Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is client certificate verify supported? #81

Open
chnex opened this issue Mar 3, 2016 · 3 comments
Open

is client certificate verify supported? #81

chnex opened this issue Mar 3, 2016 · 3 comments

Comments

@chnex
Copy link

chnex commented Mar 3, 2016

I was using the following code to add server certificate to http_listener, also tried to verify the certificate of external clients who are trying to connect to http_listener. The server certificate (line 5,6) works well, but as long as I add line 7, ssl handshake will fail, i.e. at client side, I could see
--> ClientHello, <-- ServerHello/Certificate/CertificateRequest, --> Certificate/ClientKeyExchange/CertificateVerify, then no response from the server, and TLS 1.2 Handshake Finished, with this error: 140279477085840:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177. Is this a known issue? Thanks.

  1. http_listener_config conf;
  2. conf.set_ssl_context_callback(
  3. [this](boost::asio::ssl::context &ctx) {
  4.    ctx.set_options(boost::asio::ssl::context::default_workarounds);

  5.    ctx.use_certificate_chain_file(this->CertPath);

  6.    ctx.use_private_key_file(this->PkPath, boost::asio::ssl::context::pem);

  7.    ctx.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);

  8.    ctx.set_verify_callback(boost::bind(verifyCertCallback,_1,_2);
  9. });
@venkata3903
Copy link

Hi Chnex,

I am also struck at same point, getting "Error in SSL handshake". Is it solved or else any workaround for client certificate validation ..?

If anyone aware of this please comment ..!

@levuphuong
Copy link

hi venkata3903
you can by pass by error with snippet code.
http_client_config config; config.set_validate_certificates(false); http_client client(ip, config);

@venkata3903
Copy link

Hi levuphuong,

Thanks for the info.

I did the same in client side, but i want to validate client certificate from server. So i have used the following code on server

http_listener_config server_config;
server_config.set_ssl_context_callback([&](boost::asio::ssl::context& ctx)
{
ctx.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);
}

even i use config.set_validate_certificates(false) on client , by adding above ctx.set_verify_mode in server , getting "Error in SSL handshake".

Thanks,
Venkata3903

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@levuphuong @chnex @venkata3903