]> git.proxmox.com Git - ceph.git/blob - ceph/src/boost/libs/beast/example/common/root_certificates.hpp
projects / ceph.git / blob
? search:


aa8422a098e2d645b7624a758136f77a54fc4b3f
[ceph.git] / ceph / src / boost / libs / beast / example / common / root_certificates.hpp
1 //
2 // Copyright (c) 2016-2019 Vinnie Falco (vinnie dot falco at gmail dot com)
3 //
4 // Distributed under the Boost Software License, Version 1.0. (See accompanying
5 // file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
6 //
7 // Official repository: https://github.com/boostorg/beast
8 //
9
10 #ifndef BOOST_BEAST_EXAMPLE_COMMON_ROOT_CERTIFICATES_HPP
11 #define BOOST_BEAST_EXAMPLE_COMMON_ROOT_CERTIFICATES_HPP
12
13 #include <boost/asio/ssl.hpp>
14 #include <string>
15
16 /*
17 PLEASE READ
18
19 These root certificates here are included just to make the
20 SSL client examples work. They are NOT intended to be
21 illustrative of best-practices for performing TLS certificate
22 verification.
23
24 A REAL program which needs to verify the authenticity of a
25 server IP address resolved from a given DNS name needs to
26 consult the operating system specific certificate store
27 to validate the chain of signatures, compare the domain name
28 properly against the domain name in the certificate, check
29 the certificate revocation list, and probably do some other
30 things.
31
32 ALL of these operations are entirely outside the scope of
33 both Boost.Beast and Boost.Asio.
34
35 See (work in progress):
36 https://github.com/djarek/certify
37
38 tl;dr: root_certificates.hpp should not be used in production code
39 */
40
41 namespace ssl = boost::asio::ssl; // from <boost/asio/ssl.hpp>
42
43 namespace detail {
44
45 inline
46 void
47 load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
48 {
49 std::string const cert =
50 /* This is the DigiCert root certificate.
51
52 CN = DigiCert High Assurance EV Root CA
53 OU = www.digicert.com
54 O = DigiCert Inc
55 C = US
56
57 Valid to: Sunday, ?November ?9, ?2031 5:00:00 PM
58
59 Thumbprint(sha1):
60 5f b7 ee 06 33 e2 59 db ad 0c 4c 9a e6 d3 8f 1a 61 c7 dc 25
61 */
62 "-----BEGIN CERTIFICATE-----\n"
63 "MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\n"
64 "MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n"
65 "d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\n"
66 "ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\n"
67 "MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\n"
68 "LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\n"
69 "RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n"
70 "+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\n"
71 "PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\n"
72 "xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\n"
73 "Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\n"
74 "hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\n"
75 "EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\n"
76 "MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\n"
77 "FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\n"
78 "nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\n"
79 "eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\n"
80 "hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\n"
81 "Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\n"
82 "vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n"
83 "+OkuE6N36B9K\n"
84 "-----END CERTIFICATE-----\n"
85
86 /* This is the GeoTrust root certificate.
87
88 CN = GeoTrust Global CA
89 O = GeoTrust Inc.
90 C = US
91 Valid to: Friday, ‎May ‎20, ‎2022 9:00:00 PM
92
93 Thumbprint(sha1):
94 ‎de 28 f4 a4 ff e5 b9 2f a3 c5 03 d1 a3 49 a7 f9 96 2a 82 12
95 */
96 "-----BEGIN CERTIFICATE-----\n"
97 "MIIDaDCCAlCgAwIBAgIJAO8vBu8i8exWMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV\n"
98 "BAYTAlVTMQswCQYDVQQIDAJDQTEtMCsGA1UEBwwkTG9zIEFuZ2VsZXNPPUJlYXN0\n"
99 "Q049d3d3LmV4YW1wbGUuY29tMB4XDTE3MDUwMzE4MzkxMloXDTQ0MDkxODE4Mzkx\n"
100 "MlowSTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMS0wKwYDVQQHDCRMb3MgQW5n\n"
101 "ZWxlc089QmVhc3RDTj13d3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n"
102 "A4IBDwAwggEKAoIBAQDJ7BRKFO8fqmsEXw8v9YOVXyrQVsVbjSSGEs4Vzs4cJgcF\n"
103 "xqGitbnLIrOgiJpRAPLy5MNcAXE1strVGfdEf7xMYSZ/4wOrxUyVw/Ltgsft8m7b\n"
104 "Fu8TsCzO6XrxpnVtWk506YZ7ToTa5UjHfBi2+pWTxbpN12UhiZNUcrRsqTFW+6fO\n"
105 "9d7xm5wlaZG8cMdg0cO1bhkz45JSl3wWKIES7t3EfKePZbNlQ5hPy7Pd5JTmdGBp\n"
106 "yY8anC8u4LPbmgW0/U31PH0rRVfGcBbZsAoQw5Tc5dnb6N2GEIbq3ehSfdDHGnrv\n"
107 "enu2tOK9Qx6GEzXh3sekZkxcgh+NlIxCNxu//Dk9AgMBAAGjUzBRMB0GA1UdDgQW\n"
108 "BBTZh0N9Ne1OD7GBGJYz4PNESHuXezAfBgNVHSMEGDAWgBTZh0N9Ne1OD7GBGJYz\n"
109 "4PNESHuXezAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmTJVT\n"
110 "LH5Cru1vXtzb3N9dyolcVH82xFVwPewArchgq+CEkajOU9bnzCqvhM4CryBb4cUs\n"
111 "gqXWp85hAh55uBOqXb2yyESEleMCJEiVTwm/m26FdONvEGptsiCmF5Gxi0YRtn8N\n"
112 "V+KhrQaAyLrLdPYI7TrwAOisq2I1cD0mt+xgwuv/654Rl3IhOMx+fKWKJ9qLAiaE\n"
113 "fQyshjlPP9mYVxWOxqctUdQ8UnsUKKGEUcVrA08i1OAnVKlPFjKBvk+r7jpsTPcr\n"
114 "9pWXTO9JrYMML7d+XRSZA1n3856OqZDX4403+9FnXCvfcLZLLKTBvwwFgEFGpzjK\n"
115 "UEVbkhd5qstF6qWK\n"
116 "-----END CERTIFICATE-----\n";
117 ;
118
119 ctx.add_certificate_authority(
120 boost::asio::buffer(cert.data(), cert.size()), ec);
121 if(ec)
122 return;
123 }
124
125 } // detail
126
127 // Load the root certificates into an ssl::context
128
129 inline
130 void
131 load_root_certificates(ssl::context& ctx, boost::system::error_code& ec)
132 {
133 detail::load_root_certificates(ctx, ec);
134 }
135
136 inline
137 void
138 load_root_certificates(ssl::context& ctx)
139 {
140 boost::system::error_code ec;
141 detail::load_root_certificates(ctx, ec);
142 if(ec)
143 throw boost::system::system_error{ec};
144 }
145
146 #endif
Ceph