[Libwebsockets] Mem certs when using lws as a server

Lasa Martxel mlasa at ikerlan.es
Thu Feb 14 08:52:28 CET 2019


Morning,

I'm going to try it asap.

Thanks a lot!

-----Mensaje original-----
De: Andy Green [mailto:andy at warmcat.com] 
Enviado el: jueves, 14 de febrero de 2019 8:00
Para: Lasa Martxel; Libwebsockets at ml.libwebsockets.org
Asunto: Re: [Libwebsockets] Mem certs when using lws as a server



On 13/02/2019 23:34, Andy Green wrote:
> 
> 
> On 12/02/2019 22:32, Lasa Martxel wrote:
>> Hello,
>>
>> Is it possible to load tls certificates from memory when using 
>> libwebsockets + mbedtls as a server?
>>
>> I have seen the option to do it with lws as a client, but it looks 
>> like doing the same as a server would require adding extra fields to 
>> the lws_context_creation_info struct and modifying the 
>> lws_tls_server_vhost_backend_init in order to pass the new mem cert 
>> arguments to the lws_tls_server_certs_load call.
> 
> Right... actually lws has become very good at abstracting away the "with 
> mbedtls" or "with openssl" part... every api or arg except some small 
> cases for backwards compatibility should work exactly the same either way.
> 
> I think it's a good idea but it's a little bit of work to implement and 
> test (both with mbedtls + openssl).  I should have time in the next days.

I pushed this on master... there's also a new minimal example showing 
how to set up in-memory PEM or DER certs...

https://libwebsockets.org/git/libwebsockets/tree/minimal-examples/http-server/minimal-http-server-tls-mem

... I checked it on both mbedtls and openssl and it seems happy without 
breaking minimal-http-server-tls, which loads them as files.

I didn't test it with concatenated multicert PEMs, just with a single 
cert and key.

-Andy


More information about the Libwebsockets mailing list