Signed-off-by: Andy Green <andy.green@linaro.org>
LWS_SERVER_OPTION_ALLOW_NON_SSL_ON_SSL_PORT = 8,
LWS_SERVER_OPTION_LIBEV = 16,
LWS_SERVER_OPTION_DISABLE_IPV6 = 32,
+ LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS = 64,
};
enum libwebsocket_callback_reasons {
info->ssl_cipher_list);
#ifdef LWS_SSL_CLIENT_USE_OS_CA_CERTS
- /* loads OS default CA certs */
- SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);
+ if (!(info->options & LWS_SERVER_OPTION_DISABLE_OS_CA_CERTS))
+ /* loads OS default CA certs */
+ SSL_CTX_set_default_verify_paths(context->ssl_client_ctx);
#endif
/* openssl init for cert verification (for client sockets) */