Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libwebsockets / 0894bda18419834274d7555bc3e300307a4542ac^! / .
commit0894bda18419834274d7555bc3e300307a4542ac[log] [tgz]
authorAndy Green <andy@warmcat.com>Sat Feb 19 09:09:11 2011 +0000
committerAndy Green <andy@warmcat.com>Sat Feb 19 09:09:11 2011 +0000
treef4b89afb2cd2f421cd52b647c712738304b8186c
parent32375b7e9e02dfeb078c80f236c3b2892f8f3014 [diff]
add callback to allow additional client verification certs

Signed-off-by: Andy Green <andy@warmcat.com>

diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index f94b11c..aaf991a 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c

@@ -1596,6 +1596,16 @@
 						      LWS_OPENSSL_CLIENT_CERTS);
 	}
 
+	/*
+	 * callback allowing user code to load extra verification certs
+	 * helping the client to verify server identity
+	 */
+
+	this->protocols[0].callback(this, wsi,
+		LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
+		this->ssl_client_ctx, NULL, 0);
+
+
 	if (this->use_ssl) {
 
 		/* openssl init for server sockets */

diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index acb27b1..0890c9b 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h

@@ -43,6 +43,7 @@
 	LWS_CALLBACK_BROADCAST,
 	LWS_CALLBACK_FILTER_NETWORK_CONNECTION,
 	LWS_CALLBACK_FILTER_PROTOCOL_CONNECTION,
+	LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
 
 	/* external poll() management support */
 	LWS_CALLBACK_ADD_POLL_FD,
@@ -201,6 +202,12 @@
  *		content before deciding to allow the handshake to proceed or
  *		to kill the connection.
  *
+ * 	LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS: if configure for
+ * 		including OpenSSL support, this callback allows your user code
+ * 		to perform extra SSL_CTX_load_verify_locations() or similar
+ *		calls to direct OpenSSL where to find certificates the client
+ *		can use to confirm the remote server identity.  @user is the
+ *		OpenSSL SSL_CTX*
  *
  *	The next four reasons are optional and only need taking care of if you
  * 	will be integrating libwebsockets sockets into an external polling

diff --git a/libwebsockets-api-doc.html b/libwebsockets-api-doc.html
index cd3e70d..ecb17ca 100644
--- a/libwebsockets-api-doc.html
+++ b/libwebsockets-api-doc.html

@@ -580,7 +580,15 @@
 to check for and read the supported header presence and
 content before deciding to allow the handshake to proceed or
 to kill the connection.
-<p>
+</blockquote>
+<h3>LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS</h3>
+<blockquote>
+if configure for
+including OpenSSL support, this callback allows your user code
+to perform extra <b>SSL_CTX_load_verify_locations</b> or similar
+calls to direct OpenSSL where to find certificates the client
+can use to confirm the remote server identity.  <tt><b>user</b></tt> is the
+OpenSSL SSL_CTX*
 <p>
 The next four reasons are optional and only need taking care of if you
 will be integrating libwebsockets sockets into an external polling