[Libwebsockets] Client doesn't present certificate when requested?

Andy Green andy at warmcat.com
Tue Jun 11 21:08:02 CEST 2019



On 6/10/19 6:48 PM, Anton Pavlovich wrote:
> Hello all,
> 
> I can't get client authentication working with libwebsockets test client 
> for some reason despite -C option being used:
> [2019/06/10 13:11:31:4022] NOTICE: libwebsockets test client - license 
> LGPL2.1+SLE
> [2019/06/10 13:11:31:4022] NOTICE: (C) Copyright 2010-2018 Andy Green 
> <andy at warmcat.com <mailto:andy at warmcat.com>>
> [2019/06/10 13:11:31:4022] NOTICE:  Using SSL
> [2019/06/10 13:11:31:4022] NOTICE:  Selfsigned certs allowed [2019/06/10 
> 13:11:31:4022] NOTICE:  Skipping peer cert hostname check [2019/06/10 
> 13:11:31:4034] NOTICE: Creating Vhost 'default' (serving disabled), 3 
> protocols, IPv6 off [2019/06/10 13:11:31:4035] NOTICE: 
> lws_tls_client_create_vhost_context: doing cert filepath 
> /xxx/libwebsockets/build/libwebsockets-test-server.pem
> [2019/06/10 13:11:31:4036] NOTICE: Loaded client cert 
> /xxx/libwebsockets/build/libwebsockets-test-server.pem
> 
> Whenever a server requests a certificate, the client responds with zero 
> length cert and handshake fails
> Secure Sockets Layer
>      TLSv1 Record Layer : Handshake Protocol: Certificate
>          Content Type: Handshake (22)
>          Version: TLS 1.0 (0x0301)
>          Length: 7
>          Handshake Protocol: Certificate
>               Handshake Type: Certificate (11)
>               Length: 3
>               Certificates Length: 0
> 
> This behaviour is consistent across several different servers.
> Have been looking for an answer on my own and still coming short. 
> Appreciate any advice.

Can you provide your test CA and a test client cert, along with exactly 
what you give the test client?

-Andy

> Regards,
> Anton
> 
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
> 


More information about the Libwebsockets mailing list