使用客户端证书sslv3握手增强asio GET失败 [英] Boost asio GET with client certificate sslv3 hand shake failed

问题描述

我想做一个简单的C ++网站，类似于该curl命令所完成的工作.我可以通过boost使用asio.我必须使用Boost 1.49

I want to do a simple C++ web get similar to what is done by this curl command. I can use asio from boost. I must use boost 1.49

curl https://mysite.dev/api/v1/search?q=测试 -k --cert C:\ work \ testCert.pem

curl https://mysite.dev/api/v1/search?q=test -k --cert C:\work\testCert.pem

服务器需要客户端证书.

The server is requiring the client certificate.

我以这个示例为开始，并且我通过添加对类似上下文的调用来添加了修改

and I added modifications by adding calls to the context like

ctx.set_options(boost::asio::ssl::context::default_workarounds);
ctx.use_certificate_file("C:\\work\\testCert.pem", boost::asio::ssl::context_base::pem);
ctx.use_private_key_file("C:\\work\\testKey.pem", boost::asio::ssl::context_base::pem);

我的请求如下:

获取/api/v1/search?q = test HTTP/1.0
主机:mysite.dev
接受:*/*

GET /api/v1/search?q=test HTTP/1.0
Host: mysite.dev
Accept: */*

但是我一直收到这样的消息

but I keep getting messages like this

错误:sslv3警报握手失败

Error: sslv3 alert handshake failure

很明显，握手过程中我缺少一个步骤

clearly there is a step I am missing in the handshake process

推荐答案

解决方案是禁用SSLv3支持，显然大多数服务器由于设计缺陷而禁用了该功能.

The solution was to disable SSLv3 support, appartently most servers disable this because of design flaws.

ctx.set_options(boost::asio::ssl::context::default_workarounds |
                boost::asio::ssl::context::no_sslv2 |
                boost::asio::ssl::context::no_sslv3);

这篇关于使用客户端证书sslv3握手增强asio GET失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！