[Libwebsockets] Mem certs when using lws as a server

Andy Green andy at warmcat.com
Thu Feb 14 07:59:49 CET 2019



On 13/02/2019 23:34, Andy Green wrote:
> 
> 
> On 12/02/2019 22:32, Lasa Martxel wrote:
>> Hello,
>>
>> Is it possible to load tls certificates from memory when using 
>> libwebsockets + mbedtls as a server?
>>
>> I have seen the option to do it with lws as a client, but it looks 
>> like doing the same as a server would require adding extra fields to 
>> the lws_context_creation_info struct and modifying the 
>> lws_tls_server_vhost_backend_init in order to pass the new mem cert 
>> arguments to the lws_tls_server_certs_load call.
> 
> Right... actually lws has become very good at abstracting away the "with 
> mbedtls" or "with openssl" part... every api or arg except some small 
> cases for backwards compatibility should work exactly the same either way.
> 
> I think it's a good idea but it's a little bit of work to implement and 
> test (both with mbedtls + openssl).  I should have time in the next days.

I pushed this on master... there's also a new minimal example showing 
how to set up in-memory PEM or DER certs...

https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/http-server/minimal-http-server-tls-mem

... I checked it on both mbedtls and openssl and it seems happy without 
breaking minimal-http-server-tls, which loads them as files.

I didn't test it with concatenated multicert PEMs, just with a single 
cert and key.

-Andy


More information about the Libwebsockets mailing list