[luci] server certificate verification with luci/httpclient
Bart Van Der Meerssche
bart.vandermeerssche at flukso.net
Thu May 20 19:28:32 CEST 2010
Hello list,
I have a question regarding server certificate verification when using
luci/httpclient. I can successfully connect to our https server with
luci/httpclient configured with the cyassl crypto library. I have
slightly modified the httpclient code to enable server certificate
validation at TLS connection setup time, adding TLSContext:set_cert and
TLSContext:set_verify:
if pr == "https" then
local tls = options.tls_context or nixio.tls()
--> tls:set_verify("peer")
--> tls:set_cert("/etc/nixio/cacert.pem", "pem")
sock = tls:create(sock)
local stat, code, error = sock:connect()
if not stat then
return stat, code, error
end
end
However, the TLS handshake never fails, even when commenting-out the
tls:set_cert line. I have recompiled cyassl with the '--enable-debug'
but this doesn't seem to increase the verbosity of the TLS handshake.
Could somebody help me out?
Am I using the TLSContext methods correctly?
Best regards,
Bart Van Der Meerssche
More information about the luci
mailing list