Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74

byllyfish · 2015-07-11T23:55:15Z

ASIO no longer compiles when using the latest BoringSSL because ASIO accesses the extra_certs member directly in context::use_certificate_chain. To clear the certificate chain, OpenSSL 1.0.2 added a new API you can use: SSL_CTX_clear_chain_certs

Here is a patch for context.ipp:

diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp
index 08705e7..77da84e 100644
--- a/asio/include/asio/ssl/impl/context.ipp
+++ b/asio/include/asio/ssl/impl/context.ipp
@@ -539,11 +539,15 @@ asio::error_code context::use_certificate_chain(
       return ec;
     }

+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
+    ::SSL_CTX_clear_chain_certs(handle_);
+#else
     if (handle_->extra_certs)
     {
       ::sk_X509_pop_free(handle_->extra_certs, X509_free);
       handle_->extra_certs = 0;
     }
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)

     while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
           handle_->default_passwd_callback,

chriskohlhoff · 2015-12-03T00:09:00Z

Fixed in 6c70257.

BenPope mentioned this issue Sep 29, 2015

Support BoringSSL #373

Closed

mlt mentioned this issue Nov 11, 2015

openssl branch #287

Closed

chriskohlhoff closed this Dec 3, 2015

mabrarov mentioned this issue Mar 13, 2019

Can I configure asio to use other SSL libraries besides OpenSSL? #350

Closed

chriskohlhoff / asio

Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74

Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74

byllyfish commented Jul 11, 2015

chriskohlhoff commented Dec 3, 2015

chriskohlhoff / asio

Join GitHub today

Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74

Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74

Comments

byllyfish commented Jul 11, 2015

chriskohlhoff commented Dec 3, 2015