Topic: wolfSSL_CTX_load_verify_locations on the server-side

Hello,

I have read everything I could and still don't have an exact understanding:

If the clients are browsers creating secure websockets (wss) to connect to our server, then
do we need to call
wolfSSL_CTX_load_verify_locations(m_pWolfCtx, "..\\ca-cert.pem", 0);
in our server initialization code?

1. We don't need to verify client certificates, so the above call is not needed. Is that correct?

2. If we do need to verify client certificates, what else needs to be done on the server side, besides the call to wolfSSL_CTX_load_verify_locations?

Share

Re: wolfSSL_CTX_load_verify_locations on the server-side

Hi,

If you don't need to do client authentication, your server does not need to load a list of CA certificates using the wolfSSL_CTX_load_verify_locations() function.  You will just need to load a server private key and certificate.

Best Regards,
Chris