Tuesday, September 26, 2006

SSL password callbacks

On the weekend I made some changes to asio to support password callbacks for SSL. There is a new function on the asio::ssl::context class called set_password_callback(), which takes a function object with the following signature:
std::string password_callback(
std::size_t max_length,
ssl::context::password_purpose purpose);
The callback must return the password as a string. The max_length argument indicates the maximum allowable length of the password, and if the returned string is longer it will be truncated. The context::password_purpose type is an enum with values for_reading and for_writing. In most cases you won't need to use the max_length or purpose arguments, and if you use boost::bind() to create the function object you can just leave them off. For example, the SSL server sample included with asio now has the following:
context_.set_password_callback(
boost::bind(&server::get_password, this));

...

std::string get_password() const
{
return "test";
}
The final thing to note is that the password callback needs to be set before calling any ssl::context functions that load keys, such as use_private_key_file().

1 comment:

Anonymous said...

Chris,

Can you get us an example code to do two-way Handshaking in ssl. The example code in boost.org has only server authentication. How to do both server and client authentication.

Thanks and Regards,
Brown