[Libwebsockets] Bug for SSL client connection ?

luc Renambot renambot at gmail.com
Thu Mar 13 03:27:56 CET 2014


Hi,

Here's my setup:
  - https server with a valid certificate (not self-signed)
     server written in node.js  on Linux
  - clients (web browsers) can access the pages fine, showing a validated
certificate

I'm writing a client using libwebsockets using a SSL connection (wss://....)
and I keep getting "error 20"
   X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer
certificate

Indeed, if I try to verify the certificate:
   openssl s_client -connect myserver:443
   that fails

but: openssl s_client -connect myserver:443  -CApath /etc/ssl
    succeeds

Apparently, clients need a call to 'SSL_CTX_set_default_verify_paths'

So in the client code of libwebsockets, I added (lib/client.c line 128):
     SSL_CTX_set_default_verify_paths(context->ssl_client_ctx)

And now it all works again.

Can anybody with more knowledge of OpenSSL confirm this ?

Thanks,

-- 
Luc.

renambot at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20140312/40205de7/attachment.html>


More information about the Libwebsockets mailing list