Login/Register
how to use SSL in C++ gSOAP generated classes
Asked Answered
Solved c++sslhttpsgsoap
I

4

8

i need to use gsoap library in C++ and i need to use https. documentation says how to work with HTTPS in C, but not in C++ (http://www.cs.fsu.edu/~engelen/soapdoc2.html#tth_sEc19.20). in particular, i have compulation error on soap_ssl_init(); function. i've looked /usr/lib/libgsoap* files and found ligsoapssl++.a file and linked against it. this error has gone, but i get error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. that's mean i need to call soap_ssl_client_context func, but there isn't in C++ generated classes. What should i do?

UPD: i've solved this trouble by myself. but it's quirky, very quirky way. gSOAP generates C++ classes inherited from struct soap, it contains following attrs:

BIO *bio;
SSL *ssl;
SSL_CTX *ctx;
unsigned short ssl_flags;
const char *keyfile;
const char *password;
const char *dhfile;
const char *cafile;
const char *capath;
const char *crlfile;
const char *randfile;
SSL_SESSION *session;

so we can setup necessary attrs (flags, params) as in OpenSSL library by ourselves. In simple case it's enough to call soap_ssl_init() once and set ssl_flags = SOAP_SSL_NO_AUTHENTICATION. it works for me. if anyone knows better way i'll glad to see.

Irenairene answered 11/6, 2011 at 12:48 Comment(2)
what is the error you're getting?Haymo
soap_ssl_init undefined reference. i've looked /usr/lib/libgsoap* files and found ligsoapssl++.a file and linked against it. this error has gone, but i get error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. that's mean i need to call soap_ssl_client_context func, but there isn't in C++ generated classes. What should i do?Irenairene
I
1

i've solved this trouble by myself. but it's quirky, very quirky way. gSOAP generates C++ classes inherited from struct soap, it contains following attrs:

BIO *bio;
SSL *ssl;
SSL_CTX *ctx;
unsigned short ssl_flags;
const char *keyfile;
const char *password;
const char *dhfile;
const char *cafile;
const char *capath;
const char *crlfile;
const char *randfile;
SSL_SESSION *session;

so we can setup necessary attrs (flags, params) as in OpenSSL library by ourselves. In simple case it's enough to call soap_ssl_init() once and set ssl_flags = SOAP_SSL_NO_AUTHENTICATION. it works for me. if anyone knows better way i'll gla

Irenairene answered 12/6, 2011 at 9:24 Comment(4)
By doing this, you disable the server certificate verification, which is a requirement to establish a secure SSL connection.Gwinn
Yeah, i know. but you can set the appropriate flag to ssl_flags and paths to keyfiles in const char *keyfile, const char *cafile, etc.Irenairene
but when do you call soap_ssl_init(), before using the service?Chaney
yes. soap_ssl_init() causes initialization of OpenSSL library.Irenairene
P
3

This works for me:

soap_ssl_client_context(m_proxy.soap, SOAP_SSL_NO_AUTHENTICATION, NULL, NULL, NULL, NULL, NULL);

where m_proxy is an instance of the client proxy generated using gSOAP:

wsdl2h.exe -o MyWebservice.h ..\MyWebservice.wsdl
soapcpp2.exe -IC:\gsoap-2.8\gsoap\import -j MyWebservice.h -C -1 -SL
Pentheam answered 11/4, 2017 at 14:7 Comment(0)
I
1

i've solved this trouble by myself. but it's quirky, very quirky way. gSOAP generates C++ classes inherited from struct soap, it contains following attrs:

BIO *bio;
SSL *ssl;
SSL_CTX *ctx;
unsigned short ssl_flags;
const char *keyfile;
const char *password;
const char *dhfile;
const char *cafile;
const char *capath;
const char *crlfile;
const char *randfile;
SSL_SESSION *session;

so we can setup necessary attrs (flags, params) as in OpenSSL library by ourselves. In simple case it's enough to call soap_ssl_init() once and set ssl_flags = SOAP_SSL_NO_AUTHENTICATION. it works for me. if anyone knows better way i'll gla

Irenairene answered 12/6, 2011 at 9:24 Comment(4)
By doing this, you disable the server certificate verification, which is a requirement to establish a secure SSL connection.Gwinn
Yeah, i know. but you can set the appropriate flag to ssl_flags and paths to keyfiles in const char *keyfile, const char *cafile, etc.Irenairene
but when do you call soap_ssl_init(), before using the service?Chaney
yes. soap_ssl_init() causes initialization of OpenSSL library.Irenairene
K
0

I have used SSL support on gsoap in my c++ program, and I have had no problems. I compiled the source file stdsoap2.cpp (which comes along with gsoap), with the -DWITH_OPENSSL directive (did you miss this?). I used the obj file, and linked my program with it.

Kasten answered 7/6, 2013 at 8:51 Comment(0)
C
0

I have experienced the same problem today. I was using Ubuntu 14.04 on VirtualBox and Gsoap 2.8.21.

I generated C++ proxy classes with command:

soapcpp2 -1 -I/opt/libraries/gsoap/build/2.8.21/share/gsoap/import -C -j temporary.h

At a first place, I used the aforementioned solution and set ssl_flags to SOAP_SSL_NO_AUTHENTICATION. Thanks to this error disappeared.

Moreover I observed that while changing flags to SOAP_TLSv1, it also makes the errors disappear. The flag that causes headaches was SOAP_SSL_REQUIRE_SERVER_AUTHENTICATION which is by default set inside SOAP_SSL_DEFAULT flag.

Everything seemed fine, until I recompiled gsoap from source with flag --enable-debug. Soon after I started to see something like:

SSL verify error or warning with certificate at depth 1: unable to get local issuer certificate

The best solution I found so far is to download the cacerts.pem file from gsoap site https://www.cs.fsu.edu/~engelen/cacerts.pem.zip and unzip them next to your executable.

And of course in your code you should have something similar to:

soap *soap = soap_new();
soap->ssl_flags = SOAP_SSL_DEFAULT;

soap_register_plugin(soap, soap_wsse);
soap->cafile = "cacerts.pem";

Then all the warning and error messages disappear.

Chirlin answered 12/1, 2015 at 16:56 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.