I'm trying to establish a TLS connection through my proxy server using Boost.Asio (and Boost.Beast).
Setting up the tunnel using HTTP CONNECT works as expected. The code I use as a demo is:
net::io_context ioc{};
std::thread([&] {
ioc.run();
}).detach();
ssl::context ssl_context_{ssl::context::tls};
ssl_context_.set_default_verify_paths();
ssl_context_.add_verify_path("/opt/misc/certificates");
auto websocket_secure_ = std::make_shared<websocket::stream<ssl::stream<tcp::socket>>>(ioc, ssl_context_);
tcp::resolver resolver_{ioc};
auto const resolve_results = resolver_.resolve("www-my.proxy.int", "8080");
net::connect(websocket_secure_->next_layer().next_layer(), resolve_results.begin(), resolve_results.end());
const std::string HOST_TO_CONNECT_TO = "my.host.com:443";
http::request<http::string_body> request_connect{http::verb::connect, HOST_TO_CONNECT_TO, 11};
request_connect.insert(http::field::proxy_authorization, "Basic dXNlcm5hbWU6cGFzc3dvcmQ=");
request_connect.insert(http::field::host, HOST_TO_CONNECT_TO);
boost::beast::http::write(websocket_secure_->next_layer().next_layer(), request_connect);
As expected, Wireshark shows a HTTP CONNECT followed by a 200 response.
However, attempting to do the SSL handshake afterwards results in a thrown error: "handshake: wrong version number".
try {
websocket_secure_->next_layer().handshake(ssl::stream_base::client);
} catch (boost::system::system_error& error) {
std::cout << error.what();
throw error;
}
Wireshark shows a Client Hello, followed by a Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done. The trace looks fine to me and doesn't differ from a request of my browser to that same website.
The SSL handshake works just fine if I don't have to tunnel the requests through my proxy.
Why am i getting the thrown error inside my application? Thanks in advance for any help!
For anyone having similar problems:
Vinnie Falco posted a working response on Github (thanks again!):