diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index baa9aeac..c0f1a5de 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -349,7 +349,6 @@ enum lws_context_options { (1 << 12), LWS_SERVER_OPTION_LIBUV = (1 << 10), LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS = (1 << 11) | - (1 << 3) | (1 << 12), LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT = (1 << 12), LWS_SERVER_OPTION_EXPLICIT_VHOSTS = (1 << 13), diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h index 4bd23c2a..402ba9cf 100644 --- a/lib/private-libwebsockets.h +++ b/lib/private-libwebsockets.h @@ -1272,7 +1272,7 @@ struct lws { unsigned int extension_data_pending:1; #endif #ifdef LWS_OPENSSL_SUPPORT - unsigned int use_ssl:2; + unsigned int use_ssl:3; unsigned int upgraded:1; #endif #ifdef _WIN32 diff --git a/lib/ssl-client.c b/lib/ssl-client.c index 904c77ac..637dcc93 100644 --- a/lib/ssl-client.c +++ b/lib/ssl-client.c @@ -53,13 +53,15 @@ lws_ssl_client_bio_create(struct lws *wsi) } #if defined LWS_HAVE_X509_VERIFY_PARAM_set1_host - param = SSL_get0_param(wsi->ssl); - /* Enable automatic hostname checks */ - X509_VERIFY_PARAM_set_hostflags(param, - X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); - X509_VERIFY_PARAM_set1_host(param, hostname, 0); - /* Configure a non-zero callback if desired */ - SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, 0); + { + param = SSL_get0_param(wsi->ssl); + /* Enable automatic hostname checks */ + X509_VERIFY_PARAM_set_hostflags(param, + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + X509_VERIFY_PARAM_set1_host(param, hostname, 0); + /* Configure a non-zero callback if desired */ + SSL_set_verify(wsi->ssl, SSL_VERIFY_PEER, 0); + } #endif #ifndef USE_WOLFSSL @@ -286,12 +288,12 @@ lws_ssl_client_connect2(struct lws *wsi) lws_latency_pre(context, wsi); n = SSL_get_verify_result(wsi->ssl); lws_latency(context, wsi, - "SSL_get_verify_result LWS_CONNMODE..HANDSHAKE", - n, n > 0); + "SSL_get_verify_result LWS_CONNMODE..HANDSHAKE", n, n > 0); if (n != X509_V_OK) { if ((n == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT || - n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && wsi->use_ssl == 2) { + n == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) && + wsi->use_ssl == 2) { lwsl_notice("accepting self-signed certificate\n"); } else { lwsl_err("server's cert didn't look good, X509_V_ERR = %d: %s\n",