Discussion:
[asio-users] p12 Certificate SSL Handshake
Jeff Perkins
2014-01-17 02:53:39 UTC
Permalink
I am attempting to use openSSL and Boost ASIO to perform a handshake and
subsequent GET request. Initially I tried using
boost::asio::ssl::contex to directly load the file but i'm beginning to
think that it needs to be parsed with OpenSSL first. I have also tried
using openSSL to export a pem file containing the private key and
certificate with no success either. With the current code the cert loads
fine. I just need to figure out how to load it into the context. At this
point of being "stuck" on this problem for several days I'm willing to
compensate anyone that can help with this. I'd be more than grateful for
any help. Thanks.


FILE *fp;
EVP_PKEY *pkey;
X509 *cert;
STACK_OF(X509) *ca = NULL;
PKCS12 *p12;
int i;

OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
fp = fopen("/thefile.p12", "rb");

p12 = d2i_PKCS12_fp(fp, NULL);

fclose (fp);


PKCS12_parse(p12, "mypasswordgoeshere", &pkey, &cert, &ca);

PKCS12_free(p12);

if (pkey) {
fprintf(fp, "***Private Key***\n");
PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
}
if (cert) {
fprintf(fp, "***User Certificate***\n");
PEM_write_X509_AUX(fp, cert);
}
if (ca && sk_X509_num(ca)) {
fprintf(fp, "***Other Certificates***\n");
for (i = 0; i < sk_X509_num(ca); i++)
PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
}

//sk_X509_pop_free(ca, X509_free);
//X509_free(cert);
//EVP_PKEY_free(pkey);

//fclose(fp);




using boost::asio::ip::tcp;

boost::system::error_code ec;
boost::asio::io_service io_service;
boost::asio::ssl::context ctx(io_service,
boost::asio::ssl::context::sslv23);

//HOW TO LOAD cert object into ctx?


namespace ssl = boost::asio::ssl;
typedef ssl::stream<tcp::socket> ssl_socket;

ssl_socket sockconn(io_service, ctx);

tcp::resolver resolver(io_service);
tcp::resolver::query query("theserver.testserver.com", "https");

boost::asio::connect(sockconn.lowest_layer(), resolver.resolve(query));

sockconn.lowest_layer().set_option(tcp::no_delay(true));

sockconn.set_verify_mode(boost::asio::ssl::verify_none);


sockconn.handshake(ssl_socket::client);

boost::asio::streambuf request;
std::ostream requestStream(&request);
requestStream << "GET /tester.php HTTP/1.1\r\n"
<< "Connection: Close\r\n"
<< "Host: theserver.testserver.com\r\n\r\n";

boost::asio::write(sockconn, request);
boost::asio::streambuf respond;

boost::asio::read(sockconn, respond, completion, ec);
std::cout << &respond << std::endl;
vf
2014-01-28 22:16:53 UTC
Permalink
I have also tried using openSSL to export a pem file containing the
private key and certificate with no success either.

This is what you should be doing.

Certificates can be handled 'manually', but this is usually harder.

Have you tried to use
SSL_CTX_use_certificate(ctx.native_handle(), cert)
SSL_CTX_use_PrivateKey(ctx.native_handle(), pkey);

For verifying you could try something like that

STACK_OF(X509_NAME) *caList = sk_X509_NAME_new_null();
X509_STORE_add_cert(ctx.native_handle()->cert_store, cert);
X509_NAME *xn = X509_NAME_dup(X509_get_subject_name(cert));
sk_X509_NAME_push(caList, xn);
SSL_CTX_set_client_CA_list(ctx.native_handle(), caList)


before calling

ctx.set_verify_mode

Loading...