Quantcast

[asio] sslv3 handshake

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[asio] sslv3 handshake

Boost - Users mailing list
I want to do a simple C++ web get similar to what is done by this curl command. I must use boost 1.49

> C:\work\testCert.pem

The server is requiring the client certificate.


and I added modifications by adding calls to the context like

    ctx.set_options(boost::asio::ssl::context::default_workarounds);
    ctx.use_certificate_file("C:\\work\\testCert.pem", boost::asio::ssl::context_base::pem);

My Request Looks like this:

> GET /api/v1/search?q=test HTTP/1.0<br>
> Host: mysite.dev <br>
> Accept: \*/*

but I keep getting messages like this

> Error: sslv3 alert handshake failure

Does any one know what other steps I need to do? Is this possible in boost 1.49?

Thanks,
Jim

_______________________________________________
Boost-users mailing list
[hidden email]
http://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [asio] sslv3 handshake

Boost - Users mailing list
I assume the <br> tag in the HTTP GET example is actually "\r\n" in reality?

On Thu, Mar 30, 2017 at 1:19 PM, Jim Gallogly via Boost-users <[hidden email]> wrote:
I want to do a simple C++ web get similar to what is done by this curl command. I must use boost 1.49

> C:\work\testCert.pem

The server is requiring the client certificate.


and I added modifications by adding calls to the context like

    ctx.set_options(boost::asio::ssl::context::default_workarounds);
    ctx.use_certificate_file("C:\\work\\testCert.pem", boost::asio::ssl::context_base::pem);

My Request Looks like this:

> GET /api/v1/search?q=test HTTP/1.0<br>
> Host: mysite.dev <br>
> Accept: \*/*

but I keep getting messages like this

> Error: sslv3 alert handshake failure

Does any one know what other steps I need to do? Is this possible in boost 1.49?

Thanks,
Jim

_______________________________________________
Boost-users mailing list
[hidden email]
http://lists.boost.org/mailman/listinfo.cgi/boost-users


_______________________________________________
Boost-users mailing list
[hidden email]
http://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [asio] sslv3 handshake

Boost - Users mailing list
In reply to this post by Boost - Users mailing list
On 3/30/17 2:19 PM, Jim Gallogly via Boost-users wrote:

> I want to do a simple C++ web get similar to what is done by this curl
> command. I must use boost 1.49
>
> > curl https://mysite.dev/api/v1/search?q=test -k --cert
> > C:\work\testCert.pem
>
> The server is requiring the client certificate.
>
> I started by using this as an example
> http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/example/ssl/client.cpp
>
> and I added modifications by adding calls to the context like
>
>     ctx.set_options(boost::asio::ssl::context::default_workarounds);
>     ctx.use_certificate_file("C:\\work\\testCert.pem",
> boost::asio::ssl::context_base::pem);
>
> My Request Looks like this:
>
> > GET /api/v1/search?q=test HTTP/1.0<br>
> > Host: mysite.dev <br>
> > Accept: \*/*
>
> but I keep getting messages like this
>
> > Error: sslv3 alert handshake failure
>
> Does any one know what other steps I need to do? Is this possible in
> boost 1.49?
>
> Thanks,
> Jim
Does the server support SSLv3? On most servers this is disabled because
of design flaws. Can you force it to use TLSv1 or TLSv1.1 / TLSv1.2?

Pass flags like: no_sslv2 / no_sslv3 to the context:
ctx.set_options(boost::asio::ssl::context::default_workarounds
    | boost::asio::ssl::context::no_sslv2
    | boost::asio::ssl::context::no_sslv3);

I am not sure if the root certificates are loaded automatically, if not
you should load it with the following functions:
ctx.load_verify_file
(http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/reference/ssl__context/load_verify_file.html)

And for using client certificate:
 - use_private_key_file
 - use_certificate_file

Hopefully this will help in solving your problem.

Regards,

Matthijs Möhlmann

_______________________________________________
Boost-users mailing list
[hidden email]
http://lists.boost.org/mailman/listinfo.cgi/boost-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [asio] sslv3 handshake

Boost - Users mailing list
This was exactly my problem, thanks so much! 

On Mar 30, 2017 10:36 AM, "Matthijs Möhlmann via Boost-users" <[hidden email]> wrote:
On 3/30/17 2:19 PM, Jim Gallogly via Boost-users wrote:
> I want to do a simple C++ web get similar to what is done by this curl
> command. I must use boost 1.49
>
> > curl https://mysite.dev/api/v1/search?q=test -k --cert
> > C:\work\testCert.pem
>
> The server is requiring the client certificate.
>
> I started by using this as an example
> http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/example/ssl/client.cpp
>
> and I added modifications by adding calls to the context like
>
>     ctx.set_options(boost::asio::ssl::context::default_workarounds);
>     ctx.use_certificate_file("C:\\work\\testCert.pem",
> boost::asio::ssl::context_base::pem);
>
> My Request Looks like this:
>
> > GET /api/v1/search?q=test HTTP/1.0<br>
> > Host: mysite.dev <br>
> > Accept: \*/*
>
> but I keep getting messages like this
>
> > Error: sslv3 alert handshake failure
>
> Does any one know what other steps I need to do? Is this possible in
> boost 1.49?
>
> Thanks,
> Jim
Does the server support SSLv3? On most servers this is disabled because
of design flaws. Can you force it to use TLSv1 or TLSv1.1 / TLSv1.2?

Pass flags like: no_sslv2 / no_sslv3 to the context:
ctx.set_options(boost::asio::ssl::context::default_workarounds
    | boost::asio::ssl::context::no_sslv2
    | boost::asio::ssl::context::no_sslv3);

I am not sure if the root certificates are loaded automatically, if not
you should load it with the following functions:
ctx.load_verify_file
(http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/reference/ssl__context/load_verify_file.html)

And for using client certificate:
 - use_private_key_file
 - use_certificate_file

Hopefully this will help in solving your problem.

Regards,

Matthijs Möhlmann

_______________________________________________
Boost-users mailing list
[hidden email]
http://lists.boost.org/mailman/listinfo.cgi/boost-users

_______________________________________________
Boost-users mailing list
[hidden email]
http://lists.boost.org/mailman/listinfo.cgi/boost-users
Loading...