diff --git a/include/rtc/websocket.hpp b/include/rtc/websocket.hpp index 6f76f7a09..e6ce727ab 100644 --- a/include/rtc/websocket.hpp +++ b/include/rtc/websocket.hpp @@ -40,6 +40,9 @@ class RTC_CPP_EXPORT WebSocket final : private CheshireCat, pub optional pingInterval; // zero to disable optional maxOutstandingPings; optional caCertificatePemFile; + optional certificatePemFile; + optional keyPemFile; + optional keyPemPass; }; WebSocket(); diff --git a/src/impl/tlstransport.cpp b/src/impl/tlstransport.cpp index 0cca128cd..e04d0736c 100644 --- a/src/impl/tlstransport.cpp +++ b/src/impl/tlstransport.cpp @@ -592,14 +592,16 @@ TlsTransport::TlsTransport(variant, shared_ptrcredentials(); SSL_CTX_use_certificate(mCtx, x509); SSL_CTX_use_PrivateKey(mCtx, pkey); - } else { - if (!SSL_CTX_set_default_verify_paths(mCtx)) { - PLOG_WARNING << "SSL root CA certificates unavailable"; - } } SSL_CTX_set_options(mCtx, SSL_OP_NO_SSLv3 | SSL_OP_NO_RENEGOTIATION); diff --git a/src/impl/websocket.cpp b/src/impl/websocket.cpp index 77fe34bbe..a5c707247 100644 --- a/src/impl/websocket.cpp +++ b/src/impl/websocket.cpp @@ -36,8 +36,8 @@ using std::chrono::milliseconds; WebSocket::WebSocket(optional optConfig, certificate_ptr certificate) : config(optConfig ? std::move(*optConfig) : Configuration()), - mCertificate(std::move(certificate)), mIsSecure(mCertificate != nullptr), - mRecvQueue(RECV_QUEUE_LIMIT, message_size_func) { + mCertificate(certificate ? std::move(certificate) : std::move(loadCertificate(config))), + mIsSecure(mCertificate != nullptr), mRecvQueue(RECV_QUEUE_LIMIT, message_size_func) { PLOG_VERBOSE << "Creating WebSocket"; if (config.proxyServer) { if (config.proxyServer->type == ProxyServer::Type::Socks5) @@ -49,6 +49,19 @@ WebSocket::WebSocket(optional optConfig, certificate_ptr certific } } +certificate_ptr WebSocket::loadCertificate(const Configuration& config) { + if (!config.certificatePemFile) + return nullptr; + + if (config.keyPemFile) + return std::make_shared( + Certificate::FromFile(*config.certificatePemFile, *config.keyPemFile, + config.keyPemPass.value_or(""))); + + throw std::invalid_argument( + "Either none or both certificate and key PEM files must be specified"); +} + WebSocket::~WebSocket() { PLOG_VERBOSE << "Destroying WebSocket"; } void WebSocket::open(const string &url) { diff --git a/src/impl/websocket.hpp b/src/impl/websocket.hpp index 9287cf08b..ef82068d8 100644 --- a/src/impl/websocket.hpp +++ b/src/impl/websocket.hpp @@ -67,6 +67,8 @@ struct WebSocket final : public Channel, public std::enable_shared_from_this state = State::Closed; private: + static certificate_ptr loadCertificate(const Configuration& config); + void scheduleConnectionTimeout(); const init_token mInitToken = Init::Instance().token();