Security fix for Client<HTTPS>: added host verification, fixes #90

2016-12-04 13:45:39 +01:00 · 2016-12-04 13:45:39 +01:00 · 4a97949953
commit 4a97949953
parent 302f980cf3
1 changed files with 4 additions and 1 deletions
--- a/client_https.hpp
+++ b/client_https.hpp
@ -16,6 +16,7 @@ namespace SimpleWeb {
                ClientBase<HTTPS>::ClientBase(server_port_path, 443), context(boost::asio::ssl::context::tlsv12) {
            if(verify_certificate) {
                context.set_verify_mode(boost::asio::ssl::verify_peer);
+                context.set_verify_callback(boost::asio::ssl::rfc2818_verification(host));
                context.set_default_verify_paths();
            }
            else
@ -26,8 +27,10 @@ namespace SimpleWeb {
                context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);
            }
            
-            if(verify_file.size()>0)
+            if(verify_file.size()>0) {
                context.load_verify_file(verify_file);
+                context.set_verify_mode(boost::asio::ssl::verify_peer);
+            }
        }

    protected: