From 7a97f8218d585d816960acf57654d79c999913a2 Mon Sep 17 00:00:00 2001
From: eidheim <eidheim@gmail.com>
Date: Sun, 18 Dec 2016 17:22:04 +0100
Subject: [PATCH] Added client verification when a verify file is passed to
 Server<HTTPS>. Also sets session_id_context for session reuse. See #89

---
 server_http.hpp  |  2 +-
 server_https.hpp | 20 +++++++++++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/server_http.hpp b/server_http.hpp
index 8b3f3b0..237ce41 100644
--- a/server_http.hpp
+++ b/server_http.hpp
@@ -123,7 +123,7 @@ namespace SimpleWeb {
             std::function<void(std::shared_ptr<typename ServerBase<socket_type>::Response>, std::shared_ptr<typename ServerBase<socket_type>::Request>)> > > > > opt_resource;
         
     public:
-        void start() {
+        virtual void start() {
             //Copy the resources to opt_resource for more efficient request processing
             opt_resource.clear();
             for(auto& res: resource) {
diff --git a/server_https.hpp b/server_https.hpp
index bbd7f79..58266c4 100644
--- a/server_https.hpp
+++ b/server_https.hpp
@@ -3,12 +3,15 @@
 
 #include "server_http.hpp"
 #include <boost/asio/ssl.hpp>
+#include <openssl/ssl.h>
 
 namespace SimpleWeb {
     typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> HTTPS;    
     
     template<>
     class Server<HTTPS> : public ServerBase<HTTPS> {
+        std::string session_id_context;
+        bool set_session_id_context=false;
     public:
         Server(unsigned short port, size_t num_threads, const std::string& cert_file, const std::string& private_key_file,
                 long timeout_request=5, long timeout_content=300,
@@ -18,8 +21,23 @@ namespace SimpleWeb {
             context.use_certificate_chain_file(cert_file);
             context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);
             
-            if(verify_file.size()>0)
+            if(verify_file.size()>0) {
                 context.load_verify_file(verify_file);
+                context.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert |
+                                        boost::asio::ssl::verify_client_once);
+                set_session_id_context=true;
+            }
+        }
+        
+        void start() {
+            if(set_session_id_context) {
+                // Creating session_id_context from address:port but reversed due to small SSL_MAX_SSL_SESSION_ID_LENGTH
+                session_id_context=std::to_string(config.port)+':';
+                session_id_context.append(config.address.rbegin(), config.address.rend());
+                SSL_CTX_set_session_id_context(context.native_handle(), reinterpret_cast<const unsigned char*>(session_id_context.data()),
+                                               session_id_context.size()<=SSL_MAX_SSL_SESSION_ID_LENGTH?session_id_context.size():SSL_MAX_SSL_SESSION_ID_LENGTH);
+            }
+            ServerBase::start();
         }
 
     protected: