Login/Register
How to use OpenSSL in POCO C++ library correctly
Asked Answered
c++httpsopensslpoco-libraries
D

2

18

According to the Specification in POCO assistant:

Initialize the NetSSL library, as well as the underlying OpenSSL libraries, by calling Poco::Crypto::OpenSSLInitializer::initialize(). Should be called before using any class from the NetSSL library. The NetSSL will be initialized automatically, through Poco::Crypto::OpenSSLInitializer instances or similar mechanisms when creating Context or SSLManager instances. However, it is recommended to call initializeSSL() in any case at application startup.

When I want to use HTTPSClientSession,do I have to construct an Application object first? How can I use it in Client? Any guy can tell me ?Thank you very much!

Darvon answered 4/6, 2012 at 3:12 Comment(0)
U
16

Let's take Net/samples/httpget as an example, let's copy httpget/ as a new httpsget directory:

  1. open Makefile, add "PocoNetSSL" to target_libs
  2. replace 'HTTPClientSession' with 'HTTPSClientSession'
  3. you need to create Poco::Net::Context for SSL use
  4. replace 'HTTPClientSession session(uri.getHost(), uri.getPort());' with following two lines:
const Context::Ptr context = new Context(Context::CLIENT_USE, "", "", "", Context::VERIFY_NONE, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
HTTPSClientSession session(uri.getHost(), uri.getPort(), context);

Summary:

  1. add PocoNetSSL as a lib_depends
  2. use Poco::Net::Context with HTTPSClientSession
Untouchability answered 2/10, 2012 at 3:42 Comment(3)
Context::VERIFY_NONE, "Client: If not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked, but the result of the check will be ignored." Doesn't this basically defeat the point of certificates?Examination
Good point by proteneer. Changing to verificationMode = Context::VERIFY_STRICT and loadDefaultCAs = true seems like a more sane default.Magallanes
Anything other than VERIFY_NONE seems indeed safer than VERIFY_NONE, but some hosts have no valid certificate... :-(Cailly
D
7

No, you do not need the Application object. Here's a fully functional example:

$ httpsget https://httpbin.org/user-agent
{
  "user-agent": "Poco HTTPSClientSession"
}

Code:

#include "Poco/StreamCopier.h"
#include "Poco/URI.h"
#include "Poco/Exception.h"
#include "Poco/SharedPtr.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/KeyConsoleHandler.h"
#include "Poco/Net/ConsoleCertificateHandler.h"
#include "Poco/Net/HTTPSClientSession.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include <memory>
#include <iostream>

using namespace Poco;
using namespace Poco::Net;

class SSLInitializer {
public:
    SSLInitializer() { Poco::Net::initializeSSL(); }

    ~SSLInitializer() { Poco::Net::uninitializeSSL(); }
};

int main(int argc, char** argv)
{
    SSLInitializer sslInitializer;

    SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler(false);
    Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_STRICT, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
    SSLManager::instance().initializeClient(0, ptrCert, ptrContext);

    try
    {
        if (argc > 1)
        {
            URI uri(argv[1]);
            HTTPSClientSession s(uri.getHost(), uri.getPort());
            HTTPRequest request(HTTPRequest::HTTP_GET, uri.getPath());
            request.set("user-agent", "Poco HTTPSClientSession");
            s.sendRequest(request);
            HTTPResponse response;
            std::istream& rs = s.receiveResponse(response);
            StreamCopier::copyStream(rs, std::cout);
        }
    }
    catch (Exception& ex)
    {
        std::cout << ex.displayText() << std::endl;
        return 1;
    }

    return 0;
}
Dovelike answered 26/10, 2015 at 3:18 Comment(2)
I notice you aren't passing the context to the session, is that intentional?Eonian
Yes, the default context provided to initializeClient() will be used: github.com/pocoproject/poco/blob/poco-1.7.8/NetSSL_OpenSSL/src/…Dovelike

© 2022 - 2024 — McMap. All rights reserved.