You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@thrift.apache.org by Isuru Haththotuwa <is...@gmail.com> on 2013/04/01 07:28:16 UTC
Re: Implementing a Custom SSL Authorization Manager
FYI I tested this and it works without an issue. This approach can be used
to override default SSL handshake behavior.
On Sun, Mar 31, 2013 at 12:17 PM, Isuru Haththotuwa <is...@gmail.com>wrote:
> Hi,
>
> I'm in the process of implementing a dummy SSL authorization manager which
> will allow self signed certificates, etc. and will not perform host name
> verification.
>
> For the skipping host name verification, I have overridden AccessManager
> class in TSSLSocket.h, and passed an instance to TSSLSocket::access().
>
> For allowing self-signed certificates, I have overridden
> TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket>
> TSSLSocketFactory::createSocket() as follows:
>
> void DummyTSSLSocket::authorize() {
>
> //no implementation
> }
>
> boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() {
>
> boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_));
> sslSocket->server(false);
> boost::shared_ptr<AccessManager> accessManager
> (new DummyAccessManager());
> sslSocket->access(accessManager);
> return sslSocket;
> }
>
> The authorize() method skips authorization of peer access while
> createSocket() method creates and return an instance of DummyTSSLSocket, in
> which the I have the empty authorize() method as above.
>
> However, in my client code both these methods are not seem to be getting
> called. I checked it with couts. I use it as follows:
>
> boost::shared_ptr<TSSLSocketFactory> socketFactory
> (new DummyTSSLSocketFactory());
> //load private, public and trusted certificates
> boost::shared_ptr<TSSLSocket> socket =
> socketFactory->createSocket(host, port);
> //rest of the implementation
>
> Still I'm getting the original TSSLSocket::authorize() method's errors,
> that means the overriden method in my class is not effective. Is there any
> issue with my implementation?
>
> The TSSLSocket interface and implementation that I followed are:
>
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp
>
> --
> Thanks and Regards,
> Isuru
>
--
Thanks and Regards,
Isuru