mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
client: LCCSCF_ALLOW_INSECURE
AG add options the minimal http client related to this
This commit is contained in:
parent
bd8a751fc4
commit
d949b5529a
4 changed files with 27 additions and 0 deletions
|
@ -38,6 +38,7 @@ enum lws_client_connect_ssl_connection_flags {
|
|||
LCCSCF_ALLOW_SELFSIGNED = (1 << 1),
|
||||
LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK = (1 << 2),
|
||||
LCCSCF_ALLOW_EXPIRED = (1 << 3),
|
||||
LCCSCF_ALLOW_INSECURE = (1 << 4),
|
||||
|
||||
LCCSCF_PIPELINE = (1 << 16),
|
||||
/**< Serialize / pipeline multiple client connections
|
||||
|
|
|
@ -65,6 +65,12 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
|||
"certificate (verify_callback)\n");
|
||||
X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
|
||||
return 1; // ok
|
||||
} else if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
|
||||
err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) &&
|
||||
wsi->tls.use_ssl & LCCSCF_ALLOW_INSECURE) {
|
||||
lwsl_notice("accepting non-trusted certificate\n");
|
||||
X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
|
||||
return 1; /* ok */
|
||||
} else if ((err == X509_V_ERR_CERT_NOT_YET_VALID ||
|
||||
err == X509_V_ERR_CERT_HAS_EXPIRED) &&
|
||||
wsi->tls.use_ssl & LCCSCF_ALLOW_EXPIRED) {
|
||||
|
|
|
@ -16,6 +16,11 @@ Commandline option|Meaning
|
|||
-d <loglevel>|Debug verbosity in decimal, eg, -d15
|
||||
-l| Connect to https://localhost:7681 and accept selfsigned cert
|
||||
--h1|Specify http/1.1 only using ALPN, rejects h2 even if server supports it
|
||||
--server <name>|set server name to connect to
|
||||
-k|Apply tls option LCCSCF_ALLOW_INSECURE
|
||||
-j|Apply tls option LCCSCF_ALLOW_SELFSIGNED
|
||||
-m|Apply tls option LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK
|
||||
-e|Apply tls option LCCSCF_ALLOW_EXPIRED
|
||||
|
||||
```
|
||||
$ ./lws-minimal-http-client
|
||||
|
|
|
@ -173,6 +173,21 @@ int main(int argc, const char **argv)
|
|||
if ((p = lws_cmdline_option(argc, argv, "-p")))
|
||||
i.port = atoi(p);
|
||||
|
||||
if (lws_cmdline_option(argc, argv, "-j"))
|
||||
i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED;
|
||||
|
||||
if (lws_cmdline_option(argc, argv, "-k"))
|
||||
i.ssl_connection |= LCCSCF_ALLOW_INSECURE;
|
||||
|
||||
if (lws_cmdline_option(argc, argv, "-m"))
|
||||
i.ssl_connection |= LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
|
||||
|
||||
if (lws_cmdline_option(argc, argv, "-e"))
|
||||
i.ssl_connection |= LCCSCF_ALLOW_EXPIRED;
|
||||
|
||||
if ((p = lws_cmdline_option(argc, argv, "--server")))
|
||||
i.address = p;
|
||||
|
||||
i.path = "/";
|
||||
i.host = i.address;
|
||||
i.origin = i.address;
|
||||
|
|
Loading…
Add table
Reference in a new issue