mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
ss: use system trust store if none given in policy
For general OpenSSL case, we leave connection validity to system trust store bundle to decide; even for mbedtls it may have been passed a bundle externally and we don't want to have to list the x.509 stack explicitly for a server we don't have any control over. Instead of erroring out, allow the case no trust store is specified, just use vhost[0] and let the system trust store decide if it likes the server's cert or not. No ABI change.
This commit is contained in:
parent
f843668db9
commit
99e6aff537
1 changed files with 9 additions and 11 deletions
|
@ -257,19 +257,17 @@ lws_ss_client_connect(lws_ss_handle_t *h)
|
|||
lwsl_info("%s: using tls\n", __func__);
|
||||
i.ssl_connection = LCCSCF_USE_SSL;
|
||||
|
||||
if (!h->policy->trust_store) {
|
||||
lwsl_err("%s: tls required but no policy trust store\n",
|
||||
__func__);
|
||||
if (!h->policy->trust_store)
|
||||
lwsl_info("%s: using platform trust store\n", __func__);
|
||||
else {
|
||||
|
||||
return -1;
|
||||
}
|
||||
i.vhost = lws_get_vhost_by_name(h->context,
|
||||
h->policy->trust_store->name);
|
||||
if (!i.vhost) {
|
||||
lwsl_err("%s: missing vh for policy ca\n", __func__);
|
||||
|
||||
i.vhost = lws_get_vhost_by_name(h->context,
|
||||
h->policy->trust_store->name);
|
||||
if (!i.vhost) {
|
||||
lwsl_err("%s: missing vh for policy ca\n", __func__);
|
||||
|
||||
return -1;
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue