search

microsoft / cpprestsdk

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.
Other
7.97k stars 1.65k forks source link

cpprestsdk http_client (https rest call) : http_client_config not working for certificate validation disabling #871

Open viter7960 opened 6 years ago

viter7960 commented 6 years ago

Hi, I'm using cpprestsdk 2.9.1 from nuget and making a call to azure log analytics (data collector api). It is a simple post request like following to send simple json content to the cloud.

            http_request request(methods::POST);
    request.headers().add(L"Content-Type", L"application/json; charset=UTF-8");
    request.headers().add(L"Log-Type", log_type.c_str());
    request.headers().add(L"x-ms-date", rfcDate.c_str());
    request.headers().add(L"Authorization", signature.c_str());

    json::value body = json::value::parse(log_json_format);
    request.set_body(body);             

    http_client_config config;      
    config.set_validate_certificates(false);
    http_client client(m_server_address, config);     // server address is https://.....
            client.request(request).then()......

But the certificate validation disabling is not working since I always receive Message "WinHttpSendRequest: 12044: A certificate is required to complete client authentication" from server.

Any help ?

Thanks.

chinchilla-forest commented 5 years ago

This function is to let our client ignore the error when ssl authentication, in fact, the role is to let the client ignore the authentication of the server certificate.I think your mistake is that the client can't provide his certificate to the server. Can you try this way? http_client_config client_config ; client_config.set_ssl_context_callback([&buffer](boost::asio::ssl::context &ctx) { ctx.load_verify_file("/etc/ssl/certs/ca-bundle.crt");//your path to pem } if not work,i think you can find solution in file boost::asio::ssl context.hpp;

BillyONeal commented 5 years ago

The message from WinHTTP indicates that the server wants to do client authentication -- that is, the server wants to validate the client in the SSL handshake. set_validate_certificates controls whether Cpprestsdk attempts to validate that the server is correct, but to turn off the server's validation of the client I think you would need to reconfigure the server on the other end to do that?