cpp-httplib icon indicating copy to clipboard operation
cpp-httplib copied to clipboard

Published 20 hours ago verified publisher icon yhirose

add API support for verify certificate manually

Open h20282 opened this issue 2 years ago • 2 comments

Thanks for this great library! 👍

Would it be possible to extend the API like SSLClient::set_server_certificate_verification(std::function<bool (SSL_CTX *ctx)>) to allow verify certificate manually? just like asio::ssl::context::set_verify_callback.

I think it would be very useful when verify static self-signed certificate.

h20282 avatar Nov 17 '22 01:11 h20282

@h20282, thanks for the feedback. I think it's possible and label this issue 'enhancement'. I currently don't have time to work on it. So I would really appreciate it if you can implement the method and send me a pull request. :)

yhirose avatar Nov 20 '22 02:11 yhirose

Hi there, my code verifies the certificate manually.

Here is the simple solution: When initializing the server we install a verify callback function which always returns 1 (OK)

        SSL_CTX_set_verify (m_pSSLServer->ssl_context (), SSL_VERIFY_PEER, [](int preverify_ok, X509_STORE_CTX *ctx)
        {
            // Return always OK, because we check the cert in request

            return (1);
        });

When handling the request, we take the certificate with

X509 *pCert = SSL_get_peer_certificate (req.ssl);

and verify the certificate manually.

RainerSchielke avatar Jun 27 '24 19:06 RainerSchielke