Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace reference to 'extra_certs' for BoringSSL/OpenSSL 1.0.2 and later #74

byllyfish opened this issue Jul 11, 2015 · 1 comment


Copy link

ASIO no longer compiles when using the latest BoringSSL because ASIO accesses the extra_certs member directly in context::use_certificate_chain. To clear the certificate chain, OpenSSL 1.0.2 added a new API you can use: SSL_CTX_clear_chain_certs

Here is a patch for context.ipp:

diff --git a/asio/include/asio/ssl/impl/context.ipp b/asio/include/asio/ssl/impl/context.ipp
index 08705e7..77da84e 100644
--- a/asio/include/asio/ssl/impl/context.ipp
+++ b/asio/include/asio/ssl/impl/context.ipp
@@ -539,11 +539,15 @@ asio::error_code context::use_certificate_chain(
       return ec;

+#if (OPENSSL_VERSION_NUMBER >= 0x10002000L)
+    ::SSL_CTX_clear_chain_certs(handle_);
     if (handle_->extra_certs)
       ::sk_X509_pop_free(handle_->extra_certs, X509_free);
       handle_->extra_certs = 0;
+#endif // (OPENSSL_VERSION_NUMBER >= 0x10002000L)

     while (X509* cacert = ::PEM_read_bio_X509(bio.p, 0,
Copy link

Fixed in 6c70257.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

No branches or pull requests

2 participants