boostorg/beast
1
0
Fork 1
mirror of https://github.com/boostorg/beast.git synced 2025-08-01 05:44:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Verify certificates in client examples:

Browse Source 
fix #1237

HTTP client examples now verify the server's certificate
and generate an error if the certificate is invalid or
expired:

* Set certificate verify mode
* Remove duplicate root certificate
This commit is contained in:
PeterW3
2018-08-27 19:36:34 -07:00
committed by Vinnie Falco
parent cd33d4cbb4
commit 4643b0565e
6 changed files with 13 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -1,6 +1,7 @@
Version 183: Version 183:
* Fix a rare case of failed UTF8 validation * Fix a rare case of failed UTF8 validation
* Verify certificates in client examples
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------

2
doc/qbk/09_releases.qbk
View File

@@ -15,6 +15,8 @@
* ([issue 1245]) Fix a rare case of incorrect UTF8 validation * ([issue 1245]) Fix a rare case of incorrect UTF8 validation
* ([issue 1237]) Verify certificates in client examples
[heading Boost 1.68] [heading Boost 1.68]
This version fixes a missing executor work guard in all composed operations This version fixes a missing executor work guard in all composed operations

20
example/common/root_certificates.hpp
View File

@@ -70,26 +70,6 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
Thumbprint(sha1): Thumbprint(sha1):
de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12 de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
*/ */
"-----BEGIN CERTIFICATE-----\n"
"MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\n"
"MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\n"
"YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG\n"
"EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg\n"
"R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9\n"
"9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq\n"
"fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv\n"
"iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU\n"
"1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+\n"
"bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW\n"
"MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA\n"
"ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l\n"
"uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn\n"
"Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS\n"
"tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF\n"
"PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un\n"
"hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV\n"
"5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==\n"
"-----END CERTIFICATE-----\n"
; ;
ctx.add_certificate_authority( ctx.add_certificate_authority(

3
example/http/client/async-ssl/http_client_async_ssl.cpp
View File

@@ -225,6 +225,9 @@ int main(int argc, char** argv)
// This holds the root certificate used for verification // This holds the root certificate used for verification
load_root_certificates(ctx); load_root_certificates(ctx);
// Verify the remote server's certificate
ctx.set_verify_mode(ssl::verify_peer);
// Launch the asynchronous operation // Launch the asynchronous operation
std::make_shared<session>(ioc, ctx)->run(host, port, target, version); std::make_shared<session>(ioc, ctx)->run(host, port, target, version);

3
example/http/client/coro-ssl/http_client_coro_ssl.cpp
View File

@@ -146,6 +146,9 @@ int main(int argc, char** argv)
// This holds the root certificate used for verification // This holds the root certificate used for verification
load_root_certificates(ctx); load_root_certificates(ctx);
// Verify the remote server's certificate
ctx.set_verify_mode(ssl::verify_peer);
// Launch the asynchronous operation // Launch the asynchronous operation
boost::asio::spawn(ioc, std::bind( boost::asio::spawn(ioc, std::bind(

5
example/http/client/sync-ssl/http_client_sync_ssl.cpp
View File

@@ -59,7 +59,10 @@ int main(int argc, char** argv)
// This holds the root certificate used for verification // This holds the root certificate used for verification
load_root_certificates(ctx); load_root_certificates(ctx);
// These objects perform our I/O // Verify the remote server's certificate
ctx.set_verify_mode(ssl::verify_peer);
// These objects perform our I/O
tcp::resolver resolver{ioc}; tcp::resolver resolver{ioc};
ssl::stream<tcp::socket> stream{ioc, ctx}; ssl::stream<tcp::socket> stream{ioc, ctx};