boostorg/beast
1
0
Fork 1
mirror of https://github.com/boostorg/beast.git synced 2026-04-21 08:58:56 +02:00
Code Issues Packages Projects Releases Wiki Activity

SSL examples verify peer cert hostname

Browse Source 
Fixes #2974
This commit is contained in:
Mohammad Nejati
2025-02-11 13:12:53 +00:00
committed by Mohammad Nejati
parent 4e384f086b
commit ea38d841b0
11 changed files with 109 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
example/websocket/client/async-ssl/websocket_client_async_ssl.cpp
+12 -5
View File
@@ -108,12 +108,16 @@ public:
beast::get_lowest_layer(ws_).expires_after(std::chrono::seconds(30));
// Set SNI Hostname (many hosts need this to handshake successfully)
if(! SSL_set_tlsext_host_name(
ws_.next_layer().native_handle(),
host_.c_str()))
if(! SSL_set_tlsext_host_name(ws_.next_layer().native_handle(), host_.c_str()))
{
ec = beast::error_code(static_cast<int>(::ERR_get_error()),
net::error::get_ssl_category());
ec.assign(static_cast<int>(::ERR_get_error()), net::error::get_ssl_category());
return fail(ec, "connect");
}
// Set the expected hostname in the peer certificate for verification
if(! SSL_set1_host(ws_.next_layer().native_handle(), host_.c_str()))
{
ec.assign(static_cast<int>(::ERR_get_error()), net::error::get_ssl_category());
return fail(ec, "connect");
}
@@ -246,6 +250,9 @@ int main(int argc, char** argv)
// The SSL context is required, and holds certificates
ssl::context ctx{ssl::context::tlsv12_client};
// Verify the remote server's certificate
ctx.set_verify_mode(ssl::verify_peer);
// This holds the root certificate used for verification
load_root_certificates(ctx);