
>>>>
>>>>----------------------------------------------------------------------
>>>>-
>>>>-
>>>>
>>>>_______________________________________________
>>>>Libwebsockets mailing list
>>>>Libwebsockets at ml.libwebsockets.org
>>>>http://ml.libwebsockets.org/mailman/listinfo/libwebsockets
>
>_______________________________________________
>Libwebsockets mailing list
>Libwebsockets at ml.libwebsockets.org
>http://ml.libwebsockets.org/mailman/listinfo/libwebsockets




More information about the Libwebsockets mailing list