Skip to content

Commit

Permalink
server: add mbedtls support
Browse files Browse the repository at this point in the history
  • Loading branch information
@tsl0922
tsl0922 committed Dec 29, 2020
1 parent cdaef3c commit 6db541b
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 20 deletions.
17 changes: 0 additions & 17 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,23 +67,6 @@ endif()
set(INCLUDE_DIRS ${ZLIB_INCLUDE_DIR} ${LIBWEBSOCKETS_INCLUDE_DIRS} ${JSON-C_INCLUDE_DIRS} ${LIBUV_INCLUDE_DIRS})
set(LINK_LIBS ${ZLIB_LIBRARIES} ${LIBWEBSOCKETS_LIBRARIES} ${JSON-C_LIBRARIES} ${LIBUV_LIBRARIES})

set (CMAKE_REQUIRED_INCLUDES ${INCLUDE_DIRS})
include(CheckCSourceCompiles)
check_c_source_compiles("#include <lws_config.h>
int main(void) {
#if defined(LWS_OPENSSL_SUPPORT) || defined(LWS_WITH_TLS)
return 0;
#else
return error;
#endif
}" LWS_SSL_ENABLED)

if(LWS_SSL_ENABLED)
find_package(OpenSSL REQUIRED)
list(APPEND INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
list(APPEND LINK_LIBS ${OPENSSL_LIBRARIES})
endif()

if(WIN32)
list(APPEND LINK_LIBS shell32)
elseif(NOT APPLE)
Expand Down
2 changes: 1 addition & 1 deletion src/http.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ int callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user,

case LWS_CALLBACK_HTTP_FILE_COMPLETION:
goto try_to_reuse;
#if defined(LWS_OPENSSL_SUPPORT) || defined(LWS_WITH_TLS)
#if (defined(LWS_OPENSSL_SUPPORT) || defined(LWS_WITH_TLS)) && !defined(LWS_WITH_MBEDTLS)
case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION:
if (!len || (SSL_get_verify_result((SSL *)in) != X509_V_OK)) {
int err = X509_STORE_CTX_get_error((X509_STORE_CTX *)user);
Expand Down
4 changes: 2 additions & 2 deletions src/server.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -509,8 +509,8 @@ int main(int argc, char **argv) {
if (ssl) {
info.ssl_cert_filepath = cert_path;
info.ssl_private_key_filepath = key_path;
info.ssl_ca_filepath = ca_path;
if (strlen(info.ssl_ca_filepath) > 0)
if (strlen(ca_path) > 0)
info.ssl_ca_filepath = ca_path;
info.options |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
#if LWS_LIBRARY_VERSION_MAJOR >= 2
info.options |= LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS;
Expand Down

3 comments on commit 6db541b

@rezopole-maint
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hello,

my guess is that there's a missing pair of braces since that patch that prevent using SSL without authenticaticating the client side (i.e. without -A option)

as the original indentation suggests, the intended code is probably :

  if (ssl) {
    info.ssl_cert_filepath = cert_path;
    info.ssl_private_key_filepath = key_path;
    if (strlen(ca_path) > 0) {
      info.ssl_ca_filepath = ca_path;
      info.options |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
    }
#if LWS_LIBRARY_VERSION_MAJOR >= 2

@tsl0922
Copy link
Owner Author

@tsl0922 tsl0922 commented on 6db541b Mar 9, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, you are right. would'd you like to create a PR for it? thanks.

@tsl0922
Copy link
Owner Author

@tsl0922 tsl0922 commented on 6db541b Mar 9, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed on master

Please sign in to comment.