Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provides a way to ignore host verify #1796

Open
pbwang002 opened this issue Mar 11, 2024 · 6 comments
Open

Provides a way to ignore host verify #1796

pbwang002 opened this issue Mar 11, 2024 · 6 comments
Labels
enhancement

Comments

@pbwang002
Copy link

image
When setting the client authentication mode to SSL_VERIFY_NONE, the host verification is not ignored.
Provides a way to ignore host verify.
@PixlRainbow
Copy link
Contributor

Use enable_server_certificate_verification(false) method on SSLClient

@yhirose yhirose closed this as completed Mar 12, 2024
@pbwang002
Copy link
Author

Use enable_server_certificate_verification(false) method on SSLClient

  1. Java spring boot and python http client generally support two options, enabling ssl authentication and whether to ignore host_name authentication, which is more flexible.
  2. cpp-httplib now has SSL authentication enabled and must verify the hostname, which is too inflexible.

@pbwang002
Copy link
Author

@yhirose @PixlRainbow

@PixlRainbow
Copy link
Contributor

PixlRainbow commented Mar 12, 2024
edited

Ah, so you want to still run SSL_get_verify_result

cpp-httplib/httplib.h

Lines 8759 to 8760 in 548dfff

if (server_certificate_verification_) {
verify_result_ = SSL_get_verify_result(ssl2);

But have an option to skip just verify_host

cpp-httplib/httplib.h

Lines 8774 to 8778 in 548dfff

if (!verify_host(server_cert)) {
X509_free(server_cert);
error = Error::SSLServerVerification;
return false;
}

The curl equivalent being CURLOPT_SSL_VERIFYHOST = 0

@pbwang002
Copy link
Author

Ah, so you want to still run SSL_get_verify_result

cpp-httplib/httplib.h

Lines 8759 to 8760 in 548dfff

if (server_certificate_verification_) {
verify_result_ = SSL_get_verify_result(ssl2);

But have an option to skip just verify_host

cpp-httplib/httplib.h

Lines 8774 to 8778 in 548dfff

if (!verify_host(server_cert)) {
X509_free(server_cert);
error = Error::SSLServerVerification;
return false;
}

The curl equivalent being CURLOPT_SSL_VERIFYHOST = 0

Yes, httplib does not provide this capability now

@yhirose
Copy link
Owner

yhirose commented Mar 13, 2024

Thanks for the clear explanation.

@yhirose yhirose reopened this Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yhirose @pbwang002 @PixlRainbow