Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00
Code Issues Releases Wiki Activity

ss: use system trust store if none given in policy

Browse source 
For general OpenSSL case, we leave connection validity to system trust
store bundle to decide; even for mbedtls it may have been passed a
bundle externally and we don't want to have to list the x.509 stack
explicitly for a server we don't have any control over.

Instead of erroring out, allow the case no trust store is specified,
just use vhost[0] and let the system trust store decide if it likes
the server's cert or not.


No ABI change.
This commit is contained in:
Andy Green 2020-03-15 04:55:21 +00:00
parent f843668db9
commit 99e6aff537
1 changed files with 9 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
lib/secure-streams/secure-streams.c
View file

@ -257,19 +257,17 @@ lws_ss_client_connect(lws_ss_handle_t *h)
lwsl_info("%s: using tls\n", __func__);
i.ssl_connection = LCCSCF_USE_SSL;
if (!h->policy->trust_store) {
lwsl_err("%s: tls required but no policy trust store\n",
__func__);
if (!h->policy->trust_store)
lwsl_info("%s: using platform trust store\n", __func__);
else {
return -1;
}
i.vhost = lws_get_vhost_by_name(h->context,
h->policy->trust_store->name);
if (!i.vhost) {
lwsl_err("%s: missing vh for policy ca\n", __func__);
i.vhost = lws_get_vhost_by_name(h->context,
h->policy->trust_store->name);
if (!i.vhost) {
lwsl_err("%s: missing vh for policy ca\n", __func__);
return -1;
return -1;
}
}
}