[Libwebsockets] LCCSCF_ALLOW_SELFSIGNED not applied after redirect

Andy Green andy at warmcat.com
Thu Dec 23 12:12:16 CET 2021



On 12/23/21 11:06, Roman Nikiforov wrote:
>     How about this
> 
>     diff --git a/lib/core-net/close.c b/lib/core-net/close.c
>     index 4388aaf4c9..9b13325c9e 100644
>     --- a/lib/core-net/close.c
>     +++ b/lib/core-net/close.c
>     @@ -963,7 +963,7 @@ __lws_close_free_wsi_final(struct lws *wsi)
>                       //_lws_header_table_reset(wsi->http.ah);
> 
>        #if defined(LWS_WITH_TLS)
>     -               wsi->tls.use_ssl = wsi->flags & LCCSCF_USE_SSL;
>     +               wsi->tls.use_ssl = wsi->flags;
>        #endif
> 
>        #if defined(LWS_WITH_TLS_JIT_TRUST)
> 
>     -Andy
> 
> This fixed the issue, thanks! But may be you meant
> wsi->tls.use_ssl = wsi->flags | LCCSCF_USE_SSL;
> ?

No it's not guaranteed that the redirect it to https... by default lws 
will refuse to downgrade security on a redirect (ie, being redirected 
from https -> http) but you can override that with a flag so SSL 
disabled should be supported.  http->http redirects must also be supported.

If you had a warning / error, it's because the LCCSCF constant promoted 
the expression to unisgned as is needed as a side-effect... I should 
have cast it to unsigned without the constant in the expression doing it 
for me, like this

https://libwebsockets.org/git/libwebsockets/commit?id=bea294dd26edefd6b835cd70b6353e92b2bad06c

-Andy

> -
> Roman


More information about the Libwebsockets mailing list