You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@thrift.apache.org by Isuru Haththotuwa <is...@gmail.com> on 2013/04/01 07:28:16 UTC

Re: Implementing a Custom SSL Authorization Manager

FYI I tested this and it works without an issue. This approach can be used
to override default SSL handshake behavior.


On Sun, Mar 31, 2013 at 12:17 PM, Isuru Haththotuwa <is...@gmail.com>wrote:

> Hi,
>
> I'm in the process of implementing a dummy SSL authorization manager which
> will allow self signed certificates, etc. and will not perform host name
> verification.
>
> For the skipping host name verification, I have overridden AccessManager
> class in TSSLSocket.h, and passed an instance to TSSLSocket::access().
>
> For allowing self-signed certificates, I have overridden
> TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket>
> TSSLSocketFactory::createSocket() as follows:
>
> void DummyTSSLSocket::authorize() {
>
>    //no implementation
> }
>
> boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() {
>
>    boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_));
>    sslSocket->server(false);
>    boost::shared_ptr<AccessManager> accessManager
>                                      (new DummyAccessManager());
>    sslSocket->access(accessManager);
>    return sslSocket;
> }
>
> The authorize() method skips authorization of peer access while
> createSocket() method creates and return an instance of DummyTSSLSocket, in
> which the I have the empty authorize() method as above.
>
> However, in my client code both these methods are not seem to be getting
> called. I checked it with couts. I use it as follows:
>
> boost::shared_ptr<TSSLSocketFactory> socketFactory
>                                 (new DummyTSSLSocketFactory());
> //load private, public and trusted certificates
> boost::shared_ptr<TSSLSocket> socket =
>                                  socketFactory->createSocket(host, port);
> //rest of the implementation
>
> Still I'm getting the original TSSLSocket::authorize() method's errors,
> that means the overriden method in my class is not effective. Is there any
> issue with my implementation?
>
> The TSSLSocket interface and implementation that I followed are:
>
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp
>
> --
> Thanks and Regards,
> Isuru
>



-- 
Thanks and Regards,
Isuru