Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: warmcat/libwebsockets
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 7ef2065fdf38f74d196238ebc618b7009e25e408
Choose a base ref
...
head repository: warmcat/libwebsockets
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 4144c1e61bfc69b08f52e727f687430026ebb608
Choose a head ref
  • 1 commit
  • 1 file changed
  • 1 contributor

Commits on Sep 28, 2023

  1. mbedtls-server: Fix broken client verification 

    This fixes clients being able to connect with a certicate that was not
signed by the configured CA when SSL_VERIFY_FAIL_IF_NO_PEER_CERT is set.

The issue only appeared when a client connects via IP address directly and
not use a hostname.

When the hostname was used to connect, the SNI 'callback lws_mbedtls_sni_cb'
overwrote the invalid verfiy mode of
MBEDTLS_SSL_VERIFY_OPTIONAL with MBEDTLS_SSL_VERIFY_REQUIRED by
calling SSL_set_SSL_CTX.

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
    @lws-team
    Daniel Danzberger authored and lws-team committed Sep 28, 2023
    Configuration menu
    Copy the full SHA
    4144c1e View commit details
    Browse the repository at this point in the history
Loading