Boost logo

Boost :

Subject: Re: [boost] Asio and SSL problem
From: Carlo Medas (carlomedas_at_[hidden])
Date: 2008-09-05 11:01:08


Hi,
we've been using asio with SSL, but with async mode; it's working perfectly
both in successful and failure cases.

I see one major difference in your code:
 * when you close and connect again, we use 'lowest_layer()' where you use
'next_layer()'
 * stupid one (you never know...): are you catching exceptions on the
caller? :)

Best regards,

Carlo Medas

On Fri, Sep 5, 2008 at 4:14 PM, Berserker <berserker_r_at_[hidden]> wrote:

> I tried to post this problem in the asio mailing list but I hadn't any
> feedback, so I'm reporting it here with the hope that someone can help me.
>
> I have a "stack overflow" problem with the following code (using boost
> 1.36):
>
> void test_handshake(const std::string &host, const std::string &cert)
> {
> boost::asio::io_service service;
>
> boost::asio::ssl::context sslContext(service,
> boost::asio::ssl::context::sslv23);
> sslContext.set_verify_mode(boost::asio::ssl::context::verify_peer);
> sslContext.load_verify_file(cert);
>
> boost::asio::ip::tcp::resolver resolver(service);
>
> boost::asio::ip::tcp::resolver::iterator endpoint_iterator =
> resolver.resolve(boost::asio::ip::tcp::resolver::query(host, "443"));
> boost::asio::ip::tcp::resolver::iterator end;
>
> boost::asio::ssl::stream<boost::asio::ip::tcp::socket> sslSocket(service,
> sslContext);
>
> boost::system::error_code error = boost::asio::error::host_not_found;
> while(error && endpoint_iterator != end)
> {
> sslSocket.next_layer().close();
> sslSocket.next_layer().connect(*endpoint_iterator++, error);
> }
>
> if(error)
> throw boost::system::system_error(error);
>
> sslSocket.handshake(boost::asio::ssl::stream_base::client);
>
> // bla bla
> }
>
> When
> I call this function with a valid certificate for the host I have no
> problems, but when I pass a "custom" cerificate (not valid for the host
> specified) it results in a stack overflow error instead of throwing an
> exception as I expected...
>
> This example works:
>
> test_handshake("sourceforge.net",
> "cacerts.pem"); // grab cacerts.pem from here for example:
> http://www.cs.fsu.edu/~engelen/soapcacerts.html
>
> This causes, as I said, a stack overflow instead of an exception:
>
> test_handshake("sourceforge.net", "ca.pem"); // ca.pem was taken from
> the asio examples
>
> Plz help
>
>
> P.S.: is anyone using asio with ssl? It's very strange that nobody has
> reported this problem...
>
> _________________________________________________________________
> Cerchi un locale per la serata? Chiedilo a Live Maps!
> http://maps.live.it/
> _______________________________________________
> Unsubscribe & other changes:
> http://lists.boost.org/mailman/listinfo.cgi/boost
>


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk