Using TLSv1 since boost1_41 supports TLS v1.0 #218
Conversation
|
@yush1ga - can you please have a look at these changes |
| @@ -32,7 +32,7 @@ typedef boost::shared_ptr<boost::asio::ssl::stream<boost::asio::ip::tcp::socket& | |||
| typedef boost::shared_ptr<boost::asio::ip::tcp::resolver> TcpResolverPtr; | |||
| typedef boost::shared_ptr<boost::asio::deadline_timer> DeadlineTimerPtr; | |||
| class ExecutorService : private boost::noncopyable { | |||
|
|
|||
| friend class ClientConnection; | |||
There was a problem hiding this comment.
@rdhabalia - We need it inorder to access ExecutorService.io_service_
| @@ -114,13 +114,13 @@ isTlsAllowInsecureConnection_(false) { | |||
| if (clientConfiguration.isUseTls()) { | |||
| using namespace boost::filesystem; | |||
|
|
|||
| boost::asio::ssl::context ctx(boost::asio::ssl::context::tlsv12_client); | |||
| boost::asio::ssl::context ctx(executor_->io_service_, boost::asio::ssl::context::tlsv1_client); | |||
|
|
|||
There was a problem hiding this comment.
Is there a way to figure out the latest supported version?
There was a problem hiding this comment.
@merlimat Latest TLS version that boost supports is tls v1.2 - http://www.boost.org/doc/libs/1_63_0/doc/html/boost_asio/reference.html#boost_asio.reference.ssl__context_base
Difference b/w tls versions is :-
https://www.wolfssl.com/wolfSSL/Blog/Entries/2010/10/7_Differences_between_SSL_and_TLS_Protocol_Versions.html
There was a problem hiding this comment.
I mean, at least, we could add an #ifdef block to select the TLS version depending on the boost version.
There was a problem hiding this comment.
boost::asio::ssl::context ctx(boost::asio::ssl::context::tlsv1_client);
Doesn't this work on boost 1.41 ?
context(
boost::asio::io_service & ,
method m);
This constructor seems to be deprecated recent version.
There was a problem hiding this comment.
If there is a macro available to identify boost version, we could use that to pick different version.
| boost::asio::ssl::context ctx(boost::asio::ssl::context::tlsv12_client); | ||
|
|
||
| #if BOOST_VERSION >= 105400 | ||
| boost::asio::ssl::context ctx(executor_->io_service_, boost::asio::ssl::context::tlsv12_client); |
There was a problem hiding this comment.
I am still confused on why we need to pass the io_service here, in particular the one from the executor which is kind of unrelated to the connection itself.
As for the macro, I'd prefer to have it defined in the top section of the file. Something like
#if BOOST_VERSION >= 105400
#define TLS_CLIENT = boost::asio::ssl::context::tlsv12_client
#else
#define TLS_CLIENT = boost::asio::ssl::context::tlsv1_client
#endifThere was a problem hiding this comment.
Boost 1.41 has only one constructor for creating the context and this constructor requires io_service_
Current version of boost have rewritten the entire ssl code and don't require the io_service as a part of the constructor.
|
@jai1 Please use "Squash and merge" when merging a PR, unless there is specific need to keep multiple commits separated |
Motivation
TLS code in current master was incompatible with C++98 and boost 1.41
Modifications
Removed C++11 features
Used TLSv1.0 from boost 1.41
Result
the code can be compiled on an env with C++98 and boost1.41