Boost logo

Boost Users :

Subject: [Boost-users] Regarding certificate verification using Asio
From: David Demelier (markand_at_[hidden])
Date: 2018-11-05 09:38:24


Hello,

This is more a general question about certificates verification in SSL
contexts. I hope this is not too much offtopic.

I know how asymmetric encryption works, but I never dig a lot into the
process of certificates verification.

I know how certificate checks are made with browsers, the server must
have a certificate signed by a trusted CA. But then, I must admit that I
don't know many more. For example, A lot of Linux package managers use
package signing to be sure that packages downloaded are correctly built
from the vendor. But this is another topic I guess.

Now, for example, I would like to create my own server process and my
own client. They are not open to the internet, so no need to buy trusted
authority certificates.

So by generating self-signed certificate and private key file. The
server can run.

The question is: how the client be sure that it is connecting to the
right server? Do this client needs to have the same certificate on its
local machine and use it? If yes, should I use
ssl::context::load_verify_file and ssl::verify_peer and I'm done?

If you have some resources to advice me on the certificate check
mechanisms, please give me.

Regards

-- 
David

Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net