您可以從Windows CA存儲加載根CA.它已包含「默認」可信根CA證書,可通過certmgr進行管理。使用以下函數替換窗口下的set_default_verify_paths:
#include <boost/asio/ssl/context.hpp>
#include <wincrypt.h>
void add_windows_root_certs(boost::asio::ssl::context &ctx)
{
HCERTSTORE hStore = CertOpenSystemStore(0, "ROOT");
if (hStore == NULL) {
return;
}
X509_STORE *store = X509_STORE_new();
PCCERT_CONTEXT pContext = NULL;
while ((pContext = CertEnumCertificatesInStore(hStore, pContext)) != NULL) {
X509 *x509 = d2i_X509(NULL,
(const unsigned char **)&pContext->pbCertEncoded,
pContext->cbCertEncoded);
if(x509 != NULL) {
X509_STORE_add_cert(store, x509);
X509_free(x509);
}
}
CertFreeCertificateContext(pContext);
CertCloseStore(hStore, 0);
SSL_CTX_set_cert_store(ctx.native_handle(), store);
}
這將從windows ca store中加載證書。它使用d2i_X509將它們轉換爲內部OpenSSL格式並將它們添加到OpenSSL X509_STORE。然後,SSL_CTX_set_cert_store將該存儲附加到boost ssl上下文。你可以用它來建立你的SSL上下文:
namespace ssl = boost::asio::ssl;
ssl::context ctx(ssl::context::tlsv12_client);
ctx.set_options(ssl::context::default_workarounds
| ssl::context::no_sslv2
| ssl::context::no_sslv3
| ssl::context::tlsv12_client);
#if BOOST_OS_WINDOWS
add_windows_root_certs(ctx);
#else
ctx.set_default_verify_paths();
#endif
ctx.set_password_callback(&password_callback);
client c(io_service, ctx, iterator);
io_service.run();
注意:您可能會需要crypt32添加到您的鏈接庫。
注2:BOOST_OS_WINDOWS需要Boost Predef
來源
2016-11-20 23:46:32
rbr