You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by phrocker <gi...@git.apache.org> on 2018/03/13 18:27:29 UTC
[GitHub] nifi-minifi-cpp pull request #279: Minificpp 424
GitHub user phrocker opened a pull request:
https://github.com/apache/nifi-minifi-cpp/pull/279
Minificpp 424
Thank you for submitting a contribution to Apache NiFi - MiNiFi C++.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [ ] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [ ] Does your PR title start with MINIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [ ] Has your PR been rebased against the latest commit within the target branch (typically master)?
- [ ] Is your initial contribution a single, squashed commit?
### For code changes:
- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the LICENSE file?
- [ ] If applicable, have you updated the NOTICE file?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/phrocker/nifi-minifi-cpp MINIFICPP-424
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi-minifi-cpp/pull/279.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #279
----
commit 95ce5dd24963229f9bbfe4e1736331b9c01ce18a
Author: Marc Parisi <ph...@...>
Date: 2018-03-12T20:55:39Z
MINIFICPP-424: Manually specify CAFile so users do not need to update the cert bundle on their local machine
Set path and CAfile to NULL to avoid using them
commit a80aa194807733d68070f71131dedb3958ed4abd
Author: Marc Parisi <ph...@...>
Date: 2018-03-13T18:26:43Z
MINIFICPP-424: Update readme
----
---
[GitHub] nifi-minifi-cpp pull request #279: Minificpp 424
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/nifi-minifi-cpp/pull/279
---
[GitHub] nifi-minifi-cpp pull request #279: Minificpp 424
Posted by apiri <gi...@git.apache.org>.
Github user apiri commented on a diff in the pull request:
https://github.com/apache/nifi-minifi-cpp/pull/279#discussion_r174459253
--- Diff: extensions/http-curl/client/HTTPClient.cpp ---
@@ -334,6 +334,8 @@ void HTTPClient::configure_secure_connection(CURL *http_session) {
logger_->log_debug("Using certificate file %s", ssl_context_service_->getCertificateFile());
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_FUNCTION, &configure_ssl_context);
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_DATA, static_cast<void*>(ssl_context_service_.get()));
+ curl_easy_setopt(http_session, CURLOPT_CAINFO, 0);
--- End diff --
Okay, thanks for clarifying. Looks good to me. Will merge.
---
[GitHub] nifi-minifi-cpp pull request #279: Minificpp 424
Posted by phrocker <gi...@git.apache.org>.
Github user phrocker commented on a diff in the pull request:
https://github.com/apache/nifi-minifi-cpp/pull/279#discussion_r174445579
--- Diff: extensions/http-curl/client/HTTPClient.cpp ---
@@ -334,6 +334,8 @@ void HTTPClient::configure_secure_connection(CURL *http_session) {
logger_->log_debug("Using certificate file %s", ssl_context_service_->getCertificateFile());
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_FUNCTION, &configure_ssl_context);
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_DATA, static_cast<void*>(ssl_context_service_.get()));
+ curl_easy_setopt(http_session, CURLOPT_CAINFO, 0);
--- End diff --
There is little documentation about this but this is to ensure we don't have any ambiguous error messages. Users should be using libcurl-openssl; however, RHEL variants don't have this built into the repos, so we will have to download the source and build it. As a result, the default implementation uses NSS which is not how we've implemented the code.
---
[GitHub] nifi-minifi-cpp pull request #279: Minificpp 424
Posted by apiri <gi...@git.apache.org>.
Github user apiri commented on a diff in the pull request:
https://github.com/apache/nifi-minifi-cpp/pull/279#discussion_r174443984
--- Diff: extensions/http-curl/client/HTTPClient.cpp ---
@@ -334,6 +334,8 @@ void HTTPClient::configure_secure_connection(CURL *http_session) {
logger_->log_debug("Using certificate file %s", ssl_context_service_->getCertificateFile());
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_FUNCTION, &configure_ssl_context);
curl_easy_setopt(http_session, CURLOPT_SSL_CTX_DATA, static_cast<void*>(ssl_context_service_.get()));
+ curl_easy_setopt(http_session, CURLOPT_CAINFO, 0);
--- End diff --
I was able to find in the curl docs (https://curl.haxx.se/libcurl/c/CURLOPT_CAINFO.html) for what this behavior does for NSS and curl 7.55+ and get how this applies but didn't see any such docs for openssl variants or other versions. Is the behavior pretty consistent from that standpoint?
---