1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

check if a client certificate exists and is valid, both

It should be SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, but it was only SSL_VERIFY_FAIL_IF_NO_PEER_CERT, so it didn't verify the cert, it only checked its existence.

To fix that, turn on both just like openssl-server.c does.
This commit is contained in:
Jeongik Cha 2024-10-30 22:19:37 +09:00 committed by GitHub
parent 6b950e8666
commit 7cd240f30f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -39,7 +39,7 @@ lws_tls_server_client_cert_verify_config(struct lws_vhost *vh)
}
if (!lws_check_opt(vh->options, LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
verify_options = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
lwsl_notice("%s: vh %s requires client cert %d\n", __func__, vh->name,
verify_options);