From d6b882a6d8c947e245b2ed8b1ecbe2a9e4954de5 Mon Sep 17 00:00:00 2001 From: "hyotak.yun" Date: Wed, 23 Mar 2016 19:56:47 +0900 Subject: [PATCH 1/2] Added websocket_client_config option for ssl verify mode --- Release/include/cpprest/ws_client.h | 26 ++++++++++++++++++- .../src/websockets/client/ws_client_wspp.cpp | 9 ++++++- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/Release/include/cpprest/ws_client.h b/Release/include/cpprest/ws_client.h index b6d00b805d..18a2ba28b1 100644 --- a/Release/include/cpprest/ws_client.h +++ b/Release/include/cpprest/ws_client.h @@ -84,7 +84,11 @@ class websocket_client_config /// /// Creates a websocket client configuration with default settings. /// - websocket_client_config() : m_sni_enabled(true) {} + websocket_client_config() : + m_sni_enabled(true), + m_validate_certificates(true) + { + } /// /// Get the web proxy object @@ -187,6 +191,25 @@ class websocket_client_config /// If you want all the subprotocols in a comma separated string /// they can be directly looked up in the headers using 'Sec-WebSocket-Protocol'. _ASYNCRTIMP std::vector<::utility::string_t> subprotocols() const; + + /// + /// Gets the server certificate validation property. + /// + /// True if certificates are to be verified, false otherwise. + bool validate_certificates() const + { + return m_validate_certificates; + } + + /// + /// Sets the server certificate validation property. + /// + /// False to turn ignore all server certificate validation errors, true otherwise. + /// Note ignoring certificate errors can be dangerous and should be done with caution. + void set_validate_certificates(bool validate_certs) + { + m_validate_certificates = validate_certs; + } private: web::web_proxy m_proxy; @@ -194,6 +217,7 @@ class websocket_client_config web::http::http_headers m_headers; bool m_sni_enabled; utf8string m_sni_hostname; + bool m_validate_certificates; }; /// diff --git a/Release/src/websockets/client/ws_client_wspp.cpp b/Release/src/websockets/client/ws_client_wspp.cpp index e8f5d2edbe..03d7dc17cf 100644 --- a/Release/src/websockets/client/ws_client_wspp.cpp +++ b/Release/src/websockets/client/ws_client_wspp.cpp @@ -159,7 +159,14 @@ class wspp_callback_client : public websocket_client_callback_impl, public std:: auto sslContext = websocketpp::lib::shared_ptr(new boost::asio::ssl::context(boost::asio::ssl::context::sslv23)); sslContext->set_default_verify_paths(); sslContext->set_options(boost::asio::ssl::context::default_workarounds); - sslContext->set_verify_mode(boost::asio::ssl::context::verify_peer); + if (m_config.validate_certificates()) + { + sslContext->set_verify_mode(boost::asio::ssl::context::verify_peer); + } + else + { + sslContext->set_verify_mode(boost::asio::ssl::context::verify_none); + } #if defined(__APPLE__) || (defined(ANDROID) || defined(__ANDROID__)) || defined(_WIN32) m_openssl_failed = false; From 525db49e7855fe6de3d6e4ab25c84a5110f6d60c Mon Sep 17 00:00:00 2001 From: "hyotak.yun" Date: Wed, 23 Mar 2016 20:01:56 +0900 Subject: [PATCH 2/2] . --- Release/include/cpprest/ws_client.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Release/include/cpprest/ws_client.h b/Release/include/cpprest/ws_client.h index 18a2ba28b1..6ce052342e 100644 --- a/Release/include/cpprest/ws_client.h +++ b/Release/include/cpprest/ws_client.h @@ -217,7 +217,7 @@ class websocket_client_config web::http::http_headers m_headers; bool m_sni_enabled; utf8string m_sni_hostname; - bool m_validate_certificates; + bool m_validate_certificates; }; ///