Thanks Darrell, I was a bit confused indeed. For Http Client Wt does the
following:
- call SSL_CTX_set_default_verify_paths (which seems to have little effect
on Windows)
- if a verifyFile was or a verifyPath was given, call
SSL_CTX_load_verify_locations (which you can use to load the certificates
you trust)
Unforntunately OpenSSL does not look in the windows certificate store. We
could add that as an option. Question is if this isn't more OpenSSL's task
to do than Wt's. You can work around this by specifying your certificate
file as Darell suggests.
BR,
Wim.
2014-10-16 5:58 GMT+02:00 Darrell Wright <darrell.wri...@gmail.com>:
> I did the following for dropbox that may work here
>
> auto http_client = new_throw<Wt::Http::Client>( this );
> http_client->setTimeout( 15 );
>
> http_client->setMaximumResponseSize( max_file_size );
> const auto cert_path = docRoot( ) + "\\certs\\dropboxusercontent.com.pem";
> http_client->setSslVerifyFile( cert_path );
> http_client->done( ).connect( this, on_file_downloaded );
>
> if( http_client->get( str_url_path ) ) {
> loadingIndicator( )->widget( )->show( );
> loadingIndicator( )->setMessage( "Downloading selected
> file from
> DropBox" );
> processEvents( );
> } else {
> std::cout << "";
> //TODO: Error
> }
>
>
> The cert file is the specific one for the server. I could not get it to
> verify down the path from the root CA's but this allowed me to pin it too.
>
>
> On 2014-10-08 4:00 PM, Daniel Horsey wrote:
> >>Hey Daniel,
> >
> >>
> >
> >>It's an upstream problem in boost::asio. I believe the comment reflects
> the fact that we've
> > never got this to work.
> >
> >>
> >
> >>When we originally implemented this, we couldn't get any of it to work,
> but in later
> > boost versions at least verification using the standard SSL
> > >certificates works. Does your URL require a custom certificate or
> > should it be one that is standard supported?
> >
> > Hi Koen,
> >
> > I need to connect to Google’s timezone api. I don’t think it requires
> > any custom cert. Maybe I’m not using it right – I call setSslVerifyFile
> > to point to my .crt file. Is this correct? I know zilch about ssl, but
> > I thought it required the cert file, plus at least a key file.
> >
> > Thanks & best,
> >
> > -dan
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
> > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
> > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> >
> >
> >
> > _______________________________________________
> > witty-interest mailing list
> > witty-interest@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/witty-interest
> >
>
>
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> witty-interest mailing list
> witty-interest@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/witty-interest
>
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
witty-interest mailing list
witty-interest@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/witty-interest
