working example of tls client
1,160 views
Skip to first unread message
Michael W. Fox
Apr 22, 2015, 7:03:19 PM4/22/15
to webso...@googlegroups.com
First off thanks for such a nice implementation.
What call backs are necessary for the client tls connection?
Is there a client example that pairs with echo_server_tls?
I would have posted on the example thread but it did not load.
Thanks again,
Mike
What call backs are necessary for the client tls connection?
Is there a client example that pairs with echo_server_tls?
I would have posted on the example thread but it did not load.
Thanks again,
Mike
Peter Thorson
Apr 22, 2015, 7:14:10 PM4/22/15
to Michael W. Fox, webso...@googlegroups.com
There isn’t an example TLS client right now. It is a popular request so it is probably about time I write one. The callbacks you need for the TLS client are identical to to the TLS server (specifically: the tls_init_handler that returns the SSL context to use). The way that you initialize the SSL context for a client will necessarily be different though (you wont [usually] be specifying a certificate to use but rather be specifying how you want to validate the server certs. More information about setting up the client ssl config can be found in the asio and/or OpenSSL documentation.
--
You received this message because you are subscribed to the Google Groups "WebSocket++" group.
To unsubscribe from this group and stop receiving emails from it, send an email to websocketpp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Michael W. Fox
Apr 22, 2015, 7:34:23 PM4/22/15
to webso...@googlegroups.com, fox.mi...@gmail.com
I actually just got it working by adding the on_tls_init call back, but there is more to do to get security properly working, and dealing with trust issues.
context_ptr on_tls_init(websocketpp::connection_hdl hdl) {
std::cout << "on_tls_init called with hdl: " << hdl.lock().get() << std::endl;
context_ptr ctx = websocketpp::lib::make_shared<boost::asio::ssl::context>(boost::asio::ssl::context::tlsv1);
try {
ctx->set_options(boost::asio::ssl::context::default_workarounds |
boost::asio::ssl::context::no_sslv2 |
boost::asio::ssl::context::no_sslv3 |
boost::asio::ssl::context::single_dh_use);
ctx->set_verify_mode( 0 );
} catch (std::exception& e) {
std::cout << e.what() << std::endl;
}
return ctx;
}
Thanks again!
Peter Thorson
Apr 22, 2015, 8:24:34 PM4/22/15
to Michael W. Fox, webso...@googlegroups.com
One slight change i’d recommend here (and yes my examples don’t do this, I need to fix them). Counterintuitively, you will want to use boost::asio::ssl::context::sslv23 rather than boost::asio::ssl::context::tlsv1 as the argument to the initial context constructor. the tlsv1 constant restricts the implementation to *only* tlsv1. the sslv23 constant specifies SSLv2 and higher (including TLSv1, v1.1, and v1.2). sslv23 along with the no_sslv2 and nosslv3 options set will achieve the generally desired effect of only TLS1.0-1.2.
Reply all
Reply to author
Forward
0 new messages