I wanted to switch over to cpprest for REST requirements, however, in my scenario, TLS client authentication needs to be supported.
I went through the capabilities of the library, but I am not sure whether there is built in support for client authentication.
There are some hacks for trying to get this capability, but it seems only on Windows for the moment, which won't work for me, since my server is on Linux.
This page here, https://github.com/Microsoft/cpprestsdk/issues/810, describes one such get-around for Windows, and a hint of how it can work in Linux builds, but I am not sure how to go about it, since I have little experience in the area.
Work around for TLS client authentication on Windows -
#include <Wincrypt.h>
std::vector<uint8_t> pkcs12_data; // "... your client certificate PKCS#12 with private key goes here ...";
utility::string_t password = "pkcs12_password";
web::http::client::http_client_config cfg;
cfg.set_nativehandle_options([=] (web::http::client::native_handle h) {
CRYPT_DATA_BLOB data;
data.cbData = pkcs12_data.size();
data.pbData = reinterpret_cast<BYTE *>(pkcs12_data.data());
HCERTSTORE hCertStore = PFXImportCertStore(&data, password.c_str(), 0);
PCCERT_CONTEXT hContext = CertFindCertificateInStore(
hCertStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_ANY,
NULL, NULL);
WinHttpSetOption(h, WINHTTP_OPTION_CLIENT_CERT_CONTEXT,
(LPVOID)hContext, sizeof(CERT_CONTEXT));
});
web::http::client::http_client http_client(PS("https://secure.com"), cfg);
