-
Notifications
You must be signed in to change notification settings - Fork 40
Expand file tree
/
Copy pathasio_ssl_context_client.hpp
More file actions
53 lines (50 loc) · 1.92 KB
/
asio_ssl_context_client.hpp
File metadata and controls
53 lines (50 loc) · 1.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
/**
* Copyright Quadrivium LLC
* All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include <boost/asio/ssl/context.hpp>
#include <boost/asio/ssl/host_name_verification.hpp>
#include <filesystem>
namespace kagome {
// TODO(turuslan): move to qtils, reuse for libp2p "/wss"
struct AsioSslContextClient : boost::asio::ssl::context {
AsioSslContextClient(const std::string &host)
: context{context::tlsv13_client} {
// X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
// X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
[[maybe_unused]] static bool find_system_certificates = [] {
// SSL_CERT_FILE
if (getenv(X509_get_default_cert_file_env()) != nullptr) {
return true;
}
// SSL_CERT_DIR
if (getenv(X509_get_default_cert_dir_env()) != nullptr) {
return true;
}
constexpr auto extra = "/etc/ssl/cert.pem";
if (std::string_view{X509_get_default_cert_file()} != extra
and std::filesystem::exists(extra)) {
setenv(X509_get_default_cert_file_env(), extra, true);
return true;
}
constexpr auto extra_dir = "/etc/ssl/certs";
std::error_code ec;
if (std::string_view{X509_get_default_cert_dir()} != extra_dir
and std::filesystem::directory_iterator{extra_dir, ec}
!= std::filesystem::directory_iterator{}) {
setenv(X509_get_default_cert_dir_env(), extra_dir, true);
return true;
}
return true;
}();
set_options(context::default_workarounds | context::no_sslv2
| context::no_sslv3 | context::no_tlsv1 | context::no_tlsv1_1
| context::no_tlsv1_2 | context::single_dh_use);
set_default_verify_paths();
set_verify_mode(boost::asio::ssl::verify_peer);
set_verify_callback(boost::asio::ssl::host_name_verification{host});
}
};
} // namespace kagome