diff --git a/CHANGELOG.md b/CHANGELOG.md index aa1a42f4..3845c07d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ Version 183: * Fix a rare case of failed UTF8 validation +* Verify certificates in client examples -------------------------------------------------------------------------------- diff --git a/doc/qbk/09_releases.qbk b/doc/qbk/09_releases.qbk index fb6d6158..68d57d5e 100644 --- a/doc/qbk/09_releases.qbk +++ b/doc/qbk/09_releases.qbk @@ -15,6 +15,8 @@ * ([issue 1245]) Fix a rare case of incorrect UTF8 validation +* ([issue 1237]) Verify certificates in client examples + [heading Boost 1.68] This version fixes a missing executor work guard in all composed operations diff --git a/example/common/root_certificates.hpp b/example/common/root_certificates.hpp index 60e78e46..1d0cfc1b 100644 --- a/example/common/root_certificates.hpp +++ b/example/common/root_certificates.hpp @@ -70,26 +70,6 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec) Thumbprint(sha1): ‎de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12 */ - "-----BEGIN CERTIFICATE-----\n" - "MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\n" - "MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\n" - "YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG\n" - "EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg\n" - "R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9\n" - "9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq\n" - "fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv\n" - "iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU\n" - "1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+\n" - "bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW\n" - "MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA\n" - "ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l\n" - "uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn\n" - "Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS\n" - "tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF\n" - "PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un\n" - "hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV\n" - "5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==\n" - "-----END CERTIFICATE-----\n" ; ctx.add_certificate_authority( diff --git a/example/http/client/async-ssl/http_client_async_ssl.cpp b/example/http/client/async-ssl/http_client_async_ssl.cpp index 76b26cb0..34c05683 100644 --- a/example/http/client/async-ssl/http_client_async_ssl.cpp +++ b/example/http/client/async-ssl/http_client_async_ssl.cpp @@ -225,6 +225,9 @@ int main(int argc, char** argv) // This holds the root certificate used for verification load_root_certificates(ctx); + + // Verify the remote server's certificate + ctx.set_verify_mode(ssl::verify_peer); // Launch the asynchronous operation std::make_shared(ioc, ctx)->run(host, port, target, version); diff --git a/example/http/client/coro-ssl/http_client_coro_ssl.cpp b/example/http/client/coro-ssl/http_client_coro_ssl.cpp index 8b4ff8c6..24fce733 100644 --- a/example/http/client/coro-ssl/http_client_coro_ssl.cpp +++ b/example/http/client/coro-ssl/http_client_coro_ssl.cpp @@ -146,6 +146,9 @@ int main(int argc, char** argv) // This holds the root certificate used for verification load_root_certificates(ctx); + + // Verify the remote server's certificate + ctx.set_verify_mode(ssl::verify_peer); // Launch the asynchronous operation boost::asio::spawn(ioc, std::bind( diff --git a/example/http/client/sync-ssl/http_client_sync_ssl.cpp b/example/http/client/sync-ssl/http_client_sync_ssl.cpp index db4de566..c3c60371 100644 --- a/example/http/client/sync-ssl/http_client_sync_ssl.cpp +++ b/example/http/client/sync-ssl/http_client_sync_ssl.cpp @@ -59,7 +59,10 @@ int main(int argc, char** argv) // This holds the root certificate used for verification load_root_certificates(ctx); - // These objects perform our I/O + // Verify the remote server's certificate + ctx.set_verify_mode(ssl::verify_peer); + + // These objects perform our I/O tcp::resolver resolver{ioc}; ssl::stream stream{ioc, ctx};