NS-3 based Named Data Networking (NDN) simulator
ndnSIM 2.5: NDN, CCN, CCNx, content centric networks 		API Documentation
Typedefs | Functions
print_client_tls.cpp File Reference
#include <websocketpp/config/asio_client.hpp>
#include <websocketpp/client.hpp>
#include <iostream>
Include dependency graph for print_client_tls.cpp:

Go to the source code of this file.

Typedefs

typedef websocketpp::client< websocketpp::config::asio_tls_clientclient
 
typedef websocketpp::lib::shared_ptr< websocketpp::lib::asio::ssl::context > context_ptr
 

Functions

void on_message (websocketpp::connection_hdl, client::message_ptr msg)
 
bool verify_subject_alternative_name (const char *hostname, X509 *cert)
 Verify that one of the subject alternative names matches the given hostname. More...
 
bool verify_common_name (const char *hostname, X509 *cert)
 Verify that the certificate common name matches the given hostname. More...
 
bool verify_certificate (const char *hostname, bool preverified, boost::asio::ssl::verify_context &ctx)
 This code is derived from examples and documentation found ato00po http://www.boost.org/doc/libs/1_61_0/doc/html/boost_asio/example/cpp03/ssl/client.cpp and https://github.com/iSECPartners/ssl-conservatory. More...
 
context_ptr on_tls_init (const char *hostname, websocketpp::connection_hdl)
 TLS Initialization handler. More...
 
int main (int argc, char *argv[])
 

Typedef Documentation

◆ client

typedef websocketpp::client<websocketpp::config::asio_tls_client> client

Definition at line 33 of file print_client_tls.cpp.

◆ context_ptr

typedef websocketpp::lib::shared_ptr<websocketpp::lib::asio::ssl::context> context_ptr

Definition at line 34 of file print_client_tls.cpp.

Function Documentation

◆ on_message()

void on_message ( websocketpp::connection_hdl  ,
client::message_ptr  msg 
)

Definition at line 40 of file print_client_tls.cpp.

Referenced by main().

◆ verify_subject_alternative_name()

bool verify_subject_alternative_name ( const char *  hostname,
X509 *  cert 
)

Verify that one of the subject alternative names matches the given hostname.

Definition at line 45 of file print_client_tls.cpp.

Referenced by verify_certificate().

◆ verify_common_name()

bool verify_common_name ( const char *  hostname,
X509 *  cert 
)

Verify that the certificate common name matches the given hostname.

Definition at line 79 of file print_client_tls.cpp.

Referenced by verify_certificate().

◆ verify_certificate()

bool verify_certificate ( const char *  hostname,
bool  preverified,
boost::asio::ssl::verify_context &  ctx 
)

This code is derived from examples and documentation found ato00po http://www.boost.org/doc/libs/1_61_0/doc/html/boost_asio/example/cpp03/ssl/client.cpp and https://github.com/iSECPartners/ssl-conservatory.

Definition at line 115 of file print_client_tls.cpp.

References verify_common_name(), and verify_subject_alternative_name().

Referenced by on_tls_init().

◆ on_tls_init()

context_ptr on_tls_init ( const char *  hostname,
websocketpp::connection_hdl   
)

TLS Initialization handler.

WebSocket++ core and the Asio Transport do not handle TLS context creation and setup. This callback is provided so that the end user can set up their TLS context using whatever settings make sense for their application.

As Asio and OpenSSL do not provide great documentation for the very common case of connect and actually perform basic verification of server certs this example includes a basic implementation (using Asio and OpenSSL) of the following reasonable default settings and verification steps:

  • Disable SSLv2 and SSLv3
  • Load trusted CA certificates and verify the server cert is trusted.
  • Verify that the hostname matches either the common name or one of the subject alternative names on the certificate.

This is not meant to be an exhaustive reference implimentation of a perfect TLS client, but rather a reasonable starting point for building a secure TLS encrypted WebSocket client.

If any TLS, Asio, or OpenSSL experts feel that these settings are poor defaults or there are critically missing steps please open a GitHub issue or drop a line on the project mailing list.

Note the bundled CA cert ca-chain.cert.pem is the CA cert that signed the cert bundled with echo_server_tls. You can use print_client_tls with this CA cert to connect to echo_server_tls as long as you use /etc/hosts or something equivilent to spoof one of the names on that cert (websocketpp.org, for example).

Definition at line 178 of file print_client_tls.cpp.

References verify_certificate().

Referenced by main().

◆ main()

int main ( int  argc,
char *  argv[] 
)

Definition at line 199 of file print_client_tls.cpp.

References websocketpp::log::elevel::all, websocketpp::log::alevel::all, websocketpp::log::alevel::app, websocketpp::endpoint< connection, config >::clear_access_channels(), websocketpp::client< config >::connect(), websocketpp::log::alevel::frame_payload, websocketpp::endpoint< connection, config >::get_alog(), websocketpp::client< config >::get_connection(), on_message(), on_tls_init(), websocketpp::endpoint< connection, config >::set_access_channels(), websocketpp::endpoint< connection, config >::set_error_channels(), websocketpp::endpoint< connection, config >::set_message_handler(), and websocketpp::exception::what().