mbedtls: LWS_SERVER_OPTION_MBEDTLS_VERIFY_CLIENT_CERT_POST_HANDSHAKE

gennadiyvt · lws-team · commit 43997eb7fad8 · 2025-09-09T15:27:49.000+01:00
This is a server-side vhost option that causes mbedtls-based lws to
accept client / mutual certs from the peer WITHOUT validating them to
the provided CA.

It's for a specialized case where the user code is going to confirm
the SKID relationship between the cert and the signing cert.
diff --git a/include/libwebsockets/lws-context-vhost.h b/include/libwebsockets/lws-context-vhost.h
@@ -249,6 +249,16 @@
 	 * Diffie-Hellman (DH) key exchange ciphers
 	 * (e.g. TLS_DHE_RSA_WITH_AES_256_GCM_SHA384). It's not recommended. */
 
+#define LWS_SERVER_OPTION_MBEDTLS_VERIFY_CLIENT_CERT_POST_HANDSHAKE	 ((1ll << 41) | \
+								 (1ll << 12))
+	/**< (VH) An option to be used with mbedtls only, forces server to load 
+	 * and store the client cert (without CA dependent check)
+	 * to be able to verify it later (after the handshake);
+	 * provides LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT.
+	 * Note: LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT and
+	 * LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED are ignored if
+	 * LWS_SERVER_OPTION_MBEDTLS_VERIFY_CLIENT_CERT_POST_HANDSHAKE is set */
+
 	/****** add new things just above ---^ ******/
 
 
diff --git a/lib/tls/mbedtls/mbedtls-server.c b/lib/tls/mbedtls/mbedtls-server.c
@@ -31,6 +31,15 @@ lws_tls_server_client_cert_verify_config(struct lws_vhost *vh)
 {
 	int verify_options = SSL_VERIFY_PEER;
 
+	if (lws_check_opt(vh->options,
+			  LWS_SERVER_OPTION_MBEDTLS_VERIFY_CLIENT_CERT_POST_HANDSHAKE)) {
+		verify_options |= SSL_VERIFY_POST_HANDSHAKE;
+		SSL_CTX_set_verify(vh->tls.ssl_ctx, verify_options, NULL);
+		lwsl_notice("%s: vh %s can verify client cert post-handshake\n",
+				__func__, vh->name);
+		return 0;
+	}
+
 	/* as a server, are we requiring clients to identify themselves? */
 	if (!lws_check_opt(vh->options,
 			  LWS_SERVER_OPTION_REQUIRE_VALID_OPENSSL_CLIENT_CERT)) {
diff --git a/lib/tls/mbedtls/wrapper/include/internal/ssl_code.h b/lib/tls/mbedtls/wrapper/include/internal/ssl_code.h
@@ -31,6 +31,7 @@
 # define SSL_VERIFY_PEER                 0x01
 # define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
 # define SSL_VERIFY_CLIENT_ONCE          0x04
+# define SSL_VERIFY_POST_HANDSHAKE       0x08
 
 /*
  * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
diff --git a/lib/tls/mbedtls/wrapper/platform/ssl_pm.c b/lib/tls/mbedtls/wrapper/platform/ssl_pm.c
@@ -257,7 +257,9 @@ static int ssl_pm_reload_crt(SSL *ssl)
     struct pkey_pm *pkey_pm = (struct pkey_pm *)ssl->cert->pkey->pkey_pm;
     struct x509_pm *crt_pm = (struct x509_pm *)ssl->cert->x509->x509_pm;
 
-    if ((ssl->verify_mode & SSL_VERIFY_PEER) > 0)
+    if ((ssl->verify_mode & SSL_VERIFY_POST_HANDSHAKE) > 0)
+        mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
+    else if ((ssl->verify_mode & SSL_VERIFY_PEER) > 0)
         mode = MBEDTLS_SSL_VERIFY_REQUIRED;
     else if ((ssl->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) > 0)
         mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
