Feature #5207
open
autoconfig: allow NDN-FCH service over HTTPS
0%
Description
Currently, ndn-autoconfig can only connect to NDN-FCH service over insecure http:// scheme.
This feature is to reimplement this feature with Boost.Beast HTTP client library so that it allows https:// scheme as well.
Updated by Junxiao Shi over 2 years ago
It seems that Boost.Beast lacks TLS certificate verification feature.
To properly connect to HTTPS, it's necessary to import djarek/certify submodule.
Updated by Davide Pesavento over 2 years ago
Junxiao Shi wrote in #note-1:
To properly connect to HTTPS, it's necessary to import djarek/certify submodule.
I'm not too familiar with Asio's SSL/TLS support, can you elaborate on why that's needed and what's the difference with set_default_verify_paths()?
Updated by Junxiao Shi over 2 years ago
https://github.com/boostorg/beast/issues/2194#issuecomment-807189586
Most functions on ssl::context are passthroughs to underlying openssl functions.
https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_set_default_verify_paths.html
This will almost certainly not load the system root certificates on windows or macos.
Updated by Davide Pesavento over 2 years ago
Well, that will have to be tested. On macOS, AFAIK, Homebrew openssl creates a certificate store in the proper path at installation time, and I assume SSL_CTX_set_default_verify_paths will use that path. Windows is not supported, so it's not a concern.
Updated by Junxiao Shi over 1 year ago
- Blocked by Task #5276: Increase build requirements to Boost 1.71.0 added
Updated by Junxiao Shi 8 months ago
- Description updated (diff)
Boost.Beast is now available in the minimum Boost version supported by ndn-cxx, so that there's no more conditionals.