Open karlisolte opened 2 years ago
Jacob-Burckhardt
commented
2 years ago Add a hostname argument as the first arg in your on_tls_init function.
Extract the hostname from the URL that you pass to m_client.get_connection. Pass that hostname here:
m_client.set_tls_init_handler (bind (&on_tls_init, hostname, _1));
karlisolte
commented
2 years ago I am calling set_tls_init_handler as a step during tls_client_endpoint initialization. Binding hostname to on_tls_initcallback requires that hostname is known at the time when set_tls_init_handler is called and also limits endpoint to be able to connect to only this hostname (at least without calling set_tls_init_handler again).
I would much prefer to be able to reuse a single tls client endpoint to be able to connect to different hostnames. Or is it not an intended way to use client endpoint?
Jacob-Burckhardt
commented
2 years ago In the code excerpt below, create_connection calls on_tls_init which occurs before the set_uri call in the excerpt below which explains why get_uri returned null during the call to on_tls_init. That seems to contradict the documentation which says:
A new WebSocket connection is initiated via a three step process. First, a connection request is created by endpoint::get_connection(uri). Next, the connection request is configured. Lastly, the connection request is submitted back to the endpoint via endpoint::connect() which adds it to the queue of new connections to make.
That quote says get_connection makes a request, but it seems to imply the request is not executed until the call to endpoint::connect, but since on_tls_init is called at the request creation stage that shows that it did connect.
You said "calling set_tls_init_handler again". You seem reluctant to do that, and it seems strange you would need to do that, but I think that might be a way to solve your problem.
connection_ptr get_connection(uri_ptr location, lib::error_code & ec) {
if (location->get_secure() && !transport_type::is_secure()) {
ec = error::make_error_code(error::endpoint_not_secure);
return connection_ptr();
}
connection_ptr con = endpoint_type::create_connection();
if (!con) {
ec = error::make_error_code(error::con_creation_failed);
return con;
}
con->set_uri(location);
ec = lib::error_code();
return con;
}
That quote says get_connection makes a request, but it seems to imply the request is not executed until the call to endpoint::connect, but since on_tls_init is called at the request creation stage that shows that it did connect.
Yes, so in other words handlers are normally set on the connection object before connect():
auto con = client_endpoint.get_connection(uri, ec);
con->set_open_handler();
con->set_fail_handler();
con->set_close_handler();
client_endpoint.connect(con);but in case of set_tls_init_handler() there is no point to call this on connection object after client_endpoint.get_connection(uri, ec) (even though connection object has such method) as handler will already have executed. Instead we should set it on the endpoint object right before client_endpoint.get_connection(uri, ec);.
neongreen-sc
commented
1 month ago @karlisolte did you ever find a good solution for this?
Hello! I would like to verify TLS certificate. A convenient way of doing that seems to be
ctx->set_verify_callback(asio::ssl::rfc2818_verification("host.name"));, but it needs a hostname passed to it.Handler for
set_tls_init_handlerhasconnection_hdlparameter and I would expect to be able to somehow retrieve hostname from it, but I have not succeeded. In particular: