[Libwebsockets] Feature request: non-require verison of LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT

Andy Green andy at warmcat.com
Thu Oct 15 03:15:54 CEST 2015



On 18 June 2015 05:57:39 GMT+09:00, Bruce Perens <bruce at perens.com> wrote:
>My libwebsockets server is used to control ham radios. The American
>Radio
>Relay League operates a certification authority as part of their
>"Logbook
>of the World" project, and I can use the certificates they issue to
>verify
>that the client is licensed to operate the transmitter. This keeps me
>in
>compliance with FCC rules.
>
>But if they don't have a certificate, I would like to offer them the
>chance
>to log in with a system-specific password instead. So, I need a version
>of LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT that doesn't
>set SSL_VERIFY_FAIL_IF_NO_PEER_CERT.

I added an option

LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED

you can additionally give to remove the fail on no peer cert behaviour.

-Andy

>
>I'll eventually whip up a patch for this, I guess.
>
>    Thanks
>
>    Bruce
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Libwebsockets mailing list
>Libwebsockets at ml.libwebsockets.org
>http://ml.libwebsockets.org/mailman/listinfo/libwebsockets




More information about the Libwebsockets mailing list