search

microsoft / cpprestsdk

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Other
8.01k stars 1.66k forks source link

casablanca https only connect in localaddress #343

Open unstoppableHan opened 7 years ago

unstoppableHan commented 7 years ago

when I used localaddress this web::http::uri m_secure_uri(U("https://localhost:8888/"));

example code run very well, but when I put my ip address (192.168.1.42) there is failure to connect server exception with 

terminate called after throwing an instance of 'web::http::http_exception'
  what():  Error in SSL handshake

I download lastest casablanca and test with boost 1.62 and openssl 1.0.2

 #include <iostream>

#include <cpprest/details/basic_types.h>
#include <cpprest/http_listener.h>
#include "cpprest/http_client.h"

using namespace std;
using namespace web;
using namespace http;
using namespace http::experimental::listener;

const char * self_signed_cert = R"(
-----BEGIN CERTIFICATE-----
MIIDlzCCAn+gAwIBAgIJAP9ZV+1X94UjMA0GCSqGSIb3DQEBBQUAMGIxCzAJBgNV
BAYTAkNOMQswCQYDVQQIDAJTSDELMAkGA1UEBwwCU0gxEjAQBgNVBAoMCU1JQ1JP
U09GVDERMA8GA1UECwwISFBDLVBBQ0sxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0x
NTA4MTkwOTA0MjhaFw00MzAxMDMwOTA0MjhaMGIxCzAJBgNVBAYTAkNOMQswCQYD
VQQIDAJTSDELMAkGA1UEBwwCU0gxEjAQBgNVBAoMCU1JQ1JPU09GVDERMA8GA1UE
CwwISFBDLVBBQ0sxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBALLv7AAPa+4wYpa+3tqc9HIHhh8kv/MpV2Dm+oKG27iH
zOugMNAPqLzMAaWCzDRyw27I+jPS3pzAAu6rQ0v2H6XNrie1YEEV27j1WOUS9iFy
vcf6Y+ywUKXvFlN/VM/ZFz9Z8U3jc7Y6unIyoUs8UdX/RRITspb2m7SUxlmLJ+4c
qiLrHwstNB2NHIZN72oc8DaS5eBqBdT9h6NO62RSBTrAlR7Vk9eU/5trYkd5+PoC
pispvU+7Fe24uVerGgU6Yoyd7DMj+3BpbG3g/VkOlGhgH0DNtbKu3v/XOmnzdZn6
dzoOoGFNpG1NeH2Xv0vnvEZP6WG4h/TFSafBJMONNnMCAwEAAaNQME4wHQYDVR0O
BBYEFO1mAjAmLk1J0iT93xfczAE5mxgzMB8GA1UdIwQYMBaAFO1mAjAmLk1J0iT9
3xfczAE5mxgzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAFB8AACf
5O+sPe3PZ8IPgwZb+BCXdoXc2rngR/gOaYO019TZyNLuHRzW9FtplzW25IbQ9Jnc
b+jmY2Ill7Zf3TX4OhHEwscJ1G2LBaqZfQlwSbYJmCzvRNSzSbF3RigNQD5Qhdph
vVBdvVGTZnVeatjTOFKUyfhcXf4DMb6eMfaU6il/VJCSMW0j3hYNQjPm3V/PLxnG
fd9T4hpCUd8MK2XG4RqJAzh6x/6v0fc6mRHBS5+qTWYSDGFwITrU1pP2L9qFegpm
aNAom7bdENU8uivd+vrLnG2fKvFSssjVfaXpFLKAICfTJY9A3/CWnZ1AcbE5El7A
adctopihoUrlAb0=
-----END CERTIFICATE-----
        )";
const char * private_key = R"(
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCy7+wAD2vuMGKW
vt7anPRyB4YfJL/zKVdg5vqChtu4h8zroDDQD6i8zAGlgsw0csNuyPoz0t6cwALu
q0NL9h+lza4ntWBBFdu49VjlEvYhcr3H+mPssFCl7xZTf1TP2Rc/WfFN43O2Orpy
MqFLPFHV/0USE7KW9pu0lMZZiyfuHKoi6x8LLTQdjRyGTe9qHPA2kuXgagXU/Yej
TutkUgU6wJUe1ZPXlP+ba2JHefj6AqYrKb1PuxXtuLlXqxoFOmKMnewzI/twaWxt
4P1ZDpRoYB9AzbWyrt7/1zpp83WZ+nc6DqBhTaRtTXh9l79L57xGT+lhuIf0xUmn
wSTDjTZzAgMBAAECggEAenzd8lScL1qTwlk6ODAE7SHVX/BKLWv5Um4KwdsLAVCE
qC7p+yMdANAtuFzG6Ig+29Fb5KnOlUKjPzmhQZhjpZ4cPzZbg3IxDHV2uqi2L8NZ
wlDWoik3q770a4fYSMd0sHsjQYwXo4CkLJQX8WaDJpgtcehl8g0yHPVSqe0mEkoL
dxdqaZnxprchscxefWaGaysIxEO+V+ZOBaPNf4i8PmBKoMNczWZbLcdKhRL7aLeW
ngPQp1xSWYoN8fPoonpL2qTSop3Nsc2INpwGcYPAj3vxdasC3+DZ8JEJI2AmxpVB
13BLkd3nDzOwimZIlu9Fv+NMJ1vb9XdC249ZOqo68QKBgQDigkws1W429nqDtEtQ
Dr5ebHTdP4gZlNt6vWx5obGLCMBAzoyubfNCCBTCYsCPj8hXxNfiPArPFFkIgEx9
+w0n7BlaYL6SD2xD4q+YzA1/j4Loakxc7N9z8Cyu+/YHifvLhzwqgFnkLfFnVq9N
TF8TatHUYcrbcpawJLz0wr/cnQKBgQDKPAYNTzqPLOOBaE4DfnJNn2zctGU8G5Xp
0L/ED8O1t9AjjV2xVO8PDPNDZAxMzgnIbWeU9iWRSLbr7NloXElKh/QlITjAbSXe
HsUruq1SmDgiaUhEtDaaJ1SqSZZWY2BZqNXMdILOCgvZGnOyyBR2U49zuNaRHyhm
kmZMdIIKTwKBgQDezAk/hEQfvfuuNpZpzcbEu+uLgKVPfFMSfOYJEdnAB0CLvl80
Z6QBzE8XEOmVjHkkk9NBjYuYOsyEhyY2OM2s+hfKBSUOKCt27q+IHRYd5bx+/afV
M41rzc8141ISAlBw1rmAmLVSszojSmmuH7PZNpXkULineCPuaISQQEtWJQKBgQDD
laVsvdEuowUsJEo+ys2VELhiAv1dUnh79u1fmrd2SV085P1WAYRqE+Y4qMvUg/em
JVjmEeBnT+HI7fmdGpOvRyjxt92BDI5w8WVTU2lI1fqEHTpNZ9Te5WbWgfCpf9ax
H74VzCCtT74Bq7l1kFdp0IqOKpcpJu8VtETHcG5LtQKBgQC4Tx7El1Xb4hsI4dvE
h43j3KBb3evlz6vaqgz0BArahYAz2UkkOYDSOPs4K6aOxxXjO0BjqQqCx/tCPcU5
AvLsTlswO+wDLXM1DoKxzFBZL5o8927niqW+vZpzyGc1uPmC1MG7+MDKdZsR+e+9
XzJTD4slrGSJrcpLt/g/Jqqdjg==
-----END PRIVATE KEY-----
        )";

int main() {
web::http::uri m_uri(U("http://192.168.1.42:34567/"));
web::http::uri m_secure_uri(U("https://192.168.1.42:8888/"));

auto body = utility::string_t{U("body content")};
http_headers all_headers;
all_headers.add(U("Accept"), U("text/plain"));
all_headers.add(U("Accept-Charset"), U("utf-8"));
all_headers.add(U("Accept-Encoding"), U("gzip, deflate"));
all_headers.add(U("Accept-Language"), U("en-US"));
all_headers.add(U("Accept-Datetime"), U("Thu, 31 May 2007 20:35:00 GMT"));
all_headers.add(U("Authorization"), U("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="));
all_headers.add(U("Cache-Control"), U("no-cache"));
all_headers.add(U("Cookie"), U("$Version=1; Skin=new;"));
all_headers.add(U("Content-Length"), body.size());
all_headers.add(U("Content-MD5"), U("Q2hlY2sgSW50ZWdyaXR5IQ=="));
all_headers.add(U("Content-Type"), U("application/x-www-form-urlencoded"));
all_headers.add(U("Date"), U("Tue, 15 Nov 1994 08:12:31 GMT"));
all_headers.add(U("Expect"), U("100-continue"));
all_headers.add(U("Forwarded"), U("for=192.0.2.60;proto=http;by=203.0.113.43Forwarded: for=192.0.2.43, for=198.51.100.17"));
all_headers.add(U("From"), U("user@example.com"));
all_headers.add(U("Host"), U("en.wikipedia.org"));
all_headers.add(U("If-Match"), U("\"737060cd8c284d8af7ad3082f209582d\""));
all_headers.add(U("If-Modified-Since"), U("Sat, 29 Oct 1994 19:43:31 GMT"));
all_headers.add(U("If-None-Match"), U("\"737060cd8c284d8af7ad3082f209582d\""));
all_headers.add(U("If-Range"), U("\"737060cd8c284d8af7ad3082f209582d\""));
all_headers.add(U("If-Unmodified-Since"), U("Sat, 29 Oct 1994 19:43:31 GMT"));
all_headers.add(U("Max-Forwards"), U("10"));
all_headers.add(U("Origin"), U("http://www.example-social-network.com"));
all_headers.add(U("Pragma"), U("no-cache"));
all_headers.add(U("Proxy-Authorization"), U("Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ=="));
all_headers.add(U("Range"), U("bytes=500-999"));
all_headers.add(U("Referer"), U("http://en.wikipedia.org/wiki/Main_Page"));
all_headers.add(U("TE"), U("trailers, deflate"));
all_headers.add(U("User-Agent"), U("Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/21.0"));
all_headers.add(U("Upgrade"), U("HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11"));
all_headers.add(U("Via"), U("1.0 fred, 1.1 example.com (Apache/1.1)"));
all_headers.add(U("Warning"), U("199 Miscellaneous warning"));

boost::asio::const_buffer cert(self_signed_cert, std::strlen(self_signed_cert));
boost::asio::const_buffer key(private_key, std::strlen(private_key));

http_listener_config server_config;
server_config.set_ssl_context_callback(
        [&](boost::asio::ssl::context& ctx)
        {
            ctx.set_options(boost::asio::ssl::context::default_workarounds);
            ctx.use_certificate_chain(cert);
            ctx.use_private_key(key, boost::asio::ssl::context::pem);
        });

http_listener listener(m_secure_uri, server_config);

listener.support(methods::GET,
                 [&](http_request request)
                 {

                     for (auto&& h : all_headers)
                     {
                         std::cout << "HEADER - " << h.first << ": " << h.second << std::endl;
                     }

                     request.reply(status_codes::OK);
                 });

listener.open().wait();

client::http_client_config client_config;
client_config.set_ssl_context_callback(
        [&](boost::asio::ssl::context& ctx)
        {
            ctx.add_certificate_authority(cert);
        });

client::http_client client(m_secure_uri, client_config);
http_request msg(methods::GET);
msg.set_request_uri(U("/"));

msg.headers() = all_headers;
msg.set_body(body);
http_response resp = client.request(msg).get();

std::cout << resp.extract_string(true).get().c_str() << std::endl;

listener.close().wait();

return 0;
}
mobileben commented 7 years ago

This is an issue with your cert. If you haven't updated the cert to have a CN of your IP address, you'll get the handshake error.

If you update your cert, you should find that it works. You'll of course still need to make sure that both client and server are also configured to use the IP address.

weeyongjun commented 7 years ago

I am having the same issue, able to provide more details on how to update the cert for my IP address?

adah1972 commented 7 years ago

@weeyongjun Save the private key to key.pem, and then you can re-generate the certificate using this command:

openssl req -x509 -days 365 -key key.pem -out cert.pem

Paste the content of cert.pem into self_signed_cert.

It seems this is not an issue and should be closed.

Jigglebizz commented 7 years ago

I'm trying to configure TLS, but VS2015 will not compile set_ssl_context_callback. How can I access this function?

adah1972 commented 7 years ago

@Jigglebizz Check out cpprest/http_listener.h. SSL support is explicitly disabled on Windows. So it is probably not ready for Windows.

Jigglebizz commented 7 years ago

@adah1972 I figured out my issue - SSL is configured through the application using http_listener_config on *nix. On Windows, SSL Certs are managed by the operating system, hence the exclusion in casablanca Windows code. I followed this guide:

http://ib-krajewski.blogspot.com/2015/09/https-support-for-casablanca-server-and.html

And was able to get TLS working!

AmitGondaliya commented 6 years ago

Hello,

I am exploring cpprestSDK with restweb server in c++ on ubuntu 16.04 host PC, I am able to perform request and response with HTTP protocol, but when I am trying to send the request using HTTPS protocol I am not able to get the response. would you please suggest how to configure restweb to listen HTTPS request. or how to add support for HTTPS in restweb server.

thanks, Amit Gondaliya.

yzxandfcm commented 4 years ago

Hello, for oauth 2.0 callback uri, I have used http_listener to setup, but seems the http_listener is NOT support the https.