beast icon indicating copy to clipboard operation
beast copied to clipboard

Published 20 hours ago verified publisher icon boostorg

WSS Examples Currently Don't Set TLS SNI

Open greenbagels opened this issue 4 years ago • 3 comments

Currently the WebSocket Secure examples (I only checked the sync/async client examples) don't set the TLS SNI on the ssl_stream layer via the SSL_set_tlsext_host_name function. This leads to errors in some handshakes, such as the necropost in issue #1702

Adding the following snippet should help with most users' use cases, I think:

// my_stream is a beast::websocket::stream
if (!SSL_set_tlsext_host_name(my_stream.next_layer().native_handle(), host))
{
    // ...
}

Maybe we could also inform users of https://en.wikipedia.org/wiki/Server_Name_Indication#Security_implications in the example, though maybe it's out-of-scope to teach people the finer points of TLS?

greenbagels avatar Jul 04 '20 14:07 greenbagels

This issue has been open for a while with no activity, has it been resolved?

stale[bot] avatar Aug 08 '20 07:08 stale[bot]

There is a fix for this issue in the pipeline.

madmongo1 avatar Aug 08 '20 10:08 madmongo1

This issue has been open for a while with no activity, has it been resolved?

stale[bot] avatar Sep 07 '20 12:09 stale[bot]

@madmongo1 where can I track that progress?

klemens-morgenstern avatar Sep 24 '22 05:09 klemens-morgenstern

Addressed in https://github.com/boostorg/beast/pull/2019.

ashtum avatar Feb 14 '24 15:02 ashtum