diff --git a/lib/tls/mbedtls/mbedtls-client.c b/lib/tls/mbedtls/mbedtls-client.c index 24e501b8..2fbe8a62 100644 --- a/lib/tls/mbedtls/mbedtls-client.c +++ b/lib/tls/mbedtls/mbedtls-client.c @@ -172,8 +172,10 @@ lws_tls_client_create_vhost_context(struct lws_vhost *vh, return 1; } - // SSL_CTX_add_client_CA(vh->ssl_client_ctx, vh->x509_client_CA); - SSL_CTX_add_client_CA(vh->ssl_ctx, vh->x509_client_CA); + if (!vh->ssl_ctx) + SSL_CTX_add_client_CA(vh->ssl_client_ctx, vh->x509_client_CA); + else + SSL_CTX_add_client_CA(vh->ssl_ctx, vh->x509_client_CA); lwsl_notice("client loaded CA for verification %s\n", ca_filepath); diff --git a/lib/tls/mbedtls/wrapper/library/ssl_x509.c b/lib/tls/mbedtls/wrapper/library/ssl_x509.c index f3995a11..ed791508 100644 --- a/lib/tls/mbedtls/wrapper/library/ssl_x509.c +++ b/lib/tls/mbedtls/wrapper/library/ssl_x509.c @@ -17,6 +17,8 @@ #include "ssl_dbg.h" #include "ssl_port.h" +#include + /** * @brief show X509 certification information */ @@ -155,7 +157,7 @@ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x) { SSL_ASSERT1(ctx); SSL_ASSERT1(x); - + assert(ctx); if (ctx->client_CA == x) return 1; diff --git a/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c b/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c index 24393c36..d4aee31d 100644 --- a/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c +++ b/minimal-examples/ws-client/minimal-ws-client-rx/minimal-ws-client.c @@ -96,12 +96,12 @@ int main(int argc, char **argv) memset(&i, 0, sizeof i); /* otherwise uninitialized garbage */ i.context = context; - i.port = 443; - i.address = "libwebsockets.org"; + i.port = 7681; + i.address = "localhost"; i.path = "/"; i.host = i.address; i.origin = i.address; - i.ssl_connection = 1; + i.ssl_connection = 0; i.protocol = protocols[0].name; /* "dumb-increment-protocol" */ i.pwsi = &client_wsi;