Boost logo

Boost Users :

Subject: Re: [Boost-users] [asio] sslv3 handshake
From: Jim Gallogly (gallogly_at_[hidden])
Date: 2017-03-30 19:09:11


This was exactly my problem, thanks so much!

On Mar 30, 2017 10:36 AM, "Matthijs Möhlmann via Boost-users" <
boost-users_at_[hidden]> wrote:

> On 3/30/17 2:19 PM, Jim Gallogly via Boost-users wrote:
> > I want to do a simple C++ web get similar to what is done by this curl
> > command. I must use boost 1.49
> >
> > > curl https://mysite.dev/api/v1/search?q=test -k --cert
> > > C:\work\testCert.pem
> >
> > The server is requiring the client certificate.
> >
> > I started by using this as an example
> > http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/
> example/ssl/client.cpp
> >
> > and I added modifications by adding calls to the context like
> >
> > ctx.set_options(boost::asio::ssl::context::default_workarounds);
> > ctx.use_certificate_file("C:\\work\\testCert.pem",
> > boost::asio::ssl::context_base::pem);
> >
> > My Request Looks like this:
> >
> > > GET /api/v1/search?q=test HTTP/1.0<br>
> > > Host: mysite.dev <br>
> > > Accept: \*/*
> >
> > but I keep getting messages like this
> >
> > > Error: sslv3 alert handshake failure
> >
> > Does any one know what other steps I need to do? Is this possible in
> > boost 1.49?
> >
> > Thanks,
> > Jim
> Does the server support SSLv3? On most servers this is disabled because
> of design flaws. Can you force it to use TLSv1 or TLSv1.1 / TLSv1.2?
>
> Pass flags like: no_sslv2 / no_sslv3 to the context:
> ctx.set_options(boost::asio::ssl::context::default_workarounds
> | boost::asio::ssl::context::no_sslv2
> | boost::asio::ssl::context::no_sslv3);
>
> I am not sure if the root certificates are loaded automatically, if not
> you should load it with the following functions:
> ctx.load_verify_file
> (http://www.boost.org/doc/libs/1_49_0/doc/html/boost_
> asio/reference/ssl__context/load_verify_file.html)
>
> And for using client certificate:
> - use_private_key_file
> - use_certificate_file
>
> Hopefully this will help in solving your problem.
>
> Regards,
>
> Matthijs Möhlmann
>
> _______________________________________________
> Boost-users mailing list
> Boost-users_at_[hidden]
> http://lists.boost.org/mailman/listinfo.cgi/boost-users



Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net