[Libwebsockets] two way ssl auth ?

Matt Williams mwilliams at calcentral.com
Mon Feb 15 19:46:59 CET 2016


Folks, 
	I have an embedded app using libwebsockets (currently 1.6.2) as a client to a tomcat8 server. All is well using one way openssl SSL auth. However, when we turn on clientAuth=“true” on the tomcat side, we end up losing on the two way auth attempting to verify the client cert. That is, turning on javax.net.debug:ssl:handshake we see  the ssl handshake exception “client did not send certificate verify message” in the log.

First, is this currently supported? How can I get libwebsockets to continue the handshake? If I have to do this locally via the callback handler, my understanding is I need to setup the openssl context before the connection is made, so need to find the earliest client callback that provides the SSL_CTX before that happens, and add the needed bits to that. 

Can anyone provide some guidence on how to get this done? I’ve not (yet) had the … pleasure of digging though openssl.

-thanks!
-matt



 


More information about the Libwebsockets mailing list