Lines Matching refs:vhost
62 n = wsi->a.vhost->protocols[0].callback(wsi,
100 struct lws_vhost *vhost, *vh;
107 * We can only get ssl accepted connections by using a vhost's ssl_ctx
132 vhost = lws_select_vhost(context, vh->listen_port, servername);
133 if (!vhost) {
141 /* select the ssl ctx from the selected vhost for this conn */
142 SSL_set_SSL_CTX(ssl, vhost->tls.ssl_ctx);
149 * this may now get called after the vhost creation, when certs become
153 lws_tls_server_certs_load(struct lws_vhost *vhost, struct lws *wsi,
177 int n = (int)lws_tls_generic_cert_checks(vhost, cert, private_key), m;
213 m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
223 (char *)vhost->context->pt[0].serv_buf);
236 if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key,
245 (char *)vhost->context->pt[0].serv_buf);
257 if (lws_tls_alloc_pem_to_der_file(vhost->context, cert, mem_cert,
265 ret = SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx,
273 ret = wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx,
284 if (lws_tls_alloc_pem_to_der_file(vhost->context, private_key,
293 ret = SSL_CTX_use_PrivateKey_ASN1(EVP_PKEY_RSA, vhost->tls.ssl_ctx, p,
302 vhost->tls.ssl_ctx, p,
311 ret = wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p, flen,
333 if (lws_tls_alloc_pem_to_der_file(vhost->context, cert, mem_cert,
338 if (SSL_CTX_use_certificate_ASN1(vhost->tls.ssl_ctx,
342 if (wolfSSL_CTX_use_certificate_buffer(vhost->tls.ssl_ctx,
353 if (lws_tls_alloc_pem_to_der_file(vhost->context, NULL,
362 vhost->tls.ssl_ctx, p,
365 if (wolfSSL_CTX_use_PrivateKey_buffer(vhost->tls.ssl_ctx, p,
377 m = SSL_CTX_use_certificate_chain_file(vhost->tls.ssl_ctx, cert);
382 (char *)vhost->context->pt[0].serv_buf));
392 if (SSL_CTX_use_PrivateKey_file(vhost->tls.ssl_ctx, private_key,
398 (char *)vhost->context->pt[0].serv_buf));
407 if (!SSL_CTX_check_private_key(vhost->tls.ssl_ctx)) {
417 if (vhost->tls.ecdh_curve[0])
418 ecdh_curve = vhost->tls.ecdh_curve;
431 SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, ecdh);
434 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_ECDH_USE);
438 if (lws_check_opt(vhost->context->options, LWS_SERVER_OPTION_SSL_ECDH))
444 x = sk_X509_value(vhost->tls.ssl_ctx->extra_certs, 0);
446 SSL_CTX_get_extra_chain_certs_only(vhost->tls.ssl_ctx, &extra_certs);
481 SSL_CTX_set_tmp_ecdh(vhost->tls.ssl_ctx, EC_key);
488 vhost->tls.skipped_certs = 0;
498 struct lws_vhost *vhost, struct lws *wsi)
511 (char *)vhost->context->pt[0].serv_buf);
517 vhost->tls.ssl_ctx = SSL_CTX_new(method); /* create context */
518 if (!vhost->tls.ssl_ctx) {
527 (char *)vhost->context->pt[0].serv_buf);
533 SSL_CTX_set_ex_data(vhost->tls.ssl_ctx,
535 (char *)vhost->context);
537 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_SSLv2 |
540 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_NO_COMPRESSION);
542 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_SINGLE_DH_USE);
543 SSL_CTX_set_options(vhost->tls.ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
546 SSL_CTX_set_cipher_list(vhost->tls.ssl_ctx, info->ssl_cipher_list);
550 SSL_CTX_set_ciphersuites(vhost->tls.ssl_ctx,
555 SSL_CTX_set_tlsext_servername_callback(vhost->tls.ssl_ctx,
557 SSL_CTX_set_tlsext_servername_arg(vhost->tls.ssl_ctx, vhost->context);
562 !SSL_CTX_load_verify_file(vhost->tls.ssl_ctx,
565 !SSL_CTX_load_verify_locations(vhost->tls.ssl_ctx,
602 SSL_CTX_set_options(vhost->tls.ssl_ctx, ssl_options_set_value);
630 SSL_CTX_clear_options(vhost->tls.ssl_ctx, ssl_options_clear_value);
634 (unsigned long)SSL_CTX_get_options(vhost->tls.ssl_ctx));
637 if (!vhost->tls.use_ssl ||
641 lws_ssl_bind_passphrase(vhost->tls.ssl_ctx, 0, info);
643 return lws_tls_server_certs_load(vhost, wsi, info->ssl_cert_filepath,
660 wsi->tls.ssl = SSL_new(wsi->a.vhost->tls.ssl_ctx);
695 if (wsi->a.vhost->tls.ssl_info_event_mask)
814 lws_tls_acme_sni_cert_create(struct lws_vhost *vhost, const char *san_a,
825 vhost->tls.ss = lws_zalloc(sizeof(*vhost->tls.ss), "sni cert");
826 if (!vhost->tls.ss) {
831 vhost->tls.ss->x509 = X509_new();
832 if (!vhost->tls.ss->x509)
835 ASN1_INTEGER_set(X509_get_serialNumber(vhost->tls.ss->x509), 1);
836 X509_gmtime_adj(X509_get_notBefore(vhost->tls.ss->x509), 0);
837 X509_gmtime_adj(X509_get_notAfter(vhost->tls.ss->x509), 3600);
839 vhost->tls.ss->pkey = EVP_PKEY_new();
840 if (!vhost->tls.ss->pkey)
843 if (lws_tls_openssl_rsa_new_key(&vhost->tls.ss->rsa, 4096))
846 if (!EVP_PKEY_assign_RSA(vhost->tls.ss->pkey, vhost->tls.ss->rsa))
849 X509_set_pubkey(vhost->tls.ss->x509, vhost->tls.ss->pkey);
851 name = X509_get_subject_name(vhost->tls.ss->x509);
862 X509_set_issuer_name(vhost->tls.ss->x509, name);
876 if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name,
894 if (X509_add1_ext_i2d(vhost->tls.ss->x509, NID_subject_alt_name,
902 if (!X509_sign(vhost->tls.ss->x509, vhost->tls.ss->pkey, EVP_sha256()))
909 i2d_X509_fp(fp, vhost->tls.ss->x509);
914 /* tell the vhost to use our crafted certificate */
915 SSL_CTX_use_certificate(vhost->tls.ssl_ctx, vhost->tls.ss->x509);
917 SSL_CTX_use_PrivateKey(vhost->tls.ssl_ctx, vhost->tls.ss->pkey);
922 RSA_free(vhost->tls.ss->rsa);
924 EVP_PKEY_free(vhost->tls.ss->pkey);
926 X509_free(vhost->tls.ss->x509);
928 lws_free(vhost->tls.ss);
935 lws_tls_acme_sni_cert_destroy(struct lws_vhost *vhost)
937 if (!vhost->tls.ss)
940 EVP_PKEY_free(vhost->tls.ss->pkey);
941 X509_free(vhost->tls.ss->x509);
942 lws_free_set_NULL(vhost->tls.ss);