Closed binarytrails closed 5 years ago
It's a good question. I don't know an answer yet. I'll take some time to think about it.
@eao197 I implemented the two required template functions, tested with my http asio client build on top of restinio and it works!
[103939.773136] [http:resolver] resolved ns.jami.net:443: address=2607:fad8:4:6::228 ipv6
[103939.773185] [http:resolver] resolved ns.jami.net:443: address=173.231.120.228 ipv4
[103939.773437] [http:request:1] [connect] begin endpoints { 2607:fad8:4:6::228 173.231.120.228 }
[103939.801865] [http:request:1] [connect] success
[103939.820771] [http:request:1] [connect:ssl] secure channel established
[103939.821065] [http:request:1] [post]
GET /name/strace HTTP/1.1
Accept: */*
Content-Type: application/json
Host: ns.jami.net:443
User-Agent: RESTinio client
[103939.821098] state=1 code=0
[103939.821360] [http:request:1] [write] success
[103939.821373] state=3 code=0
[103939.830858] [http:request:1] [read:header]
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Tue, 06 Aug 2019 17:04:05 GMT
Content-Type: application/json
Content-Length: 1851
Connection: keep-alive
Access-Control-Allow-Origin: *
...
Can you show how do you use these new methods?
@eao197 absolutely!
they verify the remote host's certificate before the handshake; below is the standard way using the asio rfc2818_verification method but one could implement its own verify_callback if needed to confirm the validity of a certificate with a boolean return:
sock.set_verify_mode(ssl::verify_peer);
sock.set_verify_callback(ssl::rfc2818_verification("host.name"));
sock.handshake(ssl_socket::client);
Here is my current implementation using it: https://github.com/binarytrails/opendht/blob/proxy_openssl/src/http.cpp#L137
A linked discussion: https://github.com/Stiffstream/restinio/pull/40
@binarytrails, @ngrodzitski
The update is in the master branch.
The new method has the name asio_ssl_stream
to reflect access to the underlying Asio-related entity: https://github.com/Stiffstream/restinio/blob/97ce6e36bb1fa74c18e435dc83eb4c18d790dc05/dev/restinio/impl/tls_socket.hpp#L80-L99
Any suggestions about a more appropriate name are welcome.
Let's say I want to perform a standard rfc2818_verification using the tls_socket adapter implementation, how would one be able to
set_verify_callback
for this purpose using thessl::stream
containing our socket if that interface is not exposed (private)?