I believe the certificate directory has to be in a very specific format.
See https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html in
the examples section. Other than that, I have no experience with it.
BR,
Wim.
2014-10-16 23:51 GMT+02:00 Darrell Wright <darrell.wri...@gmail.com>:
> According to boost ssl::context::add_verify_path should allow the use of
> CA certs in a path(1 per file). However http client setSslVerifyPath
> did not work for me when I supplied a ca certs folder from another
> machine. Pinning the cert worked better for me in this case because I
> knew the identity of the server ahead of time though.
> On 2014-10-16 4:44 AM, Wim Dumon wrote:
> > Thanks Darrell, I was a bit confused indeed. For Http Client Wt does the
> > following:
> > - call SSL_CTX_set_default_verify_paths (which seems to have little
> > effect on Windows)
> > - if a verifyFile was or a verifyPath was given, call
> > SSL_CTX_load_verify_locations (which you can use to load the
> > certificates you trust)
> >
> > Unforntunately OpenSSL does not look in the windows certificate store.
> > We could add that as an option. Question is if this isn't more OpenSSL's
> > task to do than Wt's. You can work around this by specifying your
> > certificate file as Darell suggests.
> >
> > BR,
> > Wim.|
> > |
> >
> > 2014-10-16 5:58 GMT+02:00 Darrell Wright <darrell.wri...@gmail.com
> > <mailto:darrell.wri...@gmail.com>>:
> >
> > I did the following for dropbox that may work here
> >
> > auto http_client = new_throw<Wt::Http::Client>( this );
> > http_client->setTimeout( 15 );
> >
> > http_client->setMaximumResponseSize( max_file_size );
> > const auto cert_path = docRoot( ) +
> > "\\certs\\dropboxusercontent.com.pem";
> > http_client->setSslVerifyFile( cert_path );
> > http_client->done( ).connect( this, on_file_downloaded );
> >
> > if( http_client->get( str_url_path ) ) {
> > loadingIndicator( )->widget( )->show( );
> > loadingIndicator( )->setMessage( "Downloading
> > selected file from
> > DropBox" );
> > processEvents( );
> > } else {
> > std::cout << "";
> > //TODO: Error
> > }
> >
> >
> > The cert file is the specific one for the server. I could not get
> it to
> > verify down the path from the root CA's but this allowed me to pin
> > it too.
> >
> >
> > On 2014-10-08 4:00 PM, Daniel Horsey wrote:
> > >>Hey Daniel,
> > >
> > >>
> > >
> > >>It's an upstream problem in boost::asio. I believe the comment
> > reflects the fact that we've
> > > never got this to work.
> > >
> > >>
> > >
> > >>When we originally implemented this, we couldn't get any of it
> > to work, but in later
> > > boost versions at least verification using the standard SSL
> > > >certificates works. Does your URL require a custom certificate
> or
> > > should it be one that is standard supported?
> > >
> > > Hi Koen,
> > >
> > > I need to connect to Google’s timezone api. I don’t think it
> > requires
> > > any custom cert. Maybe I’m not using it right – I call
> > setSslVerifyFile
> > > to point to my .crt file. Is this correct? I know zilch about
> > ssl, but
> > > I thought it required the cert file, plus at least a key file.
> > >
> > > Thanks & best,
> > >
> > > -dan
> > >
> > >
> > >
> > >
> ------------------------------------------------------------------------------
> > > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> > > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS
> Reports
> > > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White
> paper
> > > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog
> Analyzer
> > >
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
> > >
> > >
> > >
> > > _______________________________________________
> > > witty-interest mailing list
> > > witty-interest@lists.sourceforge.net
> > <mailto:witty-interest@lists.sourceforge.net>
> > > https://lists.sourceforge.net/lists/listinfo/witty-interest
> > >
> >
> >
> >
> >
>
> ------------------------------------------------------------------------------
> > Comprehensive Server Monitoring with Site24x7.
> > Monitor 10 servers for $9/Month.
> > Get alerted through email, SMS, voice calls or mobile push
> > notifications.
> > Take corrective actions from your mobile device.
> > http://p.sf.net/sfu/Zoho
> > _______________________________________________
> > witty-interest mailing list
> > witty-interest@lists.sourceforge.net
> > <mailto:witty-interest@lists.sourceforge.net>
> > https://lists.sourceforge.net/lists/listinfo/witty-interest
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Comprehensive Server Monitoring with Site24x7.
> > Monitor 10 servers for $9/Month.
> > Get alerted through email, SMS, voice calls or mobile push notifications.
> > Take corrective actions from your mobile device.
> > http://p.sf.net/sfu/Zoho
> >
> >
> >
> > _______________________________________________
> > witty-interest mailing list
> > witty-interest@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/witty-interest
> >
>
>
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> witty-interest mailing list
> witty-interest@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/witty-interest
>
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
witty-interest mailing list
witty-interest@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/witty-interest
