Exception running boost asio ssl example

c++ linux boost ssl boost-asio

16,401

Solution 1

OK, for anyone finding this in the future, you need to create your certificates and sign them appropriately. Here are the commands for linux:

//Generate a private key

openssl genrsa -des3 -out server.key 1024

//Generate Certificate signing request

openssl req -new -key server.key -out server.csr

//Sign certificate with private key

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

//Remove password requirement (needed for example)

cp server.key server.key.secure
openssl rsa -in server.key.secure -out server.key

//Generate dhparam file

openssl dhparam -out dh512.pem 512

Once you've done that, you need to change the filenames in server.cpp and client.cpp.

server.cpp

context_.use_certificate_chain_file("server.crt"); 
context_.use_private_key_file("server.key", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");

client.cpp

ctx.load_verify_file("server.crt");

Then it should all work!

Solution 2

Execute the tests again with strace to see which syscall gets the EINVAL, as a bonus you'll get to see the args for the failing call. It's likely part of the security context setup that's failing, unless you have the right files and data from the example:

context_.use_certificate_chain_file("server.pem");
context_.use_private_key_file("server.pem", boost::asio::ssl::context::pem);
context_.use_tmp_dh_file("dh512.pem");

You were getting EPERM because you were trying to bind to a privileged TCP port (one whose value is less than 1024). That's why ./server 10000 does not get EPERM.

16,401

Author by

Shootfast

Updated on June 26, 2022

Comments

Shootfast almost 2 years
I'm trying to run the SSL examples from boost::asio and I'm getting an "Invalid argument" exception when I run them. I'm on Linux x86_64.

http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/client.cpp

http://www.boost.org/doc/libs/1_46_1/doc/html/boost_asio/example/ssl/server.cpp

Compiled with:
```
g++ server.cpp -o server -lboost_system -lssl
g++ client.cpp -o client -lboost_system -lssl
```
Run like:
```
$ ./server 
Usage: server <port>
$ ./server 10000
Exception: Invalid argument
$ ./server 1000
Exception: Permission denied
$ sudo ./server 1000
Exception: Invalid argument
```
Not sure what the problem is :( Any help would be greatly appreciated.

Thanks!
Shootfast over 12 years

Thanks for the reply, There are no EPERM errors in the strace output, however there is: open("server.pem", O_RDONLY) = -1 ENOENT (No such file or directory) right before the exception printing. Googling further I think I may have to create some SSL certificates. Which makes sense :P Thanks for the strace tip, I always forget about it!
Fantastory over 11 years

Works perfeclty, -des3 option can be ommited, so we do noet need removing password. All files are in pem format so we can create single server.pem file by combining server.crt server.key and dh512.pem.
Tarc about 10 years

By the way, in the step "Generate Certificate signing request" some questions are asked. From panoptic.com/wiki/aolserver/… I was able to know that the only required information is "Common Name" which must match the hostname.
JungJik Lee almost 9 years

I leave this comment, because someone will face an error message like me. ( Handshake failed: asio.ssl:336077172 ). this means ( Handshake failed: dh key too small ). you can check this message in error.message(); and it's because of dh512.pem. 512 bit is too small. recently the limitation is changed, we should use over 512 bit. > openssl dhparam -out dh1024.pem 1024