1 //
2 // Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
3 //
4 // Distributed under the Boost Software License, Version 1.0. (See accompanying
5 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6 //
7 // Official repository: https://github.com/boostorg/beast
8 //
9
10 #ifndef BOOST_BEAST_EXAMPLE_COMMON_ROOT_CERTIFICATES_HPP
11 #define BOOST_BEAST_EXAMPLE_COMMON_ROOT_CERTIFICATES_HPP
12
13 #include <boost/asio/ssl.hpp>
14 #include <string>
15
16 /*
17 PLEASE READ
18
19 These root certificates here are included just to make the
20 SSL client examples work. They are NOT intended to be
21 illustrative of best-practices for performing TLS certificate
22 verification.
23
24 A REAL program which needs to verify the authenticity of a
25 server IP address resolved from a given DNS name needs to
26 consult the operating system specific certificate store
27 to validate the chain of signatures, compare the domain name
28 properly against the domain name in the certificate, check
29 the certificate revocation list, and probably do some other
30 things.
31
32 ALL of these operations are entirely outside the scope of
33 both Boost.Beast and Boost.Asio.
34
35 See (work in progress):
36 https://github.com/djarek/certify
37
38 tl;dr: root_certificates.hpp should not be used in production code
39 */
40
41 namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp>
42
43 namespace detail {
44
45 inline
46 void
load_root_certificates(ssl::context & ctx,boost::system::error_code & ec)47 load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
48 {
49 std::string const cert =
50 /* This is the DigiCert Global Root CA
51
52 CN = DigiCert High Assurance EV Root CA
53 OU = www.digicert.com
54 O = DigiCert Inc
55 C = US
56
57 Valid to: 10 November 2031
58
59 Serial #:
60 08:3B:E0:56:90:42:46:B1:A1:75:6A:C9:59:91:C7:4A
61
62 SHA1 Fingerprint:
63 A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
64
65 SHA256 Fingerprint:
66 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61
67 */
68 "-----BEGIN CERTIFICATE-----\n"
69 "MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\n"
70 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
71 "d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n"
72 "QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\n"
73 "MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\n"
74 "b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n"
75 "9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\n"
76 "CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\n"
77 "nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n"
78 "43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\n"
79 "T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\n"
80 "gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\n"
81 "BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\n"
82 "TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\n"
83 "DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\n"
84 "hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n"
85 "06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\n"
86 "PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n"
87 "YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\n"
88 "CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n"
89 "-----END CERTIFICATE-----\n"
90
91 /* This is the GeoTrust root certificate.
92
93 CN = GeoTrust Global CA
94 O = GeoTrust Inc.
95 C = US
96 Valid to: Friday, May 20, 2022 9:00:00 PM
97
98 Thumbprint(sha1):
99 de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
100 */
101 "-----BEGIN CERTIFICATE-----\n"
102 "MIIDaDCCAlCgAwIBAgIJAO8vBu8i8exWMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV\n"
103 "BAYTAlVTMQswCQYDVQQIDAJDQTEtMCsGA1UEBwwkTG9zIEFuZ2VsZXNPPUJlYXN0\n"
104 "Q049d3d3LmV4YW1wbGUuY29tMB4XDTE3MDUwMzE4MzkxMloXDTQ0MDkxODE4Mzkx\n"
105 "MlowSTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMS0wKwYDVQQHDCRMb3MgQW5n\n"
106 "ZWxlc089QmVhc3RDTj13d3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n"
107 "A4IBDwAwggEKAoIBAQDJ7BRKFO8fqmsEXw8v9YOVXyrQVsVbjSSGEs4Vzs4cJgcF\n"
108 "xqGitbnLIrOgiJpRAPLy5MNcAXE1strVGfdEf7xMYSZ/4wOrxUyVw/Ltgsft8m7b\n"
109 "Fu8TsCzO6XrxpnVtWk506YZ7ToTa5UjHfBi2+pWTxbpN12UhiZNUcrRsqTFW+6fO\n"
110 "9d7xm5wlaZG8cMdg0cO1bhkz45JSl3wWKIES7t3EfKePZbNlQ5hPy7Pd5JTmdGBp\n"
111 "yY8anC8u4LPbmgW0/U31PH0rRVfGcBbZsAoQw5Tc5dnb6N2GEIbq3ehSfdDHGnrv\n"
112 "enu2tOK9Qx6GEzXh3sekZkxcgh+NlIxCNxu//Dk9AgMBAAGjUzBRMB0GA1UdDgQW\n"
113 "BBTZh0N9Ne1OD7GBGJYz4PNESHuXezAfBgNVHSMEGDAWgBTZh0N9Ne1OD7GBGJYz\n"
114 "4PNESHuXezAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmTJVT\n"
115 "LH5Cru1vXtzb3N9dyolcVH82xFVwPewArchgq+CEkajOU9bnzCqvhM4CryBb4cUs\n"
116 "gqXWp85hAh55uBOqXb2yyESEleMCJEiVTwm/m26FdONvEGptsiCmF5Gxi0YRtn8N\n"
117 "V+KhrQaAyLrLdPYI7TrwAOisq2I1cD0mt+xgwuv/654Rl3IhOMx+fKWKJ9qLAiaE\n"
118 "fQyshjlPP9mYVxWOxqctUdQ8UnsUKKGEUcVrA08i1OAnVKlPFjKBvk+r7jpsTPcr\n"
119 "9pWXTO9JrYMML7d+XRSZA1n3856OqZDX4403+9FnXCvfcLZLLKTBvwwFgEFGpzjK\n"
120 "UEVbkhd5qstF6qWK\n"
121 "-----END CERTIFICATE-----\n";
122 ;
123
124 ctx.add_certificate_authority(
125 boost::asio::buffer(cert.data(), cert.size()), ec);
126 if(ec)
127 return;
128 }
129
130 } // detail
131
132 // Load the root certificates into an ssl::context
133
134 inline
135 void
load_root_certificates(ssl::context & ctx,boost::system::error_code & ec)136 load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
137 {
138 detail::load_root_certificates(ctx, ec);
139 }
140
141 inline
142 void
load_root_certificates(ssl::context & ctx)143 load_root_certificates(ssl::context& ctx)
144 {
145 boost::system::error_code ec;
146 detail::load_root_certificates(ctx, ec);
147 if(ec)
148 throw boost::system::system_error{ec};
149 }
150
151 #endif
152