77// (See accompanying file LICENSE_1_0.txt or copy at
88// http://www.boost.org/LICENSE_1_0.txt)
99
10- #include < boost/network/protocol/http/client/connection/ssl_delegate.hpp>
1110#include < boost/asio/ssl.hpp>
1211#include < boost/bind.hpp>
12+ #include < boost/network/protocol/http/client/connection/ssl_delegate.hpp>
1313
1414boost::network::http::impl::ssl_delegate::ssl_delegate (
1515 asio::io_service &service,bool always_verify_peer,
1616 optional<std::string> certificate_filename,
17- optional<std::string> verify_path,
18- optional<std::string> certificate_file,
19- optional<std::string> private_key_file,
20- optional<std::string> ciphers,
17+ optional<std::string> verify_path, optional<std::string> certificate_file,
18+ optional<std::string> private_key_file, optional<std::string> ciphers,
2119long ssl_options)
2220 : service_(service),
2321 certificate_filename_(std::move(certificate_filename)),
@@ -29,15 +27,19 @@ boost::network::http::impl::ssl_delegate::ssl_delegate(
2927 always_verify_peer_(always_verify_peer) {}
3028
3129void boost::network::http::impl::ssl_delegate::connect (
32- asio::ip::tcp::endpoint &endpoint, std::string host, boost::uint16_t source_port,
30+ asio::ip::tcp::endpoint &endpoint, std::string host,
31+ boost::uint16_t source_port,
3332 function<void (system::error_codeconst &)> handler) {
3433 context_.reset (
35- new asio::ssl::context (service_, asio::ssl::context::sslv23_client));
34+ new asio::ssl::context (asio::ssl::context::method ::sslv23_client));
3635if (ciphers_) {
3736::SSL_CTX_set_cipher_list (context_->native_handle (), ciphers_->c_str());
3837 }
3938if (ssl_options_ !=0 ) {
4039 context_->set_options (ssl_options_);
40+ }else {
41+ // By default, disable v3 support.
42+ context_->set_options (asio::ssl::context::no_sslv3);
4143 }
4244if (certificate_filename_ || verify_path_) {
4345 context_->set_verify_mode (asio::ssl::context::verify_peer);
@@ -50,8 +52,9 @@ void boost::network::http::impl::ssl_delegate::connect(
5052// use openssl default verify paths. uses openssl environment variables
5153// SSL_CERT_DIR, SSL_CERT_FILE
5254 context_->set_default_verify_paths ();
53- else
55+ else {
5456 context_->set_verify_mode (asio::ssl::context::verify_none);
57+ }
5558 }
5659if (certificate_file_)
5760 context_->use_certificate_file (*certificate_file_,
@@ -60,9 +63,10 @@ void boost::network::http::impl::ssl_delegate::connect(
6063 context_->use_private_key_file (*private_key_file_,
6164 boost::asio::ssl::context::pem);
6265
63- tcp_socket_.reset (new asio::ip::tcp::socket (service_,asio::ip::tcp::endpoint (asio::ip::tcp::v4 (), source_port)));
64- socket_.reset (
65- new asio::ssl::stream<asio::ip::tcp::socket&>(*(tcp_socket_.
get ()), *context_));
66+ tcp_socket_.reset (new asio::ip::tcp::socket (
67+ service_,asio::ip::tcp::endpoint (asio::ip::tcp::v4 (), source_port)));
68+ socket_.
reset (
new asio::ssl::stream<asio::ip::tcp::socket &>(
69+ *(tcp_socket_.get ()), *context_));
6670
6771if (always_verify_peer_)
6872 socket_->set_verify_callback (boost::asio::ssl::rfc2818_verification (host));
@@ -109,5 +113,4 @@ void boost::network::http::impl::ssl_delegate::disconnect() {
109113
110114boost::network::http::impl::ssl_delegate::~ssl_delegate () {}
111115
112- #endif/* BOOST_NETWORK_PROTOCOL_HTTP_CLIENT_CONNECTION_SSL_DELEGATE_IPP_20110819 \
113- */
116+ #endif// BOOST_NETWORK_PROTOCOL_HTTP_CLIENT_CONNECTION_SSL_DELEGATE_IPP_20110819