[Libwebsockets] Verify server certificate?

Andy Green andy at warmcat.com
Sat Mar 12 04:30:44 CET 2016



On 03/12/2016 01:49 AM, Adam MacBeth wrote:
> It looks like out of the box the client doesn't do any verification on
> server certificates. Is there a way to enable this?

Send the code that works and I'll add it with a context creation option.

> I used LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS to grab the
> SSL_CTX and call SSL_CTX_set_verify() with SSL_VERIFY_PEER. If
> verification fails this appears to result in the websocket getting
> cleaned up but I never see LWS_CALLBACK_CLIENT_CONNECTION_ERROR,
> just LWS_CALLBACK_WSI_DESTROY. Is this expected?

Again it's helpful to see what you actually did patchwise.

If there's a path that should return connection error, I can make sure 
it does but there's not enough info here to take care of it.

-Andy

> Thanks,
> Adam
>
>
>
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets
>



More information about the Libwebsockets mailing list