ssl pass real wsi to verify cert cb

Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-01-23 19:35:00 +08:00 · 2017-01-23 19:35:00 +08:00 · cc806bb77e
commit cc806bb77e
parent bcce73201f
2 changed files with 4 additions and 13 deletions
--- a/lib/ssl-server.c
+++ b/lib/ssl-server.c
@ -37,8 +37,7 @@ OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
 	SSL *ssl;
 	int n;
-	struct lws_vhost *vh;
-	struct lws wsi;
+	struct lws *wsi;

 	ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
 		SSL_get_ex_data_X509_STORE_CTX_idx());
@ -47,17 +46,9 @@ OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 	 * !!! nasty openssl requires the index to come as a library-scope
 	 * static
 	 */
-	vh = SSL_get_ex_data(ssl, openssl_websocket_private_data_index);
+	wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index);

-	/*
-	 * give him a fake wsi with context set, so he can use lws_get_context()
-	 * in the callback
-	 */
-	memset(&wsi, 0, sizeof(wsi));
-	wsi.vhost = vh;
-	wsi.context = vh->context;
-
-	n = vh->protocols[0].callback(&wsi,
+	n = wsi->vhost->protocols[0].callback(wsi,
 			LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION,
 					   x509_ctx, ssl, preverify_ok);

--- a/lib/ssl.c
+++ b/lib/ssl.c
@ -551,7 +551,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 		}

 		SSL_set_ex_data(wsi->ssl,
-			openssl_websocket_private_data_index, wsi->vhost);
+			openssl_websocket_private_data_index, wsi);

 		SSL_set_fd(wsi->ssl, accept_fd);
 #endif