You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by al...@apache.org on 2017/09/12 17:51:33 UTC
[10/11] nifi-minifi-cpp git commit: MINIFI-389 Added support for
one-way TLS to SSLContextService
MINIFI-389 Added support for one-way TLS to SSLContextService
This closes #132.
Signed-off-by: Marc Parisi <ph...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/commit/0e24a343
Tree: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/tree/0e24a343
Diff: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/diff/0e24a343
Branch: refs/heads/master
Commit: 0e24a343653bada3b106606584bf9723609e02e0
Parents: a426b8d
Author: Andrew I. Christianson <an...@andyic.org>
Authored: Fri Aug 25 16:24:12 2017 -0400
Committer: Aldrin Piri <al...@apache.org>
Committed: Tue Sep 12 13:51:04 2017 -0400
----------------------------------------------------------------------
.../include/controllers/SSLContextService.h | 39 ++++++++++++--------
libminifi/src/controllers/SSLContextService.cpp | 37 +++++++++++--------
2 files changed, 44 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/0e24a343/libminifi/include/controllers/SSLContextService.h
----------------------------------------------------------------------
diff --git a/libminifi/include/controllers/SSLContextService.h b/libminifi/include/controllers/SSLContextService.h
index 9093d5f..c48d30f 100644
--- a/libminifi/include/controllers/SSLContextService.h
+++ b/libminifi/include/controllers/SSLContextService.h
@@ -100,27 +100,34 @@ class SSLContextService : public core::controller::ControllerService {
}
bool configure_ssl_context(SSL_CTX *ctx) {
- if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
- logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
- return false;
- }
- if (!IsNullOrEmpty(passphrase_)) {
- SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
- SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ if (!IsNullOrEmpty(certificate)) {
+ if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
+ logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
+ return false;
+ }
+ if (!IsNullOrEmpty(passphrase_)) {
+ SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
+ SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ }
}
- int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
- if (retp != 1) {
- logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_, std::strerror(errno));
- return false;
+ if (!IsNullOrEmpty(private_key_)) {
+ int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
+ if (retp != 1) {
+ logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_,
+ std::strerror(errno));
+ return false;
+ }
+
+ if (!SSL_CTX_check_private_key(ctx)) {
+ logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
+ return false;
+ }
}
- if (!SSL_CTX_check_private_key(ctx)) {
- logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
- return false;
- }
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, nullptr);
+ int retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
- retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
if (retp == 0) {
logger_->log_error("Can not load CA certificate, Exiting, error : %s", std::strerror(errno));
return false;
http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/0e24a343/libminifi/src/controllers/SSLContextService.cpp
----------------------------------------------------------------------
diff --git a/libminifi/src/controllers/SSLContextService.cpp b/libminifi/src/controllers/SSLContextService.cpp
index 73c9e35..95ccbb0 100644
--- a/libminifi/src/controllers/SSLContextService.cpp
+++ b/libminifi/src/controllers/SSLContextService.cpp
@@ -51,27 +51,32 @@ std::unique_ptr<SSLContext> SSLContextService::createSSLContext() {
method = TLSv1_2_client_method();
SSL_CTX *ctx = SSL_CTX_new(method);
- if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
- logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
- return nullptr;
- }
- if (!IsNullOrEmpty(passphrase_)) {
- SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
- SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ if (!IsNullOrEmpty(certificate)) {
+ if (SSL_CTX_use_certificate_file(ctx, certificate.c_str(), SSL_FILETYPE_PEM) <= 0) {
+ logger_->log_error("Could not create load certificate, error : %s", std::strerror(errno));
+ return nullptr;
+ }
+ if (!IsNullOrEmpty(passphrase_)) {
+ SSL_CTX_set_default_passwd_cb_userdata(ctx, &passphrase_);
+ SSL_CTX_set_default_passwd_cb(ctx, pemPassWordCb);
+ }
}
- int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
- if (retp != 1) {
- logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_, std::strerror(errno));
- return nullptr;
- }
+ if (!IsNullOrEmpty(private_key_)) {
+ int retp = SSL_CTX_use_PrivateKey_file(ctx, private_key_.c_str(), SSL_FILETYPE_PEM);
+ if (retp != 1) {
+ logger_->log_error("Could not create load private key,%i on %s error : %s", retp, private_key_,
+ std::strerror(errno));
+ return nullptr;
+ }
- if (!SSL_CTX_check_private_key(ctx)) {
- logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
- return nullptr;
+ if (!SSL_CTX_check_private_key(ctx)) {
+ logger_->log_error("Private key does not match the public certificate, error : %s", std::strerror(errno));
+ return nullptr;
+ }
}
- retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
+ int retp = SSL_CTX_load_verify_locations(ctx, ca_certificate_.c_str(), 0);
if (retp == 0) {
logger_->log_error("Can not load CA certificate, Exiting, error : %s", std::strerror(errno));
}