mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-30 00:00:16 +01:00
4144c1e61b
This fixes clients being able to connect with a certicate that was not signed by the configured CA when SSL_VERIFY_FAIL_IF_NO_PEER_CERT is set. The issue only appeared when a client connects via IP address directly and not use a hostname. When the hostname was used to connect, the SNI 'callback lws_mbedtls_sni_cb' overwrote the invalid verfiy mode of MBEDTLS_SSL_VERIFY_OPTIONAL with MBEDTLS_SSL_VERIFY_REQUIRED by calling SSL_set_SSL_CTX. Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com> |
||
|---|---|---|
| .. | ||
| mbedtls | ||
| openssl | ||
| CMakeLists.txt | ||
| lws-gencrypto-common.c | ||
| lws-genec-common.c | ||
| private-jit-trust.h | ||
| private-lib-tls.h | ||
| private-network.h | ||
| tls-client.c | ||
| tls-jit-trust.c | ||
| tls-network.c | ||
| tls-server.c | ||
| tls-sessions.c | ||
| tls.c | ||