search

oatpp / oatpp-openssl

OpenSSL adaptor for Oat++ applications
https://oatpp.io/
Apache License 2.0
13 stars 22 forks source link

[QUESTION] How can i create a connection with mutual authentication ? #19

Open MateusDornelles opened 1 year ago

MateusDornelles commented 1 year ago

Basic what the title says, how can i create a connection with mutual authentication ?

Thanks.

fwh-dc commented 1 year ago

Hi,

Given that you have your ca, client cert, etc setup already you can achieve this by:

Server


auto config = oatpp::openssl::Config::createShared();
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::CertificateFile>("path/to/server.pem"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PrivateKeyFile>("path/to/server.key"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PeerCertificateVerification>(oatpp::openssl::configurer::CertificateVerificationMode::EnabledStrong)));
auto connectionProvider = oatpp::openssl::server::ConnectionProvider::createShared(config, {"localhost", 8443});

Client


auto config = oatpp::openssl::Config::createShared();
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::CertificateFile>("path/to/client.pem"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PrivateKeyFile>("path/to/client.key"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PeerCertificateVerification>(oatpp::openssl::configurer::CertificateVerificationMode::EnabledStrong)));
auto connectionProvider = oatpp::openssl::client::ConnectionProvider::createShared(config, {"httpbin.org", 443});

oatpp::openssl::configurer::CertificateVerificationMode::EnabledStrong is important because this forces the opposite side to send a valid certificate.

Please have a look at the different configuration options under src/oatpp-openssl/configurer.