Project

General

Profile

Actions

Feature #5207

open

autoconfig: allow NDN-FCH service over HTTPS

Added by Junxiao Shi over 2 years ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Tools
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
6.00 h

Description

Currently, ndn-autoconfig can only connect to NDN-FCH service over insecure http:// scheme.
This feature is to reimplement this feature with Boost.Beast HTTP client library so that it allows https:// scheme as well.


Related issues 1 (0 open1 closed)

Blocked by ndn-cxx - Task #5276: Increase build requirements to Boost 1.71.0ClosedDavide Pesavento

Actions
Actions #1

Updated by Junxiao Shi over 2 years ago

It seems that Boost.Beast lacks TLS certificate verification feature.
To properly connect to HTTPS, it's necessary to import djarek/certify submodule.

Actions #2

Updated by Davide Pesavento over 2 years ago

Junxiao Shi wrote in #note-1:

To properly connect to HTTPS, it's necessary to import djarek/certify submodule.

I'm not too familiar with Asio's SSL/TLS support, can you elaborate on why that's needed and what's the difference with set_default_verify_paths()?

Actions #3

Updated by Junxiao Shi over 2 years ago

https://github.com/boostorg/beast/issues/2194#issuecomment-807189586

Most functions on ssl::context are passthroughs to underlying openssl functions.
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_default_verify_paths.html
This will almost certainly not load the system root certificates on windows or macos.

Actions #4

Updated by Davide Pesavento over 2 years ago

Well, that will have to be tested. On macOS, AFAIK, Homebrew openssl creates a certificate store in the proper path at installation time, and I assume SSL_CTX_set_default_verify_paths will use that path. Windows is not supported, so it's not a concern.

Actions #5

Updated by Davide Pesavento almost 2 years ago

  • Target version deleted (22.12)
Actions #6

Updated by Junxiao Shi over 1 year ago

  • Blocked by Task #5276: Increase build requirements to Boost 1.71.0 added
Actions #7

Updated by Junxiao Shi 9 months ago

  • Description updated (diff)

Boost.Beast is now available in the minimum Boost version supported by ndn-cxx, so that there's no more conditionals.

Actions

Also available in: Atom PDF