[Libwebsockets] Mem certs when using lws as a server
andy at warmcat.com
Thu Feb 14 07:59:49 CET 2019
On 13/02/2019 23:34, Andy Green wrote:
> On 12/02/2019 22:32, Lasa Martxel wrote:
>> Is it possible to load tls certificates from memory when using
>> libwebsockets + mbedtls as a server?
>> I have seen the option to do it with lws as a client, but it looks
>> like doing the same as a server would require adding extra fields to
>> the lws_context_creation_info struct and modifying the
>> lws_tls_server_vhost_backend_init in order to pass the new mem cert
>> arguments to the lws_tls_server_certs_load call.
> Right... actually lws has become very good at abstracting away the "with
> mbedtls" or "with openssl" part... every api or arg except some small
> cases for backwards compatibility should work exactly the same either way.
> I think it's a good idea but it's a little bit of work to implement and
> test (both with mbedtls + openssl). I should have time in the next days.
I pushed this on master... there's also a new minimal example showing
how to set up in-memory PEM or DER certs...
... I checked it on both mbedtls and openssl and it seems happy without
breaking minimal-http-server-tls, which loads them as files.
I didn't test it with concatenated multicert PEMs, just with a single
cert and key.
More information about the Libwebsockets