[asio] Verify SSL certificates using the OS-specific certificate store
My understanding of boost::asio::ssl::context is that it is just a small wrapper around OpenSSL. You can set default verify paths, but that assumes the certificates are in a particular directory which they almost never are. For example they might be in some OS-specific type of database which need system calls to access. If a program wants to use the native operating system facilities for verifying certificates, then I believe significant additional code is needed. Is this correct? I am interested in writing a simple function object which will validate a hostname and its accompanying certificate against the operating-system-dependent certificate authorities. Is there some code somewhere that does this? Any resources that I can be pointed to would be of immense value. Thanks
On 2/10/2017 06:18, Vinnie Falco wrote:
My understanding of boost::asio::ssl::context is that it is just a small wrapper around OpenSSL. You can set default verify paths, but that assumes the certificates are in a particular directory which they almost never are. For example they might be in some OS-specific type of database which need system calls to access.
If a program wants to use the native operating system facilities for verifying certificates, then I believe significant additional code is needed. Is this correct?
I am interested in writing a simple function object which will validate a hostname and its accompanying certificate against the operating-system-dependent certificate authorities. Is there some code somewhere that does this?
Any resources that I can be pointed to would be of immense value.
https://stackoverflow.com/questions/9507184 https://stackoverflow.com/a/22097069/43534
participants (2)
-
Gavin Lambert
-
Vinnie Falco