During the websocket client TLS handshake, the server_name field is missing from the Client Hello message sent to the server.

[ListerTheTormentor]

Use websocket client to connect to wss://echo.websocket.org, During TLS handshake, the server_name field is missing from the Client Hello message sent to the server, The server will close the connection, and the handshake cannot be completed.

With FreeRTOS, Mbedtls.

[lws-team]

What's the lws version, mbedtls version?

What does the user code setting up the client connection look like?

Is there any possibility that the lws headers you are using do not actually match the version of lws you're using?

[ListerTheTormentor]

LWS: 4.3.3-WM, MbedTLS-3.4.0

[ListerTheTormentor]

static struct lws_protocols g_protocols[] = {
{
.name = "echo-protocol",
.callback = client_callback,
.rx_buffer_size = EXAMPLE_MAX_RECV_BUF_SIZE,
.tx_packet_size = EXAMPLE_MAX_SEND_PKT_SIZE,
},
LWS_PROTOCOL_LIST_TERM
};

static int websocke_client(void)
{
char url_protocol[8] = "";
char url_host[64] = "";
char url_path[64] = "";
int url_port = 0;
int is_ssl_connection = 0;

struct lws_context_creation_info info;
struct lws_client_connect_info ccinfo;
struct lws_context *context;

/*parse url*/
parse_url(CONFIG_EXAMPLE_SERVER_URL, url_protocol, url_host, &url_port, url_path);
wm_log_info("protocol=%s,host=%s,port=%d,path=%s", url_protocol, url_host, url_port, url_path);

if (!strcmp(url_protocol, "ws")) {
    is_ssl_connection = 0;
} else if (!strcmp(url_protocol, "wss")) {
    is_ssl_connection = 1;
} else {
    wm_log_error("bad url protocol");
    return WM_ERR_INVALID_PARAM;
}

/* create lws context*/
memset(&info, 0, sizeof info);
info.port      = CONTEXT_PORT_NO_LISTEN; /* not listen port*/
info.protocols = g_protocols;
info.options   = (is_ssl_connection ? LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT : 0);
info.gid = -1;
info.uid = -1;

context = lws_create_context(&info);
if (!context) {
    lwsl_err("lws init failed\n");
    return WM_ERR_FAILED;
}

/* config connect info */
memset(&ccinfo, 0, sizeof ccinfo);
ccinfo.context        = context;
ccinfo.address        = url_host;
ccinfo.port           = url_port;
ccinfo.path           = url_path;
ccinfo.host           = ccinfo.address;
ccinfo.origin         = ccinfo.address;
ccinfo.protocol       = g_protocols[0].name;
ccinfo.ssl_connection = 0;

if(is_ssl_connection){
    ccinfo.ssl_connection = LCCSCF_USE_SSL ;
    if(EXAMPLE_ALLOW_SELF_SIGNED){
        ccinfo.ssl_connection |=  (LCCSCF_ALLOW_SELFSIGNED | LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK );
    }
}

/* connect to remote websocket server */
lws_client_connect_via_info(&ccinfo);

/* poll loop */
while (!g_done) {
    lws_service(context, 100);
}

[ListerTheTormentor]

The temporary solution I use is as follows:

add the following calling after "lws_ssl_client_bio_create" in the function "lws_client_create_tls" in the file "tls-client.c", then it's work OK.

mbedtls_ssl_set_hostname(SSL_mbedtls_ssl_context_from_SSL(wsi->tls.ssl), wsi->stash->cis[CIS_HOST]);

There may be other regular solutions.

[lws-team]

The address member takes an IP, or DNS address, like warmcat.com. It doesnt take a url.