Darrell:
Thanks for the tip, but this is what I'm doing now that's not working in my
environment.
Wim:
Thanks for the tips. Apparently, there's lots of buzz about this behavior
of OpenSSL, particularly about $SSL_CERT_FILE not being used. I have also
encountered a problem in Wt where setSslVerifyPath comes up unresolved when
I tried to test that.
Should I assume that if $SSL_CERT_FILE and/or $SSL_CERT_DIR are being
properly set (and used) in OpenSSL, I should not have to call these
functions at the Wt level?
I'll look into your suggestions and get back to you on what I find. It will
probably take a day or two.
Best,
-dan
>
> Message: 1
> Date: Fri, 17 Oct 2014 14:45:54 +0200
> From: Wim Dumon <w...@emweb.be>
> Subject: Re: [Wt-interest] Http client
> To: witty-interest@lists.sourceforge.net
> Message-ID:
> <CAJ2=PVQ6ck6=1copdbq8jn+takuwfcgncz6ouo0c4up-q4d...@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I believe the certificate directory has to be in a very specific format.
> See https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html in
> the examples section. Other than that, I have no experience with it.
>
> BR,
> Wim.
>
>
>
> 2014-10-16 23:51 GMT+02:00 Darrell Wright <darrell.wri...@gmail.com>:
>
> > According to boost ssl::context::add_verify_path should allow the use of
> > CA certs in a path(1 per file). However http client setSslVerifyPath
> > did not work for me when I supplied a ca certs folder from another
> > machine. Pinning the cert worked better for me in this case because I
> > knew the identity of the server ahead of time though.
> > On 2014-10-16 4:44 AM, Wim Dumon wrote:
> > > Thanks Darrell, I was a bit confused indeed. For Http Client Wt does
> the
> > > following:
> > > - call SSL_CTX_set_default_verify_paths (which seems to have little
> > > effect on Windows)
> > > - if a verifyFile was or a verifyPath was given, call
> > > SSL_CTX_load_verify_locations (which you can use to load the
> > > certificates you trust)
> > >
> > > Unforntunately OpenSSL does not look in the windows certificate store.
> > > We could add that as an option. Question is if this isn't more
> OpenSSL's
> > > task to do than Wt's. You can work around this by specifying your
> > > certificate file as Darell suggests.
> > >
> > > BR,
> > > Wim.|
> > > |
> > >
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
witty-interest mailing list
witty-interest@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/witty-interest
