@@ -282,6 +282,10 @@ namespace web { namespace http
282282 boost::asio::deadline_timer m_timeout_timer;
283283 std::shared_ptr<linux_connection> m_connection;
284284
285+ #if defined(__APPLE__) || defined(ANDROID)
286+ bool m_openssl_failed;
287+ #endif
288+
285289 virtual ~linux_client_request_context ();
286290
287291 void handle_timeout_timer (const boost::system::error_code& ec)
@@ -449,9 +453,6 @@ namespace web { namespace http
449453
450454 private:
451455 tcp::resolver m_resolver;
452- #if defined(__APPLE__) || defined(ANDROID)
453- bool m_openssl_failed;
454- #endif
455456
456457 static bool _check_streambuf (std::shared_ptr<linux_client_request_context> ctx, concurrency::streams::streambuf<uint8_t > rdbuf, const utility::char_t * msg)
457458 {
@@ -482,9 +483,9 @@ namespace web { namespace http
482483 if (client_config ().validate_certificates ())
483484 {
484485 ctx->m_ssl_stream ->set_verify_mode (boost::asio::ssl::context::verify_peer);
485- ctx->m_ssl_stream ->set_verify_callback (boost::bind (&linux_client::handle_cert_verification, shared_from_this (), _1, _2));
486+ ctx->m_ssl_stream ->set_verify_callback (boost::bind (&linux_client::handle_cert_verification, shared_from_this (), _1, _2, ctx ));
486487#if defined(__APPLE__) || defined(ANDROID)
487- m_openssl_failed = false ;
488+ ctx-> m_openssl_failed = false ;
488489#endif
489490 }
490491 else
@@ -544,8 +545,11 @@ namespace web { namespace http
544545 }
545546 }
546547
547- bool handle_cert_verification (bool preverified, boost::asio::ssl::verify_context &ctx )
548+ bool handle_cert_verification (bool preverified, boost::asio::ssl::verify_context &verifyCtx, std::shared_ptr<linux_client_request_context> requestCtx )
548549 {
550+ // Unreferenced parameter on some platforms.
551+ requestCtx;
552+
549553 // OpenSSL calls the verification callback once per certificate in the chain,
550554 // starting with the root CA certificate. The 'leaf', non-Certificate Authority (CA)
551555 // certificate, i.e. actual server certificate is at the '0' position in the
@@ -555,15 +559,15 @@ namespace web { namespace http
555559#if defined(__APPLE__) || defined(ANDROID)
556560 if (!preverified)
557561 {
558- m_openssl_failed = true ;
562+ requestCtx-> m_openssl_failed = true ;
559563 }
560- if (m_openssl_failed)
564+ if (requestCtx-> m_openssl_failed )
561565 {
562566 // On OS X, iOS, and Android, OpenSSL doesn't have access to where the OS
563567 // stores keychains. If OpenSSL fails we will doing verification at the
564568 // end using the whole certificate chain so wait until the 'leaf' cert.
565569 // For now return true so OpenSSL continues down the certificate chain.
566- X509_STORE_CTX *storeContext = ctx .native_handle ();
570+ X509_STORE_CTX *storeContext = verifyCtx .native_handle ();
567571 int currentDepth = X509_STORE_CTX_get_error_depth (storeContext);
568572 if (currentDepth != 0 )
569573 {
@@ -607,7 +611,7 @@ namespace web { namespace http
607611#endif
608612
609613 boost::asio::ssl::rfc2818_verification rfc2818 (m_uri.host ());
610- return rfc2818 (preverified, ctx );
614+ return rfc2818 (preverified, verifyCtx );
611615 }
612616
613617 void handle_handshake (const boost::system::error_code& ec, std::shared_ptr<linux_client_request_context> ctx)
@@ -1170,6 +1174,9 @@ namespace web { namespace http
11701174 , m_timedout(false )
11711175 , m_timeout_timer(crossplat::threadpool::shared_instance().service())
11721176 , m_connection(std::move(connection))
1177+ #if defined(__APPLE__) || defined(ANDROID)
1178+ , m_openssl_failed(false )
1179+ #endif
11731180 {}
11741181
11751182 std::shared_ptr<request_context> linux_client_request_context::create_request_context (
0 commit comments