You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ph...@apache.org on 2017/08/30 15:10:59 UTC
nifi-minifi-cpp git commit: MINIFI-389 Added support for one-way TLS
to SSLContextService
Repository: nifi-minifi-cpp
Updated Branches:
refs/heads/master 2efac2da5 -> 0c31102da
MINIFI-389 Added support for one-way TLS to SSLContextService
This closes #132.
Signed-off-by: Marc Parisi <ph...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/commit/0c31102d
Tree: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/tree/0c31102d
Diff: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/diff/0c31102d
Branch: refs/heads/master
Commit: 0c31102da9227d32659e2ed861fd9eec36fd1467
Parents: 2efac2d
Author: Andrew I. Christianson <an...@andyic.org>
Authored: Fri Aug 25 16:24:12 2017 -0400
Committer: Marc Parisi <ph...@apache.org>
Committed: Wed Aug 30 11:04:49 2017 -0400
----------------------------------------------------------------------
.../include/controllers/SSLContextService.h | 39 ++++++++++++--------
libminifi/src/controllers/SSLContextService.cpp | 37 +++++++++++--------
2 files changed, 44 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/0c31102d/libminifi/include/controllers/SSLContextService.h
----------------------------------------------------------------------
diff --git a/libminifi/include/controllers/SSLContextService.h b/libminifi/include/controllers/SSLContextService.h
index 9093d5f..c48d30f 100644
--- a/libminifi/include/controllers/SSLContextService.h
+++ b/libminifi/include/controllers/SSLContextService.h
@@ -100,27 +100,34 @@ class SSLContextService : public core::controller::ControllerService {
}
bool configure_ssl_context(SSL_CTX *ctx) {
- if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
- logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
- return false;
- }
- if (!IsNullOrEmpty(passphrase_)) {
- SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
- SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ if (!IsNullOrEmpty(certificate)) {
+ if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
+ logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
+ return false;
+ }
+ if (!IsNullOrEmpty(passphrase_)) {
+ SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
+ SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ }
}
- int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
- if (retp != 1) {
- logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_, std::strerror(errno));
- return false;
+ if (!IsNullOrEmpty(private_key_)) {
+ int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
+ if (retp != 1) {
+ logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_,
+ std::strerror(errno));
+ return false;
+ }
+
+ if (!SSL_CTX_check_private_key(ctx)) {
+ logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
+ return false;
+ }
}
- if (!SSL_CTX_check_private_key(ctx)) {
- logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
- return false;
- }
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, nullptr);
+ int retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
- retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
if (retp == 0) {
logger_->log_error("Can not load CA certificate, Exiting, error : %s", std::strerror(errno));
return false;
http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/0c31102d/libminifi/src/controllers/SSLContextService.cpp
----------------------------------------------------------------------
diff --git a/libminifi/src/controllers/SSLContextService.cpp b/libminifi/src/controllers/SSLContextService.cpp
index 73c9e35..95ccbb0 100644
--- a/libminifi/src/controllers/SSLContextService.cpp
+++ b/libminifi/src/controllers/SSLContextService.cpp
@@ -51,27 +51,32 @@ std::unique_ptr<SSLContext> SSLContextService::createSSLContext() {
method = TLSv1_2_client_method();
SSL_CTX *ctx = SSL_CTX_new(method);
- if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
- logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
- return nullptr;
- }
- if (!IsNullOrEmpty(passphrase_)) {
- SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
- SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ if (!IsNullOrEmpty(certificate)) {
+ if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
+ logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
+ return nullptr;
+ }
+ if (!IsNullOrEmpty(passphrase_)) {
+ SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
+ SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ }
}
- int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
- if (retp != 1) {
- logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_, std::strerror(errno));
- return nullptr;
- }
+ if (!IsNullOrEmpty(private_key_)) {
+ int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
+ if (retp != 1) {
+ logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_,
+ std::strerror(errno));
+ return nullptr;
+ }
- if (!SSL_CTX_check_private_key(ctx)) {
- logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
- return nullptr;
+ if (!SSL_CTX_check_private_key(ctx)) {
+ logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
+ return nullptr;
+ }
}
- retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
+ int retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
if (retp == 0) {
logger_->log_error("Can not load CA certificate, Exiting, error : %s", std::strerror(errno));
}