[Libwebsockets] how to generate ssl cert with openssl for use with libwebsocket

Andy Green andy at warmcat.com
Mon May 23 08:37:32 CEST 2016



On May 23, 2016 2:11:39 PM GMT+08:00, kang joni <kangjoni76 at gmail.com> wrote:
>I want standard rsa aes gcm SSL cert for use with libwebsocket, I'm
>not sure how to do this. My openssl version is openssl_1_0_2g

Lws just takes whatever cert you give it, and passes it to openssl along with an optional string telling openssl which ciphers, hashes and key exchange mechanisms should be allowed in info.ssl_cipher_list.  If you're not fussed (or not allowed to use strong crypto with PFS in your country...) you can allow everything, including weak things, by setting it to "ALL".

You can see an example for generating selfsigned certs in CMakeLists.txt

https://github.com/warmcat/libwebsockets/blob/master/CMakeLists.txt#L1076

What the cert actually uses when it's created is purely an openssl thing.  The interpretation of the cert itself is purely an openssl thing.  Unless some issue turns up about lws integration, for generating the cert how you want you will get better help asking on the openssl list

https://mta.openssl.org/mailman/listinfo/openssl-users

-Andy

>Thanks
>_______________________________________________
>Libwebsockets mailing list
>Libwebsockets at ml.libwebsockets.org
>http://libwebsockets.org/mailman/listinfo/libwebsockets




More information about the Libwebsockets mailing list