commit b353a458cda737e995bddfeb870fd6805aa25462
author prasannateamf1 <prasanna@teamf1.com> Tue Nov 12 17:21:01 2013 -0800
committer Andy Green <andy.green@linaro.org> Sun Nov 24 10:25:09 2013 +0800
tree cdef7299a91ae9b1141525379a4107f0e0d50d95
parent 909a3720c7676303f38feda308f24fd63e7ce36b

support for client authentication based on certs

lib/libwebsockets.c

diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 2cb3ab0..42deebd 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -2060,6 +2060,40 @@
 		 * helping the client to verify server identity
 		 */
 
+		/* support for client-side certificate authentication */
+		if (info->ssl_cert_filepath) {
+			n = SSL_CTX_use_certificate_chain_file(
+				context->ssl_client_ctx,
+						info->ssl_cert_filepath);
+			if (n != 1) {
+				lwsl_err("problem getting cert '%s' %lu: %s\n",
+					info->ssl_cert_filepath,
+					ERR_get_error(),
+					ERR_error_string(ERR_get_error(),
+					(char *)context->service_buffer));
+				goto bail;
+			}
+		} 
+		if (info->ssl_private_key_filepath) {
+			/* set the private key from KeyFile */
+			if (SSL_CTX_use_PrivateKey_file(context->ssl_client_ctx,
+				     info->ssl_private_key_filepath,
+						       SSL_FILETYPE_PEM) != 1) {
+				lwsl_err("use_PrivateKey_file '%s' %lu: %s\n",
+					info->ssl_private_key_filepath,
+					ERR_get_error(),
+					ERR_error_string(ERR_get_error(),
+					      (char *)context->service_buffer));
+				goto bail;
+			}
+
+			/* verify private key */
+			if (!SSL_CTX_check_private_key(context->ssl_client_ctx)) {
+				lwsl_err("Private SSL key doesn't match cert\n");
+				goto bail;
+			}
+		} 
+
 		context->protocols[0].callback(context, NULL,
 			LWS_CALLBACK_OPENSSL_LOAD_EXTRA_CLIENT_VERIFY_CERTS,
 			context->ssl_client_ctx, NULL, 0);