[Libwebsockets] How to enable two way authentication with mbedTLS
ivaldesi97 at gmail.com
Wed Jul 28 11:58:21 CEST 2021
Currently I have a websocket client (implemented with lws) which connects
to a http/ws server (also implemented with lws) using TLS with server
certificate validation. I need to enable the client to send its certificate
to the server and also enable the server to request the certificate and
verify this certificate with a CA certificate.
I am using the latest version of lws. With this version I can't establish a
TLS connection, I get a timeout waiting for SSL.
I am using a lws ws client and server with this configuration:
Client vhost config:
s_info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;
s_info.client_ssl_ca_filepath = m_t_config.pch_ca_cert;
s_info.client_ssl_cert_filepath = m_t_config.pch_client_cert;
s_info.client_ssl_private_key_filepath = m_t_config.pch_client_key;
Client connection config:
memset(&s_client_info, 0, sizeof(lws_client_connect_info));
s_client_info.address = m_t_config.pch_address;
s_client_info.host = m_t_config.pch_host_header;
s_client_info.path = m_t_config.pch_path;
s_client_info.port = m_t_config.i32_port;
s_client_info.context = m_ps_lws_context;
s_client_info.ssl_connection = LCCSCF_USE_SSL |
Server vhost config:
s_info.port = u16_https_port;
s_info.vhost_name = "localhost";
s_info.ssl_cert_filepath = pch_cert;
s_info.ssl_private_key_filepath = pch_key;
s_info.ssl_ca_filepath = pch_ca;
s_info.options = LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT |
If I access the http/ws server using a web browser, the server does not ask
for a client certificate.
Am I missing any configuration of the lws client or server?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Libwebsockets