(ws) on Linux with mbedtls, when the system ca certs are specified (the default) pick up sensible OS supplied paths (tested with CentOS and Alpine)

docs/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 All changes to this project will be documented in this file.
 
+## [10.2.8] - 2020-08-19
+
+(ws) on Linux with mbedtls, when the system ca certs are specified (the default) pick up sensible OS supplied paths (tested with CentOS and Alpine)
+
 ## [10.2.7] - 2020-08-18
 
 (ws push_server) on the server side, stop sending and close the connection when the remote end has disconnected

ixwebsocket/IXWebSocketVersion.h

@@ -6,4 +6,4 @@
 
 #pragma once
 
-#define IX_WEBSOCKET_VERSION "10.2.7"
+#define IX_WEBSOCKET_VERSION "10.2.8"

ws/ws.cpp

@@ -120,6 +120,12 @@ namespace
             return str.substr(0, n) + "...";
         }
     }
+
+    bool fileExists(const std::string& fileName)
+    {
+        std::ifstream infile(fileName);
+        return infile.good();
+    }
 } // namespace
 
 namespace ix
@@ -3183,11 +3189,27 @@ int main(int argc, char** argv)
 
     if (tlsOptions.isUsingSystemDefaults())
     {
-#ifdef __APPLE__
+#if defined(__APPLE__)
 #if defined(IXWEBSOCKET_USE_MBED_TLS) || defined(IXWEBSOCKET_USE_OPEN_SSL)
         // We could try to load some system certs as well, but this is easy enough
         tlsOptions.caFile = "/etc/ssl/cert.pem";
 #endif
+#elif defined(__linux__)
+#if defined(IXWEBSOCKET_USE_MBED_TLS)
+        std::vector<std::string> caFiles = {
+            "/etc/ssl/certs/ca-bundle.crt",       // CentOS
+            "/etc/ssl/certs/ca-certificates.crt", // Alpine
+        };
+
+        for (auto&& caFile : caFiles)
+        {
+            if (fileExists(caFile))
+            {
+                tlsOptions.caFile = caFile;
+                break;
+            }
+        }
+#endif
 #endif
     }