github-starred/ultimatepp
2
0
Fork 0
mirror of https://github.com/ultimatepp/ultimatepp.git synced 2026-05-15 06:05:58 -06:00
Code Issues 33 Projects Packages Wiki Activity Actions

[PR #197] [MERGED] Add CA certificate authentication to TcpSocket and SSL class #223

New issue
Closed
opened 2026-05-05 03:43:18 -06:00 by gitea-mirror · 0 comments
gitea-mirror commented 2026-05-05 03:43:18 -06:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/ultimatepp/ultimatepp/pull/197
Author: @zouqinglei
Created: 4/17/2024
Status: Merged
Merged: 4/21/2024
Merged by: @mirek-fidler

Base: masterHead: master

📝 Commits (3)

  • c75c7df Add CA certificate authentication to TcpSocket Class
  • b8db73b Add CA certificate authentication to TcpSocket Class
  • 9d61ebd update code review of Add CA certificate authentication

📊 Changes

5 files changed (+44 additions, -0 deletions)

View changed files

📝 uppsrc/Core/Inet.h (+4 -0)
📝 uppsrc/Core/SSL/SSL.h (+2 -0)
📝 uppsrc/Core/SSL/Socket.cpp (+16 -0)
📝 uppsrc/Core/SSL/Util.cpp (+16 -0)
📝 uppsrc/Core/Socket.cpp (+6 -0)

📄 Description

I found the HttpRequest and TcpSocket can not support CA certificate function, this may be have the mitm issue. So I add some code to TcpSocket and SSL class for slove this problem.

After the change, we can use the HttpRequest like this:

HttpRequest http;
http.Host(m_ip).Port(m_port).Post(strRequest);
http.SSL(true);
	
String cacrt = "xxxx"; //a string of PEM CA myca.crt
http.SSLCAcert(cacrt);
String strContent =  http.Execute();

if the CA cert is not the server.cert's CA ,then report an error "SSL CA invalid".

The CA and Server cert gen steps:

//1. Gen CA file. myca.key, myca.crt
openssl genrsa -aes256 -out myca.key 2048
openssl rsa -in myca.key -out myca.key
openssl req -new -x509 -days 3650 -key myca.key -out myca.crt -subj "/C=CN/ST=SD/L=YT/O=xx/OU=CA/CN=MYCA/emailAddress=youremail@xxx.com"

//2.	gen server.key and server.crt
openssl genrsa -aes256 -out server.key 2048
openssl rsa in server.key -out server.key

openssl req -new -key server.key -out server.csr -subj 
"/C=CN/ST=SD/L=YT/O=xxx/OU=RD/CN=xxx/emailAddress=youremail@xxx.com"

openssl x509 -req -days 3650 -in server.csr -CA myca.crt -CAkey myca.key -CAcreateserial -out server.crt

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/ultimatepp/ultimatepp/pull/197 **Author:** [@zouqinglei](https://github.com/zouqinglei) **Created:** 4/17/2024 **Status:** ✅ Merged **Merged:** 4/21/2024 **Merged by:** [@mirek-fidler](https://github.com/mirek-fidler) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (3) - [`c75c7df`](https://github.com/ultimatepp/ultimatepp/commit/c75c7dfcedad423f0c7a1e9b3ca7f5d493e79ad3) Add CA certificate authentication to TcpSocket Class - [`b8db73b`](https://github.com/ultimatepp/ultimatepp/commit/b8db73b735f823bf1cfb767c8cf86f1af2090ef0) Add CA certificate authentication to TcpSocket Class - [`9d61ebd`](https://github.com/ultimatepp/ultimatepp/commit/9d61ebd719f105716f9d4390b0ab032f0aa30fc8) update code review of Add CA certificate authentication ### 📊 Changes **5 files changed** (+44 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `uppsrc/Core/Inet.h` (+4 -0) 📝 `uppsrc/Core/SSL/SSL.h` (+2 -0) 📝 `uppsrc/Core/SSL/Socket.cpp` (+16 -0) 📝 `uppsrc/Core/SSL/Util.cpp` (+16 -0) 📝 `uppsrc/Core/Socket.cpp` (+6 -0) </details> ### 📄 Description I found the HttpRequest and TcpSocket can not support CA certificate function, this may be have the mitm issue. So I add some code to TcpSocket and SSL class for slove this problem. After the change, we can use the HttpRequest like this: ``` HttpRequest http; http.Host(m_ip).Port(m_port).Post(strRequest); http.SSL(true); String cacrt = "xxxx"; //a string of PEM CA myca.crt http.SSLCAcert(cacrt); String strContent = http.Execute(); ``` if the CA cert is not the server.cert's CA ,then report an error "SSL CA invalid". The CA and Server cert gen steps: ``` //1. Gen CA file. myca.key, myca.crt openssl genrsa -aes256 -out myca.key 2048 openssl rsa -in myca.key -out myca.key openssl req -new -x509 -days 3650 -key myca.key -out myca.crt -subj "/C=CN/ST=SD/L=YT/O=xx/OU=CA/CN=MYCA/emailAddress=youremail@xxx.com" //2. gen server.key and server.crt openssl genrsa -aes256 -out server.key 2048 openssl rsa in server.key -out server.key openssl req -new -key server.key -out server.csr -subj "/C=CN/ST=SD/L=YT/O=xxx/OU=RD/CN=xxx/emailAddress=youremail@xxx.com" openssl x509 -req -days 3650 -in server.csr -CA myca.crt -CAkey myca.key -CAcreateserial -out server.crt ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
gitea-mirror 2026-05-05 03:43:18 -06:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
virtual_popups
QHD
klugier/view-draw-grid-ctrl-removal
custome_titlebar_refactor
klugier/help-icon-after-line-display
X11S
klugier/umk-check-git-command-statuses
diagram_dev
stable
klugier/lambda-captuer-warnings-gui-01
custom_titlebar
next2025_1
DarkModeContent
release_2024_1
pixelmode
blocksel
skin
bad_alloc
logs
TopSetRect
klugier/gdk-get-workarea-fixed-wayland
doc2024
Core2024
upp_14
animations
_t
layzoom
v2026.1
v2021.1
v2022.1
v2022.2
v2022.3
v2023.1
v2023.2
v2024.1
v2024.1.1
v2025.1
v2025.1.1
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/ultimatepp#223
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?