From: David Galeano Date: Wed, 9 Jan 2013 08:25:54 +0000 (+0800) Subject: Added context creation parameter for CA certificates file. X-Git-Tag: accepted/2.0/20130307.220733~320 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1b078bfec7c7205527c078d8cbe5ccb7926b827b;p=profile%2Fivi%2Flibwebsockets.git Added context creation parameter for CA certificates file. --- diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c index 0263c80..fd4196a 100644 --- a/lib/libwebsockets.c +++ b/lib/libwebsockets.c @@ -2484,6 +2484,7 @@ OpenSSL_verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx) * server cert from, otherwise NULL for unencrypted * @ssl_private_key_filepath: filepath to private key if wanting SSL mode, * else ignored + * @ssl_ca_filepath: CA certificate filepath or NULL * @gid: group id to change to after setting listen socket, or -1. * @uid: user id to change to after setting listen socket, or -1. * @options: 0, or LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK @@ -2522,8 +2523,9 @@ libwebsocket_create_context(int port, const char *interf, struct libwebsocket_extension *extensions, const char *ssl_cert_filepath, const char *ssl_private_key_filepath, + const char *ssl_ca_filepath, int gid, int uid, unsigned int options, - void *user) + void *user) { int n; int m; @@ -2743,15 +2745,23 @@ libwebsocket_create_context(int port, const char *interf, } /* openssl init for cert verification (for client sockets) */ - - if (!SSL_CTX_load_verify_locations( - context->ssl_client_ctx, NULL, - LWS_OPENSSL_CLIENT_CERTS)) - fprintf(stderr, - "Unable to load SSL Client certs from %s " - "(set by --with-client-cert-dir= in configure) -- " - " client ssl isn't going to work", - LWS_OPENSSL_CLIENT_CERTS); + if (!ssl_ca_filepath) { + if (!SSL_CTX_load_verify_locations( + context->ssl_client_ctx, NULL, + LWS_OPENSSL_CLIENT_CERTS)) + fprintf(stderr, + "Unable to load SSL Client certs from %s " + "(set by --with-client-cert-dir= in configure) -- " + " client ssl isn't going to work", + LWS_OPENSSL_CLIENT_CERTS); + } else + if (!SSL_CTX_load_verify_locations( + context->ssl_client_ctx, ssl_ca_filepath, + NULL)) + fprintf(stderr, + "Unable to load SSL Client certs " + "file from %s -- client ssl isn't " + "going to work", ssl_ca_filepath); /* * callback allowing user code to load extra verification certs diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h index 6416611..6a612e6 100644 --- a/lib/libwebsockets.h +++ b/lib/libwebsockets.h @@ -646,7 +646,9 @@ libwebsocket_create_context(int port, const char * interf, struct libwebsocket_protocols *protocols, struct libwebsocket_extension *extensions, const char *ssl_cert_filepath, - const char *ssl_private_key_filepath, int gid, int uid, + const char *ssl_private_key_filepath, + const char *ssl_ca_filepath, + int gid, int uid, unsigned int options, void *user); LWS_EXTERN void diff --git a/libwebsockets-api-doc.html b/libwebsockets-api-doc.html index e908d14..6ed0b1c 100644 --- a/libwebsockets-api-doc.html +++ b/libwebsockets-api-doc.html @@ -224,6 +224,7 @@ has been created. struct libwebsocket_extension * extensions, const char * ssl_cert_filepath, const char * ssl_private_key_filepath, +const char * ssl_ca_filepath, int gid, int uid, unsigned int options, @@ -252,6 +253,9 @@ server cert from, otherwise NULL for unencrypted
ssl_private_key_filepath
filepath to private key if wanting SSL mode, else ignored +
ssl_ca_filepath +
filepath to CA certificates file if wanting SSL mode, +else ignored
gid
group id to change to after setting listen socket, or -1.
uid diff --git a/test-server/test-client.c b/test-server/test-client.c index 6db609c..babdea8 100644 --- a/test-server/test-client.c +++ b/test-server/test-client.c @@ -258,7 +258,7 @@ int main(int argc, char **argv) context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN, NULL, protocols, libwebsocket_internal_extensions, - NULL, NULL, -1, -1, 0, NULL); + NULL, NULL, NULL, -1, -1, 0, NULL); if (context == NULL) { fprintf(stderr, "Creating libwebsocket context failed\n"); return 1; diff --git a/test-server/test-fraggle.c b/test-server/test-fraggle.c index de544fe..9c2a166 100644 --- a/test-server/test-fraggle.c +++ b/test-server/test-fraggle.c @@ -301,7 +301,7 @@ int main(int argc, char **argv) context = libwebsocket_create_context(server_port, interface, protocols, libwebsocket_internal_extensions, - cert_path, key_path, -1, -1, opts, NULL); + cert_path, key_path, NULL, -1, -1, opts, NULL); if (context == NULL) { fprintf(stderr, "libwebsocket init failed\n"); return -1; diff --git a/test-server/test-ping.c b/test-server/test-ping.c index 476ef0b..864a028 100644 --- a/test-server/test-ping.c +++ b/test-server/test-ping.c @@ -403,7 +403,7 @@ int main(int argc, char **argv) context = libwebsocket_create_context(CONTEXT_PORT_NO_LISTEN, NULL, protocols, libwebsocket_internal_extensions, - NULL, NULL, -1, -1, 0, NULL); + NULL, NULL, NULL, -1, -1, 0, NULL); if (context == NULL) { fprintf(stderr, "Creating libwebsocket context failed\n"); return 1; diff --git a/test-server/test-server-extpoll.c b/test-server/test-server-extpoll.c index f2f68b4..1eb2d10 100644 --- a/test-server/test-server-extpoll.c +++ b/test-server/test-server-extpoll.c @@ -484,7 +484,8 @@ int main(int argc, char **argv) context = libwebsocket_create_context(port, interface_ptr, protocols, libwebsocket_internal_extensions, - cert_path, key_path, -1, -1, opts, NULL); + cert_path, key_path, NULL, -1, -1, + opts, NULL); if (context == NULL) { fprintf(stderr, "libwebsocket init failed\n"); return -1; diff --git a/test-server/test-server.c b/test-server/test-server.c index 9617194..d202c1d 100644 --- a/test-server/test-server.c +++ b/test-server/test-server.c @@ -447,7 +447,7 @@ int main(int argc, char **argv) context = libwebsocket_create_context(port, interface, protocols, libwebsocket_internal_extensions, - cert_path, key_path, -1, -1, opts, NULL); + cert_path, key_path, NULL, -1, -1, opts, NULL); if (context == NULL) { fprintf(stderr, "libwebsocket init failed\n"); return -1;