Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity

client: LCCSCF_ALLOW_INSECURE

Browse source 
AG add options the minimal http client related to this
This commit is contained in:
Jakob Szumacher 2019-09-18 10:09:43 +01:00 committed by Andy Green
parent bd8a751fc4
commit d949b5529a
4 changed files with 27 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
include/libwebsockets/lws-client.h
View file

@ -38,6 +38,7 @@ enum lws_client_connect_ssl_connection_flags {
LCCSCF_ALLOW_SELFSIGNED = (1 << 1),
LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK = (1 << 2),
LCCSCF_ALLOW_EXPIRED = (1 << 3),
LCCSCF_ALLOW_INSECURE = (1 << 4),
LCCSCF_PIPELINE = (1 << 16),
/**< Serialize / pipeline multiple client connections

6
lib/tls/openssl/openssl-client.c
View file

@ -65,6 +65,12 @@ OpenSSL_client_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
"certificate (verify_callback)\n");
X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
return 1; // ok
} else if ((err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY ||
err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE) &&
wsi->tls.use_ssl & LCCSCF_ALLOW_INSECURE) {
lwsl_notice("accepting non-trusted certificate\n");
X509_STORE_CTX_set_error(x509_ctx, X509_V_OK);
return 1; /* ok */
} else if ((err == X509_V_ERR_CERT_NOT_YET_VALID ||
err == X509_V_ERR_CERT_HAS_EXPIRED) &&
wsi->tls.use_ssl & LCCSCF_ALLOW_EXPIRED) {

5
minimal-examples/http-client/minimal-http-client/README.md
View file

@ -16,6 +16,11 @@ Commandline option|Meaning
-d <loglevel>|Debug verbosity in decimal, eg, -d15
-l| Connect to https://localhost:7681 and accept selfsigned cert
--h1|Specify http/1.1 only using ALPN, rejects h2 even if server supports it
--server <name>|set server name to connect to
-k|Apply tls option LCCSCF_ALLOW_INSECURE
-j|Apply tls option LCCSCF_ALLOW_SELFSIGNED
-m|Apply tls option LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK
-e|Apply tls option LCCSCF_ALLOW_EXPIRED
```
$ ./lws-minimal-http-client

15
minimal-examples/http-client/minimal-http-client/minimal-http-client.c
View file

@ -173,6 +173,21 @@ int main(int argc, const char **argv)
if ((p = lws_cmdline_option(argc, argv, "-p")))
i.port = atoi(p);
if (lws_cmdline_option(argc, argv, "-j"))
i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED;
if (lws_cmdline_option(argc, argv, "-k"))
i.ssl_connection |= LCCSCF_ALLOW_INSECURE;
if (lws_cmdline_option(argc, argv, "-m"))
i.ssl_connection |= LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK;
if (lws_cmdline_option(argc, argv, "-e"))
i.ssl_connection |= LCCSCF_ALLOW_EXPIRED;
if ((p = lws_cmdline_option(argc, argv, "--server")))
i.address = p;
i.path = "/";
i.host = i.address;
i.origin = i.address;