cpp-httplib icon indicating copy to clipboard operation
cpp-httplib copied to clipboard

Published 20 hours ago verified publisher icon yhirose

Provides a way to ignore host verify

Open pbwang002 opened this issue 1 year ago • 6 comments

image When setting the client authentication mode to SSL_VERIFY_NONE, the host verification is not ignored. Provides a way to ignore host verify.

pbwang002 avatar Mar 11 '24 08:03 pbwang002

Use enable_server_certificate_verification(false) method on SSLClient

PixlRainbow avatar Mar 12 '24 09:03 PixlRainbow

Use enable_server_certificate_verification(false) method on SSLClient

  1. Java spring boot and python http client generally support two options, enabling ssl authentication and whether to ignore host_name authentication, which is more flexible.
  2. cpp-httplib now has SSL authentication enabled and must verify the hostname, which is too inflexible.

pbwang002 avatar Mar 12 '24 11:03 pbwang002

@yhirose @PixlRainbow

pbwang002 avatar Mar 12 '24 11:03 pbwang002

Ah, so you want to still run SSL_get_verify_result https://github.com/yhirose/cpp-httplib/blob/548dfff0aef25e36e971af96b49ce7fbb72d840e/httplib.h#L8759-L8760 But have an option to skip just verify_host https://github.com/yhirose/cpp-httplib/blob/548dfff0aef25e36e971af96b49ce7fbb72d840e/httplib.h#L8774-L8778 The curl equivalent being CURLOPT_SSL_VERIFYHOST = 0

PixlRainbow avatar Mar 12 '24 15:03 PixlRainbow

Ah, so you want to still run SSL_get_verify_result

https://github.com/yhirose/cpp-httplib/blob/548dfff0aef25e36e971af96b49ce7fbb72d840e/httplib.h#L8759-L8760

But have an option to skip just verify_host https://github.com/yhirose/cpp-httplib/blob/548dfff0aef25e36e971af96b49ce7fbb72d840e/httplib.h#L8774-L8778

The curl equivalent being CURLOPT_SSL_VERIFYHOST = 0

Yes, httplib does not provide this capability now

pbwang002 avatar Mar 13 '24 01:03 pbwang002

Thanks for the clear explanation.

yhirose avatar Mar 13 '24 01:03 yhirose