Hey Dan,
I suspect (but never tested) that indeed SSL_CERT_FILE and SSL_CERT _DIR
will be used as Wt calls SSL_CTX_set_default_verify_paths, but that's not
really documented in OpenSSL.
The setSslVerifyPath implementation is indeed missing but it's trivial and
already added by now.
Wim.
2014-10-18 17:10 GMT+02:00 Daniel Horsey <dan.hor...@broadruntech.com>:
> Darrell:
>
> Thanks for the tip, but this is what I'm doing now that's not working in my
> environment.
>
> Wim:
>
> Thanks for the tips. Apparently, there's lots of buzz about this behavior
> of OpenSSL, particularly about $SSL_CERT_FILE not being used. I have also
> encountered a problem in Wt where setSslVerifyPath comes up unresolved when
> I tried to test that.
>
> Should I assume that if $SSL_CERT_FILE and/or $SSL_CERT_DIR are being
> properly set (and used) in OpenSSL, I should not have to call these
> functions at the Wt level?
>
> I'll look into your suggestions and get back to you on what I find. It
> will
> probably take a day or two.
>
> Best,
>
> -dan
>
> >
> > Message: 1
> > Date: Fri, 17 Oct 2014 14:45:54 +0200
> > From: Wim Dumon <w...@emweb.be>
> > Subject: Re: [Wt-interest] Http client
> > To: witty-interest@lists.sourceforge.net
> > Message-ID:
> > <CAJ2=PVQ6ck6=
> 1copdbq8jn+takuwfcgncz6ouo0c4up-q4d...@mail.gmail.com>
> > Content-Type: text/plain; charset="utf-8"
> >
> > I believe the certificate directory has to be in a very specific format.
> > See https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html
> in
> > the examples section. Other than that, I have no experience with it.
> >
> > BR,
> > Wim.
> >
> >
> >
> > 2014-10-16 23:51 GMT+02:00 Darrell Wright <darrell.wri...@gmail.com>:
> >
> > > According to boost ssl::context::add_verify_path should allow the use
> of
> > > CA certs in a path(1 per file). However http client setSslVerifyPath
> > > did not work for me when I supplied a ca certs folder from another
> > > machine. Pinning the cert worked better for me in this case because I
> > > knew the identity of the server ahead of time though.
> > > On 2014-10-16 4:44 AM, Wim Dumon wrote:
> > > > Thanks Darrell, I was a bit confused indeed. For Http Client Wt does
> > the
> > > > following:
> > > > - call SSL_CTX_set_default_verify_paths (which seems to have little
> > > > effect on Windows)
> > > > - if a verifyFile was or a verifyPath was given, call
> > > > SSL_CTX_load_verify_locations (which you can use to load the
> > > > certificates you trust)
> > > >
> > > > Unforntunately OpenSSL does not look in the windows certificate
> store.
> > > > We could add that as an option. Question is if this isn't more
> > OpenSSL's
> > > > task to do than Wt's. You can work around this by specifying your
> > > > certificate file as Darell suggests.
> > > >
> > > > BR,
> > > > Wim.|
> > > > |
> > > >
>
>
>
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
> http://p.sf.net/sfu/Zoho
> _______________________________________________
> witty-interest mailing list
> witty-interest@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/witty-interest
>
------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
witty-interest mailing list
witty-interest@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/witty-interest
