thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Isuru Haththotuwa <isurulu...@gmail.com>
Subject Re: Implementing a Custom SSL Authorization Manager
Date Mon, 01 Apr 2013 05:28:16 GMT
FYI I tested this and it works without an issue. This approach can be used
to override default SSL handshake behavior.


On Sun, Mar 31, 2013 at 12:17 PM, Isuru Haththotuwa <isurulucky@gmail.com>wrote:

> Hi,
>
> I'm in the process of implementing a dummy SSL authorization manager which
> will allow self signed certificates, etc. and will not perform host name
> verification.
>
> For the skipping host name verification, I have overridden AccessManager
> class in TSSLSocket.h, and passed an instance to TSSLSocket::access().
>
> For allowing self-signed certificates, I have overridden
> TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket>
> TSSLSocketFactory::createSocket() as follows:
>
> void DummyTSSLSocket::authorize() {
>
>    //no implementation
> }
>
> boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() {
>
>    boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_));
>    sslSocket->server(false);
>    boost::shared_ptr<AccessManager> accessManager
>                                      (new DummyAccessManager());
>    sslSocket->access(accessManager);
>    return sslSocket;
> }
>
> The authorize() method skips authorization of peer access while
> createSocket() method creates and return an instance of DummyTSSLSocket, in
> which the I have the empty authorize() method as above.
>
> However, in my client code both these methods are not seem to be getting
> called. I checked it with couts. I use it as follows:
>
> boost::shared_ptr<TSSLSocketFactory> socketFactory
>                                 (new DummyTSSLSocketFactory());
> //load private, public and trusted certificates
> boost::shared_ptr<TSSLSocket> socket =
>                                  socketFactory->createSocket(host, port);
> //rest of the implementation
>
> Still I'm getting the original TSSLSocket::authorize() method's errors,
> that means the overriden method in my class is not effective. Is there any
> issue with my implementation?
>
> The TSSLSocket interface and implementation that I followed are:
>
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h
> https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp
>
> --
> Thanks and Regards,
> Isuru
>



-- 
Thanks and Regards,
Isuru

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message