Boost mailing page: [boost] [beast] Platform proxy settings, SSL verification

Date view	Thread view	Subject view	Author view

Subject: [boost] [beast] Platform proxy settings, SSL verification
From: Phil Endecott (spam_from_boost_dev_at_[hidden])
Date: 2017-07-01 17:02:04

Next message: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"
Previous message: Vinnie Falco: "Re: [boost] [review][beast] Review of Beast starts today : July 1 - July 10"
Next in thread: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"
Reply: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"
Reply: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"

Here are just a few quick comments re Beast:

1. It's a terrible name, but I believe others have already
mentioned that.

2. I don't believe there is any integration with platform proxy
settings. I'll explain:

I have my own basic HTTP client and server code that I've used in
a handful of projects. There are a few features that it lacks that
have caused me problems. In particular, when I tried to use my
HTTP client code in an iOS app, it worked on WiFi networks but not
on some cellular networks. After much remote debugging I realised
that some cellular carriers in some countries require that HTTP
traffic goes via a (non-transparent) proxy. If you use the iOS
http client then this is handled for you, but my code knows nothing
about it. For me to test a fix for this I would have had to fly
to another continent....

This is the sort of thing that is particularly valuable in a
Boost library: I try to write portable code, but I don't know the
details of every platform that it will run on or even have test
systems available to me. Having a library that knows about the
platform-specific details, and which has been tested on a wide
variety of those platforms, is very valuable. (And a library
that instead just does the "easy parts" is something that I could
have written, or already have written, myself.)

3. Finally a comment about the SSL example at
https://github.com/vinniefalco/Beast/blob/master/example/http-client-ssl/http_client_ssl.cpp

This says stream.set_verify_mode(ssl::verify_none);

Please correct me if I'm wrong, but I think that means that it does
not do any sort of certificate verification.

As a matter of principle, I think that the *first* SSL example
should show how to establish a properly-secure connection. See for example
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf (""The Most Dangerous
Code in the World: Validating SSL Certificates in Non-Browser Software")
and e.g. https://lwn.net/Articles/522111/ for discussion. A quick look
at http://www.boost.org/doc/libs/1_47_0/doc/html/boost_asio/overview/ssl.html
suggests that this might add as few as two more lines to the code.

Regards, Phil.

Next message: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"
Previous message: Vinnie Falco: "Re: [boost] [review][beast] Review of Beast starts today : July 1 - July 10"
Next in thread: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"
Reply: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"
Reply: Vinnie Falco: "Re: [boost] [beast] Platform proxy settings, SSL verification"

Date view	Thread view	Subject view	Author view