You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2017/09/12 17:51:32 UTC

[09/11] nifi-minifi-cpp git commit: MINIFI-388 Disable dynamic loading of TLS libs in civet, install libressl instead of openssl to resolve conflict with libcurl deps, and backport fix for civetweb which fixes compatibility with libressl

MINIFI-388 Disable dynamic loading of TLS libs in civet, install libressl instead of openssl
to resolve conflict with libcurl deps, and backport fix for civetweb which fixes compatibility with libressl

This closes #131.

Signed-off-by: Marc Parisi <ph...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/commit/35a47c7f
Tree: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/tree/35a47c7f
Diff: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/diff/35a47c7f

Branch: refs/heads/master
Commit: 35a47c7f42916c5c942824d35e252b7d51409f90
Parents: 0e24a34
Author: Andrew I. Christianson <an...@andyic.org>
Authored: Mon Aug 21 12:19:54 2017 -0400
Committer: Aldrin Piri <al...@apache.org>
Committed: Tue Sep 12 13:51:04 2017 -0400

----------------------------------------------------------------------
 CMakeLists.txt                           |  3 ++-
 docker/Dockerfile                        |  6 ++++--
 thirdparty/civetweb-1.9.1/src/civetweb.c | 26 +++++++++++++++++++++++++-
 3 files changed, 31 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/35a47c7f/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 361f9a5..292bc8d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -101,9 +101,10 @@ set(prefix "lib")
 set(suffix ".a")
 set(JSONCPP_LIB "${JSONCPP_LIB_DIR}/lib/${prefix}jsoncpp${suffix}")
 
+set(CIVETWEB_ENABLE_SSL_DYNAMIC_LOADING OFF CACHE BOOL "Disable dynamic SSL library loading")
 set(CIVETWEB_ENABLE_CXX ON CACHE BOOL "Enable civet C++ library")
 add_subdirectory(thirdparty/yaml-cpp-yaml-cpp-0.5.3)
-add_subdirectory(thirdparty/civetweb-1.9.1)
+add_subdirectory(thirdparty/civetweb-1.9.1 EXCLUDE_FROM_ALL)
 include_directories(thirdparty/concurrentqueue)
 add_subdirectory(libminifi)
 add_subdirectory(main)

http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/35a47c7f/docker/Dockerfile
----------------------------------------------------------------------
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 213015c..7688439 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -44,7 +44,8 @@ RUN apk --update --no-cache upgrade && apk --update --no-cache add gcc \
 	git \
 	unzip \
 	gpsd-dev \
-	openssl-dev
+	libressl-dev \
+	zlib-dev
 
 ENV USER minificpp
 ENV MINIFI_BASE_DIR /opt/minifi
@@ -86,7 +87,8 @@ RUN apk --update --no-cache upgrade && apk add --update --no-cache \
 	curl \
 	unzip \
 	gpsd \
-	openssl
+	libressl \
+	zlib
 
 # Start MiNiFi CPP in the foreground
 ENV USER minificpp

http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/35a47c7f/thirdparty/civetweb-1.9.1/src/civetweb.c
----------------------------------------------------------------------
diff --git a/thirdparty/civetweb-1.9.1/src/civetweb.c b/thirdparty/civetweb-1.9.1/src/civetweb.c
index da491b6..ba916da 100644
--- a/thirdparty/civetweb-1.9.1/src/civetweb.c
+++ b/thirdparty/civetweb-1.9.1/src/civetweb.c
@@ -11826,6 +11826,9 @@ ssl_get_client_cert_info(struct mg_connection *conn)
 		unsigned char buf[256];
 		int len;
 		unsigned int ulen;
+		int ilen;
+		unsigned char *tmp_buf;
+		unsigned char *tmp_p;
 
 		/* Handle to algorithm used for fingerprint */
 		const EVP_MD *digest = EVP_get_digestbyname("sha1");
@@ -11856,7 +11859,24 @@ ssl_get_client_cert_info(struct mg_connection *conn)
 
 		/* Calculate SHA1 fingerprint and store as a hex string */
 		ulen = 0;
-		ASN1_digest((int (*)())i2d_X509, digest, (char *)cert, buf, &ulen);
+
+		/* ASN1_digest is deprecated. Do the calculation manually,
+		 * using EVP_Digest. */
+		ilen = i2d_X509(cert, NULL);
+		tmp_buf =
+			(ilen > 0)
+				? (unsigned char *)mg_malloc((unsigned)ilen + 1)
+				: NULL;
+		if (tmp_buf) {
+			tmp_p = tmp_buf;
+			(void)i2d_X509(cert, &tmp_p);
+			if (!EVP_Digest(
+					tmp_buf, (unsigned)ilen, buf, &ulen, digest, NULL)) {
+				ulen = 0;
+			}
+			mg_free(tmp_buf);
+		}
+
 		if (!hexdump2string(
 		        buf, (int)ulen, str_finger, (int)sizeof(str_finger))) {
 			*str_finger = 0;
@@ -12109,7 +12129,11 @@ set_ssl_option(struct mg_context *ctx)
 	SSL_CTX_set_options(ctx->ssl_ctx, ssl_get_protocol(protocol_ver));
 	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_DH_USE);
 	SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+/* BEGIN Backport of commit from civetweb.c https://github.com/civetweb/civetweb/commit/e849ce4b54c09d5b4441e371f17cf13368ac2234 */
+#if !defined(NO_SSL_DL)
 	SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1);
+#endif /* NO_SSL_DL */
+/* END Backport of commit from civetweb.c https://github.com/civetweb/civetweb/commit/e849ce4b54c09d5b4441e371f17cf13368ac2234 */
 
 	/* If a callback has been specified, call it. */
 	callback_ret =