I'm looking to put some validation code into our http client to be able to verify that the certificate served up by the server is not only trusted (VERIFY_PEER), but also that the hostname in the certificate matches the hostname I'm connected to. From my research I believe there's nothing really in boost ASIO to do this, so what I need to do is get a reference to the underlying ssl socket object in the TCPConnection class (TCPConnection::m_ssl_socket).
I noticed that you have made this variable private and given no accessors. Is there some other way that I can perform this validation through pion, and if not, would you be willing to crank out a quick minor release with an accessor to get that object? From that object I can get the peer's x509 certificate and should be able to call raw openssl functions to perform this validation.
Thanks,
Tim
Bump..
Could you please add this accessor function?
- Login or register to post comments
Submitted by malawar on Fri, 03/12/2010 - 08:51.I just checked new accessors for the TCP socket and for the SSL socket into both trunk and the 3.0.x branch, so it will be included in the next release (3.0.5) which we're expecting to publish later this week.
- Login or register to post comments
Submitted by Mike Dickey on Wed, 03/31/2010 - 09:30.