Subject: Re: [boost] [beast] Platform proxy settings, SSL verification
From: Vinnie Falco (vinnie.falco_at_[hidden])
Date: 2017-07-01 17:24:42
On Sat, Jul 1, 2017 at 10:02 AM, Phil Endecott via Boost
Thanks for taking the time to check out Beast!
> 1. It's a terrible name
I believe that point is addressed in the FAQ :)
> 2. I don't believe there is any integration with platform proxy settings.
That is correct. Such integration is outside the scope of the library,
Beast doesn't try to be an HTTP client. It only handles modeling,
sending, and receiving HTTP messages...
...and WebSocket! Poor WebSocket....
> Having a library that knows about the platform-specific details,
> and which has been tested on a wide variety of those platforms,
> is very valuable.
I agree; perhaps you will write that library on top of Beast?
> Please correct me if I'm wrong, but I think that means that it does
> not do any sort of certificate verification.
Correct. I'm not an expert in using certificates, can your issue be
remedied simply by changing the value passed in? If so, I will gladly
make that change please open an issue here:
> As a matter of principle, I think that the *first* SSL example
> should show how to establish a properly-secure connection.
If this is as easy as changing the argument passed then that's no
problem as I said just open an issue. But to the more general point, I
disagree. Its not within the scope of Beast to teach people how to use
OpenSSL. Boost.Asio already assumes that responsibility since it
provides the boost::asio::ssl::stream class and comes with examples of
certificate use. I have no desire to reinvent the wheel. The SSL
examples in Beast exist only to demonstrate that such integration is
possible, not to educate the user on every aspect of its use. Beast
does not require or use OpenSSL in its implementation.
There is merit in having a great tutorial on effectively SSL with Asio
that covers certificates, ciphers, verification, use of alternative
libraries such as LibreSSL or BoringSSL. However, Beast is not the
place for that tutorial.