You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by yo...@apache.org on 2021/04/14 02:26:25 UTC
[pulsar] 01/10: [PIP-60] Add TLS SNI support for cpp and python
clients (#8957)
This is an automated email from the ASF dual-hosted git repository.
yong pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 05e1ccd4dc3c76b62861ec44d657273a7e5e4319
Author: Deon van der Vyver <de...@gmail.com>
AuthorDate: Thu Dec 24 08:12:45 2020 +0100
[PIP-60] Add TLS SNI support for cpp and python clients (#8957)
* Add TLS SNI support for cpp and python clients
(cherry picked from commit f018892825870e7852c7c1c1377177b5c38e9044)
---
pulsar-client-cpp/lib/ClientConnection.cc | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/pulsar-client-cpp/lib/ClientConnection.cc b/pulsar-client-cpp/lib/ClientConnection.cc
index d17a9b6..3442c89 100644
--- a/pulsar-client-cpp/lib/ClientConnection.cc
+++ b/pulsar-client-cpp/lib/ClientConnection.cc
@@ -183,6 +183,8 @@ ClientConnection::ClientConnection(const std::string& logicalAddress, const std:
#else
boost::asio::ssl::context ctx(executor_->io_service_, boost::asio::ssl::context::tlsv1_client);
#endif
+ Url serviceUrl;
+ Url::parse(physicalAddress, serviceUrl);
if (clientConfiguration.isTlsAllowInsecureConnection()) {
ctx.set_verify_mode(boost::asio::ssl::context::verify_none);
isTlsAllowInsecureConnection_ = true;
@@ -190,9 +192,7 @@ ClientConnection::ClientConnection(const std::string& logicalAddress, const std:
ctx.set_verify_mode(boost::asio::ssl::context::verify_peer);
if (clientConfiguration.isValidateHostName()) {
- Url service_url;
- Url::parse(physicalAddress, service_url);
- LOG_DEBUG("Validating hostname for " << service_url.host() << ":" << service_url.port());
+ LOG_DEBUG("Validating hostname for " << serviceUrl.host() << ":" << serviceUrl.port());
ctx.set_verify_callback(boost::asio::ssl::rfc2818_verification(physicalAddress));
}
@@ -239,6 +239,14 @@ ClientConnection::ClientConnection(const std::string& logicalAddress, const std:
}
tlsSocket_ = executor_->createTlsSocket(socket_, ctx);
+
+ LOG_DEBUG("TLS SNI Host: " << serviceUrl.host());
+ if (!SSL_set_tlsext_host_name(tlsSocket_->native_handle(), serviceUrl.host().c_str())) {
+ boost::system::error_code ec{static_cast<int>(::ERR_get_error()),
+ boost::asio::error::get_ssl_category()};
+ LOG_ERROR(boost::system::system_error{ec}.what() << ": Error while setting TLS SNI");
+ return;
+ }
}
}