• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1<html>
2<head>
3<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4<title>SSL</title>
5<link rel="stylesheet" href="../../../../doc/src/boostbook.css" type="text/css">
6<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
7<link rel="home" href="../../boost_asio.html" title="Boost.Asio">
8<link rel="up" href="../overview.html" title="Overview">
9<link rel="prev" href="windows/object_handle.html" title="Object HANDLEs">
10<link rel="next" href="cpp2011.html" title="C++ 2011 Support">
11</head>
12<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13<table cellpadding="2" width="100%"><tr>
14<td valign="top"><img alt="Boost C++ Libraries" width="277" height="86" src="../../../../boost.png"></td>
15<td align="center"><a href="../../../../index.html">Home</a></td>
16<td align="center"><a href="../../../../libs/libraries.htm">Libraries</a></td>
17<td align="center"><a href="http://www.boost.org/users/people.html">People</a></td>
18<td align="center"><a href="http://www.boost.org/users/faq.html">FAQ</a></td>
19<td align="center"><a href="../../../../more/index.htm">More</a></td>
20</tr></table>
21<hr>
22<div class="spirit-nav">
23<a accesskey="p" href="windows/object_handle.html"><img src="../../../../doc/src/images/prev.png" alt="Prev"></a><a accesskey="u" href="../overview.html"><img src="../../../../doc/src/images/up.png" alt="Up"></a><a accesskey="h" href="../../boost_asio.html"><img src="../../../../doc/src/images/home.png" alt="Home"></a><a accesskey="n" href="cpp2011.html"><img src="../../../../doc/src/images/next.png" alt="Next"></a>
24</div>
25<div class="section">
26<div class="titlepage"><div><div><h3 class="title">
27<a name="boost_asio.overview.ssl"></a><a class="link" href="ssl.html" title="SSL">SSL</a>
28</h3></div></div></div>
29<p>
30        Boost.Asio contains classes and class templates for basic SSL support. These
31        classes allow encrypted communication to be layered on top of an existing
32        stream, such as a TCP socket.
33      </p>
34<p>
35        Before creating an encrypted stream, an application must construct an SSL
36        context object. This object is used to set SSL options such as verification
37        mode, certificate files, and so on. As an illustration, client-side initialisation
38        may look something like:
39      </p>
40<pre class="programlisting">ssl::context ctx(ssl::context::sslv23);
41ctx.set_verify_mode(ssl::verify_peer);
42ctx.load_verify_file("ca.pem");
43</pre>
44<p>
45        To use SSL with a TCP socket, one may write:
46      </p>
47<pre class="programlisting">ssl::stream&lt;ip::tcp::socket&gt; ssl_sock(my_io_context, ctx);
48</pre>
49<p>
50        To perform socket-specific operations, such as establishing an outbound connection
51        or accepting an incoming one, the underlying socket must first be obtained
52        using the <code class="computeroutput">ssl::stream</code> template's <a class="link" href="../reference/ssl__stream/lowest_layer.html" title="ssl::stream::lowest_layer"><code class="computeroutput">lowest_layer()</code></a>
53        member function:
54      </p>
55<pre class="programlisting">ip::tcp::socket::lowest_layer_type&amp; sock = ssl_sock.lowest_layer();
56sock.connect(my_endpoint);
57</pre>
58<p>
59        In some use cases the underlying stream object will need to have a longer
60        lifetime than the SSL stream, in which case the template parameter should
61        be a reference to the stream type:
62      </p>
63<pre class="programlisting">ip::tcp::socket sock(my_io_context);
64ssl::stream&lt;ip::tcp::socket&amp;&gt; ssl_sock(sock, ctx);
65</pre>
66<p>
67        SSL handshaking must be performed prior to transmitting or receiving data
68        over an encrypted connection. This is accomplished using the <code class="computeroutput">ssl::stream</code>
69        template's <a class="link" href="../reference/ssl__stream/handshake.html" title="ssl::stream::handshake">handshake()</a>
70        or <a class="link" href="../reference/ssl__stream/async_handshake.html" title="ssl::stream::async_handshake">async_handshake()</a>
71        member functions.
72      </p>
73<p>
74        Once connected, SSL stream objects are used as synchronous or asynchronous
75        read and write streams. This means the objects can be used with any of the
76        <a class="link" href="../reference/read.html" title="read">read()</a>, <a class="link" href="../reference/async_read.html" title="async_read">async_read()</a>,
77        <a class="link" href="../reference/write.html" title="write">write()</a>, <a class="link" href="../reference/async_write.html" title="async_write">async_write()</a>,
78        <a class="link" href="../reference/read_until.html" title="read_until">read_until()</a> or <a class="link" href="../reference/async_read_until.html" title="async_read_until">async_read_until()</a>
79        free functions.
80      </p>
81<h5>
82<a name="boost_asio.overview.ssl.h0"></a>
83        <span class="phrase"><a name="boost_asio.overview.ssl.certificate_verification"></a></span><a class="link" href="ssl.html#boost_asio.overview.ssl.certificate_verification">Certificate
84        Verification</a>
85      </h5>
86<p>
87        Boost.Asio provides various methods for configuring the way SSL certificates
88        are verified:
89      </p>
90<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
91<li class="listitem">
92            <a class="link" href="../reference/ssl__context/set_default_verify_paths.html" title="ssl::context::set_default_verify_paths">ssl::context::set_default_verify_paths()</a>
93          </li>
94<li class="listitem">
95            <a class="link" href="../reference/ssl__context/set_verify_mode.html" title="ssl::context::set_verify_mode">ssl::context::set_verify_mode()</a>
96          </li>
97<li class="listitem">
98            <a class="link" href="../reference/ssl__context/set_verify_callback.html" title="ssl::context::set_verify_callback">ssl::context::set_verify_callback()</a>
99          </li>
100<li class="listitem">
101            <a class="link" href="../reference/ssl__context/load_verify_file.html" title="ssl::context::load_verify_file">ssl::context::load_verify_file()</a>
102          </li>
103<li class="listitem">
104            <a class="link" href="../reference/ssl__stream/set_verify_mode.html" title="ssl::stream::set_verify_mode">ssl::stream::set_verify_mode()</a>
105          </li>
106<li class="listitem">
107            <a class="link" href="../reference/ssl__stream/set_verify_callback.html" title="ssl::stream::set_verify_callback">ssl::stream::set_verify_callback()</a>
108          </li>
109</ul></div>
110<p>
111        To simplify use cases where certificates are verified according to the rules
112        in RFC 6125 (identity verification in the context of Transport Layer Security),
113        Boost.Asio provides a reusable verification callback as a function object:
114      </p>
115<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
116            <a class="link" href="../reference/ssl__host_name_verification.html" title="ssl::host_name_verification">ssl::host_name_verification</a>
117          </li></ul></div>
118<p>
119        The following example shows verification of a remote host's certificate according
120        to the rules used by HTTPS:
121      </p>
122<pre class="programlisting">using boost::asio::ip::tcp;
123namespace ssl = boost::asio::ssl;
124typedef ssl::stream&lt;tcp::socket&gt; ssl_socket;
125
126// Create a context that uses the default paths for
127// finding CA certificates.
128ssl::context ctx(ssl::context::sslv23);
129ctx.set_default_verify_paths();
130
131// Open a socket and connect it to the remote host.
132boost::asio::io_context io_context;
133ssl_socket sock(io_context, ctx);
134tcp::resolver resolver(io_context);
135tcp::resolver::query query("host.name", "https");
136boost::asio::connect(sock.lowest_layer(), resolver.resolve(query));
137sock.lowest_layer().set_option(tcp::no_delay(true));
138
139// Perform SSL handshake and verify the remote host's
140// certificate.
141sock.set_verify_mode(ssl::verify_peer);
142sock.set_verify_callback(ssl::host_name_verification("host.name"));
143sock.handshake(ssl_socket::client);
144
145// ... read and write as normal ...
146</pre>
147<h5>
148<a name="boost_asio.overview.ssl.h1"></a>
149        <span class="phrase"><a name="boost_asio.overview.ssl.ssl_and_threads"></a></span><a class="link" href="ssl.html#boost_asio.overview.ssl.ssl_and_threads">SSL
150        and Threads</a>
151      </h5>
152<p>
153        SSL stream objects perform no locking of their own. Therefore, it is essential
154        that all asynchronous SSL operations are performed in an implicit or explicit
155        <a class="link" href="core/strands.html" title="Strands: Use Threads Without Explicit Locking">strand</a>. Note that
156        this means that no synchronisation is required (and so no locking overhead
157        is incurred) in single threaded programs.
158      </p>
159<h5>
160<a name="boost_asio.overview.ssl.h2"></a>
161        <span class="phrase"><a name="boost_asio.overview.ssl.see_also"></a></span><a class="link" href="ssl.html#boost_asio.overview.ssl.see_also">See
162        Also</a>
163      </h5>
164<p>
165        <a class="link" href="../reference/ssl__context.html" title="ssl::context">ssl::context</a>, <a class="link" href="../reference/ssl__host_name_verification.html" title="ssl::host_name_verification">ssl::host_name_verification</a>,
166        <a class="link" href="../reference/ssl__stream.html" title="ssl::stream">ssl::stream</a>, <a class="link" href="../examples/cpp03_examples.html#boost_asio.examples.cpp03_examples.ssl">SSL example (C++03)</a>,
167        <a class="link" href="../examples/cpp11_examples.html#boost_asio.examples.cpp11_examples.ssl">SSL example (C++11)</a>.
168      </p>
169<h5>
170<a name="boost_asio.overview.ssl.h3"></a>
171        <span class="phrase"><a name="boost_asio.overview.ssl.notes"></a></span><a class="link" href="ssl.html#boost_asio.overview.ssl.notes">Notes</a>
172      </h5>
173<p>
174        <a href="http://www.openssl.org" target="_top">OpenSSL</a> is required to make use
175        of Boost.Asio's SSL support. When an application needs to use OpenSSL functionality
176        that is not wrapped by Boost.Asio, the underlying OpenSSL types may be obtained
177        by calling <a class="link" href="../reference/ssl__context/native_handle.html" title="ssl::context::native_handle"><code class="computeroutput">ssl::context::native_handle()</code></a>
178        or <a class="link" href="../reference/ssl__stream/native_handle.html" title="ssl::stream::native_handle"><code class="computeroutput">ssl::stream::native_handle()</code></a>.
179      </p>
180</div>
181<table xmlns:rev="http://www.cs.rpi.edu/~gregod/boost/tools/doc/revision" width="100%"><tr>
182<td align="left"></td>
183<td align="right"><div class="copyright-footer">Copyright © 2003-2020 Christopher M.
184      Kohlhoff<p>
185        Distributed under the Boost Software License, Version 1.0. (See accompanying
186        file LICENSE_1_0.txt or copy at <a href="http://www.boost.org/LICENSE_1_0.txt" target="_top">http://www.boost.org/LICENSE_1_0.txt</a>)
187      </p>
188</div></td>
189</tr></table>
190<hr>
191<div class="spirit-nav">
192<a accesskey="p" href="windows/object_handle.html"><img src="../../../../doc/src/images/prev.png" alt="Prev"></a><a accesskey="u" href="../overview.html"><img src="../../../../doc/src/images/up.png" alt="Up"></a><a accesskey="h" href="../../boost_asio.html"><img src="../../../../doc/src/images/home.png" alt="Home"></a><a accesskey="n" href="cpp2011.html"><img src="../../../../doc/src/images/next.png" alt="Next"></a>
193</div>
194</body>
195</html>
196