[luci] nixio tls server certificate validation with cyassl
Bart Van Der Meerssche
bart.vandermeerssche at flukso.net
Wed May 11 08:55:30 CEST 2011
Hi Sophana,
You can find an example of luci.httpclient used with cyassl and peer
certificate validation in the 'send' co-routine of this file:
https://github.com/icarus75/flukso/blob/develop/mote/v2/openwrt/package/flukso/luasrc/fluksod.lua
Note that I did patch luci.httpclient to support persistent HTTP
connections as well ('create_persistent' co-routine):
https://github.com/icarus75/flukso/blob/develop/mote/v2/openwrt/package/luci/libs/httpclient/luasrc/httpclient.lua
I did not manage to get this working with a certificate chain of length
> 1. This could be fixed in a more recent version of the cyassl
library. Your mileage may vary.
HTH,
Bart.
On 05/07/2011 11:14 PM, Sophana K wrote:
> Hi
>
> I'd like to make https accesses to my server and check its certificate
> authority with nixio and cyassl.
>
> I've read in this list that there have been patches some months ago to
> add set_verify_locations call.
> I tried but it doesn't work with cyassl. (I need low foot print)
>
> I get return codes that I don't understand: -131 , or -155 or -210
> Is there a table somewhere telling what these return codes are?
>
> I also want to have an https server with luci that will check the
> clients's certificate authority. Is it the same call to be used?
>
> Note that the server uses a wildcard common name. Should I change it
> to a non wildcard? maybe this is not supported?
> This certificate was tested with wget-openssl.
>
> Thanks
> _______________________________________________
> luci mailing list
> luci at lists.subsignal.org
> https://lists.subsignal.org/mailman/listinfo/luci
>
More information about the luci
mailing list