Boost logo

Boost Users :

Subject: Re: [Boost-users] [asio] sslv3 handshake
From: Matthijs Möhlmann (matthijs_at_[hidden])
Date: 2017-03-30 14:35:53


On 3/30/17 2:19 PM, Jim Gallogly via Boost-users wrote:
> I want to do a simple C++ web get similar to what is done by this curl
> command. I must use boost 1.49
>
> > curl https://mysite.dev/api/v1/search?q=test -k --cert
> > C:\work\testCert.pem
>
> The server is requiring the client certificate.
>
> I started by using this as an example
> http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/example/ssl/client.cpp
>
> and I added modifications by adding calls to the context like
>
> ctx.set_options(boost::asio::ssl::context::default_workarounds);
> ctx.use_certificate_file("C:\\work\\testCert.pem",
> boost::asio::ssl::context_base::pem);
>
> My Request Looks like this:
>
> > GET /api/v1/search?q=test HTTP/1.0<br>
> > Host: mysite.dev <br>
> > Accept: \*/*
>
> but I keep getting messages like this
>
> > Error: sslv3 alert handshake failure
>
> Does any one know what other steps I need to do? Is this possible in
> boost 1.49?
>
> Thanks,
> Jim
Does the server support SSLv3? On most servers this is disabled because
of design flaws. Can you force it to use TLSv1 or TLSv1.1 / TLSv1.2?

Pass flags like: no_sslv2 / no_sslv3 to the context:
ctx.set_options(boost::asio::ssl::context::default_workarounds
    | boost::asio::ssl::context::no_sslv2
    | boost::asio::ssl::context::no_sslv3);

I am not sure if the root certificates are loaded automatically, if not
you should load it with the following functions:
ctx.load_verify_file
(http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/reference/ssl__context/load_verify_file.html)

And for using client certificate:
 - use_private_key_file
 - use_certificate_file

Hopefully this will help in solving your problem.

Regards,

Matthijs Möhlmann


Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net