* server cert from, otherwise NULL for unencrypted
* @ssl_private_key_filepath: filepath to private key if wanting SSL mode,
* else ignored
+ * @ssl_ca_filepath: CA certificate filepath or NULL
* @gid: group id to change to after setting listen socket, or -1.
* @uid: user id to change to after setting listen socket, or -1.
* @options: 0, or LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK
struct libwebsocket_extension *extensions,
const char *ssl_cert_filepath,
const char *ssl_private_key_filepath,
+ const char *ssl_ca_filepath,
int gid, int uid, unsigned int options,
- void *user)
+ void *user)
{
int n;
int m;
}
/* openssl init for cert verification (for client sockets) */
-
- if (!SSL_CTX_load_verify_locations(
- context->ssl_client_ctx, NULL,
- LWS_OPENSSL_CLIENT_CERTS))
- fprintf(stderr,
- "Unable to load SSL Client certs from %s "
- "(set by --with-client-cert-dir= in configure) -- "
- " client ssl isn't going to work",
- LWS_OPENSSL_CLIENT_CERTS);
+ if (!ssl_ca_filepath) {
+ if (!SSL_CTX_load_verify_locations(
+ context->ssl_client_ctx, NULL,
+ LWS_OPENSSL_CLIENT_CERTS))
+ fprintf(stderr,
+ "Unable to load SSL Client certs from %s "
+ "(set by --with-client-cert-dir= in configure) -- "
+ " client ssl isn't going to work",
+ LWS_OPENSSL_CLIENT_CERTS);
+ } else
+ if (!SSL_CTX_load_verify_locations(
+ context->ssl_client_ctx, ssl_ca_filepath,
+ NULL))
+ fprintf(stderr,
+ "Unable to load SSL Client certs "
+ "file from %s -- client ssl isn't "
+ "going to work", ssl_ca_filepath);
/*
* callback allowing user code to load extra verification certs
struct libwebsocket_protocols *protocols,
struct libwebsocket_extension *extensions,
const char *ssl_cert_filepath,
- const char *ssl_private_key_filepath, int gid, int uid,
+ const char *ssl_private_key_filepath,
+ const char *ssl_ca_filepath,
+ int gid, int uid,
unsigned int options, void *user);
LWS_EXTERN void
<i>struct libwebsocket_extension *</i> <b>extensions</b>,
<i>const char *</i> <b>ssl_cert_filepath</b>,
<i>const char *</i> <b>ssl_private_key_filepath</b>,
+<i>const char *</i> <b>ssl_ca_filepath</b>,
<i>int</i> <b>gid</b>,
<i>int</i> <b>uid</b>,
<i>unsigned int</i> <b>options</b>,
<dt><b>ssl_private_key_filepath</b>
<dd>filepath to private key if wanting SSL mode,
else ignored
+<dt><b>ssl_ca_filepath</b>
+<dd>filepath to CA certificates file if wanting SSL mode,
+else ignored
<dt><b>gid</b>
<dd>group id to change to after setting listen socket, or -1.
<dt><b>uid</b>
context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN, NULL,
protocols, libwebsocket_internal_extensions,
- NULL, NULL, -1, -1, 0, NULL);
+ NULL, NULL, NULL, -1, -1, 0, NULL);
if (context == NULL) {
fprintf(stderr, "Creating libwebsocket context failed\n");
return 1;
context = libwebsocket_create_context(server_port, interface, protocols,
libwebsocket_internal_extensions,
- cert_path, key_path, -1, -1, opts, NULL);
+ cert_path, key_path, NULL, -1, -1, opts, NULL);
if (context == NULL) {
fprintf(stderr, "libwebsocket init failed\n");
return -1;
context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN, NULL,
protocols,
libwebsocket_internal_extensions,
- NULL, NULL, -1, -1, 0, NULL);
+ NULL, NULL, NULL, -1, -1, 0, NULL);
if (context == NULL) {
fprintf(stderr, "Creating libwebsocket context failed\n");
return 1;
context = libwebsocket_create_context(port, interface_ptr, protocols,
libwebsocket_internal_extensions,
- cert_path, key_path, -1, -1, opts, NULL);
+ cert_path, key_path, NULL, -1, -1,
+ opts, NULL);
if (context == NULL) {
fprintf(stderr, "libwebsocket init failed\n");
return -1;
context = libwebsocket_create_context(port, interface, protocols,
libwebsocket_internal_extensions,
- cert_path, key_path, -1, -1, opts, NULL);
+ cert_path, key_path, NULL, -1, -1, opts, NULL);
if (context == NULL) {
fprintf(stderr, "libwebsocket init failed\n");
return -1;