SSL verification failure on redirect #2217
Description
Problem
When using the SSLClient class, I call set_ca_cert_store to configure a custom certificate store.
However, if a request is redirected to another domain, the library internally creates a new SSLClient instance, and the configured certificate store is not propagated to the new client.
This causes SSL verification issues after redirects.
The same issue can also be observed when using the Client class if the request is redirected multiple times (e.g., two or more redirects).
You can use this test for reproduce
TEST(SSLClientRedirectTest, CertFile) {
SSLServer ssl_svr1(SERVER_CERT2_FILE, SERVER_PRIVATE_KEY_FILE);
ASSERT_TRUE(ssl_svr1.is_valid());
ssl_svr1.Get("/index", [&](const Request &, Response &res) {
res.set_redirect("https://127.0.0.1:1235/index");
ssl_svr1.stop();
});
SSLServer ssl_svr2(SERVER_CERT2_FILE, SERVER_PRIVATE_KEY_FILE);
ASSERT_TRUE(ssl_svr2.is_valid());
ssl_svr2.Get("/index", [&](const Request &, Response &res) {
res.set_content("test", "text/plain");
ssl_svr2.stop();
});
thread t = thread([&]() { ASSERT_TRUE(ssl_svr1.listen("127.0.0.1", PORT)); });
thread t2 = thread([&]() { ASSERT_TRUE(ssl_svr2.listen("127.0.0.1", 1235)); });
auto se = detail::scope_exit([&] {
t2.join();
t.join();
ASSERT_FALSE(ssl_svr1.is_running());
});
ssl_svr1.wait_until_ready();
ssl_svr2.wait_until_ready();
SSLClient cli("127.0.0.1", PORT);
std::string cert;
read_file(SERVER_CERT2_FILE, cert);
cli.load_ca_cert_store(cert.c_str(), cert.size());
cli.enable_server_certificate_verification(true);
cli.set_follow_location(true);
cli.set_connection_timeout(30);
auto res = cli.Get("/index");
ASSERT_TRUE(res);
ASSERT_EQ(StatusCode::OK_200, res->status);
}