On 3/30/17 2:19 PM, Jim Gallogly via Boost-users wrote:
I want to do a simple C++ web get similar to what is done by this curl command. I must use boost 1.49
curl https://mysite.dev/api/v1/search?q=test -k --cert C:\work\testCert.pem
The server is requiring the client certificate.
I started by using this as an example http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/example/ssl/client....
and I added modifications by adding calls to the context like
ctx.set_options(boost::asio::ssl::context::default_workarounds); ctx.use_certificate_file("C:\\work\\testCert.pem", boost::asio::ssl::context_base::pem);
My Request Looks like this:
GET /api/v1/search?q=test HTTP/1.0<br> Host: mysite.dev <br> Accept: \*/*
but I keep getting messages like this
Error: sslv3 alert handshake failure
Does any one know what other steps I need to do? Is this possible in boost 1.49?
Thanks, Jim Does the server support SSLv3? On most servers this is disabled because of design flaws. Can you force it to use TLSv1 or TLSv1.1 / TLSv1.2?
Pass flags like: no_sslv2 / no_sslv3 to the context: ctx.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | boost::asio::ssl::context::no_sslv3); I am not sure if the root certificates are loaded automatically, if not you should load it with the following functions: ctx.load_verify_file (http://www.boost.org/doc/libs/1_49_0/doc/html/boost_asio/reference/ssl__cont...) And for using client certificate: - use_private_key_file - use_certificate_file Hopefully this will help in solving your problem. Regards, Matthijs Möhlmann