[Libwebsockets] turn off server certificate validation

Subi S S subi.s at cambiumnetworks.com
Wed Aug 13 13:47:52 CEST 2014


I will try generate again and see whether I can reproduce the issue.

-----Original Message-----
From: Andy Green [mailto:extracats at googlemail.com] On Behalf Of Andy Green
Sent: Wednesday, August 13, 2014 3:52 PM
To: Subi S S; libwebsockets at ml.libwebsockets.org
Subject: Re: [Libwebsockets] turn off server certificate validation



On 13 August 2014 17:51:59 GMT+08:00, Andy Green <andy at warmcat.com> wrote:
>
>
>On 13 August 2014 17:45:16 GMT+08:00, Subi S S 
><subi.s at cambiumnetworks.com> wrote:
>>I guess it is bit issue with 4096 cert it didn't work, but with 2048 
>>key it worked.
>
>Maybe but hard to see how it's directly related, lws uses the SSL 
>library to deal with everything about the cert.
>
>Maybe the cert is bigger and exposes a bug where we don't handle 
>SSL_WANT when we should... but then it would just fail out you would 
>think, before checking the cert...

I cannot reproduce that problem.

I changed the keysize to 4096 in cmake and recook, local client can connect perfectly well to that server and a client on an Arm box in the same LAN is also OK.

-Andy

>-Andy
>
>>-----Original Message-----
>>From: Subi S S
>>Sent: Wednesday, August 13, 2014 2:54 PM
>>To: 'Andy Green'; libwebsockets at ml.libwebsockets.org
>>Subject: RE: [Libwebsockets] turn off server certificate validation
>>
>>No it is not solving the issue :(
>>
>>-----Original Message-----
>>From: Andy Green [mailto:extracats at googlemail.com] On Behalf Of Andy 
>>Green
>>Sent: Wednesday, August 13, 2014 2:41 PM
>>To: Subi S S; libwebsockets at ml.libwebsockets.org
>>Subject: RE: [Libwebsockets] turn off server certificate validation
>>
>>
>>
>>On 13 August 2014 17:01:45 GMT+08:00, Subi S S 
>><subi.s at cambiumnetworks.com> wrote:
>>>[122:4758] INFO: SSL_connect WANT_... retrying [122:4759] INFO: 
>>>SSL_connect WANT_... retrying [122:4759] INFO: SSL_connect WANT_... 
>>>retrying [122:4759] INFO: SSL_connect WANT_... retrying [122:4759]
>>>INFO: SSL_connect WANT_... retrying [122:4916] ERR: server's cert 
>>>didn't look good 20
>>
>>I think if you set the Ssl parameter of the client connect api to 2,
>he
>>will not complain if the cert cannot be validated by the client.
>>
>>-Andy
>>
>>>-----Original Message-----
>>>From: Andy Green [mailto:extracats at googlemail.com] On Behalf Of Andy 
>>>Green
>>>Sent: Wednesday, August 13, 2014 2:31 PM
>>>To: Subi S S; libwebsockets at ml.libwebsockets.org
>>>Subject: Re: [Libwebsockets] turn off server certificate validation
>>>
>>>
>>>
>>>On 13 August 2014 16:55:20 GMT+08:00, Subi S S 
>>><subi.s at cambiumnetworks.com> wrote:
>>>>Hi ,
>>>>
>>>>I am using libwebsocket client to connect to server having self
>>signed
>>>
>>>>certificate.
>>>>Is there a way to turn off server certificate validation in 
>>>>Libwebsocket  ?
>>>
>>>The test server also generates and uses a selfsigned cert... that
>>works
>>>okay.
>>>
>>>What's your actual problem you're seeing?
>>>
>>>-Andy
>>>
>>>>Thanks,
>>>>Subi
>>>>
>>>>
>>>>--------------------------------------------------------------------
>>>>--
>>>>-
>>>>-
>>>>
>>>>_______________________________________________
>>>>Libwebsockets mailing list
>>>>Libwebsockets at ml.libwebsockets.org
>>>>http://ml.libwebsockets.org/mailman/listinfo/libwebsockets
>
>_______________________________________________
>Libwebsockets mailing list
>Libwebsockets at ml.libwebsockets.org
>http://ml.libwebsockets.org/mailman/listinfo/libwebsockets



More information about the Libwebsockets mailing list