Opened 7 years ago
Last modified 5 years ago
#11809 new Feature Requests
Add SSL Renegotiate handshake support to boost::asio::ssl
| Reported by: | Owned by: | chris_kohlhoff | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | asio |
| Version: | Boost 1.59.0 | Severity: | Optimization |
| Keywords: | Cc: |
Description
Currently the boost::asio::ssl::stream handshake can call either SSL_accept or SSL_connect for initial connection handshaking. To be able to do a SSL renegotiation handshake SSL_do_hanshake needs() to be called.
I have attached a patch that adds a new boost::asio::ssl::hanshake_type called "renegotiate" and the needed support in the ssl::engine to do a proper renegotiation handshake.
Doing a server side renegotiate to request the client certificate can be done in the following way:
#include <boost/asio.hpp> #include <boost/asio/ssl.hpp> typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> ssl_socket; int main(int argc, char* argv[]) { using namespace std; // For atoi. using namespace boost::asio; unsigned short port = atoi(argv[1]); io_service io_service; ip::tcp::acceptor acceptor(io_service, ip::tcp::endpoint(ip::tcp::v4(), port)); ssl::context ctx(ssl::context::sslv23); ssl_socket sock(io_service, ctx); acceptor.accept(sock.lowest_layer()); sock.handshake(ssl_socket::server); // read some data sock.set_verify_mode(ssl::verify_peer); sock.handshake(ssl_socket::renegotiate); // continue using the connection }
Attachments (1)
Change History (3)
by , 7 years ago
| Attachment: | asio_ssl_renegotiate.patch added |
|---|
comment:1 by , 7 years ago
| Component: | None → asio |
|---|---|
| Owner: | set to |
comment:2 by , 5 years ago
Hi Currently am using boost 1.58 , and want to be able to call SSL_renegotiate on native_handle(), In which case I need to call SSL_renegotiate and SSL_Handshake() explictly . Will that work if and boost async apis to read/write and initial handshake?
Patch that adds support for SSL renegotiate handshake