18

According to the Specification in POCO assistant:

Initialize the NetSSL library, as well as the underlying OpenSSL libraries, by calling Poco::Crypto::OpenSSLInitializer::initialize(). Should be called before using any class from the NetSSL library. The NetSSL will be initialized automatically, through Poco::Crypto::OpenSSLInitializer instances or similar mechanisms when creating Context or SSLManager instances. However, it is recommended to call initializeSSL() in any case at application startup.

When I want to use HTTPSClientSession,do I have to construct an Application object first? How can I use it in Client? Any guy can tell me ?Thank you very much!

Guillaume Pascal
  • 845
  • 1
  • 9
  • 19
mac.ma
  • 703
  • 2
  • 8
  • 22

2 Answers2

16

Let's take Net/samples/httpget as an example, let's copy httpget/ as a new httpsget directory:

  1. open Makefile, add "PocoNetSSL" to target_libs
  2. replace 'HTTPClientSession' with 'HTTPSClientSession'
  3. you need to create Poco::Net::Context for SSL use
  4. replace 'HTTPClientSession session(uri.getHost(), uri.getPort());' with following two lines:
const Context::Ptr context = new Context(Context::CLIENT_USE, "", "", "", Context::VERIFY_NONE, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
HTTPSClientSession session(uri.getHost(), uri.getPort(), context);

Summary:

  1. add PocoNetSSL as a lib_depends
  2. use Poco::Net::Context with HTTPSClientSession
clsung
  • 1,672
  • 19
  • 21
  • 3
    Context::VERIFY_NONE, "Client: If not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked, but the result of the check will be ignored." Doesn't this basically defeat the point of certificates? – proteneer Jan 26 '14 at 02:47
  • 3
    Good point by proteneer. Changing to verificationMode = Context::VERIFY_STRICT and loadDefaultCAs = true seems like a more sane default. – thomasa88 Dec 21 '14 at 10:35
  • 1
    Anything other than `VERIFY_NONE` seems indeed safer than `VERIFY_NONE`, but some hosts _have_ no valid certificate... :-( – Christian Severin Oct 23 '15 at 11:31
7

No, you do not need the Application object. Here's a fully functional example:

$ httpsget https://httpbin.org/user-agent
{
  "user-agent": "Poco HTTPSClientSession"
}

Code:

#include "Poco/StreamCopier.h"
#include "Poco/URI.h"
#include "Poco/Exception.h"
#include "Poco/SharedPtr.h"
#include "Poco/Net/SSLManager.h"
#include "Poco/Net/KeyConsoleHandler.h"
#include "Poco/Net/ConsoleCertificateHandler.h"
#include "Poco/Net/HTTPSClientSession.h"
#include "Poco/Net/HTTPRequest.h"
#include "Poco/Net/HTTPResponse.h"
#include <memory>
#include <iostream>

using namespace Poco;
using namespace Poco::Net;

class SSLInitializer {
public:
    SSLInitializer() { Poco::Net::initializeSSL(); }

    ~SSLInitializer() { Poco::Net::uninitializeSSL(); }
};

int main(int argc, char** argv)
{
    SSLInitializer sslInitializer;

    SharedPtr<InvalidCertificateHandler> ptrCert = new ConsoleCertificateHandler(false);
    Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "", "", "rootcert.pem", Context::VERIFY_STRICT, 9, false, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
    SSLManager::instance().initializeClient(0, ptrCert, ptrContext);

    try
    {
        if (argc > 1)
        {
            URI uri(argv[1]);
            HTTPSClientSession s(uri.getHost(), uri.getPort());
            HTTPRequest request(HTTPRequest::HTTP_GET, uri.getPath());
            request.set("user-agent", "Poco HTTPSClientSession");
            s.sendRequest(request);
            HTTPResponse response;
            std::istream& rs = s.receiveResponse(response);
            StreamCopier::copyStream(rs, std::cout);
        }
    }
    catch (Exception& ex)
    {
        std::cout << ex.displayText() << std::endl;
        return 1;
    }

    return 0;
}
Alex
  • 5,159
  • 4
  • 25
  • 33
  • I notice you aren't passing the context to the session, is that intentional? – Jonny Paton Jun 29 '17 at 09:21
  • Yes, the default context provided to initializeClient() will be used: https://github.com/pocoproject/poco/blob/poco-1.7.8/NetSSL_OpenSSL/src/HTTPSClientSession.cpp#L63 – Alex Jul 02 '17 at 21:29