ssl pass real wsi to verify cert cb
authorDenis Osvald <denis.osvald@sartura.hr>
Mon, 23 Jan 2017 11:35:00 +0000 (19:35 +0800)
committerAndy Green <andy@warmcat.com>
Mon, 23 Jan 2017 11:35:00 +0000 (19:35 +0800)
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
lib/ssl-server.c
lib/ssl.c

index c42ee102f60dd1eca7a0c4df134b2176388e4ec8..e8b9640670e2422a38499d6a7c0c250417f846b4 100644 (file)
@@ -37,8 +37,7 @@ OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
 {
        SSL *ssl;
        int n;
-       struct lws_vhost *vh;
-       struct lws wsi;
+       struct lws *wsi;
 
        ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
                SSL_get_ex_data_X509_STORE_CTX_idx());
@@ -47,17 +46,9 @@ OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx)
         * !!! nasty openssl requires the index to come as a library-scope
         * static
         */
-       vh = SSL_get_ex_data(ssl, openssl_websocket_private_data_index);
-
-       /*
-        * give him a fake wsi with context set, so he can use lws_get_context()
-        * in the callback
-        */
-       memset(&wsi, 0, sizeof(wsi));
-       wsi.vhost = vh;
-       wsi.context = vh->context;
+       wsi = SSL_get_ex_data(ssl, openssl_websocket_private_data_index);
 
-       n = vh->protocols[0].callback(&wsi,
+       n = wsi->vhost->protocols[0].callback(wsi,
                        LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION,
                                           x509_ctx, ssl, preverify_ok);
 
index d41f8496900a5d9a163292cf06ea43475c9e0d5e..a616671ef8668b3288ab573cec41a784b5003425 100644 (file)
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -551,7 +551,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
                }
 
                SSL_set_ex_data(wsi->ssl,
-                       openssl_websocket_private_data_index, wsi->vhost);
+                       openssl_websocket_private_data_index, wsi);
 
                SSL_set_fd(wsi->ssl, accept_fd);
 #endif