Hi,
I am using the following boost asio example program to create a ssl connection
I am able to create a ssl connection, send/receive packets through the ssl connection. This code is suppose to do one way handshaking only. i.e only server authentication is done. The server sends its certificate to Client and the Client authenticates it.
This is the code on server side which adds its certificate into the context.
Server:
context_.set_options(
asio::ssl::context::default_workarounds
| asio::ssl::context::no_sslv2
| asio::ssl::context::single_dh_use);
context_.set_password_callback(boost::bind(&server::get_password, this));
context_.use_certificate_chain_file("server.pem");
context_.use_private_key_file("server.pem", asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
This is the code on the client side which initiates the Server Authentication
Client :
ctx.set_verify_mode(boost::asio::ssl::context::verify_peer);
ctx.load_verify_file("ca.pem");
But, I wanted to do Client side authentication too. So, i added the following on server side
Server:
ctx.set_verify_mode(boost::asio::ssl::context::verify_fail_if_no_peer_cert | boost::asio::ssl::context::verify_peer);
ctx.load_verify_file("ca.pem");
I added the following on client side to upload its certificates to the context.
Client:
context_.set_options(
asio::ssl::context::default_workarounds
| asio::ssl::context::no_sslv2
| asio::ssl::context::single_dh_use);
context_.set_password_callback(boost::bind(&server::get_password, this));
context_.use_certificate_chain_file("client.pem");
context_.use_private_key_file("client.pem", asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
After adding these code, the Client Authentication is not happening. But, Openssl man page says that setting verify_fail_if_no_peer_cert should initiate Client Authentication. I am missing out something. Can someone over here help me out how to do both server/client authentication over an ssl connection using boost asio.
Regards,
Arun