Exception running boost asio ssl example
Solution 1
OK, for anyone finding this in the future, you need to create your certificates and sign them appropriately. Here are the commands for linux:
//Generate a private key
openssl genrsa -des3 -out server.key 1024
//Generate Certificate signing request
openssl req -new -key server.key -out server.csr
//Sign certificate with private key
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
//Remove password requirement (needed for example)
cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key
//Generate dhparam file
openssl dhparam -out dh512.pem 512
Once you've done that, you need to change the filenames in server.cpp and client.cpp.
server.cpp
context_.use_certificate_chain_file("server.crt");
context_.use_private_key_file("server.key", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
client.cpp
ctx.load_verify_file("server.crt");
Then it should all work!
Solution 2
Execute the tests again with strace to see which syscall gets the EINVAL
, as a bonus you'll get to see the args for the failing call. It's likely part of the security context setup that's failing, unless you have the right files and data from the example:
context_.use_certificate_chain_file("server.pem");
context_.use_private_key_file("server.pem", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");
You were getting EPERM
because you were trying to bind to a privileged TCP port (one whose value is less than 1024). That's why ./server 10000
does not get EPERM
.
Shootfast
Updated on June 26, 2022Comments
-
Shootfast almost 2 years
I'm trying to run the SSL examples from boost::asio and I'm getting an "Invalid argument" exception when I run them. I'm on Linux x86_64.
http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/client.cpp
http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/server.cpp
Compiled with:
g++ server.cpp -o server -lboost_system -lssl g++ client.cpp -o client -lboost_system -lssl
Run like:
$ ./server Usage: server <port> $ ./server 10000 Exception: Invalid argument $ ./server 1000 Exception: Permission denied $ sudo ./server 1000 Exception: Invalid argument
Not sure what the problem is :( Any help would be greatly appreciated.
Thanks!
-
Shootfast over 12 yearsThanks for the reply, There are no EPERM errors in the strace output, however there is:
open("server.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
right before the exception printing. Googling further I think I may have to create some SSL certificates. Which makes sense :P Thanks for the strace tip, I always forget about it! -
Fantastory over 11 yearsWorks perfeclty, -des3 option can be ommited, so we do noet need removing password. All files are in pem format so we can create single server.pem file by combining server.crt server.key and dh512.pem.
-
Tarc about 10 yearsBy the way, in the step "Generate Certificate signing request" some questions are asked. From panoptic.com/wiki/aolserver/… I was able to know that the only required information is "Common Name" which must match the hostname.
-
JungJik Lee almost 9 yearsI leave this comment, because someone will face an error message like me. ( Handshake failed: asio.ssl:336077172 ). this means ( Handshake failed: dh key too small ). you can check this message in error.message(); and it's because of dh512.pem. 512 bit is too small. recently the limitation is changed, we should use over 512 bit. > openssl dhparam -out dh1024.pem 1024