boostorg/beast
1
0
Fork 1
mirror of https://github.com/boostorg/beast.git synced 2025-07-31 13:27:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

root_certificates.hpp is not for production

Browse Source 
fix #1702
This commit is contained in:
Vinnie Falco
2019-09-13 09:03:33 -07:00
parent acdfeb4bdc
commit ec81771fdd
2 changed files with 54 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG.md
View File

@ -1,3 +1,9 @@
Version 268:
* root_certificates.hpp is not for production
--------------------------------------------------------------------------------
Version 267: Version 267:
* Add package for Travis config * Add package for Travis config

57
example/common/root_certificates.hpp
View File

@ -13,14 +13,36 @@
#include <boost/asio/ssl.hpp> #include <boost/asio/ssl.hpp>
#include <string> #include <string>
/*
PLEASE READ
These root certificates here are included just to make the
SSL client examples work. They are NOT intended to be
illustrative of best-practices for performing TLS certificate
verification.
A REAL program which needs to verify the authenticity of a
server IP address resolved from a given DNS name needs to
consult the operating system specific certificate store
to validate the chain of signatures, compare the domain name
properly against the domain name in the certificate, check
the certificate revocation list, and probably do some other
things.
ALL of these operations are entirely outside the scope of
both Boost.Beast and Boost.Asio.
See (work in progress):
https://github.com/djarek/certify
tl;dr: root_certificates.hpp should not be used in production code
*/
namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp> namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp>
namespace detail { namespace detail {
// The template argument is gratuituous, to inline
// allow the implementation to be header-only.
//
template<class = void>
void void
load_root_certificates(ssl::context& ctx, boost::system::error_code& ec) load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
{ {
@ -60,6 +82,17 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
"vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n" "vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n"
"+OkuE6N36B9K\n" "+OkuE6N36B9K\n"
"-----END CERTIFICATE-----\n" "-----END CERTIFICATE-----\n"
/* This is the GeoTrust root certificate.
CN = GeoTrust Global CA
O = GeoTrust Inc.
C = US
Valid to: Friday, May 20, 2022 9:00:00 PM
Thumbprint(sha1):
de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
*/
"-----BEGIN CERTIFICATE-----\n" "-----BEGIN CERTIFICATE-----\n"
"MIIDaDCCAlCgAwIBAgIJAO8vBu8i8exWMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV\n" "MIIDaDCCAlCgAwIBAgIJAO8vBu8i8exWMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV\n"
"BAYTAlVTMQswCQYDVQQIDAJDQTEtMCsGA1UEBwwkTG9zIEFuZ2VsZXNPPUJlYXN0\n" "BAYTAlVTMQswCQYDVQQIDAJDQTEtMCsGA1UEBwwkTG9zIEFuZ2VsZXNPPUJlYXN0\n"
@ -81,16 +114,6 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
"9pWXTO9JrYMML7d+XRSZA1n3856OqZDX4403+9FnXCvfcLZLLKTBvwwFgEFGpzjK\n" "9pWXTO9JrYMML7d+XRSZA1n3856OqZDX4403+9FnXCvfcLZLLKTBvwwFgEFGpzjK\n"
"UEVbkhd5qstF6qWK\n" "UEVbkhd5qstF6qWK\n"
"-----END CERTIFICATE-----\n"; "-----END CERTIFICATE-----\n";
/* This is the GeoTrust root certificate.
CN = GeoTrust Global CA
O = GeoTrust Inc.
C = US
Valid to: Friday, May 20, 2022 9:00:00 PM
Thumbprint(sha1):
de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
*/
; ;
ctx.add_certificate_authority( ctx.add_certificate_authority(
@ -102,12 +125,6 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
} // detail } // detail
// Load the root certificates into an ssl::context // Load the root certificates into an ssl::context
//
// This function is inline so that its easy to take
// the address and there's nothing weird like a
// gratuituous template argument; thus it appears
// like a "normal" function.
//
inline inline
void void