diff --git a/changelog b/changelog index a945fc24..e3166c2a 100644 --- a/changelog +++ b/changelog @@ -1,6 +1,17 @@ Changelog --------- +(post-1.3) +========== + +User api additions +------------------ + +There's a new member in the info struct used to control context creation, +ssl_private_key_password, which allows passing into lws the passphrase on +an SSL cetificate + + v1.3-chrome37-firefox30 ======================= diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 0bb67f57..ea40fa1f 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -955,7 +955,8 @@ struct lws_context_creation_info { const char *iface; struct libwebsocket_protocols *protocols; struct libwebsocket_extension *extensions; - struct lws_token_limits *token_limits; + struct lws_token_limits *token_limits; + const char *ssl_private_key_password; const char *ssl_cert_filepath; const char *ssl_private_key_filepath; const char *ssl_ca_filepath; diff --git a/lib/ssl.c b/lib/ssl.c index 940e00df..7bebacfc 100644 --- a/lib/ssl.c +++ b/lib/ssl.c @@ -223,6 +223,23 @@ libwebsockets_decode_ssl_error(void) } #ifndef LWS_NO_CLIENT +static int lws_context_init_client_ssl_pem_passwd_cb(char * buf, int size, int rwflag, void * userdata) +{ + struct lws_context_creation_info * info = (struct lws_context_creation_info *)userdata; + + const int passLen = (int)strlen(info->ssl_private_key_password); + const int minimumLen = passLen < size ? passLen : size; + strncpy(buf, info->ssl_private_key_password, minimumLen); + + if (minimumLen < size) + { + buf[minimumLen] = '\0'; + return minimumLen; + } + + return minimumLen; +} + int lws_context_init_client_ssl(struct lws_context_creation_info *info, struct libwebsocket_context *context) { @@ -306,10 +323,22 @@ int lws_context_init_client_ssl(struct lws_context_creation_info *info, } } if (info->ssl_private_key_filepath) { + /* check for provided by user password to private key */ + if (info->ssl_private_key_password) { + /* + * password provided, set ssl callback and user data + * for checking password which will be trigered during + * SSL_CTX_use_PrivateKey_file function + */ + SSL_CTX_set_default_passwd_cb_userdata( + context->ssl_client_ctx, + (void *)info); + SSL_CTX_set_default_passwd_cb(context->ssl_client_ctx, + lws_context_init_client_ssl_pem_passwd_cb); + } /* set the private key from KeyFile */ if (SSL_CTX_use_PrivateKey_file(context->ssl_client_ctx, - info->ssl_private_key_filepath, - SSL_FILETYPE_PEM) != 1) { + info->ssl_private_key_filepath, SSL_FILETYPE_PEM) != 1) { lwsl_err("use_PrivateKey_file '%s' %lu: %s\n", info->ssl_private_key_filepath, ERR_get_error(),