You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@drill.apache.org by so...@apache.org on 2018/07/13 03:45:02 UTC
[drill] 10/13: [DRILL-6586] Add SSL Hostname verification with
zookeeper connection mode support
This is an automated email from the ASF dual-hosted git repository.
sorabh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/drill.git
commit b1eb9d76cda84661e5ebd6f1d87a5d5ee0501526
Author: superbstreak <ro...@gmail.com>
AuthorDate: Mon Jul 9 01:33:55 2018 -0700
[DRILL-6586] Add SSL Hostname verification with zookeeper connection mode support
---
contrib/native/client/src/clientlib/channel.cpp | 7 +-----
contrib/native/client/src/clientlib/channel.hpp | 33 +++++++++++++++----------
2 files changed, 21 insertions(+), 19 deletions(-)
diff --git a/contrib/native/client/src/clientlib/channel.cpp b/contrib/native/client/src/clientlib/channel.cpp
index fc97816..e368cd0 100644
--- a/contrib/native/client/src/clientlib/channel.cpp
+++ b/contrib/native/client/src/clientlib/channel.cpp
@@ -376,13 +376,8 @@ connectionStatus_t SSLStreamChannel::init(){
std::string disableHostVerification;
props->getProp(USERPROP_DISABLE_HOSTVERIFICATION, disableHostVerification);
if (disableHostVerification != "true") {
- // Populate endpoint information before we retrieve host name.
- m_pEndpoint->parseConnectString();
- std::string hostStr = m_pEndpoint->getHost();
((SSLChannelContext_t *) m_pContext)->getSslContext().set_verify_callback(
- DrillSSLHostnameVerifier(
- ((SSLChannelContext_t *)m_pContext),
- boost::asio::ssl::rfc2818_verification(hostStr.c_str())));
+ DrillSSLHostnameVerifier(this));
}
m_pSocket=new SslSocket(m_ioService, ((SSLChannelContext_t*)m_pContext)->getSslContext() );
diff --git a/contrib/native/client/src/clientlib/channel.hpp b/contrib/native/client/src/clientlib/channel.hpp
index e739118..76bedde 100644
--- a/contrib/native/client/src/clientlib/channel.hpp
+++ b/contrib/native/client/src/clientlib/channel.hpp
@@ -41,13 +41,14 @@ class UserProperties;
//parse the connection string and set up the host and port to connect to
connectionStatus_t getDrillbitEndpoint();
- void parseConnectString();
+
const std::string& getProtocol() const {return m_protocol;}
const std::string& getHost() const {return m_host;}
const std::string& getPort() const {return m_port;}
DrillClientError* getError(){ return m_pError;};
private:
+ void parseConnectString();
bool isDirectConnection();
bool isZookeeperConnection();
connectionStatus_t getDrillbitEndpointFromZk();
@@ -171,6 +172,8 @@ class UserProperties;
ConnectionEndpoint* getEndpoint(){return m_pEndpoint;}
+ ChannelContext_t* getChannelContext(){ return m_pContext; }
+
protected:
connectionStatus_t handleError(connectionStatus_t status, std::string msg);
@@ -276,11 +279,8 @@ class UserProperties;
public:
/// @brief The constructor.
///
- /// @param in_pctx The SSL Channel Context.
- /// @param in_verifier The wrapped verifier.
- DrillSSLHostnameVerifier(SSLChannelContext_t* in_pctx, boost::asio::ssl::rfc2818_verification in_verifier) :
- m_verifier(in_verifier),
- m_pctx(in_pctx){
+ /// @param in_channel The Channel.
+ DrillSSLHostnameVerifier(Channel* in_channel) : m_channel(in_channel){
DRILL_LOG(LOG_INFO)
<< "DrillSSLHostnameVerifier::DrillSSLHostnameVerifier: +++++ Enter +++++"
<< std::endl;
@@ -295,23 +295,30 @@ class UserProperties;
boost::asio::ssl::verify_context& in_ctx){
DRILL_LOG(LOG_INFO) << "DrillSSLHostnameVerifier::operator(): +++++ Enter +++++" << std::endl;
- bool verified = m_verifier(in_preverified, in_ctx);
+ // Gets the channel context.
+ SSLChannelContext_t* context = (SSLChannelContext_t*)(m_channel->getChannelContext());
+
+ // Retrieve the host before we perform Host name verification.
+ // This is because host with ZK mode is selected after the connect() function is called.
+ boost::asio::ssl::rfc2818_verification verifier(m_channel->getEndpoint()->getHost().c_str());
+
+ // Perform verification.
+ bool verified = verifier(in_preverified, in_ctx);
DRILL_LOG(LOG_DEBUG)
<< "DrillSSLHostnameVerifier::operator(): Verification Result: "
<< verified
<< std::endl;
- m_pctx->SetCertHostnameVerificationStatus(verified);
- return verified;
+ // Sets the result back to the context.
+ context->SetCertHostnameVerificationStatus(verified);
+ return verified && in_preverified;
}
private:
- // The inner verifier.
- boost::asio::ssl::rfc2818_verification m_verifier;
- // The SSL channel context.
- SSLChannelContext_t* m_pctx;
+ // The SSL channel.
+ Channel* m_channel;
};
} // namespace Drill