[Libwebsockets] How to start server for SSL without server cert file path?

Andy Green andy at warmcat.com
Wed Aug 9 01:33:13 CEST 2017



On August 8, 2017 7:53:23 PM GMT+08:00, Harish Kumara Marappa <h.marappa at samsung.com> wrote:
>Hi Andy,
>
> 
>
>Thanks for replying my earlier query and suggesting possible solution
>for my requirement.
>
>BTW which branch this patch should be pushed to?. I am using v2.2.1
>Tagged commit for testing.

Because it's a new feature, we can only put it on master.  Right now master is almost exactly the same as v2.3.

-Andy

> 
>
> 
>
> 
>
>Regards,
>
>Harish Kumara M
>
> 
>
> 
>
> 
>
>--------- Original Message ---------
>
>Sender : Andy Green <andy at warmcat.com>
>
>Date : 2017-08-02 03:18 (GMT+5:30)
>
>Title : Re: [Libwebsockets] How to start server for SSL without server
>cert file path?
>
> 
>
>On 08/02/2017 12:18 AM, Harish Kumara Marappa wrote: > Hi, > > I want
>to create a lws server for SSL communication. I learned from the >
>sample (test-server.c) that the >
>*lws_context_creation_info::ssl_cert_filepath* has to be set in order
>to > make server listen for SSL connection. > > But the problem is that
>I don't have server certificate stored locally, > I'll be getting it
>from some other module in buffer. > > Is there any other way to start
>lws server with SSL without specifying > cert path while creating
>context ? Not as it stands... as a workaround you could create a file
>in /tmp for the duration of the vhost creation step, then unlink() it.
>But that's not very satisfying if the reason you are doing this is
>driven by security considerations. If you want to add the ability, the
>best way I can see atm is add a vhost options flag indicating you will
>provide the cert later, and have lws_context_init_server_ssl() take
>that flag to mean it should accept NULL ssl_cert_filepath and skip
>related operations while still preparing the ssl context otherwise. The
>callback LWS_CALLBACK_OPENSSL_LOAD_EXTRA_SERVER_VERIFY_CERTS to
>protocols[0] gives you the vhost's SSL_CTX in the user parameter, so
>you can do the actual certificate load there in your own code. Patch is
>welcome (but good if it also patches the test server with a commandline
>option so I can confirm it's still working later). -Andy > *Regards,* >
>> || > > /Harish Kumara M/ > > > >
>_______________________________________________ > Libwebsockets mailing
>list > Libwebsockets at ml.libwebsockets.org >
>https://libwebsockets.org/mailman/listinfo/libwebsockets > 
>
> 
>
> 



More information about the Libwebsockets mailing list