how to use SSL in C++ gSOAP generated classes

2019-03-27 16:07发布

问题:

i need to use gsoap library in C++ and i need to use https. documentation says how to work with HTTPS in C, but not in C++ (http://www.cs.fsu.edu/~engelen/soapdoc2.html#tth_sEc19.20). in particular, i have compulation error on soap_ssl_init(); function. i've looked /usr/lib/libgsoap* files and found ligsoapssl++.a file and linked against it. this error has gone, but i get error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed. that's mean i need to call soap_ssl_client_context func, but there isn't in C++ generated classes. What should i do?

UPD: i've solved this trouble by myself. but it's quirky, very quirky way. gSOAP generates C++ classes inherited from struct soap, it contains following attrs:

BIO *bio;
SSL *ssl;
SSL_CTX *ctx;
unsigned short ssl_flags;
const char *keyfile;
const char *password;
const char *dhfile;
const char *cafile;
const char *capath;
const char *crlfile;
const char *randfile;
SSL_SESSION *session;

so we can setup necessary attrs (flags, params) as in OpenSSL library by ourselves. In simple case it's enough to call soap_ssl_init() once and set ssl_flags = SOAP_SSL_NO_AUTHENTICATION. it works for me. if anyone knows better way i'll glad to see.

回答1:

This works for me:

soap_ssl_client_context(m_proxy.soap, SOAP_SSL_NO_AUTHENTICATION, NULL, NULL, NULL, NULL, NULL);

where m_proxy is an instance of the client proxy generated using gSOAP:

wsdl2h.exe -o MyWebservice.h ..\MyWebservice.wsdl
soapcpp2.exe -IC:\gsoap-2.8\gsoap\import -j MyWebservice.h -C -1 -SL


回答2:

i've solved this trouble by myself. but it's quirky, very quirky way. gSOAP generates C++ classes inherited from struct soap, it contains following attrs:

BIO *bio;
SSL *ssl;
SSL_CTX *ctx;
unsigned short ssl_flags;
const char *keyfile;
const char *password;
const char *dhfile;
const char *cafile;
const char *capath;
const char *crlfile;
const char *randfile;
SSL_SESSION *session;

so we can setup necessary attrs (flags, params) as in OpenSSL library by ourselves. In simple case it's enough to call soap_ssl_init() once and set ssl_flags = SOAP_SSL_NO_AUTHENTICATION. it works for me. if anyone knows better way i'll gla



回答3:

I have used SSL support on gsoap in my c++ program, and I have had no problems. I compiled the source file stdsoap2.cpp (which comes along with gsoap), with the -DWITH_OPENSSL directive (did you miss this?). I used the obj file, and linked my program with it.



回答4:

I have experienced the same problem today. I was using Ubuntu 14.04 on VirtualBox and Gsoap 2.8.21.

I generated C++ proxy classes with command:

soapcpp2 -1 -I/opt/libraries/gsoap/build/2.8.21/share/gsoap/import -C -j temporary.h 

At a first place, I used the aforementioned solution and set ssl_flags to SOAP_SSL_NO_AUTHENTICATION. Thanks to this error disappeared.

Moreover I observed that while changing flags to SOAP_TLSv1, it also makes the errors disappear. The flag that causes headaches was SOAP_SSL_REQUIRE_SERVER_AUTHENTICATION which is by default set inside SOAP_SSL_DEFAULT flag.

Everything seemed fine, until I recompiled gsoap from source with flag --enable-debug. Soon after I started to see something like:

SSL verify error or warning with certificate at depth 1: unable to get local issuer certificate

The best solution I found so far is to download the cacerts.pem file from gsoap site https://www.cs.fsu.edu/~engelen/cacerts.pem.zip and unzip them next to your executable.

And of course in your code you should have something similar to:

soap *soap = soap_new();
soap->ssl_flags = SOAP_SSL_DEFAULT;

soap_register_plugin(soap, soap_wsse);
soap->cafile = "cacerts.pem";

Then all the warning and error messages disappear.