fix#1133, fix#1241
When the macro BOOST_BEAST_USE_STD_STRING_VIEW is defined,
Beast will use std::string_view instead of boost::string_view.
The name boost::beast::string_view is a type alias for the
chosen view type.
fix#1237
HTTP client examples now verify the server's certificate
and generate an error if the certificate is invalid or
expired:
* Set certificate verify mode
* Remove duplicate root certificate
fix#1245, fix#1249
The value used to fill the incomplete code point buffer is
changed to a character which no longer causes
utf8_checker::valid() to incorrectly return false.
fix#1202
Replace them by their cousins from std::allocator_traits;
otherwise, heaps of deprecation warnings will fall onto
humble users when compiling with MSVC 15 in C++17 mode.
Signed-off-by: Daniela Engert <dani@ngrt.de>
This resolves a medium vulnerability described in the
Beast Hybrid Assessment Report by Bishop Fox, where masks generated
for use with outgoing WebSocket client frames use an insufficient
source of entropy and a non-cryptographically secure pseudo-random
number generator.
By default, all newly constructed WebSocket streams will use a
uniquely seeded secure PRNG (ChaCha20 in counter mode). As this may
result in increased CPU resource consumption, the function
websocket::stream::secure_prng() may be used to select a faster but
less secure PRNG, for the case where the caller knows that the secure
generator is not necessary.
On some systems, std::random_device may produce insufficient entropy
to securely seed the PRNG. As this condition cannot be detected by
Beast, callers may use the function websocket::seed_prng() called
once at startup to provide at least 256 bits of entropy which will
be used to uniquely seed all subsequent PRNGs.
