use fallback for older versions of boost for TLS 1.2 support

eidheim · Mar 24, 2017 · cfab084 · cfab084
1 parent 6192c13
commit cfab084
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 3 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -11,10 +11,15 @@ set(BOOST_COMPONENTS system thread filesystem date_time)
 if("${CMAKE_CXX_COMPILER_ID}" STREQUAL "GNU")
     if (CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9)
         set(BOOST_COMPONENTS ${BOOST_COMPONENTS} regex)
-        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -DUSE_BOOST_REGEX")
+        message("legacy GCC detected: boost regex")
+        add_definitions(-DUSE_BOOST_REGEX)
     endif()
 endif()
 find_package(Boost 1.53.0 COMPONENTS ${BOOST_COMPONENTS} REQUIRED)
+if(Boost_MINOR_VERSION LESS 58)
+    message("legacy boost detected: using TLS 1.2 workaround")
+    add_definitions(-DBOOST_TLS12_FALLBACK)
+endif()
 include_directories(SYSTEM ${Boost_INCLUDE_DIR})
 
 if(APPLE)

diff --git a/client_https.hpp b/client_https.hpp
@@ -13,7 +13,13 @@ namespace SimpleWeb {
         Client(const std::string& server_port_path, bool verify_certificate=true, 
                 const std::string& cert_file=std::string(), const std::string& private_key_file=std::string(), 
                 const std::string& verify_file=std::string()) : 
-                ClientBase<HTTPS>::ClientBase(server_port_path, 443), context(boost::asio::ssl::context::tlsv12) {
+#ifdef BOOST_TLS12_FALLBACK
+            ClientBase<HTTPS>::ClientBase(server_port_path, 443), context(boost::asio::ssl::context::sslv23) {
+            long disallow_ssl_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1; 
+            context.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | disallow_ssl_flags);
+#else
+            ClientBase<HTTPS>::ClientBase(server_port_path, 443), context(boost::asio::ssl::context::tlsv12) {
+#endif
             if(cert_file.size()>0 && private_key_file.size()>0) {
                 context.use_certificate_chain_file(cert_file);
                 context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);

diff --git a/server_https.hpp b/server_https.hpp
@@ -25,7 +25,13 @@ namespace SimpleWeb {
         }
 
         Server(const std::string& cert_file, const std::string& private_key_file, const std::string& verify_file=std::string()):
-                ServerBase<HTTPS>::ServerBase(443), context(boost::asio::ssl::context::tlsv12) {
+#ifdef BOOST_TLS12_FALLBACK
+            ServerBase<HTTPS>::ServerBase(443), context(boost::asio::ssl::context::sslv23) {
+            long disallow_ssl_flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
+            context.set_options(boost::asio::ssl::context::default_workarounds | boost::asio::ssl::context::no_sslv2 | disallow_ssl_flags);
+#else
+            ServerBase<HTTPS>::ServerBase(443), context(boost::asio::ssl::context::tlsv12) {
+#endif
             context.use_certificate_chain_file(cert_file);
             context.use_private_key_file(private_key_file, boost::asio::ssl::context::pem);