[Libwebsockets] How to start server for SSL without server cert file path?
andy at warmcat.com
Tue Aug 1 23:48:16 CEST 2017
On 08/02/2017 12:18 AM, Harish Kumara Marappa wrote:
> I want to create a lws server for SSL communication. I learned from the
> sample (test-server.c) that the
> *lws_context_creation_info::ssl_cert_filepath* has to be set in order to
> make server listen for SSL connection.
> But the problem is that I don't have server certificate stored locally,
> I'll be getting it from some other module in buffer.
> Is there any other way to start lws server with SSL without specifying
> cert path while creating context ?
Not as it stands... as a workaround you could create a file in /tmp for
the duration of the vhost creation step, then unlink() it. But that's
not very satisfying if the reason you are doing this is driven by
If you want to add the ability, the best way I can see atm is add a
vhost options flag indicating you will provide the cert later, and have
lws_context_init_server_ssl() take that flag to mean it should accept
NULL ssl_cert_filepath and skip related operations while still preparing
the ssl context otherwise.
The callback LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS to
protocols gives you the vhost's SSL_CTX in the user parameter, so you
can do the actual certificate load there in your own code.
Patch is welcome (but good if it also patches the test server with a
commandline option so I can confirm it's still working later).
> /Harish Kumara M/
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
More information about the Libwebsockets