[Libwebsockets] Certificate expiration message

Brice Hamon normandviking at gmail.com
Tue Jun 2 14:06:55 CEST 2020


Hi Andy,

Thanks for your comment.

We are using the stable version 3.0 executing this:
git clone --branch v3.0-stable https://libwebsockets.org/repo/libwebsockets

The log is in lib/tls/tls.c line 257:

if (v->tls.ssl_ctx && !v->tls.skipped_certs) {

        if (now < 1464083026) /* May 2016 */
            /* our clock is wrong and we can't judge the certs */
            return -1;

        n = lws_tls_vhost_cert_info(v, LWS_TLS_CERT_INFO_VALIDITY_TO, &ir, 0);
        if (n)
            return 1;

        life = (ir.time - now) / (24 * 3600);
        lwsl_notice("   vhost %s: cert expiry: %dd\n", v->name, (int)life);
    } else
        lwsl_notice("   vhost %s: no cert\n", v->name);

The code just print the certificate expiration so this is not
something we should be concerned with.

I should have looked at the code first, I apologize.

Thank you for your help,
Brice.

On Tue, Jun 2, 2020 at 2:34 AM Andy Green <andy at warmcat.com> wrote:
>
>
>
> On 6/1/20 10:35 PM, Brice Hamon wrote:
> > Hi guys,
> >
> > We are getting this message and I was wondering if it is an indication
> > of something wrong.
> >
> > This certificate is Valid from May 14, 2020 to July 13, 2022 so will
> > expire in 771 days.
> >
> > This is coming from LWS but routed into our logging system.
> >
> > 20-06-01 17:21:04.236447 DEBUG: [WS    ]: libwebsocket:    vhost :
> > cert expiry: 770d
> >
> > 20-06-01 17:21:04.236460 NOTIC: [WS    ]: callback_http: Certificate
> > aging detected
> >
> > I don't mind the DEBUG message, which is nice but was wondering what
> > trigger the Certificate aging detected message.
>
> That message doesn't exist in current lws... when lws assesses the
> server cert lifetime left once a day, it calls back into the vhost with
> LWS_CALLBACK_VHOST_CERT_AGING to give the user code a chance to study
> the situation and maybe send email or whatever.  Either it's a message
> that only existed in previous lws you are using, or it's coming from
> user code at the callback.
>
> Either way, git grep (on the code your are building) is your friend to
> track it down.
>
> -Andy
>
> > Thanks,
> > Brice.
> > _______________________________________________
> > Libwebsockets mailing list
> > Libwebsockets at ml.libwebsockets.org
> > https://libwebsockets.org/mailman/listinfo/libwebsockets
> >


More information about the Libwebsockets mailing list