According to boost ssl::context::add_verify_path should allow the use of CA certs in a path(1 per file). However http client setSslVerifyPath did not work for me when I supplied a ca certs folder from another machine. Pinning the cert worked better for me in this case because I knew the identity of the server ahead of time though. On 2014-10-16 4:44 AM, Wim Dumon wrote: > Thanks Darrell, I was a bit confused indeed. For Http Client Wt does the > following: > - call SSL_CTX_set_default_verify_paths (which seems to have little > effect on Windows) > - if a verifyFile was or a verifyPath was given, call > SSL_CTX_load_verify_locations (which you can use to load the > certificates you trust) > > Unforntunately OpenSSL does not look in the windows certificate store. > We could add that as an option. Question is if this isn't more OpenSSL's > task to do than Wt's. You can work around this by specifying your > certificate file as Darell suggests. > > BR, > Wim.| > | > > 2014-10-16 5:58 GMT+02:00 Darrell Wright <[email protected] > <mailto:[email protected]>>: > > I did the following for dropbox that may work here > > auto http_client = new_throw<Wt::Http::Client>( this ); > http_client->setTimeout( 15 ); > > http_client->setMaximumResponseSize( max_file_size ); > const auto cert_path = docRoot( ) + > "\\certs\\dropboxusercontent.com.pem"; > http_client->setSslVerifyFile( cert_path ); > http_client->done( ).connect( this, on_file_downloaded ); > > if( http_client->get( str_url_path ) ) { > loadingIndicator( )->widget( )->show( ); > loadingIndicator( )->setMessage( "Downloading > selected file from > DropBox" ); > processEvents( ); > } else { > std::cout << ""; > //TODO: Error > } > > > The cert file is the specific one for the server. I could not get it to > verify down the path from the root CA's but this allowed me to pin > it too. > > > On 2014-10-08 4:00 PM, Daniel Horsey wrote: > >>Hey Daniel, > > > >> > > > >>It's an upstream problem in boost::asio. I believe the comment > reflects the fact that we've > > never got this to work. > > > >> > > > >>When we originally implemented this, we couldn't get any of it > to work, but in later > > boost versions at least verification using the standard SSL > > >certificates works. Does your URL require a custom certificate or > > should it be one that is standard supported? > > > > Hi Koen, > > > > I need to connect to Google’s timezone api. I don’t think it > requires > > any custom cert. Maybe I’m not using it right – I call > setSslVerifyFile > > to point to my .crt file. Is this correct? I know zilch about > ssl, but > > I thought it required the cert file, plus at least a key file. > > > > Thanks & best, > > > > -dan > > > > > > > > > ------------------------------------------------------------------------------ > > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > > > > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > > > > > > _______________________________________________ > > witty-interest mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/witty-interest > > > > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push > notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > witty-interest mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/witty-interest > > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > > > > _______________________________________________ > witty-interest mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/witty-interest >
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ witty-interest mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/witty-interest
