search

microsoft / cpprestsdk

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Other
8.01k stars 1.66k forks source link

SSL context is not getting set in cpp code #1802

Open vijaygouda opened 2 months ago

vijaygouda commented 2 months ago

I am setting ssl context in cpp code which uses cpprestsdk lib to host endpoint server, using boost and openssl also

config.set_ssl_context_callback([](boost::asio::ssl::context& ctx) {
            ctx.set_options(boost::asio::ssl::context::default_workarounds | 
                    boost::asio::ssl::context::no_sslv2 |
                    boost::asio::ssl::context::no_sslv3 |
                    boost::asio::ssl::context::tlsv13);

            std::string cert_chain_file = "path/cert.pem";
            std::string private_key_file = "path/privatekey.pem";
            std::string ca_cert_file = "path/rootcertificate.pem";
                        ctx.use_certificate_chain_file(cert_chain_file);
    ctx.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);
    ctx.load_verify_file(ca_cert_file);

    ctx.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert);
        });

This is how i m setting context to http_listener_config config I m able to host the server, but when client try to access the server i m getting segmentation fault, code is crashing at

#1  0x00007ffff791515c in CRYPTO_strdup () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#2  0x00007ffff7a8a604 in x509_pubkey_ex_new_ex () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#3  0x00007ffff77c861d in asn1_template_new () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#4  0x00007ffff77c85e5 in asn1_template_new () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#5  0x00007ffff77c8b03 in ASN1_item_new_ex () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#6  0x00007ffff7a8cf12 in X509_new_ex () from /home/serviceTemplateFile/code/Project/CEALhttpsTest/LocalExternalFiles/openssl/lib/libcrypto.so.3
#7  0x00007ffff6bf86aa in SSL_CTX_use_certificate_chain_file ()

This is the gdb crash , it says its crashing at setting chain file

One thing is , this is happenning only for openssl 3.1 version and not for openssl 1.1.1 If i m building my same code with ssl 1.1.1 , no error and its working perfectly fine, crash happens only for code built with ssl 3.1 version, What and how should i set in ssl 3.1 version is there any change in the way setting it?

yangqun commented 2 months ago

I did update some libs when installing mysql++ and my program failed to start like you: Thread 8 "DB" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffecffd640 (LWP 984082)] 0x00005555557abf6e in ossl_namemap_empty () (gdb) bt

0 0x00005555557abf6e in ossl_namemap_empty ()

1 0x00005555557ac45c in ossl_namemap_stored ()

2 0x00005555557979b6 in evp_is_a ()

3 0x000055555590d7ee in EVP_KEYMGMT_is_a ()

4 0x00005555559fcb18 in ossl_x509v3_cache_extensions ()

5 0x00005555559fcea2 in ossl_x509_likely_issued ()

6 0x0000555555803c10 in check_issued ()

7 0x0000555555801f0b in X509_STORE_CTX_get1_issuer ()

8 0x00005555558052e9 in build_chain ()

9 0x0000555555806f16 in verify_chain ()

10 0x0000555555807fe2 in X509_verify_cert ()

11 0x00007ffff798abe8 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3

12 0x00007ffff79c27bf in ?? () from /lib/x86_64-linux-gnu/libssl.so.3

13 0x00007ffff79bfc1c in ?? () from /lib/x86_64-linux-gnu/libssl.so.3

14 0x00007ffff79c1698 in ?? () from /lib/x86_64-linux-gnu/libssl.so.3

15 0x00007ffff7bff66e in boost::asio::ssl::detail::engine::perform(int (boost::asio::ssl::detail::engine::)(void, unsigned long), void, unsigned long, boost::system::error_code&, unsigned long) () from /opt/vcpkg/installed/x64-linux/lib/libcpprest.so.2.10

16 0x00007ffff7c54a19 in boost::asio::ssl::detail::io_op<boost::asio::basic_stream_socket<boost::asio::ip::tcp, boost::asio::any_io_executor>, boost::asio::ssl::detail::handshake_op, boost::asio::detail::wrapped_handler<boost::asio::io_context::strand, std::_Bind<void (websocketpp::transport::asio::tls_socket::connection::*(std::shared_ptr, std::function<void (std::error_code const&)>, std::_Placeholder<1>))(std::function<void (std::error_code const&)>, boost::system::error_code const&)>, boost::asio::detail::is_continuation_if_running> >::operator()(boost::system::error_code, unsigned long, int) ()

from /opt/vcpkg/installed/x64-linux/lib/libcpprest.so.2.10

it worked well before update.