boostorg/beast
1
0
Fork 1
mirror of https://github.com/boostorg/beast.git synced 2025-08-02 06:15:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use secure TLS/SSL versions:

Browse Source 
TLS1.2 can be used instead, it is available in all currently
supported versions of OpenSSL.

Signed-off-by: Damian Jarek <damian.jarek93@gmail.com>
This commit is contained in:
Damian Jarek
2019-03-14 17:40:41 +01:00
committed by Vinnie Falco
parent 0033b7c1e4
commit 8869ec5681
23 changed files with 62 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -1,6 +1,7 @@
Version 233:
* Check __ANDROID__ instead
* Use secure TLS/SSL versions
--------------------------------------------------------------------------------

2
example/advanced/server-flex/advanced_server_flex.cpp
View File

@@ -971,7 +971,7 @@ int main(int argc, char* argv[])
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

6
example/http/client/async-ssl/http_client_async_ssl.cpp
View File

@@ -150,7 +150,7 @@ public:
if(ec)
return fail(ec, "write");
// Receive the HTTP response
http::async_read(stream_, buffer_, res_,
beast::bind_front_handler(
@@ -220,11 +220,11 @@ int main(int argc, char** argv)
net::io_context ioc;
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23_client};
ssl::context ctx{ssl::context::tlsv12_client};
// This holds the root certificate used for verification
load_root_certificates(ctx);
// Verify the remote server's certificate
ctx.set_verify_mode(ssl::verify_peer);

4
example/http/client/coro-ssl/http_client_coro_ssl.cpp
View File

@@ -153,11 +153,11 @@ int main(int argc, char** argv)
net::io_context ioc;
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23_client};
ssl::context ctx{ssl::context::tlsv12_client};
// This holds the root certificate used for verification
load_root_certificates(ctx);
// Verify the remote server's certificate
ctx.set_verify_mode(ssl::verify_peer);

2
example/http/client/sync-ssl/http_client_sync_ssl.cpp
View File

@@ -57,7 +57,7 @@ int main(int argc, char** argv)
net::io_context ioc;
// The SSL context is required, and holds certificates
ssl::context ctx(ssl::context::sslv23_client);
ssl::context ctx(ssl::context::tlsv12_client);
// This holds the root certificate used for verification
load_root_certificates(ctx);

2
example/http/server/async-ssl/http_server_async_ssl.cpp
View File

@@ -521,7 +521,7 @@ int main(int argc, char* argv[])
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

2
example/http/server/coro-ssl/http_server_coro_ssl.cpp
View File

@@ -402,7 +402,7 @@ int main(int argc, char* argv[])
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

2
example/http/server/flex/http_server_flex.cpp
View File

@@ -671,7 +671,7 @@ int main(int argc, char* argv[])
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

6
example/http/server/stackless-ssl/http_server_stackless_ssl.cpp
View File

@@ -308,7 +308,7 @@ public:
}
#include <boost/asio/yield.hpp>
void
loop(
beast::error_code ec,
@@ -465,7 +465,7 @@ public:
private:
#include <boost/asio/yield.hpp>
void
loop(beast::error_code ec = {})
{
@@ -523,7 +523,7 @@ int main(int argc, char* argv[])
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

2
example/http/server/sync-ssl/http_server_sync_ssl.cpp
View File

@@ -325,7 +325,7 @@ int main(int argc, char* argv[])
net::io_context ioc{1};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

6
example/websocket/client/async-ssl/websocket_client_async_ssl.cpp
View File

@@ -153,7 +153,7 @@ public:
{
if(ec)
return fail(ec, "handshake");
// Send the message
ws_.async_write(
net::buffer(text_),
@@ -171,7 +171,7 @@ public:
if(ec)
return fail(ec, "write");
// Read a message into our buffer
ws_.async_read(
buffer_,
@@ -231,7 +231,7 @@ int main(int argc, char** argv)
net::io_context ioc;
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23_client};
ssl::context ctx{ssl::context::tlsv12_client};
// This holds the root certificate used for verification
load_root_certificates(ctx);

2
example/websocket/client/coro-ssl/websocket_client_coro_ssl.cpp
View File

@@ -147,7 +147,7 @@ int main(int argc, char** argv)
net::io_context ioc;
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23_client};
ssl::context ctx{ssl::context::tlsv12_client};
// This holds the root certificate used for verification
load_root_certificates(ctx);

2
example/websocket/client/sync-ssl/websocket_client_sync_ssl.cpp
View File

@@ -55,7 +55,7 @@ int main(int argc, char** argv)
net::io_context ioc;
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23_client};
ssl::context ctx{ssl::context::tlsv12_client};
// This holds the root certificate used for verification
load_root_certificates(ctx);

4
example/websocket/server/async-ssl/websocket_server_async_ssl.cpp
View File

@@ -277,9 +277,9 @@ int main(int argc, char* argv[])
// The io_context is required for all I/O
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

2
example/websocket/server/coro-ssl/websocket_server_coro_ssl.cpp
View File

@@ -177,7 +177,7 @@ int main(int argc, char* argv[])
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

8
example/websocket/server/stackless-ssl/websocket_server_stackless_ssl.cpp
View File

@@ -69,7 +69,7 @@ public:
}
#include <boost/asio/yield.hpp>
void
loop(
beast::error_code ec,
@@ -228,7 +228,7 @@ public:
private:
#include <boost/asio/yield.hpp>
void
loop(beast::error_code ec = {})
{
@@ -280,9 +280,9 @@ int main(int argc, char* argv[])
// The io_context is required for all I/O
net::io_context ioc{threads};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

2
example/websocket/server/sync-ssl/websocket_server_sync_ssl.cpp
View File

@@ -107,7 +107,7 @@ int main(int argc, char* argv[])
net::io_context ioc{1};
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::sslv23};
ssl::context ctx{ssl::context::tlsv12};
// This holds the self-signed certificate used by the server
load_server_certificate(ctx);

56
include/boost/beast/ssl/ssl_stream.hpp
View File

@@ -19,7 +19,7 @@
// VFALCO We include this because anyone who uses ssl will
// very likely need to check for ssl::error::stream_truncated
#include <boost/asio/ssl/error.hpp>
#include <boost/asio/ssl/error.hpp>
#include <boost/asio/ssl/stream.hpp>
#include <cstddef>
@@ -34,28 +34,28 @@ namespace beast {
The stream class template provides asynchronous and blocking
stream-oriented functionality using SSL.
@par Thread Safety
@e Distinct @e objects: Safe.@n
@e Shared @e objects: Unsafe. The application must also ensure that all
asynchronous operations are performed within the same implicit or explicit
strand.
@par Example
To use this template with a @ref tcp_stream, you would write:
@code
net::io_context ioc;
net::ssl::context ctx{net::ssl::context::sslv23};
net::ssl::context ctx{net::ssl::context::tlsv12};
beast::ssl_stream<beast::tcp_stream> sock{ioc, ctx};
@endcode
In addition to providing an interface identical to `net::ssl::stream`,
the wrapper has the following additional properties:
@li Satisfies @b MoveConstructible
@li Satisfies @b MoveAssignable
@li Constructible from a moved socket.
@li Uses @ref flat_stream internally, as a performance work-around for a
@@ -128,16 +128,16 @@ public:
This function may be used to obtain the underlying implementation of the
context. This is intended to allow access to context functionality that is
not otherwise provided.
@par Example
The native_handle() function returns a pointer of type @c SSL* that is
suitable for passing to functions such as @c SSL_get_verify_result and
@c SSL_get_peer_certificate:
@code
boost::beast::ssl_stream<net::ip::tcp::socket> ss{ioc, ctx};
// ... establish connection and perform handshake ...
if (X509* cert = SSL_get_peer_certificate(ss.native_handle()))
{
if (SSL_get_verify_result(ss.native_handle()) == X509_V_OK)
@@ -191,11 +191,11 @@ public:
This function may be used to configure the peer verification mode used by
the stream. The new mode will override the mode inherited from the context.
@param v A bitmask of peer verification modes.
@throws boost::system::system_error Thrown on failure.
@note Calls @c SSL_set_verify.
*/
void
@@ -208,12 +208,12 @@ public:
This function may be used to configure the peer verification mode used by
the stream. The new mode will override the mode inherited from the context.
@param v A bitmask of peer verification modes. See `verify_mode` for
available values.
@param ec Set to indicate what error occurred, if any.
@note Calls @c SSL_set_verify.
*/
void
@@ -227,12 +227,12 @@ public:
This function may be used to configure the maximum verification depth
allowed by the stream.
@param depth Maximum depth for the certificate chain verification that
shall be allowed.
@throws boost::system::system_error Thrown on failure.
@note Calls @c SSL_set_verify_depth.
*/
void
@@ -245,12 +245,12 @@ public:
This function may be used to configure the maximum verification depth
allowed by the stream.
@param depth Maximum depth for the certificate chain verification that
shall be allowed.
@param ec Set to indicate what error occurred, if any.
@note Calls @c SSL_set_verify_depth.
*/
void
@@ -264,7 +264,7 @@ public:
This function is used to specify a callback function that will be called
by the implementation when it needs to verify a peer certificate.
@param callback The function object to be used for verifying a certificate.
The function signature of the handler must be:
@code bool verify_callback(
@@ -273,9 +273,9 @@ public:
); @endcode
The return value of the callback is true if the certificate has passed
verification, false otherwise.
@throws boost::system::system_error Thrown on failure.
@note Calls @c SSL_set_verify.
*/
template<class VerifyCallback>
@@ -289,7 +289,7 @@ public:
This function is used to specify a callback function that will be called
by the implementation when it needs to verify a peer certificate.
@param callback The function object to be used for verifying a certificate.
The function signature of the handler must be:
@code bool verify_callback(
@@ -298,9 +298,9 @@ public:
); @endcode
The return value of the callback is true if the certificate has passed
verification, false otherwise.
@param ec Set to indicate what error occurred, if any.
@note Calls @c SSL_set_verify.
*/
template<class VerifyCallback>

4
test/beast/websocket/doc_snippets.cpp
View File

@@ -255,7 +255,7 @@ net::ip::tcp::socket sock{ios};
{
//[wss_snippet_2
net::ssl::context ctx{net::ssl::context::sslv23};
net::ssl::context ctx{net::ssl::context::tlsv12};
stream<net::ssl::stream<net::ip::tcp::socket>> wss{ios, ctx};
//]
}
@@ -263,7 +263,7 @@ net::ip::tcp::socket sock{ios};
{
//[wss_snippet_3
net::ip::tcp::endpoint ep;
net::ssl::context ctx{net::ssl::context::sslv23};
net::ssl::context ctx{net::ssl::context::tlsv12};
stream<net::ssl::stream<net::ip::tcp::socket>> ws{ios, ctx};
// connect the underlying TCP/IP socket

2
test/beast/websocket/ssl.cpp
View File

@@ -31,7 +31,7 @@ public:
testTeardown()
{
net::io_context ioc;
net::ssl::context ctx(net::ssl::context::sslv23);
net::ssl::context ctx(net::ssl::context::tlsv12);
Socket ss(ioc, ctx);
struct handler

2
test/doc/core_3_timeouts.cpp
View File

@@ -299,7 +299,7 @@ https_get (std::string const& host, std::string const& target, error_code& ec)
// This context is used to hold client and server certificates.
// We do not perform certificate verification in this example.
net::ssl::context ctx(net::ssl::context::sslv23);
net::ssl::context ctx(net::ssl::context::tlsv12);
// This string will hold the body of the HTTP response, if any.
std::string result;

2
test/doc/snippets.ipp
View File

@@ -22,5 +22,5 @@ std::thread t{[&](){ ioc.run(); }};
tcp::socket sock(ioc);
ssl::context ctx(ssl::context::sslv23);
ssl::context ctx(ssl::context::tlsv12);

2
test/doc/websocket_common.ipp
View File

@@ -16,6 +16,6 @@ using namespace boost::beast::websocket;
net::io_context ioc;
tcp_stream sock(ioc);
net::ssl::context ctx(net::ssl::context::sslv23);
net::ssl::context ctx(net::ssl::context::tlsv12);
//]