1

I was trying to make my own simple HTTP client but ran into an error while implementing the support for HTTPS requests. The following is the code for the ssl part of the client.

void HttpClient::ssl_setup() {
  SSL_library_init();
  if ((_ctx = SSL_CTX_new(SSLv23_client_method())) == NULL) {
    throw std::runtime_error("Failed to create SSL context");
  }
  SSL_CTX_set_options(_ctx, SSL_OP_NO_SSLv2);
  _bio = BIO_new_ssl_connect(_ctx);
  std::string tmp =
      fmt::format("{}:{}", _url.domain(), std::to_string(_url.port()));
  BIO_set_conn_hostname(_bio, tmp.c_str());
  if (BIO_do_connect(_bio) != 1) {
    std::cout << ERR_error_string(ERR_get_error(), NULL) << '\n';
    throw std::runtime_error("Failed to do ssl connect");
  }
}

HTTPS requests work for websites such as google and httpbin but for websites such as jsonplaceholder, I get the following error:

error:0A000410:SSL routines::sslv3 alert handshake failure
libc++abi: terminating with uncaught exception of type std::runtime_error: Failed to do ssl connect

So it seems like the program failed at BIO_do_connect.

Can anyone please tell me what is wrong with my ssl setup and point me to any resources for addressing this issue?

Thanks!

donut321
  • 23
  • 3
  • 1
    Maybe that site is rejecting SSLv3 because it's old and outdated? – Shawn Jun 16 '22 at 10:07
  • The used sample code seems to be a bit outdated as it tries to establish an SSLv2/3 connection which modern server no longer support. Instead of `SSLv23_client_method` you should better use `TLSv1_2_method` when creating the context and also set the options appropriately. – Robert Jun 16 '22 at 11:01
  • In short: server requires SNI and your code does not provide it – Steffen Ullrich Jun 16 '22 at 11:15

0 Answers0