thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Isuru Haththotuwa <isurulu...@gmail.com>
Subject Implementing a Custom SSL Authorization Manager
Date Sun, 31 Mar 2013 06:47:46 GMT
Hi,

I'm in the process of implementing a dummy SSL authorization manager which
will allow self signed certificates, etc. and will not perform host name
verification.

For the skipping host name verification, I have overridden AccessManager
class in TSSLSocket.h, and passed an instance to TSSLSocket::access().

For allowing self-signed certificates, I have overridden
TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket>
TSSLSocketFactory::createSocket() as follows:

void DummyTSSLSocket::authorize() {

   //no implementation
}

boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() {

   boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_));
   sslSocket->server(false);
   boost::shared_ptr<AccessManager> accessManager
                                     (new DummyAccessManager());
   sslSocket->access(accessManager);
   return sslSocket;
}

The authorize() method skips authorization of peer access while
createSocket() method creates and return an instance of DummyTSSLSocket, in
which the I have the empty authorize() method as above.

However, in my client code both these methods are not seem to be getting
called. I checked it with couts. I use it as follows:

boost::shared_ptr<TSSLSocketFactory> socketFactory
                                (new DummyTSSLSocketFactory());
//load private, public and trusted certificates
boost::shared_ptr<TSSLSocket> socket =
                                 socketFactory->createSocket(host, port);
//rest of the implementation

Still I'm getting the original TSSLSocket::authorize() method's errors,
that means the overriden method in my class is not effective. Is there any
issue with my implementation?

The TSSLSocket interface and implementation that I followed are:

https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h
https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp

-- 
Thanks and Regards,
Isuru

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message