From: Shuanglei Tao <tsl0922@gmail.com>
Date: Tue, 29 Dec 2020 16:45:09 +0000 (+0800)
Subject: server: add mbedtls support
X-Git-Url: http://git.prime8.dev/?a=commitdiff_plain;h=6db541b2b12f8b4044ea38cab3529d09d193adfe;p=ttyd.git

server: add mbedtls support
---

diff --git a/CMakeLists.txt b/CMakeLists.txt
index fca43f6..e41c629 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -67,23 +67,6 @@ endif()
 set(INCLUDE_DIRS ${ZLIB_INCLUDE_DIR} ${LIBWEBSOCKETS_INCLUDE_DIRS} ${JSON-C_INCLUDE_DIRS} ${LIBUV_INCLUDE_DIRS})
 set(LINK_LIBS ${ZLIB_LIBRARIES} ${LIBWEBSOCKETS_LIBRARIES} ${JSON-C_LIBRARIES} ${LIBUV_LIBRARIES})
 
-set (CMAKE_REQUIRED_INCLUDES ${INCLUDE_DIRS})
-include(CheckCSourceCompiles)
-check_c_source_compiles("#include <lws_config.h>
-int main(void) {
-#if defined(LWS_OPENSSL_SUPPORT) || defined(LWS_WITH_TLS)
-    return 0;
-#else
-    return error;
-#endif
-}" LWS_SSL_ENABLED)
-
-if(LWS_SSL_ENABLED)
-    find_package(OpenSSL REQUIRED)
-    list(APPEND INCLUDE_DIRS ${OPENSSL_INCLUDE_DIR})
-    list(APPEND LINK_LIBS ${OPENSSL_LIBRARIES})
-endif()
-
 if(WIN32)
     list(APPEND LINK_LIBS shell32)
 elseif(NOT APPLE)
diff --git a/src/http.c b/src/http.c
index 7fcaf2e..1b78911 100644
--- a/src/http.c
+++ b/src/http.c
@@ -246,7 +246,7 @@ int callback_http(struct lws *wsi, enum lws_callback_reasons reason, void *user,
 
     case LWS_CALLBACK_HTTP_FILE_COMPLETION:
       goto try_to_reuse;
-#if defined(LWS_OPENSSL_SUPPORT) || defined(LWS_WITH_TLS)
+#if (defined(LWS_OPENSSL_SUPPORT) || defined(LWS_WITH_TLS)) && !defined(LWS_WITH_MBEDTLS)
     case LWS_CALLBACK_OPENSSL_PERFORM_CLIENT_CERT_VERIFICATION:
       if (!len || (SSL_get_verify_result((SSL *)in) != X509_V_OK)) {
         int err = X509_STORE_CTX_get_error((X509_STORE_CTX *)user);
diff --git a/src/server.c b/src/server.c
index 44f6ca6..70b0864 100644
--- a/src/server.c
+++ b/src/server.c
@@ -509,8 +509,8 @@ int main(int argc, char **argv) {
   if (ssl) {
     info.ssl_cert_filepath = cert_path;
     info.ssl_private_key_filepath = key_path;
-    info.ssl_ca_filepath = ca_path;
-    if (strlen(info.ssl_ca_filepath) > 0)
+    if (strlen(ca_path) > 0)
+      info.ssl_ca_filepath = ca_path;
       info.options |= LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT;
 #if LWS_LIBRARY_VERSION_MAJOR >= 2
     info.options |= LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS;