Giters

oatpp / oatpp-openssl

OpenSSL adaptor for Oat++ applications

Home Page:https://oatpp.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[QUESTION] How can i create a connection with mutual authentication ?

MateusDornelles opened this issue · comments

commented

Basic what the title says, how can i create a connection with mutual authentication ?

Thanks.

commented

Hi,

Given that you have your ca, client cert, etc setup already you can achieve this by:

Server

auto config = oatpp::openssl::Config::createShared();
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::CertificateFile>("path/to/server.pem"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PrivateKeyFile>("path/to/server.key"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PeerCertificateVerification>(oatpp::openssl::configurer::CertificateVerificationMode::EnabledStrong)));
auto connectionProvider = oatpp::openssl::server::ConnectionProvider::createShared(config, {"localhost", 8443});

Client

auto config = oatpp::openssl::Config::createShared();
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::CertificateFile>("path/to/client.pem"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PrivateKeyFile>("path/to/client.key"));
config->addContextConfigurer(std::make_shared<oatpp::openssl::configurer::PeerCertificateVerification>(oatpp::openssl::configurer::CertificateVerificationMode::EnabledStrong)));
auto connectionProvider = oatpp::openssl::client::ConnectionProvider::createShared(config, {"httpbin.org", 443});

oatpp::openssl::configurer::CertificateVerificationMode::EnabledStrong is important because this forces the opposite side to send a valid certificate.

Please have a look at the different configuration options under src/oatpp-openssl/configurer.