Enhancement :: ASIO :: SSL Context :: add_verify_path

Question

Enhancement :: ASIO :: SSL Context :: add_verify_path

I want to check the server certificate. I have boost :: asio :: ssl :: context

This successfully validates the certificate:

context.load_verify_file("E:\\a\\windows\\Path\\to\\certificate\\9207bca9.0");

However, I do not want to explicitly specify files for certificate verification. I want to be able to put them in the same directory and tell the context to use the files in this folder for certificate verification. So I do this instead:

 context.add_verify_path("E:\\a\\windows\\Path\\to\\certificate");

And the check was unsuccessful

Note. The file name 9207bca9.0: 9207bca9 is the hash of the CA certificate object, and its extension is “.0” to satisfy the requirements of the add_verify_path method found here (also the only content of this file is the root certificate. Keep in mind that I was able to verify the certificates with this file):

http://www.boost.org/doc/libs/1_53_0/doc/html/boost_asio/reference/ssl__context/add_verify_path/overload1.html

Any suggestions?

+4

c ++ boost ssl openssl boost-asio

jzepeda Apr 10 '13 at 21:22

source share

1 answer

Gearoid murphy · Answer 1 · 2013-04-10T21:47:42+0000

There are only two possibilities that I can think of, firstly, that your hash value is incorrect, this can be checked like this:

 openssl x509 -noout -hash -in ca-certificate-file

Secondly, there is some error in your directory configuration that prevents you from using OpenSSL from the CA directory, such as permissions and ownership on Linux systems, but I'm not sure how important this is on Windows platforms. The only way to detect such an error is to trace the verification step through the debugger and observe the code directly when scanning the directory.

Enhancement :: ASIO :: SSL Context :: add_verify_path

More articles: