StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POBoost, asio, https, and host/certificate verifcation
primarykey
Id
19074104
data
AcceptedAnswerId
19080319
AnswerCount
1
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-09-29T03:28:04.543
FavoriteCount
1
LastActivityDate
2013-09-29T16:55:54.570
LastEditDate
2013-09-29T07:14:11.533
LastEditorUserId
608639
OwnerUserId
608639
ParentId
0
PostTypeId
1
Score
6
ViewCount
1788
LastEditorDisplayName
text
Body
I'm looking at Boost's <a href="http://www.boost.org/doc/libs/1_54_0/doc/html/boost_asio/example/cpp03/ssl/client.cpp">SSL Client</a>. There's a reference to OpenSSL in the comments (sorry, no line numbers): <pre><code>// The verify callback can be used to check whether the certificate that is // being presented is valid for the peer. For example, RFC 2818 describes // the steps involved in doing this for HTTPS. Consult the OpenSSL // documentation for more details. Note that the callback is called once // for each certificate in the certificate chain, starting from the root // certificate authority. </code></pre> Proper OpenSSL use and verification can be tricky. From experience, I know I have to perform the following to use the library correctly: <ul> <li>Disable SSLv2, SSLv3, and Compression on the Context object</li> <li>Provide the proper root certificate for chain building and checking</li> <li>Call <code>SSL_get_peer_certificate</code> and verify the certificate is non-NULL</li> <li>Call <code>SSL_get_verify_result</code> and verify the result is <code>X509_V_OK</code></li> <li>Perform name matching (CN or SAN must match requested host)</li> </ul> OpenSSL 1.1.0 will provide name checking, but its only in HEAD at this point in time. From the <a href="http://www.openssl.org/news/changelog.html">OpenSSL Change Log</a>: <pre><code>Integrate hostname, email address and IP address checking with certificate verification. New verify options supporting checking in opensl utility. </code></pre> And: <pre><code>New functions to check a hostname email or IP address against a certificate. Add options x509 utility to print results of checks against a certificate. </code></pre> I don't see where Boost is performing any of the configurations or checks in the client code. What precisely is Boost configuring, and what is it checking or verifying in its <code>asio</code> library component when using SSL?
Tags
<c++><boost><ssl><openssl><boost-asio>
Title
Boost, asio, https, and host/certificate verifcation
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USjww
UserOwnerUserId
1. USjww
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POBoost, asio, https, and host/certificate verifcation
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.