-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ca_filepath validation on client side #3050
Comments
I think there's maybe some confusion about how the tls cert trust works. The client just needs to trust the CA cert used to sign the intermediate or server cert. The server passes the client the server and any intermediate signed by the CA. When you create the context (or vhost) what .options flags are you using? |
i am using below options : |
You're trying to use mutual auth on tls? Where the server also validates a cert held by the client? What example code did you base off of? What do the verbose lws logs say? |
I am passing cert info while creating vhost using lws_create_vhost call . |
This is not what you were expecting, right? |
yes i have already set this option in info : |
The logs are telling you what you have actually done from lws perspective, not what you think you have done from the perspective of your code. It feels the .options it's actually using does not have that flag set. So you might want to look into why there is a difference of opinion with what's actually happening, not reiterate what you think should be happening. |
i have client application in which i am using secure connection (wss) with server . I have same set of certificates on server and client side . But if i give wrong path of ca file at client side still i am able to establish connection with server . Below code from openssl-client.c file which do validation of file and file path but it still allow the connection .
The text was updated successfully, but these errors were encountered: