Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libwebsockets / 2f82be89d5c55c8ffc56396e78bf85d262262694^! / . / lib / libwebsockets.c
commit2f82be89d5c55c8ffc56396e78bf85d262262694[log] [tgz]
authorDavid Galeano <davidgaleano@turbulenz.biz>Wed Jan 09 16:25:54 2013 +0800
committerAndy Green <andy.green@linaro.org>Wed Jan 09 16:25:54 2013 +0800
tree73ec96ba1d34753f276edc1ec550d77b79fc085a
parent36750b84fdf2f35320c9cf621659d1e880b5e0ca [diff] [blame]
Added context creation parameter for CA certificates file.

diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 0263c80..fd4196a 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c

@@ -2484,6 +2484,7 @@
  *			server cert from, otherwise NULL for unencrypted
  * @ssl_private_key_filepath: filepath to private key if wanting SSL mode,
  *			else ignored
+ * @ssl_ca_filepath: CA certificate filepath or NULL
  * @gid:	group id to change to after setting listen socket, or -1.
  * @uid:	user id to change to after setting listen socket, or -1.
  * @options:	0, or LWS_SERVER_OPTION_DEFEAT_CLIENT_MASK
@@ -2522,8 +2523,9 @@
 			       struct libwebsocket_extension *extensions,
 			       const char *ssl_cert_filepath,
 			       const char *ssl_private_key_filepath,
+			       const char *ssl_ca_filepath,
 			       int gid, int uid, unsigned int options,
-                   void *user)
+			       void *user)
 {
 	int n;
 	int m;
@@ -2743,15 +2745,23 @@
 		}
 
 		/* openssl init for cert verification (for client sockets) */
-
-		if (!SSL_CTX_load_verify_locations(
-					context->ssl_client_ctx, NULL,
-						      LWS_OPENSSL_CLIENT_CERTS))
-			fprintf(stderr,
-			    "Unable to load SSL Client certs from %s "
-			    "(set by --with-client-cert-dir= in configure) -- "
-				" client ssl isn't going to work",
-						      LWS_OPENSSL_CLIENT_CERTS);
+		if (!ssl_ca_filepath) {
+			if (!SSL_CTX_load_verify_locations(
+				context->ssl_client_ctx, NULL,
+						     LWS_OPENSSL_CLIENT_CERTS))
+				fprintf(stderr,
+					"Unable to load SSL Client certs from %s "
+					"(set by --with-client-cert-dir= in configure) -- "
+					" client ssl isn't going to work",
+						     LWS_OPENSSL_CLIENT_CERTS);
+		} else
+			if (!SSL_CTX_load_verify_locations(
+				context->ssl_client_ctx, ssl_ca_filepath,
+								  NULL))
+				fprintf(stderr,
+					"Unable to load SSL Client certs "
+					"file from %s -- client ssl isn't "
+					"going to work", ssl_ca_filepath);
 
 		/*
 		 * callback allowing user code to load extra verification certs