[Libwebsockets] LCCSCF_ALLOW_SELFSIGNED not applied after redirect
Andy Green
andy at warmcat.com
Wed Dec 22 12:08:30 CET 2021
On 12/22/21 10:28, Roman Nikiforov wrote:
> Hi Andy,
>
> I'm trying to get lws working on iPhone (iOS). With wolfSLL I had no
> luck, only "E: lws_client_connect_via_info: no vhost", but now I tied it
Dunno... that sounds like something wrong with init before that error.
> with mbedtls, that works perfectly together with lws on Android and it
> look better, but lws closes connection because of self signed SSL
> certificate. LCCSCF_ALLOW_SELFSIGNED is set and it seems to work one time:
>
> [2021/12/21 20:18:13:0727] I: lws_tls_session_new_mbedtls:
> [wsicli|0|WS/h1/default/dev.medrepo.de]: new default_dev.medrepo.de_443,
> (default:1)
> [2021/12/21 20:18:13:0727] I: lws_tls_client_connect: client connect OK
> [2021/12/21 20:18:13:0727] D: lws_ssl_client_connect2: SSL_connect says 0
> [2021/12/21 20:18:13:0727] I: lws_tls_restrict_return_handshake: 1 -> 0
> [2021/12/21 20:18:13:0727] N: lws_gate_accepts: on = 0
> [2021/12/21 20:18:13:0727] D: get_verify says 24
> [2021/12/21 20:18:13:0727] I: lws_tls_client_confirm_peer_cert: cert
> problem: invalidca
> [2021/12/21 20:18:13:0727] I: lws_tls_client_confirm_peer_cert: allowing
> anyway
Hm.
> Then connection is redirected to LWSWS
>
> [2021/12/21 20:18:13:1070] N: lws_client_reset: REDIRECT
> dev.medrepo.de:443, path='jasca/', ssl = 1, alpn='h2;http/1.1'
>
> and here LCCSCF_ALLOW_SELFSIGNED seems to be ignored
>
> [2021/12/21 20:18:13:1714] I: lws_tls_session_new_mbedtls:
> [wsicli|0|WS/h1/default/dev.medrepo.de]: reuse
> default_dev.medrepo.de_443, (default:1)
> [2021/12/21 20:18:13:1714] I: lws_tls_client_connect: client connect OK
> [2021/12/21 20:18:13:1714] D: lws_ssl_client_connect2: SSL_connect says 0
> [2021/12/21 20:18:13:1714] I: lws_tls_restrict_return_handshake: 1 -> 0
> [2021/12/21 20:18:13:1714] N: lws_gate_accepts: on = 0
> [2021/12/21 20:18:13:1714] D: get_verify says 24
> [2021/12/21 20:18:13:1714] I: lws_tls_client_confirm_peer_cert: cert
> problem: invalidca
> [2021/12/21 20:18:13:1714] I: server's cert didn't look good, invalidca
> (use_ssl 0x1) X509_V_ERR = 24: CA is not trusted
Does this help?
diff --git a/lib/roles/http/client/client-http.c
b/lib/roles/http/client/client-http.c
index 465b4f0fd7..4eebbe7211 100644
--- a/lib/roles/http/client/client-http.c
+++ b/lib/roles/http/client/client-http.c
@@ -1650,6 +1650,8 @@ lws_client_reset(struct lws **pwsi, int ssl, const
char *address, int port,
wsi->flags = (wsi->flags & (~LCCSCF_USE_SSL)) |
(ssl ? LCCSCF_USE_SSL : 0);
+ if (ssl)
+ wsi->tls.use_ssl = wsi->flags;
if (!cisin[CIS_ALPN] || !cisin[CIS_ALPN][0])
#if defined(LWS_ROLE_H2)
-Andy
More information about the Libwebsockets
mailing list