HTTPS client with cpp-netlib - sslv3 alert handshake failure

Question

I am trying to set up a simple HTTPS client in C++ to test some features against the Reqres API.

I am using cpp-netlib as the main C++ network library. Based on the examples provided in the documentation, I wrote some code to perform some GET queries:

#ifndef BOOST_NETWORK_ENABLE_HTTPS
#    define BOOST_NETWORK_ENABLE_HTTPS
#endif // !BOOST_NETWORK_ENABLE_HTTPS

#include <boost/network/protocol/http/client.hpp>
#include <iostream>

using namespace boost::network::http;

int main() {
    client::options options;
    options.follow_redirects(true)
        .cache_resolved(true)
        .timeout(10);
    client client_(options);

    client::request request_("https://reqres.in/api/users");
    client::response response_ = client_.get(request_);
    std::cout << body(response_) << std::endl;
    return 0;
}

When, I run the code, I get this exception:

libc++abi.dylib: terminating with uncaught exception of type boost::exception_detail::clone_impl<boost::system::system_error>: sslv3 alert handshake failure

I think the problem is related to the OpenSSL configuration. I have tried to generate a certificate to use in the handshake by generating the CSR and KEY:

openssl req -new -newkey rsa:4096 -nodes -keyout mohabouje.key -out mohabouje.csr

and then the PEM:

openssl x509 -req -sha256 -days 365 -in mohabouje.csr -signkey mohabouje.key -out mohabouje.pem

I have modified the code, to use those files in the client options:

client::options options;
options.follow_redirects(true)
    .cache_resolved(true)
    .openssl_certificate_file("/opt/ssl/mohabouje.csr")
    .openssl_private_key_file("/opt/ssl/mohabouje.key")
    .timeout(10);

But now, I am getting this exception:

libc++abi.dylib: terminating with uncaught exception of type boost::wrapexcept<boost::system::system_error>: use_certificate_file: no start line

Alternative, I have tried this:

client::options options;
options.follow_redirects(true)
   .cache_resolved(true)
   .openssl_certificate_file("/opt/ssl/mohabouje.pem")
   .openssl_private_key_file("/opt/ssl/mohabouje.key")
   .timeout(10);

But, I get the same exception:

libc++abi.dylib: terminating with uncaught exception of type boost::exception_detail::clone_impl<boost::system::system_error>: sslv3 alert handshake failure

What am I doing wrong? Could anyone provide a working example of a simple query against this public API?

Clients of reqres do not need client certificates (and definitely not self-signed ones). Seems like your problem here is TLS is not enabled... See for example https://stackoverflow.com/questions/42984534/https-client-get-with-cpp-netlib-using-a-client-certificate-and-password — rAndom69, May 13 '19 at 16:09
Looks very much like a Server Name Indication (SNI) problem. I don't know anything about cpp-netlib, but usually you would need to provide the hostname at the handshake, s.t. the server knows which certificate it should go with. — ezegoing, May 14 '19 at 12:43

HTTPS client with cpp-netlib - sslv3 alert handshake failure

0 Answers0