Skip to content

Provides a way of passing a custom ssl context to the connection. #174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mzimbres merged 2 commits into from
Jan 3, 2024
Merged

Provides a way of passing a custom ssl context to the connection. #174

mzimbres merged 2 commits into from
Jan 3, 2024

Conversation

@mzimbres
Copy link
Collaborator

@mzimbres mzimbres commented Dec 31, 2023

@anarthal It would be great if you had a look at this PR. Thanks.

@anarthal
Copy link
Collaborator

anarthal commented Dec 31, 2023

It looks like moving a connection constructed from a null context leaves a dangling pointer to the fallback context. Plus you're creating a context per object even if you don't need one. If you're gonna do like that, better pass the context by value.

I solved both of these issues by having the fallback context as a singleton. Klemens solved it using an Asio service.

@mzimbres mzimbres force-pushed the 168-no-way-to-specify-caclient-certificate-for-ssl-connections branch from 8efbb78 to 8d73026 Compare January 1, 2024 11:09
@mzimbres
Copy link
Collaborator Author

mzimbres commented Jan 1, 2024

@mzimbres I am glad I pulled you in the PR. I have been hurrying with some implementations as my free time has dropped.

@anarthal
Copy link
Collaborator

anarthal commented Jan 1, 2024

I also recommend using ssl::context::tlsv12_client as the default method. This disables support for TLS 1.0 and 1.1, which are considered vulnerable.

@mzimbres mzimbres force-pushed the 168-no-way-to-specify-caclient-certificate-for-ssl-connections branch from dbf9437 to 1160347 Compare January 1, 2024 21:10
@mzimbres mzimbres merged commit 112bba7 into develop Jan 3, 2024
@mzimbres mzimbres deleted the 168-no-way-to-specify-caclient-certificate-for-ssl-connections branch January 3, 2024 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mzimbres @anarthal