xref: /third_party/libwebsockets/lib/tls/openssl/openssl-server.c

58 		lwsl_info("%s: client cert CN '%s'\n", __func__, ir.ns.name);
60 		lwsl_info("%s: couldn't get client cert CN\n", __func__);
88 	/* absolutely require the client cert */
154 			  const char *cert, const char *private_key,
177 	int n = (int)lws_tls_generic_cert_checks(vhost, cert, private_key), m;
179 	if (!cert && !private_key)
196 		 * the rights to read our own cert + key we saved.
201 		cert = NULL;
206 	 * use the multi-cert interface for backwards compatibility in the
210 	if (n != LWS_TLS_EXTANT_ALTERNATIVE && cert) {
213 		m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
225 			lwsl_err("problem getting cert '%s' %lu: %s\n",
226 				 cert, error, s);
257 	if (lws_tls_alloc_pem_to_der_file(vhost->context, cert, mem_cert,
259 		lwsl_err("%s: couldn't read cert file\n", __func__);
279 		lwsl_err("%s: Problem loading cert\n", __func__);
324 		 * the rights to read our own cert + key we saved.
329 		 * The passed memory-buffer cert image is in DER, and the
333 		if (lws_tls_alloc_pem_to_der_file(vhost->context, cert, mem_cert,
348 			lwsl_err("Problem loading update cert\n");
377 	m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
380 		lwsl_err("problem getting cert '%s' %lu: %s\n",
381 			 cert, error, ERR_error_string(error,
408 		lwsl_err("Private SSL key doesn't match cert\n");
729 			lwsl_notice("%s: client cert CN '%s'\n", __func__,
732 			lwsl_info("%s: no client cert CN\n", __func__);
825 	vhost->tls.ss = lws_zalloc(sizeof(*vhost->tls.ss), "sni cert");
906 	{/* useful to take a sample of a working cert for mbedtls to crib */
907 		FILE *fp = fopen("/tmp/acme-temp-cert", "w+");

Indexes created Thu Nov 07 10:32:03 CST 2024