Support OpenSSL Certificate Filename and Path

deanberris · deanberris · commit 80d179872084 · 2011-03-26T13:03:26.000+08:00
The HTTP client implementation gets a couple of new options in the
constructor that should allow users to provide a certificate filename to
use (_openssl_certificate) or a verification path that contains the
certificates (_openssl_verify_path).
diff --git a/boost/network/protocol/http/client/async_impl.hpp b/boost/network/protocol/http/client/async_impl.hpp
@@ -31,12 +31,14 @@ namespace boost { namespace network { namespace http {
                 typename string<Tag>::type
                 string_type;
 
-            async_client(bool cache_resolved, bool follow_redirect)
+            async_client(bool cache_resolved, bool follow_redirect, optional<string_type> const & certificate_filename, optional<string_type> const & verify_path)
                 : connection_base(cache_resolved, follow_redirect),
                 service_ptr(new boost::asio::io_service),
                 service_(*service_ptr),
                 resolver_(service_),
-                sentinel_(new boost::asio::io_service::work(service_))
+                sentinel_(new boost::asio::io_service::work(service_)),
+                certificate_filename_(certificate_filename),
+                verify_path_(verify_path)
             {
                 connection_base::resolver_strand_.reset(new
                     boost::asio::io_service::strand(service_));
@@ -47,12 +49,14 @@ namespace boost { namespace network { namespace http {
                         )));
             }
 
-            async_client(bool cache_resolved, bool follow_redirect, boost::asio::io_service & service)
+            async_client(bool cache_resolved, bool follow_redirect, boost::asio::io_service & service, optional<string_type> const & certificate_filename, optional<string_type> const & verify_path)
                 : connection_base(cache_resolved, follow_redirect),
                 service_ptr(0),
                 service_(service),
                 resolver_(service_),
-                sentinel_(new boost::asio::io_service::work(service_))
+                sentinel_(new boost::asio::io_service::work(service_)),
+                certificate_filename_(certificate_filename),
+                verify_path_(verify_path)
             {
             }
 
@@ -73,7 +77,7 @@ namespace boost { namespace network { namespace http {
                 ) 
             {
                 typename connection_base::connection_ptr connection_;
-                connection_ = connection_base::get_connection(resolver_, request_);
+                connection_ = connection_base::get_connection(resolver_, request_, certificate_filename_, verify_path_);
                 return connection_->send_request(method, request_, get_body);
             }
 
@@ -82,6 +86,7 @@ namespace boost { namespace network { namespace http {
             resolver_type resolver_;
             boost::shared_ptr<boost::asio::io_service::work> sentinel_;
             boost::shared_ptr<boost::thread> lifetime_thread_;
+            optional<string_type> certificate_filename_, verify_path_;
         };
     } // namespace impl
 
diff --git a/boost/network/protocol/http/client/connection/async_base.hpp b/boost/network/protocol/http/client/connection/async_base.hpp
@@ -24,11 +24,11 @@ namespace boost { namespace network { namespace http { namespace impl {
         typedef basic_request<Tag> request;
         typedef basic_response<Tag> response;
         
-        static boost::shared_ptr<async_connection_base<Tag,version_major,version_minor> > new_connection(resolve_function resolve, resolver_type & resolver, bool follow_redirect, bool https) {
+        static boost::shared_ptr<async_connection_base<Tag,version_major,version_minor> > new_connection(resolve_function resolve, resolver_type & resolver, bool follow_redirect, bool https, optional<string_type> certificate_filename=optional<string_type>(), optional<string_type> const & verify_path=optional<string_type>()) {
             boost::shared_ptr<async_connection_base<Tag,version_major,version_minor> > temp;
             if (https) {
 #ifdef BOOST_NETWORK_ENABLE_HTTPS
-                temp.reset(new https_async_connection<Tag,version_major,version_minor>(resolver, resolve, follow_redirect));
+                temp.reset(new https_async_connection<Tag,version_major,version_minor>(resolver, resolve, follow_redirect, certificate_filename, verify_path));
                 return temp;
 #else
                 throw std::runtime_error("HTTPS not supported.");
diff --git a/boost/network/protocol/http/client/connection/async_ssl.hpp b/boost/network/protocol/http/client/connection/async_ssl.hpp
@@ -37,11 +37,13 @@ namespace boost { namespace network { namespace http { namespace impl {
                 resolver_type & resolver,
                 resolve_function resolve, 
                 bool follow_redirect,
-                optional<string_type> const & certificate_filename = optional<string_type>() 
+                optional<string_type> const & certificate_filename = optional<string_type>(), 
+                optional<string_type> const & verify_path = optional<string_type>()
                 ) : 
                 follow_redirect_(follow_redirect),
                 resolver_(resolver),
                 certificate_filename_(certificate_filename),
+                verify_path_(verify_path),
                 resolve_(resolve), 
                 request_strand_(resolver.get_io_service())
             {}
@@ -78,9 +80,10 @@ namespace boost { namespace network { namespace http { namespace impl {
                     boost::asio::ssl::context::sslv23_client
                     )
                 );
-                if (certificate_filename_) {
+                if (certificate_filename_ || verify_path_) {
                     context_->set_verify_mode(boost::asio::ssl::context::verify_peer);
-                    context_->load_verify_file(*certificate_filename_);
+                    if (certificate_filename_) context_->load_verify_file(*certificate_filename_);
+                    if (verify_path_) context_->add_verify_path(*verify_path_);
                 } else {
                     context_->set_verify_mode(boost::asio::ssl::context::verify_none);
                 }
@@ -342,7 +345,7 @@ namespace boost { namespace network { namespace http { namespace impl {
 
         bool follow_redirect_;
         resolver_type & resolver_;
-        optional<string_type> certificate_filename_;
+        optional<string_type> certificate_filename_, verify_path_;
         resolve_function resolve_;
         boost::shared_ptr<boost::asio::ssl::context> context_;
         boost::shared_ptr<boost::asio::ssl::stream<boost::asio::ip::tcp::socket> > socket_;
diff --git a/boost/network/protocol/http/client/connection/sync_base.hpp b/boost/network/protocol/http/client/connection/sync_base.hpp
@@ -210,10 +210,11 @@ namespace boost { namespace network { namespace http { namespace impl {
         typedef typename string<Tag>::type string_type;
         typedef function<typename resolver_base::resolver_iterator_pair(resolver_type&, string_type const &, string_type const &)> resolver_function_type;
 
-        static sync_connection_base<Tag,version_major,version_minor> * new_connection(resolver_type & resolver, resolver_function_type resolve, bool https) {
+        // FIXME make the certificate filename and verify path parameters be optional ranges
+        static sync_connection_base<Tag,version_major,version_minor> * new_connection(resolver_type & resolver, resolver_function_type resolve, bool https, optional<string_type> const & cert_filename = optional<string_type>(), optional<string_type> const & verify_path = optional<string_type>()) {
             if (https) {
 #ifdef BOOST_NETWORK_ENABLE_HTTPS
-                return dynamic_cast<sync_connection_base<Tag,version_major,version_minor>*>(new https_sync_connection<Tag,version_major,version_minor>(resolver, resolve));
+                return dynamic_cast<sync_connection_base<Tag,version_major,version_minor>*>(new https_sync_connection<Tag,version_major,version_minor>(resolver, resolve, cert_filename, verify_path));
 #else
                 throw std::runtime_error("HTTPS not supported.");
 #endif
diff --git a/boost/network/protocol/http/client/connection/sync_ssl.hpp b/boost/network/protocol/http/client/connection/sync_ssl.hpp
@@ -25,11 +25,14 @@ namespace boost { namespace network { namespace http { namespace impl {
         typedef function<typename resolver_base::resolver_iterator_pair(resolver_type&, string_type const &, string_type const &)> resolver_function_type;
         typedef sync_connection_base_impl<Tag,version_major,version_minor> connection_base;
         
-        https_sync_connection(resolver_type & resolver, resolver_function_type resolve, optional<string_type> const & certificate_filename = optional<string_type>())
+        // FIXME make the certificate filename and verify path parameters be optional ranges
+        https_sync_connection(resolver_type & resolver, resolver_function_type resolve, optional<string_type> const & certificate_filename = optional<string_type>(), optional<string_type> const & verify_path = optional<string_type>())
         : connection_base(), resolver_(resolver), resolve_(resolve), context_(resolver.io_service(), boost::asio::ssl::context::sslv23_client), socket_(resolver.io_service(), context_) {
-            if (certificate_filename) {
+            if (certificate_filename || verify_path) {
                 context_.set_verify_mode(boost::asio::ssl::context::verify_peer);
-                context_.load_verify_file(*certificate_filename);
+                // FIXME make the certificate filename and verify path parameters be optional ranges
+                if (certificate_filename) context_.load_verify_file(*certificate_filename);
+                if (verify_path) context_.add_verify_path(*verify_path);
             } else {
                 context_.set_verify_mode(boost::asio::ssl::context::verify_none);
             }
diff --git a/boost/network/protocol/http/client/facade.hpp b/boost/network/protocol/http/client/facade.hpp
@@ -39,7 +39,6 @@ namespace boost { namespace network { namespace http {
                     no_io_service,
                     has_io_service
                     >::type());
-                
         }
 
         response const head (request const & request_) {
@@ -117,6 +116,8 @@ namespace boost { namespace network { namespace http {
                 new pimpl_type(
                     args[_cache_resolved|false]
                     , args[_follow_redirects|false]
+                    , args[_openssl_certificate|optional<string_type>()]
+                    , args[_openssl_verify_path|optional<string_type>()]
                     )
                 );
         }
@@ -128,6 +129,8 @@ namespace boost { namespace network { namespace http {
                     args[_cache_resolved|false]
                     , args[_follow_redirects|false]
                     , args[_io_service]
+                    , args[_openssl_certificate|optional<string_type>()]
+                    , args[_openssl_verify_path|optional<string_type>()]
                     )
                 );
         }
diff --git a/boost/network/protocol/http/client/parameters.hpp b/boost/network/protocol/http/client/parameters.hpp
@@ -12,6 +12,8 @@ namespace boost { namespace network { namespace http {
 
     BOOST_PARAMETER_NAME(follow_redirects)
     BOOST_PARAMETER_NAME(cache_resolved)
+    BOOST_PARAMETER_NAME(openssl_certificate)
+    BOOST_PARAMETER_NAME(openssl_verify_path)
     
 } /* http */
     
diff --git a/boost/network/protocol/http/client/pimpl.hpp b/boost/network/protocol/http/client/pimpl.hpp
@@ -38,19 +38,30 @@ namespace boost { namespace network { namespace http {
             boost::asio::io_service * service_ptr;
             boost::asio::io_service & service_;
             resolver_type resolver_;
+            optional<string_type> certificate_file, verify_path;
 
-            sync_client(bool cache_resolved, bool follow_redirect)
+            sync_client(bool cache_resolved, bool follow_redirect
+                , optional<string_type> const & certificate_file = optional<string_type>()
+                , optional<string_type> const & verify_path = optional<string_type>()
+            )
                 : connection_base(cache_resolved, follow_redirect),
                 service_ptr(new boost::asio::io_service),
                 service_(*service_ptr),
                 resolver_(service_)
+                , certificate_file(certificate_file)
+                , verify_path(verify_path)
             {}
 
-            sync_client(bool cache_resolved, bool follow_redirect, boost::asio::io_service & service)
+            sync_client(bool cache_resolved, bool follow_redirect, boost::asio::io_service & service
+                , optional<string_type> const & certificate_file = optional<string_type>()
+                , optional<string_type> const & verify_path = optional<string_type>()
+            )
                 : connection_base(cache_resolved, follow_redirect),
                 service_ptr(0),
                 service_(service),
                 resolver_(service_)
+                , certificate_file(certificate_file)
+                , verify_path(verify_path)
             {}
 
             ~sync_client() {
@@ -59,7 +70,7 @@ namespace boost { namespace network { namespace http {
 
             basic_response<Tag> const request_skeleton(basic_request<Tag> const & request_, string_type method, bool get_body) {
                 typename connection_base::connection_ptr connection_;
-                connection_ = connection_base::get_connection(resolver_, request_);
+                connection_ = connection_base::get_connection(resolver_, request_, certificate_file, verify_path);
                 return connection_->send_request(method, request_, get_body);
             }
 
@@ -91,14 +102,16 @@ namespace boost { namespace network { namespace http {
                 >
             >::value
             ));
-        
+
         typedef typename impl::client_base<Tag,version_major,version_minor>::type base_type;
-        basic_client_impl(bool cache_resolved, bool follow_redirect)
-            : base_type(cache_resolved, follow_redirect)
+        typedef typename base_type::string_type string_type;
+
+        basic_client_impl(bool cache_resolved, bool follow_redirect, optional<string_type> const & certificate_filename, optional<string_type> const & verify_path)
+            : base_type(cache_resolved, follow_redirect, certificate_filename, verify_path)
         {}
 
-        basic_client_impl(bool cache_resolved, bool follow_redirect, boost::asio::io_service & service)
-            : base_type(cache_resolved, follow_redirect, service)
+        basic_client_impl(bool cache_resolved, bool follow_redirect, boost::asio::io_service & service, optional<string_type> const & certificate_filename, optional<string_type> const & verify_path)
+            : base_type(cache_resolved, follow_redirect, service, certificate_filename, verify_path)
         {}
 
         ~basic_client_impl()
diff --git a/boost/network/protocol/http/policies/async_connection.hpp b/boost/network/protocol/http/policies/async_connection.hpp
@@ -34,10 +34,12 @@ namespace boost { namespace network { namespace http {
                 bool follow_redirect, 
                 resolve_function resolve, 
                 resolver_type & resolver,
-                bool https
+                bool https,
+                optional<string_type> const & certificate_filename,
+                optional<string_type> const & verify_path
                 )
             {
-                pimpl = impl::async_connection_base<Tag,version_major,version_minor>::new_connection(resolve, resolver, follow_redirect, https);
+                pimpl = impl::async_connection_base<Tag,version_major,version_minor>::new_connection(resolve, resolver, follow_redirect, https, certificate_filename, verify_path);
             }
 
             basic_response<Tag> send_request(string_type const & method, basic_request<Tag> const & request_, bool get_body) {
@@ -51,7 +53,7 @@ namespace boost { namespace network { namespace http {
         };
 
         typedef boost::shared_ptr<connection_impl> connection_ptr;
-        connection_ptr get_connection(resolver_type & resolver, basic_request<Tag> const & request_) {
+        connection_ptr get_connection(resolver_type & resolver, basic_request<Tag> const & request_, optional<string_type> const & certificate_filename = optional<string_type>(), optional<string_type> const & verify_path = optional<string_type>()) {
             string_type protocol_ = protocol(request_);
             connection_ptr connection_(
                 new connection_impl(
@@ -62,7 +64,9 @@ namespace boost { namespace network { namespace http {
                         _1, _2, _3, _4
                         )
                     , resolver
-                    , boost::iequals(protocol_, string_type("https"))));
+                    , boost::iequals(protocol_, string_type("https"))
+                    , certificate_filename
+                    , verify_path));
             return connection_;
         }
 
diff --git a/boost/network/protocol/http/policies/pooled_connection.hpp b/boost/network/protocol/http/policies/pooled_connection.hpp
@@ -31,13 +31,16 @@ namespace boost { namespace network { namespace http {
         typedef function<typename resolver_base::resolver_iterator_pair(resolver_type &, string_type const &, string_type const &)> resolver_function_type;
 
         struct connection_impl {
-            typedef function<shared_ptr<connection_impl>(resolver_type &,basic_request<Tag> const &)> get_connection_function;
+            typedef function<shared_ptr<connection_impl>(resolver_type &,basic_request<Tag> const &,optional<string_type> const &, optional<string_type> const &)> get_connection_function;
 
-            connection_impl(resolver_type & resolver, bool follow_redirect, string_type const & host, string_type const & port, resolver_function_type resolve, get_connection_function get_connection, bool https)
-            : pimpl(impl::sync_connection_base<Tag,version_major,version_minor>::new_connection(resolver, resolve, https))
+            connection_impl(resolver_type & resolver, bool follow_redirect, string_type const & host, string_type const & port, resolver_function_type resolve, get_connection_function get_connection, bool https, optional<string_type> const & certificate_file=optional<string_type>(), optional<string_type> const & verify_path=optional<string_type>())
+            : pimpl(impl::sync_connection_base<Tag,version_major,version_minor>::new_connection(resolver, resolve, https, certificate_file, verify_path))
             , resolver_(resolver)
             , connection_follow_redirect_(follow_redirect)
-            , get_connection_(get_connection) {}
+            , get_connection_(get_connection)
+            , certificate_filename_(certificate_file)
+            , verify_path_(verify_path)
+            {}
 
             basic_response<Tag> send_request(string_type const & method, basic_request<Tag> request_, bool get_body) {
                 return send_request_impl(method, request_, get_body);
@@ -104,7 +107,7 @@ namespace boost { namespace network { namespace http {
                             if (location_header != boost::end(location_range)) {
                                 request_.uri(location_header->second);
                                 connection_ptr connection_;
-                                connection_ = get_connection_(resolver_, request_);
+                                connection_ = get_connection_(resolver_, request_, certificate_filename_, verify_path_);
                                 ++count;
                                 continue;
                             } else throw std::runtime_error("Location header not defined in redirect response.");
@@ -118,6 +121,7 @@ namespace boost { namespace network { namespace http {
             resolver_type & resolver_;
             bool connection_follow_redirect_;
             get_connection_function get_connection_;
+            optional<string_type> certificate_filename_, verify_path_;
         };
 
         typedef shared_ptr<connection_impl> connection_ptr;
@@ -126,7 +130,7 @@ namespace boost { namespace network { namespace http {
         host_connection_map host_connections;
         bool follow_redirect_;
 
-        connection_ptr get_connection(resolver_type & resolver, basic_request<Tag> const & request_) {
+        connection_ptr get_connection(resolver_type & resolver, basic_request<Tag> const & request_, optional<string_type> const & certificate_filename = optional<string_type>(), optional<string_type> const & verify_path = optional<string_type>()) {
             string_type index = (request_.host() + ':') + lexical_cast<string_type>(request_.port());
             connection_ptr connection_;
             typename host_connection_map::iterator it =
@@ -145,9 +149,11 @@ namespace boost { namespace network { namespace http {
                     , boost::bind(
                         &pooled_connection_policy<Tag,version_major,version_minor>::get_connection,
                         this,
-                        _1, _2
+                        _1, _2, _3, _4
                         )
                     , boost::iequals(request_.protocol(), string_type("https"))
+                    , certificate_filename
+                    , verify_path
                     )
                 );
                 host_connections.insert(std::make_pair(index, connection_));
diff --git a/boost/network/protocol/http/policies/simple_connection.hpp b/boost/network/protocol/http/policies/simple_connection.hpp

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,6 @@ namespace boost { namespace network { namespace http {`
`39`	`39`	`no_io_service,`
`40`	`40`	`has_io_service`
`41`	`41`	`>::type());`
`42`		`-`
`43`	`42`	`}`
`44`	`43`
`45`	`44`	`response const head (request const & request_) {`
`@@ -117,6 +116,8 @@ namespace boost { namespace network { namespace http {`
`117`	`116`	`new pimpl_type(`
`118`	`117`	`args[_cache_resolved\|false]`
`119`	`118`	`, args[_follow_redirects\|false]`
	`119`	`+ , args[_openssl_certificate\|optional<string_type>()]`
	`120`	`+ , args[_openssl_verify_path\|optional<string_type>()]`
`120`	`121`	`)`
`121`	`122`	`);`
`122`	`123`	`}`
`@@ -128,6 +129,8 @@ namespace boost { namespace network { namespace http {`
`128`	`129`	`args[_cache_resolved\|false]`
`129`	`130`	`, args[_follow_redirects\|false]`
`130`	`131`	`, args[_io_service]`
	`132`	`+ , args[_openssl_certificate\|optional<string_type>()]`
	`133`	`+ , args[_openssl_verify_path\|optional<string_type>()]`
`131`	`134`	`)`
`132`	`135`	`);`
`133`	`136`	`}`