mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
tls: client: also allow vhost client ctx to be initialized with in-memory certs
This commit is contained in:
parent
d995d75ffb
commit
4608dfc581
4 changed files with 23 additions and 2 deletions
|
@ -422,14 +422,20 @@ struct lws_context_creation_info {
|
|||
/**< VHOST: Client SSL context init: NULL or the passphrase needed
|
||||
* for the private key */
|
||||
const char *client_ssl_cert_filepath;
|
||||
/**< VHOST: Client SSL context init:T he certificate the client
|
||||
/**< VHOST: Client SSL context init: The certificate the client
|
||||
* should present to the peer on connection */
|
||||
const void *client_ssl_cert_mem;
|
||||
/**< VHOST: Client SSL context init: client certificate memory buffer or
|
||||
* NULL... use this to load client cert from memory instead of file */
|
||||
unsigned int client_ssl_cert_mem_len;
|
||||
/**< VHOST: Client SSL context init: length of client_ssl_cert_mem in
|
||||
* bytes */
|
||||
const char *client_ssl_private_key_filepath;
|
||||
/**< VHOST: Client SSL context init: filepath to client private key
|
||||
* if this is set to NULL but client_ssl_cert_filepath is set, you
|
||||
* can handle the LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS
|
||||
* callback of protocols[0] to allow setting of the private key directly
|
||||
* via openSSL library calls */
|
||||
* via tls library calls */
|
||||
const char *client_ssl_ca_filepath;
|
||||
/**< VHOST: Client SSL context init: CA certificate filepath or NULL */
|
||||
const void *client_ssl_ca_mem;
|
||||
|
|
|
@ -360,6 +360,8 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
const void *ca_mem,
|
||||
unsigned int ca_mem_len,
|
||||
const char *cert_filepath,
|
||||
const void *cert_mem,
|
||||
unsigned int cert_mem_len,
|
||||
const char *private_key_filepath)
|
||||
{
|
||||
SSL_METHOD *method;
|
||||
|
@ -492,6 +494,15 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
return 1;
|
||||
}
|
||||
lwsl_notice("Loaded client cert %s\n", cert_filepath);
|
||||
} else if (cert_mem && cert_mem_len) {
|
||||
n = SSL_CTX_use_certificate_ASN1(vh->tls.ssl_client_ctx,
|
||||
cert_mem_len, cert_mem);
|
||||
if (n < 1) {
|
||||
lwsl_err("%s: problem interpreting client cert '%s'\n",
|
||||
__func__);
|
||||
lws_tls_err_describe();
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
if (private_key_filepath) {
|
||||
lwsl_notice("%s: doing private key filepath\n", __func__);
|
||||
|
|
|
@ -281,6 +281,8 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
|
|||
const void *ca_mem,
|
||||
unsigned int ca_mem_len,
|
||||
const char *cert_filepath,
|
||||
const void *cert_mem,
|
||||
unsigned int cert_mem_len,
|
||||
const char *private_key_filepath);
|
||||
|
||||
LWS_EXTERN lws_tls_ctx *
|
||||
|
|
|
@ -132,6 +132,8 @@ int lws_context_init_client_ssl(const struct lws_context_creation_info *info,
|
|||
info->client_ssl_ca_mem,
|
||||
info->client_ssl_ca_mem_len,
|
||||
cert_filepath,
|
||||
info->client_ssl_cert_mem,
|
||||
info->client_ssl_cert_mem_len,
|
||||
private_key_filepath))
|
||||
return 1;
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue