diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 147297b3..0bb67f57 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -152,6 +152,7 @@ enum libwebsocket_context_options { LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT = 8, LWS_SERVER_OPTION_LIBEV = 16, LWS_SERVER_OPTION_DISABLE_IPV6 = 32, + LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS = 64, }; enum libwebsocket_callback_reasons { diff --git a/lib/ssl.c b/lib/ssl.c index 7ccff55e..940e00df 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -262,8 +262,9 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info, info->ssl_cipher_list); #ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS - /* loads OS default CA certs */ - SSL_CTX_set_default_verify_paths(context->ssl_client_ctx); + if (!(info->options & LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS)) + /* loads OS default CA certs */ + SSL_CTX_set_default_verify_paths(context->ssl_client_ctx); #endif /* openssl init for cert verification (for client sockets) */