[luci] nixio tls server certificate validation with cyassl
Sophana K
sophana78 at gmail.com
Fri May 13 11:21:37 CEST 2011
Thanks for your response.
I tried to use my own CA file. It seems to be read but I get a return
code -150 on my server (-155 on other servers)
So it seems that the CA was checked but there is another error I don't know.
Do you know where I can have a table for these return code?
The same certificates work with wget-ssl (openssl)
Sophana
On Wed, May 11, 2011 at 8:55 AM, Bart Van Der Meerssche
<bart.vandermeerssche at flukso.net> wrote:
> Hi Sophana,
>
> You can find an example of luci.httpclient used with cyassl and peer
> certificate validation in the 'send' co-routine of this file:
>
> https://github.com/icarus75/flukso/blob/develop/mote/v2/openwrt/package/flukso/luasrc/fluksod.lua
>
> Note that I did patch luci.httpclient to support persistent HTTP
> connections as well ('create_persistent' co-routine):
>
> https://github.com/icarus75/flukso/blob/develop/mote/v2/openwrt/package/luci/libs/httpclient/luasrc/httpclient.lua
>
> I did not manage to get this working with a certificate chain of length
> > 1. This could be fixed in a more recent version of the cyassl
> library. Your mileage may vary.
>
>
> HTH,
> Bart.
>
> On 05/07/2011 11:14 PM, Sophana K wrote:
>> Hi
>>
>> I'd like to make https accesses to my server and check its certificate
>> authority with nixio and cyassl.
>>
>> I've read in this list that there have been patches some months ago to
>> add set_verify_locations call.
>> I tried but it doesn't work with cyassl. (I need low foot print)
>>
>> I get return codes that I don't understand: -131 , or -155 or -210
>> Is there a table somewhere telling what these return codes are?
>>
>> I also want to have an https server with luci that will check the
>> clients's certificate authority. Is it the same call to be used?
>>
>> Note that the server uses a wildcard common name. Should I change it
>> to a non wildcard? maybe this is not supported?
>> This certificate was tested with wget-openssl.
>>
>> Thanks
>> _______________________________________________
>> luci mailing list
>> luci at lists.subsignal.org
>> https://lists.subsignal.org/mailman/listinfo/luci
>>
> _______________________________________________
> luci mailing list
> luci at lists.subsignal.org
> https://lists.subsignal.org/mailman/listinfo/luci
>
More information about the luci
mailing list