Boost C++ Libraries: Ticket #11809: Add SSL Renegotiate handshake support to boost::asio::ssl https://svn.boost.org/trac10/ticket/11809 <p> Currently the boost::asio::ssl::stream handshake can call either SSL_accept or SSL_connect for initial connection handshaking. To be able to do a SSL renegotiation handshake SSL_do_hanshake needs() to be called. </p> <p> I have attached a patch that adds a new boost::asio::ssl::hanshake_type called "renegotiate" and the needed support in the ssl::engine to do a proper renegotiation handshake. </p> <p> Doing a server side renegotiate to request the client certificate can be done in the following way: </p> <div class="wiki-code"><div class="code"><pre> <span class="cp">#include</span> <span class="cpf">&lt;boost/asio.hpp&gt;</span><span class="cp"></span> <span class="cp">#include</span> <span class="cpf">&lt;boost/asio/ssl.hpp&gt;</span><span class="cp"></span> <span class="k">typedef</span> <span class="n">boost</span><span class="o">::</span><span class="n">asio</span><span class="o">::</span><span class="n">ssl</span><span class="o">::</span><span class="n">stream</span><span class="o">&lt;</span><span class="n">boost</span><span class="o">::</span><span class="n">asio</span><span class="o">::</span><span class="n">ip</span><span class="o">::</span><span class="n">tcp</span><span class="o">::</span><span class="n">socket</span><span class="o">&gt;</span> <span class="n">ssl_socket</span><span class="p">;</span> <span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span><span class="o">*</span> <span class="n">argv</span><span class="p">[])</span> <span class="p">{</span> <span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> <span class="c1">// For atoi.</span> <span class="k">using</span> <span class="k">namespace</span> <span class="n">boost</span><span class="o">::</span><span class="n">asio</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">short</span> <span class="n">port</span> <span class="o">=</span> <span class="n">atoi</span><span class="p">(</span><span class="n">argv</span><span class="p">[</span><span class="mi">1</span><span class="p">]);</span> <span class="n">io_service</span> <span class="n">io_service</span><span class="p">;</span> <span class="n">ip</span><span class="o">::</span><span class="n">tcp</span><span class="o">::</span><span class="n">acceptor</span> <span class="n">acceptor</span><span class="p">(</span><span class="n">io_service</span><span class="p">,</span> <span class="n">ip</span><span class="o">::</span><span class="n">tcp</span><span class="o">::</span><span class="n">endpoint</span><span class="p">(</span><span class="n">ip</span><span class="o">::</span><span class="n">tcp</span><span class="o">::</span><span class="n">v4</span><span class="p">(),</span> <span class="n">port</span><span class="p">));</span> <span class="n">ssl</span><span class="o">::</span><span class="n">context</span> <span class="n">ctx</span><span class="p">(</span><span class="n">ssl</span><span class="o">::</span><span class="n">context</span><span class="o">::</span><span class="n">sslv23</span><span class="p">);</span> <span class="n">ssl_socket</span> <span class="n">sock</span><span class="p">(</span><span class="n">io_service</span><span class="p">,</span> <span class="n">ctx</span><span class="p">);</span> <span class="n">acceptor</span><span class="p">.</span><span class="n">accept</span><span class="p">(</span><span class="n">sock</span><span class="p">.</span><span class="n">lowest_layer</span><span class="p">());</span> <span class="n">sock</span><span class="p">.</span><span class="n">handshake</span><span class="p">(</span><span class="n">ssl_socket</span><span class="o">::</span><span class="n">server</span><span class="p">);</span> <span class="c1">// read some data</span> <span class="n">sock</span><span class="p">.</span><span class="n">set_verify_mode</span><span class="p">(</span><span class="n">ssl</span><span class="o">::</span><span class="n">verify_peer</span><span class="p">);</span> <span class="n">sock</span><span class="p">.</span><span class="n">handshake</span><span class="p">(</span><span class="n">ssl_socket</span><span class="o">::</span><span class="n">renegotiate</span><span class="p">);</span> <span class="c1">// continue using the connection</span> <span class="p">}</span> </pre></div></div> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/11809 Trac 1.4.3 georgid@… Fri, 20 Nov 2015 11:15:39 GMT attachment set https://svn.boost.org/trac10/ticket/11809 https://svn.boost.org/trac10/ticket/11809 <ul> <li><strong>attachment</strong> → <span class="trac-field-new">asio_ssl_renegotiate.patch</span> </li> </ul> <p> Patch that adds support for SSL renegotiate handshake </p> Ticket viboes Sat, 21 Nov 2015 20:32:29 GMT component changed; owner set https://svn.boost.org/trac10/ticket/11809#comment:1 https://svn.boost.org/trac10/ticket/11809#comment:1 <ul> <li><strong>owner</strong> set to <span class="trac-author">chris_kohlhoff</span> </li> <li><strong>component</strong> <span class="trac-field-old">None</span> → <span class="trac-field-new">asio</span> </li> </ul> Ticket diptiburli21@… Tue, 22 Aug 2017 08:59:53 GMT <link>https://svn.boost.org/trac10/ticket/11809#comment:2 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/11809#comment:2</guid> <description> <p> Hi Currently am using boost 1.58 , and want to be able to call SSL_renegotiate on native_handle(), In which case I need to call SSL_renegotiate and SSL_Handshake() explictly . Will that work if and boost async apis to read/write and initial handshake? </p> </description> <category>Ticket</category> </item> </channel> </rss>