root_certificates.hpp is not for production

fix #1702
2025-07-30 12:57:31 +02:00 · 2019-09-13 09:03:33 -07:00
parent acdfeb4bdc
commit ec81771fdd
2 changed files with 54 additions and 31 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,9 @@
+Version 268:
+
+* root_certificates.hpp is not for production
+
+--------------------------------------------------------------------------------
+
 Version 267:

 * Add package for Travis config
--- a/example/common/root_certificates.hpp
+++ b/example/common/root_certificates.hpp
@ -13,14 +13,36 @@
 #include <boost/asio/ssl.hpp>
 #include <string>

+/*
+    PLEASE READ
+
+    These root certificates here are included just to make the
+    SSL client examples work. They are NOT intended to be
+    illustrative of best-practices for performing TLS certificate
+    verification.
+
+    A REAL program which needs to verify the authenticity of a
+    server IP address resolved from a given DNS name needs to
+    consult the operating system specific certificate store
+    to validate the chain of signatures, compare the domain name
+    properly against the domain name in the certificate, check
+    the certificate revocation list, and probably do some other
+    things.
+
+    ALL of these operations are entirely outside the scope of
+    both Boost.Beast and Boost.Asio.
+
+    See (work in progress):
+        https://github.com/djarek/certify
+
+    tl;dr: root_certificates.hpp should not be used in production code
+*/
+
 namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp>

 namespace detail {

-// The template argument is gratuituous, to
-// allow the implementation to be header-only.
-//
-template<class = void>
+inline
 void
 load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
 {
@ -60,6 +82,17 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
        "vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n"
        "+OkuE6N36B9K\n"
        "-----END CERTIFICATE-----\n"
+
+        /*  This is the GeoTrust root certificate.
+            
+            CN = GeoTrust Global CA
+            O = GeoTrust Inc.
+            C = US
+            Valid to: Friday, ‎May ‎20, ‎2022 9:00:00 PM
+                                
+            Thumbprint(sha1):
+            ‎de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
+        */
        "-----BEGIN CERTIFICATE-----\n"
        "MIIDaDCCAlCgAwIBAgIJAO8vBu8i8exWMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV\n"
        "BAYTAlVTMQswCQYDVQQIDAJDQTEtMCsGA1UEBwwkTG9zIEFuZ2VsZXNPPUJlYXN0\n"
@ -81,16 +114,6 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
        "9pWXTO9JrYMML7d+XRSZA1n3856OqZDX4403+9FnXCvfcLZLLKTBvwwFgEFGpzjK\n"
        "UEVbkhd5qstF6qWK\n"
        "-----END CERTIFICATE-----\n";
-        /*  This is the GeoTrust root certificate.
-            
-            CN = GeoTrust Global CA
-            O = GeoTrust Inc.
-            C = US
-            Valid to: Friday, ‎May ‎20, ‎2022 9:00:00 PM
-                                
-            Thumbprint(sha1):
-            ‎de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
-        */
        ;

    ctx.add_certificate_authority(
@ -102,12 +125,6 @@ load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
 } // detail

 // Load the root certificates into an ssl::context
-//
-// This function is inline so that its easy to take
-// the address and there's nothing weird like a
-// gratuituous template argument; thus it appears
-// like a "normal" function.
-//

 inline
 void