1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

tls: client: also allow vhost client ctx to be initialized with in-memory certs

This commit is contained in:
Andy Green 2019-01-11 13:13:40 +08:00
parent d995d75ffb
commit 4608dfc581
4 changed files with 23 additions and 2 deletions

View file

@ -422,14 +422,20 @@ struct lws_context_creation_info {
/**< VHOST: Client SSL context init: NULL or the passphrase needed
* for the private key */
const char *client_ssl_cert_filepath;
/**< VHOST: Client SSL context init:T he certificate the client
/**< VHOST: Client SSL context init: The certificate the client
* should present to the peer on connection */
const void *client_ssl_cert_mem;
/**< VHOST: Client SSL context init: client certificate memory buffer or
* NULL... use this to load client cert from memory instead of file */
unsigned int client_ssl_cert_mem_len;
/**< VHOST: Client SSL context init: length of client_ssl_cert_mem in
* bytes */
const char *client_ssl_private_key_filepath;
/**< VHOST: Client SSL context init: filepath to client private key
* if this is set to NULL but client_ssl_cert_filepath is set, you
* can handle the LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS
* callback of protocols[0] to allow setting of the private key directly
* via openSSL library calls */
* via tls library calls */
const char *client_ssl_ca_filepath;
/**< VHOST: Client SSL context init: CA certificate filepath or NULL */
const void *client_ssl_ca_mem;

View file

@ -360,6 +360,8 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
const void *ca_mem,
unsigned int ca_mem_len,
const char *cert_filepath,
const void *cert_mem,
unsigned int cert_mem_len,
const char *private_key_filepath)
{
SSL_METHOD *method;
@ -492,6 +494,15 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
return 1;
}
lwsl_notice("Loaded client cert %s\n", cert_filepath);
} else if (cert_mem && cert_mem_len) {
n = SSL_CTX_use_certificate_ASN1(vh->tls.ssl_client_ctx,
cert_mem_len, cert_mem);
if (n < 1) {
lwsl_err("%s: problem interpreting client cert '%s'\n",
__func__);
lws_tls_err_describe();
return 1;
}
}
if (private_key_filepath) {
lwsl_notice("%s: doing private key filepath\n", __func__);

View file

@ -281,6 +281,8 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh,
const void *ca_mem,
unsigned int ca_mem_len,
const char *cert_filepath,
const void *cert_mem,
unsigned int cert_mem_len,
const char *private_key_filepath);
LWS_EXTERN lws_tls_ctx *

View file

@ -132,6 +132,8 @@ int lws_context_init_client_ssl(const struct lws_context_creation_info *info,
info->client_ssl_ca_mem,
info->client_ssl_ca_mem_len,
cert_filepath,
info->client_ssl_cert_mem,
info->client_ssl_cert_mem_len,
private_key_filepath))
return 1;