You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@thrift.apache.org by Isuru Haththotuwa <is...@gmail.com> on 2013/03/31 08:47:46 UTC
Implementing a Custom SSL Authorization Manager
Hi,
I'm in the process of implementing a dummy SSL authorization manager which
will allow self signed certificates, etc. and will not perform host name
verification.
For the skipping host name verification, I have overridden AccessManager
class in TSSLSocket.h, and passed an instance to TSSLSocket::access().
For allowing self-signed certificates, I have overridden
TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket>
TSSLSocketFactory::createSocket() as follows:
void DummyTSSLSocket::authorize() {
//no implementation
}
boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() {
boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_));
sslSocket->server(false);
boost::shared_ptr<AccessManager> accessManager
(new DummyAccessManager());
sslSocket->access(accessManager);
return sslSocket;
}
The authorize() method skips authorization of peer access while
createSocket() method creates and return an instance of DummyTSSLSocket, in
which the I have the empty authorize() method as above.
However, in my client code both these methods are not seem to be getting
called. I checked it with couts. I use it as follows:
boost::shared_ptr<TSSLSocketFactory> socketFactory
(new DummyTSSLSocketFactory());
//load private, public and trusted certificates
boost::shared_ptr<TSSLSocket> socket =
socketFactory->createSocket(host, port);
//rest of the implementation
Still I'm getting the original TSSLSocket::authorize() method's errors,
that means the overriden method in my class is not effective. Is there any
issue with my implementation?
The TSSLSocket interface and implementation that I followed are:
https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h
https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp
--
Thanks and Regards,
Isuru
Re: Implementing a Custom SSL Authorization Manager
Posted by Isuru Haththotuwa <is...@gmail.com>.
FYI I tested this and it works without an issue. This approach can be used
to override default SSL handshake behavior.
On Sun, Mar 31, 2013 at 12:17 PM, Isuru Haththotuwa <is...@gmail.com>wrote:
> Hi,
>
> I'm in the process of implementing a dummy SSL authorization manager which
> will allow self signed certificates, etc. and will not perform host name
> verification.
>
> For the skipping host name verification, I have overridden AccessManager
> class in TSSLSocket.h, and passed an instance to TSSLSocket::access().
>
> For allowing self-signed certificates, I have overridden
> TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket>
> TSSLSocketFactory::createSocket() as follows:
>
> void DummyTSSLSocket::authorize() {
>
> //no implementation
> }
>
> boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() {
>
> boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_));
> sslSocket->server(false);
> boost::shared_ptr<AccessManager> accessManager
> (new DummyAccessManager());
> sslSocket->access(accessManager);
> return sslSocket;
> }
>
> The authorize() method skips authorization of peer access while
> createSocket() method creates and return an instance of DummyTSSLSocket, in
> which the I have the empty authorize() method as above.
>
> However, in my client code both these methods are not seem to be getting
> called. I checked it with couts. I use it as follows:
>
> boost::shared_ptr<TSSLSocketFactory> socketFactory
> (new DummyTSSLSocketFactory());
> //load private, public and trusted certificates
> boost::shared_ptr<TSSLSocket> socket =
> socketFactory->createSocket(host, port);
> //rest of the implementation
>
> Still I'm getting the original TSSLSocket::authorize() method's errors,
> that means the overriden method in my class is not effective. Is there any
> issue with my implementation?
>
> The TSSLSocket interface and implementation that I followed are:
>
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp
>
> --
> Thanks and Regards,
> Isuru
>
--
Thanks and Regards,
Isuru