- You should be able to use either a relative or absolute path.
- Your use of
set_verify_mode()
andload_verify_file()
looks fine. I have done exactly this in my own code. A default verify callback is used if you do not specify one. - You don't need to "install" the certificate.
- I don't know of easy ways to debug
boost::asio
SSL connections, but you can use OpenSSL command line tools, such ass_client
, to test connections.boost::asio
uses OpenSSL under the hood.
I suspect that you don't have the entire certificate chain of certificates in your file. You can extract them from your server with (replace www.google.com:443
with your server and port):
openssl s_client -connect www.google.com:443 -showcerts
If you only wish to check some of the certificates, e.g. only the leaf certificate, you can use your own verify callback. An example of a custom callback, as well as a description of the verification modes and options are on this page.