Handshake failed: certificate verify failed (Boost ASIO)

0
votes

Hello I'm trying to connect to a server:

    argv[1] = "demo.demo.com"; // or httpbin.com
    argv[2] = "39473"; // or 80

With this similar code:

http://www.boost.org/doc/libs/1_47_0/doc/html/boost_asio/example/ssl/client.cpp

The problem I am getting is this:

Handshake failed: certificate verify failed

I have tried this:

boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23);
ctx.set_verify_mode(boost::asio::ssl::verify_none);
//ctx.set_default_verify_paths();

Is there a way to just connect without verifying certificate.

2
c++sslboostboost-asio
I also tried argv[1] = "httpbin.org"; argv[2] = "80"; but still getting the same error - quarks

2 Answers

1
votes

You could add a verification callback that returns true:

socket_.set_verify_callback(
    boost::bind(&client::verify_certificate, this, _1, _2));

Where

  bool verify_certificate(bool preverified,
      boost::asio::ssl::verify_context& ctx)
  {
      return true;
  }
0
votes

So the error indicates that the returned certificate does not match the one that was loaded. In the example code, the loaded certificate occurs here:

ctx.load_verify_file("ca.pem");

As a test, you might try the following. Issue this command in a CMD shell (I'm assuming you have openssl installed):

openssl s_client -connect demo.demo.com:39473 -showcerts

Examine the returned output, and compare it to your ca.pem file. I bet they are different. You could even try replacing the content of your ca.pem file with the returned text from opensll, and hopefully that works.

Your mileage may vary.