diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 1e8f1279..6199e5a6 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -2,6 +2,10 @@ All changes to this project will be documented in this file. +## [10.2.8] - 2020-08-19 + +(ws) on Linux with mbedtls, when the system ca certs are specified (the default) pick up sensible OS supplied paths (tested with CentOS and Alpine) + ## [10.2.7] - 2020-08-18 (ws push_server) on the server side, stop sending and close the connection when the remote end has disconnected diff --git a/ixwebsocket/IXWebSocketVersion.h b/ixwebsocket/IXWebSocketVersion.h index 5217d786..13a03f37 100644 --- a/ixwebsocket/IXWebSocketVersion.h +++ b/ixwebsocket/IXWebSocketVersion.h @@ -6,4 +6,4 @@ #pragma once -#define IX_WEBSOCKET_VERSION "10.2.7" +#define IX_WEBSOCKET_VERSION "10.2.8" diff --git a/ws/ws.cpp b/ws/ws.cpp index 7daf3b56..66deda8f 100644 --- a/ws/ws.cpp +++ b/ws/ws.cpp @@ -120,6 +120,12 @@ namespace return str.substr(0, n) + "..."; } } + + bool fileExists(const std::string& fileName) + { + std::ifstream infile(fileName); + return infile.good(); + } } // namespace namespace ix @@ -3183,11 +3189,27 @@ int main(int argc, char** argv) if (tlsOptions.isUsingSystemDefaults()) { -#ifdef __APPLE__ +#if defined(__APPLE__) #if defined(IXWEBSOCKET_USE_MBED_TLS) || defined(IXWEBSOCKET_USE_OPEN_SSL) // We could try to load some system certs as well, but this is easy enough tlsOptions.caFile = "/etc/ssl/cert.pem"; #endif +#elif defined(__linux__) +#if defined(IXWEBSOCKET_USE_MBED_TLS) + std::vector caFiles = { + "/etc/ssl/certs/ca-bundle.crt", // CentOS + "/etc/ssl/certs/ca-certificates.crt", // Alpine + }; + + for (auto&& caFile : caFiles) + { + if (fileExists(caFile)) + { + tlsOptions.caFile = caFile; + break; + } + } +#endif #endif }