[Libwebsockets] Use of LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT breaks SSL due to lack of session ID

Bruce Perens bruce at perens.com
Wed Jun 17 22:45:26 CEST 2015


Use of LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT will break SSL
and stop serving on the SSL socket.

In the man page for SSL_CTX_set_session_id_context(), it says:

If the session id context is not set on an SSL/TLS server and client
certificates are used, stored sessions will not be reused but a fatal error
will be flagged and the handshake will fail.


Therefore, there must be a call to SSL_CTX_set_session_id_context() in the
code for LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT in ssl.c . The
session context ID may be any unique value, I stuck a random number in
there.

    Thanks

    Bruce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libwebsockets.org/pipermail/libwebsockets/attachments/20150617/4d1e61b9/attachment.html>


More information about the Libwebsockets mailing list