|
Boost Users : |
From: Arun Prabu (arrunprabu_at_[hidden])
Date: 2008-06-06 12:58:26
Hi,
I am using the following boost asio example program to create a ssl
connection
-
http://www.boost.org/doc/libs/1_35_0/doc/html/boost_asio/example/ssl/client.cpp
-
http://www.boost.org/doc/libs/1_35_0/doc/html/boost_asio/example/ssl/server.cpp
I am able to create a ssl connection, send/receive packets through the ssl
connection. This code is suppose to do one way handshaking only. i.e only
server authentication is done. The server sends its certificate to Client
and the Client authenticates it.
This is the code on server side which adds its certificate into the context.
Server:
context_.set_options(
asio::ssl::context::default_workarounds
| asio::ssl::context::no_sslv2
| asio::ssl::context::single_dh_use);
context_.set_password_callback(boost::bind(&server::get_password, this));
context_.use_certificate_chain_file("server.pem");
context_.use_private_key_file("server.pem", asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
This is the code on the client side which initiates the Server
Authentication
Client :
ctx.set_verify_mode(boost::asio::ssl::context::verify_peer);
ctx.load_verify_file("ca.pem");
But, I wanted to do Client side authentication too. So, i added the
following on server side
Server:
ctx.set_verify_mode(boost::asio::ssl::context::verify_fail_if_no_peer_cert
| boost::asio::ssl::context::verify_peer);
ctx.load_verify_file("ca.pem");
I added the following on client side to upload its certificates to the
context.
Client:
context_.set_options(
asio::ssl::context::default_workarounds
| asio::ssl::context::no_sslv2
| asio::ssl::context::single_dh_use);
context_.set_password_callback(boost::bind(&server::get_password, this));
context_.use_certificate_chain_file("client.pem");
context_.use_private_key_file("client.pem", asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
After adding these code, the Client Authentication is not happening. But,
Openssl man page says that setting verify_fail_if_no_peer_cert should
initiate Client Authentication. I am missing out something. Can someone over
here help me out how to do both server/client authentication over an ssl
connection using boost asio.
Regards,
Arun
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net