Mutual authentication Implementation #820
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Also a few fixes on the peer verification mode of the ssl socket.
|
Linux test PASSed. |
|
Windows test FAILed. |
sancar
previously approved these changes
Mar 1, 2021
|
Linux test PASSed. |
1 similar comment
|
Linux test PASSed. |
|
Windows test FAILed. |
1 similar comment
|
Windows test FAILed. |
yemreinci
reviewed
Mar 2, 2021
yemreinci
suggested changes
Mar 2, 2021
hazelcast/include/hazelcast/client/internal/socket/SocketFactory.h
Outdated
Show resolved
Hide resolved
|
Doesn't compile without SSL: |
|
verify-windows |
|
Windows test FAILed. |
|
verify-windows |
|
Windows test PASSed. |
mdumandag
reviewed
Mar 2, 2021
Good catch. Changed and tested it. |
- Make project compile withoput SSL. - Obeyed the user provided context for peer verification, do not override it.
Co-authored-by: yemreinci <18687880+yemreinci@users.noreply.github.com>
yemreinci
reviewed
Mar 2, 2021
examples/tls/BasicTLSClient.cpp
Outdated
Comment on lines
26
to
28
| boost::asio::ssl::context ctx(boost::asio::ssl::context::method::tlsv12_client); | ||
| ctx.set_default_verify_paths(); | ||
| ctx.load_verify_file("/path/to/my/server/public/certificate"); |
There was a problem hiding this comment.
Should we also do ctx.set_verify_mode(ssl::verify_peer) to make sure the certificate is actually verified? What is the default behavior if you don't set the verify mode?
sancar
previously approved these changes
Mar 3, 2021
Test failure fix.
|
Linux test PASSed. |
|
Windows test PASSed. |
…il_if_no_peer_cert` mode option since it is ignored for client side.
sancar
previously approved these changes
Mar 3, 2021
|
Linux test PASSed. |
|
Windows test PASSed. |
yemreinci
reviewed
Mar 3, 2021
Co-authored-by: yemreinci <18687880+yemreinci@users.noreply.github.com>
|
Linux test PASSed. |
yemreinci
previously approved these changes
Mar 3, 2021
|
Linux test PASSed. |
|
Windows test PASSed. |
1 similar comment
|
Windows test PASSed. |
|
Linux test PASSed. |
|
Windows test PASSed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added mutual authentication capability to the C++ client.
Also a few fixes on the peer verification mode of the ssl socket.
For windows, we had to define an environment variable
SSL_CERT_FILE=C:\cacert.pemand downloaded the file from https://curl.se/docs/caextract.html which is Mozilla CA store. This way OpenSSL library can find the intermediate CA authorities correctly and the testssl_enabled_trust_default_certificatesworks as expected.