mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
check if a client certificate exists and is valid, both
It should be SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, but it was only SSL_VERIFY_FAIL_IF_NO_PEER_CERT, so it didn't verify the cert, it only checked its existence. To fix that, turn on both just like openssl-server.c does.
This commit is contained in:
parent
6b950e8666
commit
7cd240f30f
1 changed files with 1 additions and 1 deletions
|
@ -39,7 +39,7 @@ lws_tls_server_client_cert_verify_config(struct lws_vhost *vh)
|
|||
}
|
||||
|
||||
if (!lws_check_opt(vh->options, LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED))
|
||||
verify_options = SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
||||
verify_options |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
|
||||
|
||||
lwsl_notice("%s: vh %s requires client cert %d\n", __func__, vh->name,
|
||||
verify_options);
|
||||
|
|
Loading…
Add table
Reference in a new issue