Yeah, I tried the latest ca-certs download and a copy of a linux box. I assume this would be the correct format as it's what openssl is using on the other platforms.
Darrell On 2014-10-17 8:45 AM, Wim Dumon wrote: > I believe the certificate directory has to be in a very specific format. > See https://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html > in the examples section. Other than that, I have no experience with it. > > BR, > Wim. > > > > 2014-10-16 23:51 GMT+02:00 Darrell Wright > <darrell.wri...@gmail.com > <mailto:darrell.wri...@gmail.com>>: > > According to boost ssl::context::add_verify_path should allow the use of > CA certs in a path(1 per file). However http client setSslVerifyPath > did not work for me when I supplied a ca certs folder from another > machine. Pinning the cert worked better for me in this case because I > knew the identity of the server ahead of time though. > On 2014-10-16 4:44 AM, Wim Dumon wrote: > > Thanks Darrell, I was a bit confused indeed. For Http Client Wt does the > > following: > > - call SSL_CTX_set_default_verify_paths (which seems to have little > > effect on Windows) > > - if a verifyFile was or a verifyPath was given, call > > SSL_CTX_load_verify_locations (which you can use to load the > > certificates you trust) > > > > Unforntunately OpenSSL does not look in the windows certificate store. > > We could add that as an option. Question is if this isn't more OpenSSL's > > task to do than Wt's. You can work around this by specifying your > > certificate file as Darell suggests. > > > > BR, > > Wim.| > > | > > > > 2014-10-16 5:58 GMT+02:00 Darrell Wright <darrell.wri...@gmail.com > <mailto:darrell.wri...@gmail.com> > > <mailto:darrell.wri...@gmail.com > <mailto:darrell.wri...@gmail.com>>>: > > > > I did the following for dropbox that may work here > > > > auto http_client = new_throw<Wt::Http::Client>( this ); > > http_client->setTimeout( 15 ); > > > > http_client->setMaximumResponseSize( max_file_size ); > > const auto cert_path = docRoot( ) + > > "\\certs\\dropboxusercontent.com.pem"; > > http_client->setSslVerifyFile( cert_path ); > > http_client->done( ).connect( this, on_file_downloaded ); > > > > if( http_client->get( str_url_path ) ) { > > loadingIndicator( )->widget( )->show( ); > > loadingIndicator( )->setMessage( "Downloading > > selected file from > > DropBox" ); > > processEvents( ); > > } else { > > std::cout << ""; > > //TODO: Error > > } > > > > > > The cert file is the specific one for the server. I could > not get it to > > verify down the path from the root CA's but this allowed me > to pin > > it too. > > > > > > On 2014-10-08 4:00 PM, Daniel Horsey wrote: > > >>Hey Daniel, > > > > > >> > > > > > >>It's an upstream problem in boost::asio. I believe the > comment > > reflects the fact that we've > > > never got this to work. > > > > > >> > > > > > >>When we originally implemented this, we couldn't get any > of it > > to work, but in later > > > boost versions at least verification using the standard SSL > > > >certificates works. Does your URL require a custom > certificate or > > > should it be one that is standard supported? > > > > > > Hi Koen, > > > > > > I need to connect to Google’s timezone api. I don’t think it > > requires > > > any custom cert. Maybe I’m not using it right – I call > > setSslVerifyFile > > > to point to my .crt file. Is this correct? I know zilch > about > > ssl, but > > > I thought it required the cert file, plus at least a key file. > > > > > > Thanks & best, > > > > > > -dan > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > > > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box > PCI DSS Reports > > > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download > White paper > > > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog > Analyzer > > > > > > > http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk > > > > > > > > > > > > _______________________________________________ > > > witty-interest mailing list > > > > witty-interest@lists.sourceforge.net > <mailto:witty-interest@lists.sourceforge.net> > > > <mailto:witty-interest@lists.sourceforge.net > <mailto:witty-interest@lists.sourceforge.net>> > > >https://lists.sourceforge.net/lists/listinfo/witty-interest > > > > > > > > > > > > ------------------------------------------------------------------------------ > > Comprehensive Server Monitoring with Site24x7. > > Monitor 10 servers for $9/Month. > > Get alerted through email, SMS, voice calls or mobile push > > notifications. > > Take corrective actions from your mobile device. > >http://p.sf.net/sfu/Zoho > > _______________________________________________ > > witty-interest mailing list > >witty-interest@lists.sourceforge.net > <mailto:witty-interest@lists.sourceforge.net> > > > <mailto:witty-interest@lists.sourceforge.net > <mailto:witty-interest@lists.sourceforge.net>> > > https://lists.sourceforge.net/lists/listinfo/witty-interest > > > > > > > > > > > > ------------------------------------------------------------------------------ > > Comprehensive Server Monitoring with Site24x7. > > Monitor 10 servers for $9/Month. > > Get alerted through email, SMS, voice calls or mobile push > notifications. > > Take corrective actions from your mobile device. > > http://p.sf.net/sfu/Zoho > > > > > > > > _______________________________________________ > > witty-interest mailing list > > witty-interest@lists.sourceforge.net > <mailto:witty-interest@lists.sourceforge.net> > > https://lists.sourceforge.net/lists/listinfo/witty-interest > > > > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push > notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > _______________________________________________ > witty-interest mailing list > witty-interest@lists.sourceforge.net > <mailto:witty-interest@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/witty-interest > > > > > ------------------------------------------------------------------------------ > Comprehensive Server Monitoring with Site24x7. > Monitor 10 servers for $9/Month. > Get alerted through email, SMS, voice calls or mobile push notifications. > Take corrective actions from your mobile device. > http://p.sf.net/sfu/Zoho > > > > _______________________________________________ > witty-interest mailing list > witty-interest@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/witty-interest > ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ witty-interest mailing list witty-interest@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/witty-interest
