[Libwebsockets] How to start server for SSL without server cert file path?

Andy Green andy at warmcat.com
Tue Aug 1 23:48:16 CEST 2017



On 08/02/2017 12:18 AM, Harish Kumara Marappa wrote:
> Hi,
> 
> I want to create a lws server for SSL communication. I learned from the 
> sample (test-server.c) that the 
> *lws_context_creation_info::ssl_cert_filepath* has to be set in order to 
> make server listen for SSL connection.
> 
> But the problem is that I don't have server certificate stored locally, 
> I'll be getting it from some other module in buffer.
> 
> Is there any other way to start lws server with SSL without specifying 
> cert path while creating context ?

Not as it stands... as a workaround you could create a file in /tmp for 
the duration of the vhost creation step, then unlink() it.  But that's 
not very satisfying if the reason you are doing this is driven by 
security considerations.

If you want to add the ability, the best way I can see atm is add a 
vhost options flag indicating you will provide the cert later, and have 
lws_context_init_server_ssl() take that flag to mean it should accept 
NULL ssl_cert_filepath and skip related operations while still preparing 
the ssl context otherwise.

The callback LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS to 
protocols[0] gives you the vhost's SSL_CTX in the user parameter, so you 
can do the actual certificate load there in your own code.

Patch is welcome (but good if it also patches the test server with a 
commandline option so I can confirm it's still working later).

-Andy

> *Regards,*
> 
> ||
> 
> /Harish Kumara M/
> 
> 
> 
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
> 



More information about the Libwebsockets mailing list