Fixes #346 - add an option to always verify peer

cpp-netlib · glynos · Dec 16, 2013 · Dec 16, 2013 · Dec 16, 2013 · Dec 16, 2013
commit 8d9538f1130de38b8889370ce8f81ce10feb0901
diff --git a/boost/network/protocol/http/client/async_impl.hpp b/boost/network/protocol/http/client/async_impl.hpp
@@ -36,8 +36,8 @@ struct async_client
 
   typedef function<bool(string_type&)> body_generator_function_type;
 
-  async_client(bool cache_resolved,
-               bool follow_redirect,
+  async_client(bool cache_resolved, bool follow_redirect,
+               bool always_verify_peer,
                boost::shared_ptr<boost::asio::io_service> service,
                optional<string_type> const& certificate_filename,
                optional<string_type> const& verify_path)
@@ -49,7 +49,8 @@ struct async_client
         resolver_(service_),
         sentinel_(new boost::asio::io_service::work(service_)),
         certificate_filename_(certificate_filename),
-        verify_path_(verify_path) {
+        verify_path_(verify_path),
+        always_verify_peer_(always_verify_peer) {
     connection_base::resolver_strand_.reset(
         new boost::asio::io_service::strand(service_));
     lifetime_thread_.reset(new boost::thread(
@@ -65,16 +66,15 @@ struct async_client
   }
 
   basic_response<Tag> const request_skeleton(
-      basic_request<Tag> const& request_,
-      string_type const& method,
-      bool get_body,
-      body_callback_function_type callback,
+      basic_request<Tag> const& request_, string_type const& method,
+      bool get_body, body_callback_function_type callback,
       body_generator_function_type generator) {
     typename connection_base::connection_ptr connection_;
     connection_ = connection_base::get_connection(
-        resolver_, request_, certificate_filename_, verify_path_);
-    return connection_->send_request(
-        method, request_, get_body, callback, generator);
+        resolver_, request_, always_verify_peer_, certificate_filename_,
+        verify_path_);
+    return connection_->send_request(method, request_, get_body, callback,
+                                     generator);
   }
 
   boost::shared_ptr<boost::asio::io_service> service_ptr;
@@ -83,6 +83,7 @@ struct async_client
   boost::shared_ptr<boost::asio::io_service::work> sentinel_;
   boost::shared_ptr<boost::thread> lifetime_thread_;
   optional<string_type> certificate_filename_, verify_path_;
+  bool always_verify_peer_;
 };
 }  // namespace impl
 }  // namespace http

diff --git a/boost/network/protocol/http/client/connection/async_base.hpp b/boost/network/protocol/http/client/connection/async_base.hpp
@@ -37,6 +37,7 @@ namespace boost { namespace network { namespace http { namespace impl {
         resolve_function resolve,
         resolver_type & resolver,
         bool follow_redirect,
+        bool always_verify_peer,
         bool https,
         optional<string_type> certificate_filename=optional<string_type>(),
         optional<string_type> const & verify_path=optional<string_type>()) {
@@ -52,6 +53,7 @@ namespace boost { namespace network { namespace http { namespace impl {
               delegate_factory_type::new_connection_delegate(
                   resolver.get_io_service(),
                   https,
+                  always_verify_peer,
                   certificate_filename,
                   verify_path)));
       BOOST_ASSERT(temp.get() != 0);

diff --git a/boost/network/protocol/http/client/connection/async_normal.hpp b/boost/network/protocol/http/client/connection/async_normal.hpp
diff --git a/boost/network/protocol/http/client/connection/connection_delegate_factory.hpp b/boost/network/protocol/http/client/connection/connection_delegate_factory.hpp
@@ -30,12 +30,14 @@ struct connection_delegate_factory {
   static connection_delegate_ptr new_connection_delegate(
       asio::io_service & service,
       bool https,
+      bool always_verify_peer,
       optional<string_type> certificate_filename,
       optional<string_type> verify_path) {
     connection_delegate_ptr delegate;
     if (https) {
 #ifdef BOOST_NETWORK_ENABLE_HTTPS
       delegate.reset(new ssl_delegate(service,
+                                      always_verify_peer,
                                       certificate_filename,
                                       verify_path));
 #else

diff --git a/boost/network/protocol/http/client/connection/ssl_delegate.hpp b/boost/network/protocol/http/client/connection/ssl_delegate.hpp
@@ -15,31 +15,38 @@
 #include <boost/network/support/is_default_string.hpp>
 #include <boost/network/support/is_default_wstring.hpp>
 
-namespace boost { namespace network { namespace http { namespace impl {
+namespace boost {
+namespace network {
+namespace http {
+namespace impl {
 
-struct ssl_delegate : connection_delegate, enable_shared_from_this<ssl_delegate> {
-  ssl_delegate(asio::io_service & service,
-                      optional<std::string> certificate_filename,
-                      optional<std::string> verify_path);
+struct ssl_delegate : connection_delegate,
+                      enable_shared_from_this<ssl_delegate> {
+  ssl_delegate(asio::io_service &service, bool always_verify_peer,
+               optional<std::string> certificate_filename,
+               optional<std::string> verify_path);
 
-  virtual void connect(asio::ip::tcp::endpoint & endpoint,
+  virtual void connect(asio::ip::tcp::endpoint &endpoint,
                        function<void(system::error_code const &)> handler);
-  virtual void write(asio::streambuf & command_streambuf,
-                     function<void(system::error_code const &, size_t)> handler);
-  virtual void read_some(asio::mutable_buffers_1 const & read_buffer,
-                         function<void(system::error_code const &, size_t)> handler);
+  virtual void write(
+      asio::streambuf &command_streambuf,
+      function<void(system::error_code const &, size_t)> handler);
+  virtual void read_some(
+      asio::mutable_buffers_1 const &read_buffer,
+      function<void(system::error_code const &, size_t)> handler);
   ~ssl_delegate();
 
  private:
-  asio::io_service & service_;
+  asio::io_service &service_;
   optional<std::string> certificate_filename_, verify_path_;
   scoped_ptr<asio::ssl::context> context_;
   scoped_ptr<asio::ssl::stream<asio::ip::tcp::socket> > socket_;
+  bool always_verify_peer_;
 
-  ssl_delegate(ssl_delegate const &);  // = delete
-  ssl_delegate& operator=(ssl_delegate);  // = delete
+  ssl_delegate(ssl_delegate const &);     // = delete
+  ssl_delegate &operator=(ssl_delegate);  // = delete
 
-  void handle_connected(system::error_code const & ec,
+  void handle_connected(system::error_code const &ec,
                         function<void(system::error_code const &)> handler);
 };
 
@@ -55,4 +62,5 @@ struct ssl_delegate : connection_delegate, enable_shared_from_this<ssl_delegate>
 #include <boost/network/protocol/http/client/connection/ssl_delegate.ipp>
 #endif /* BOOST_NETWORK_NO_LIB */
 
-#endif /* BOOST_NETWORK_PROTOCOL_HTTP_CLIENT_CONNECTION_SSL_DELEGATE_20110819 */
+#endif /* BOOST_NETWORK_PROTOCOL_HTTP_CLIENT_CONNECTION_SSL_DELEGATE_20110819 \
+          */
diff --git a/boost/network/protocol/http/client/connection/ssl_delegate.ipp b/boost/network/protocol/http/client/connection/ssl_delegate.ipp
@@ -8,39 +8,47 @@
 // http://www.boost.org/LICENSE_1_0.txt)
 
 #include <boost/network/protocol/http/client/connection/ssl_delegate.hpp>
+#include <boost/asio/ssl.hpp>
 #include <boost/bind.hpp>
 
-boost::network::http::impl::ssl_delegate::ssl_delegate(asio::io_service & service,
-                                         optional<std::string> certificate_filename,
-                                         optional<std::string> verify_path) :
-  service_(service),
-  certificate_filename_(certificate_filename),
-  verify_path_(verify_path) {}
+boost::network::http::impl::ssl_delegate::ssl_delegate(
+    asio::io_service &service, bool always_verify_peer,
+    optional<std::string> certificate_filename,
+    optional<std::string> verify_path)
+    : service_(service),
+      certificate_filename_(certificate_filename),
+      verify_path_(verify_path),
+      always_verify_peer_(always_verify_peer) {}
 
 void boost::network::http::impl::ssl_delegate::connect(
-    asio::ip::tcp::endpoint & endpoint,
+    asio::ip::tcp::endpoint &endpoint,
     function<void(system::error_code const &)> handler) {
-  context_.reset(new asio::ssl::context(
-      service_,
-      asio::ssl::context::sslv23_client));
+  context_.reset(
+      new asio::ssl::context(service_, asio::ssl::context::sslv23_client));
   if (certificate_filename_ || verify_path_) {
     context_->set_verify_mode(asio::ssl::context::verify_peer);
-    if (certificate_filename_) context_->load_verify_file(*certificate_filename_);
+    if (certificate_filename_)
+      context_->load_verify_file(*certificate_filename_);
     if (verify_path_) context_->add_verify_path(*verify_path_);
   } else {
-    context_->set_verify_mode(asio::ssl::context::verify_none);
+    if (always_verify_peer_)
+      context_->set_verify_mode(asio::ssl::context::verify_peer);
+    else
+      context_->set_verify_mode(asio::ssl::context::verify_none);
   }
-  socket_.reset(new asio::ssl::stream<asio::ip::tcp::socket>(service_, *context_));
+  socket_.reset(
+      new asio::ssl::stream<asio::ip::tcp::socket>(service_, *context_));
   socket_->lowest_layer().async_connect(
       endpoint,
-      ::boost::bind(&boost::network::http::impl::ssl_delegate::handle_connected,
-           boost::network::http::impl::ssl_delegate::shared_from_this(),
-           asio::placeholders::error,
-           handler));
+      ::boost::bind(
+          &boost::network::http::impl::ssl_delegate::handle_connected,
+          boost::network::http::impl::ssl_delegate::shared_from_this(),
+          asio::placeholders::error, handler));
 }
 
-void boost::network::http::impl::ssl_delegate::handle_connected(system::error_code const & ec,
-                                           function<void(system::error_code const &)> handler) {
+void boost::network::http::impl::ssl_delegate::handle_connected(
+    system::error_code const &ec,
+    function<void(system::error_code const &)> handler) {
   if (!ec) {
     socket_->async_handshake(asio::ssl::stream_base::client, handler);
   } else {
@@ -49,17 +57,18 @@ void boost::network::http::impl::ssl_delegate::handle_connected(system::error_co
 }
 
 void boost::network::http::impl::ssl_delegate::write(
-    asio::streambuf & command_streambuf,
+    asio::streambuf &command_streambuf,
     function<void(system::error_code const &, size_t)> handler) {
   asio::async_write(*socket_, command_streambuf, handler);
 }
 
 void boost::network::http::impl::ssl_delegate::read_some(
-    asio::mutable_buffers_1 const & read_buffer,
+    asio::mutable_buffers_1 const &read_buffer,
     function<void(system::error_code const &, size_t)> handler) {
   socket_->async_read_some(read_buffer, handler);
 }
 
 boost::network::http::impl::ssl_delegate::~ssl_delegate() {}
 
-#endif /* BOOST_NETWORK_PROTOCOL_HTTP_CLIENT_CONNECTION_SSL_DELEGATE_IPP_20110819 */
+#endif /* BOOST_NETWORK_PROTOCOL_HTTP_CLIENT_CONNECTION_SSL_DELEGATE_IPP_20110819 \
+          */