Added client verification when a verify file is passed to Server<HTTPS>. Also sets session_id_context for session reuse. See #89

2016-12-18 17:22:04 +01:00 · 2016-12-18 17:22:04 +01:00 · 7a97f8218d
commit 7a97f8218d
parent 8fa7de4a2b
2 changed files with 20 additions and 2 deletions
--- a/server_http.hpp
+++ b/server_http.hpp
@ -123,7 +123,7 @@ namespace SimpleWeb {
            std::function<void(std::shared_ptr<typename ServerBase<socket_type>::Response>, std::shared_ptr<typename ServerBase<socket_type>::Request>)> > > > > opt_resource;
        
    public:
-        void start() {
+        virtual void start() {
            //Copy the resources to opt_resource for more efficient request processing
            opt_resource.clear();
            for(auto& res: resource) {
--- a/server_https.hpp
+++ b/server_https.hpp
@ -3,12 +3,15 @@

 #include "server_http.hpp"
 #include <boost/asio/ssl.hpp>
+#include <openssl/ssl.h>

 namespace SimpleWeb {
    typedef boost::asio::ssl::stream<boost::asio::ip::tcp::socket> HTTPS;    
    
    template<>
    class Server<HTTPS> : public ServerBase<HTTPS> {
+        std::string session_id_context;
+        bool set_session_id_context=false;
    public:
        Server(unsigned short port, size_t num_threads, const std::string& cert_file, const std::string& private_key_file,
                long timeout_request=5, long timeout_content=300,
@ -18,8 +21,23 @@ namespace SimpleWeb {
            context.use_certificate_chain_file(cert_file);
            context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);
            
-            if(verify_file.size()>0)
+            if(verify_file.size()>0) {
                context.load_verify_file(verify_file);
+                context.set_verify_mode(boost::asio::ssl::verify_peer | boost::asio::ssl::verify_fail_if_no_peer_cert |
+                                        boost::asio::ssl::verify_client_once);
+                set_session_id_context=true;
+            }
+        }
+        
+        void start() {
+            if(set_session_id_context) {
+                // Creating session_id_context from address:port but reversed due to small SSL_MAX_SSL_SESSION_ID_LENGTH
+                session_id_context=std::to_string(config.port)+':';
+                session_id_context.append(config.address.rbegin(), config.address.rend());
+                SSL_CTX_set_session_id_context(context.native_handle(), reinterpret_cast<const unsigned char*>(session_id_context.data()),
+                                               session_id_context.size()<=SSL_MAX_SSL_SESSION_ID_LENGTH?session_id_context.size():SSL_MAX_SSL_SESSION_ID_LENGTH);
+            }
+            ServerBase::start();
        }

    protected: