Opened 10 years ago
Last modified 8 years ago
#7610 new Patches
Add support for PSK authentication to boost::asio:ssl
| Reported by: | Owned by: | chris_kohlhoff | |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | asio |
| Version: | Boost 1.52.0 | Severity: | Optimization |
| Keywords: | SSL, TLS, PSK | Cc: |
Description
boost::asio:ssl provides methods to set up PKI authentication. But TLS can also use PSK for authentication. This patch adds methods to set a PSK callback on ssl::context.
Attachments (1)
Change History (7)
by , 10 years ago
| Attachment: | boost-psk-patch.diff added |
|---|
comment:1 by , 8 years ago
Is there any update on this issue ? I'd find this very much useful as well, and I've merged this into the 1.55.0 version of boost if a more recent patch is wanted.
comment:2 by , 8 years ago
I would also find this useful! I guess the main issue is that the PSK callback from OpenSSL is synchronous..
comment:2 by , 8 years ago
I would also find this useful! I guess the main issue is that the PSK callback from OpenSSL is synchronous..
comment:3 by , 8 years ago
The patch has a couple of issues with it. Chiefly the use of SSL_ctx_set_app_data and SSL_ctx_get_app_data (and SSL_set_app_data in the engine class) assigning a different type to set_verify_callback. the type set in verify_callback is the one that is destroyed in the context dtor. It will probably still work but it is technically not correct. Additionally this would result in UB if both verify_callback and psk callbacks are set on the same context.
Should use a small detailcontext_appdata class or something.
This is also missing an interface to set the PSK callback in the client case.
comment:3 by , 8 years ago
The patch has a couple of issues with it. Chiefly the use of SSL_ctx_set_app_data and SSL_ctx_get_app_data (and SSL_set_app_data in the engine class) assigning a different type to set_verify_callback. the type set in verify_callback is the one that is destroyed in the context dtor. It will probably still work but it is technically not correct. Additionally this would result in UB if both verify_callback and psk callbacks are set on the same context.
Should use a small detailcontext_appdata class or something.
This is also missing an interface to set the PSK callback in the client case.
comment:3 by , 8 years ago
The patch has a couple of issues with it. Chiefly the use of SSL_ctx_set_app_data and
SSL_ctx_get_app_data (and SSL_set_app_data in the engine class) assigning a different type to
set_verify_callback. the type set in verify_callback is the one that is destroyed in the context
dtor. It will probably still work but it is technically not correct. Additionally this would result
in UB if both verify_callback and psk callbacks are set on the same context.
Should use a small detailcontext_appdata class or something.
This is also missing an interface to set the PSK callback in the client case.
PSK support for boost::asio::ssl