[asio] Verify SSL certificates using the OS-specific certificate store

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[asio] Verify SSL certificates using the OS-specific certificate store

Boost - Dev mailing list
My understanding of boost::asio::ssl::context is that it is just a
small wrapper around OpenSSL. You can set default verify paths, but
that assumes the certificates are in a particular directory which they
almost never are. For example they might be in some OS-specific type
of database which need system calls to access.

If a program wants to use the native operating system facilities for
verifying certificates, then I believe significant additional code is
needed. Is this correct?

I am interested in writing a simple function object which will
validate a hostname and its accompanying certificate against the
operating-system-dependent certificate authorities. Is there some code
somewhere that does this?

Any resources that I can be pointed to would be of immense value.

Thanks

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Reply | Threaded
Open this post in threaded view
|

Re: [asio] Verify SSL certificates using the OS-specific certificate store

Boost - Dev mailing list
On 2/10/2017 06:18, Vinnie Falco wrote:

> My understanding of boost::asio::ssl::context is that it is just a
> small wrapper around OpenSSL. You can set default verify paths, but
> that assumes the certificates are in a particular directory which they
> almost never are. For example they might be in some OS-specific type
> of database which need system calls to access.
>
> If a program wants to use the native operating system facilities for
> verifying certificates, then I believe significant additional code is
> needed. Is this correct?
>
> I am interested in writing a simple function object which will
> validate a hostname and its accompanying certificate against the
> operating-system-dependent certificate authorities. Is there some code
> somewhere that does this?
>
> Any resources that I can be pointed to would be of immense value.

https://stackoverflow.com/questions/9507184
https://stackoverflow.com/a/22097069/43534


_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost