[Libwebsockets] [libwebsockets] #94: Websocket connection fails with 'Intermediate' certificate

Trac trac at libwebsockets.org
Wed Oct 22 00:05:05 CEST 2014


#94: Websocket connection fails with  'Intermediate' certificate
------------------------------------+-----------------
 Reporter:  Arjun                   |      Owner:
     Type:  defect                  |     Status:  new
 Priority:  major                   |  Milestone:
Component:  libwebsocket test apps  |    Version:
 Keywords:                          |
------------------------------------+-----------------
 Hi,

 We are using libwebsocket in our application, we run websocket as windows
 service, its used for communication between webclient and window service,
 when configured with to run in secured mode with one CA certificate it
 runs fine, but when we configure with chain(intermediate) and root
 certificate and try to create websocket connection we get "Websocket
 connection failed" error on the webclient and in the libwebsocket code it
 fails in 'SSL_accept' method in libwebsocets.c file.

 ======================================================
 #ifdef LWS_OPENSSL_SUPPORT
                 new_wsi->ssl = NULL;

                 if (context->use_ssl) {

                         new_wsi->ssl = SSL_new(context->ssl_ctx);
                         if (new_wsi->ssl == NULL) {
                                 fprintf(stderr, "SSL_new failed: %s\n",
                                     ERR_error_string(SSL_get_error(
                                     new_wsi->ssl, 0), NULL));
                                     libwebsockets_decode_ssl_error();
                                 free(new_wsi);
                                 break;
                         }

                         SSL_set_fd(new_wsi->ssl, accept_fd);

                         n = SSL_accept(new_wsi->ssl);
                         if (n != 1) {
                                 /*
                                  * browsers seem to probe with various
                                  * ssl params which fail then retry
                                  * and succeed
                                  */
                                 debug("SSL_accept failed skt %u: %s\n",
                                       pollfd->fd,
                                       ERR_error_string(SSL_get_error(
                                       new_wsi->ssl, n), NULL));
                                 SSL_free(
                                        new_wsi->ssl);
                                 free(new_wsi);
                                 break;
                         }
 ========================================
 Can anyone please let me know if libwebsocket supports chain certificates,
 if yes, how should it be configured?

 I'd really appreciate your help on this matter.

--
Ticket URL: <http://libwebsockets.org/trac/libwebsockets/ticket/94>
libwebsockets <http://libwebsockets.org>
libwebsockets C library



More information about the Libwebsockets mailing list