Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

add callback to allow additional client verification certs

Browse source 
Signed-off-by: Andy Green <andy@warmcat.com>
This commit is contained in:
Andy Green 2011-02-19 09:09:11 +00:00
parent 32375b7e9e
commit 0894bda184
3 changed files with 26 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/libwebsockets.c
View file

@ -1596,6 +1596,16 @@ libwebsocket_create_context(int port, const char *interface,
LWS_OPENSSL_CLIENT_CERTS);
}
/*
* callback allowing user code to load extra verification certs
* helping the client to verify server identity
*/
this->protocols[0].callback(this, wsi,
LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
this->ssl_client_ctx, NULL, 0);
if (this->use_ssl) {
/* openssl init for server sockets */

7
lib/libwebsockets.h
View file

@ -43,6 +43,7 @@ enum libwebsocket_callback_reasons {
LWS_CALLBACK_BROADCAST,
LWS_CALLBACK_FILTER_NETWORK_CONNECTION,
LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION,
LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
/* external poll() management support */
LWS_CALLBACK_ADD_POLL_FD,
@ -201,6 +202,12 @@ struct libwebsocket_context;
* content before deciding to allow the handshake to proceed or
* to kill the connection.
*
* LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS: if configure for
* including OpenSSL support, this callback allows your user code
* to perform extra SSL_CTX_load_verify_locations() or similar
* calls to direct OpenSSL where to find certificates the client
* can use to confirm the remote server identity. @user is the
* OpenSSL SSL_CTX*
*
* The next four reasons are optional and only need taking care of if you
* will be integrating libwebsockets sockets into an external polling

10
libwebsockets-api-doc.html
View file

@ -580,7 +580,15 @@ use the header enums lws_token_indexes from libwebsockets.h
to check for and read the supported header presence and
content before deciding to allow the handshake to proceed or
to kill the connection.
<p>
</blockquote>
<h3>LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS</h3>
<blockquote>
if configure for
including OpenSSL support, this callback allows your user code
to perform extra <b>SSL_CTX_load_verify_locations</b> or similar
calls to direct OpenSSL where to find certificates the client
can use to confirm the remote server identity. <tt><b>user</b></tt> is the
OpenSSL SSL_CTX*
<p>
The next four reasons are optional and only need taking care of if you
will be integrating libwebsockets sockets into an external polling