Browse Source

add TLS support, necessary for LAS-22 and LAS-23.

pull/2/head
roker 1 year ago
parent
commit
9c72e7b1d8
2 changed files with 94 additions and 32 deletions
  1. +90
    -30
      webclient.cc
  2. +4
    -2
      webclient.hh

+ 90
- 30
webclient.cc View File

@ -4,9 +4,12 @@
#include <stdexcept>
#include <boost/beast/core.hpp>
#include <boost/beast/http.hpp>
#include <boost/beast/ssl.hpp>
#include <boost/beast/version.hpp>
#include <boost/asio/connect.hpp>
#include <boost/asio/ip/tcp.hpp>
#include <boost/asio/ssl/error.hpp>
#include <boost/asio/ssl/stream.hpp>
namespace pEp
{
@ -14,33 +17,19 @@ namespace pEp
namespace beast = boost::beast; // from <boost/beast.hpp>
namespace http = beast::http; // from <boost/beast/http.hpp>
namespace net = boost::asio; // from <boost/asio.hpp>
namespace ssl = net::ssl; // from <boost/asio/ssl.hpp>
using tcp = net::ip::tcp; // from <boost/asio/ip/tcp.hpp>
HttpError::HttpError(unsigned error_code, const std::string& error_message)
: runtime_error("HTTP Error: " + std::to_string(error_code) + " " + error_message)
{}
namespace
{
// based on https://www.boost.org/doc/libs/1_75_0/libs/beast/doc/html/beast/quick_start/http_client.html
std::string Webclient::get(const std::string& url)
template<class Stream>
std::string fetch_and_close(Stream& stream, const std::string& server, const std::string& url)
{
// The io_context is required for all I/O
net::io_context ioc;
// These objects perform our I/O
tcp::resolver resolver(ioc);
beast::tcp_stream stream(ioc);
// Look up the domain name
auto const results = resolver.resolve(m_server_name, std::to_string(m_port));
// Make the connection on the IP address we get from a lookup
stream.connect(results);
// Set up an HTTP GET request message
http::request<http::string_body> req{http::verb::get, url, 11};
req.set(http::field::host, m_server_name);
req.set(http::field::host, server);
req.set(http::field::user_agent, "pEp::Webclient 0.1");
// Send the HTTP request to the remote host
@ -54,19 +43,90 @@ std::string Webclient::get(const std::string& url)
// Receive the HTTP response
http::read(stream, buffer, res);
return boost::beast::buffers_to_string(res.body().data());
}
} // end of anonymous namespace
HttpError::HttpError(unsigned error_code, const std::string& error_message)
: runtime_error("HTTP Error: " + std::to_string(error_code) + " " + error_message)
{}
// based on https://www.boost.org/doc/libs/1_75_0/libs/beast/doc/html/beast/quick_start/http_client.html
std::string Webclient::get(const std::string& url)
{
std::string ret;
// The io_context is required for all I/O
net::io_context ioc;
// Gracefully close the socket
beast::error_code ec;
stream.socket().shutdown(tcp::socket::shutdown_both, ec);
// These objects perform our I/O
tcp::resolver resolver(ioc);
// not_connected happens sometimes
// so don't bother reporting it.
//
if(ec && ec != beast::errc::not_connected)
throw beast::system_error{ec};
// Look up the domain name
auto const results = resolver.resolve(m_server_name, std::to_string(m_port));
// If we get here then the connection is closed gracefully
return boost::beast::buffers_to_string(res.body().data());
if(m_secure)
{
// The SSL context is required, and holds certificates
ssl::context ctx(ssl::context::tlsv12_client);
// This holds the root certificate used for verification
//load_root_certificates(ctx);
// Verify the remote server's certificate
ctx.set_verify_mode(ssl::verify_peer);
beast::ssl_stream<beast::tcp_stream> stream(ioc, ctx);
// Set SNI Hostname (many hosts need this to handshake successfully)
if(! SSL_set_tlsext_host_name(stream.native_handle(), m_server_name.c_str()))
{
beast::error_code ec{static_cast<int>(::ERR_get_error()), net::error::get_ssl_category()};
throw beast::system_error{ec};
}
// Make the connection on the IP address we get from a lookup
beast::get_lowest_layer(stream).connect(results);
// Perform the SSL handshake
stream.handshake(ssl::stream_base::client);
ret = fetch_and_close(stream, m_server_name, url);
// Gracefully close the socket
beast::error_code ec;
stream.shutdown(ec);
// not_connected happens sometimes
// so don't bother reporting it.
//
if(ec && ec != beast::errc::not_connected)
throw beast::system_error{ec};
}else{
// HTTP, without TLS
beast::tcp_stream stream(ioc);
// Make the connection on the IP address we get from a lookup
stream.connect(results);
ret = fetch_and_close(stream, m_server_name, url);
// Gracefully close the socket
beast::error_code ec;
stream.socket().shutdown(tcp::socket::shutdown_both, ec);
// not_connected happens sometimes
// so don't bother reporting it.
//
if(ec && ec != beast::errc::not_connected)
throw beast::system_error{ec};
}
return ret;
}


+ 4
- 2
webclient.hh View File

@ -15,15 +15,17 @@ namespace pEp
class Webclient
{
public:
Webclient(const std::string& server_name, unsigned port=80)
Webclient(const std::string& server_name, bool secure, unsigned port=0)
: m_server_name{server_name}
, m_port{port}
, m_secure{secure}
, m_port{port==0 ? (secure?443:80) : port}
{}
std::string get(const std::string& url);
private:
const std::string& m_server_name;
const bool m_secure;
const unsigned m_port;
};


Loading…
Cancel
Save