mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
add runtime context flag to enforce defeat of OS CA CERTS even if build option selected
Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
parent
10da117b84
commit
f55b2eff0a
2 changed files with 4 additions and 2 deletions
|
@ -152,6 +152,7 @@ enum libwebsocket_context_options {
|
|||
LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT = 8,
|
||||
LWS_SERVER_OPTION_LIBEV = 16,
|
||||
LWS_SERVER_OPTION_DISABLE_IPV6 = 32,
|
||||
LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS = 64,
|
||||
};
|
||||
|
||||
enum libwebsocket_callback_reasons {
|
||||
|
|
|
@ -262,8 +262,9 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info,
|
|||
info->ssl_cipher_list);
|
||||
|
||||
#ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS
|
||||
/* loads OS default CA certs */
|
||||
SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);
|
||||
if (!(info->options & LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS))
|
||||
/* loads OS default CA certs */
|
||||
SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);
|
||||
#endif
|
||||
|
||||
/* openssl init for cert verification (for client sockets) */
|
||||
|
|
Loading…
Add table
Reference in a new issue