drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5431) Support SSL
Date Wed, 27 Sep 2017 05:58:04 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5431?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16182049#comment-16182049
] 

ASF GitHub Bot commented on DRILL-5431:
---------------------------------------

Github user sohami commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r141247355
  
    --- Diff: contrib/native/client/src/clientlib/wincert.ipp ---
    @@ -0,0 +1,91 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + * http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +
    +#if defined(IS_SSL_ENABLED)
    +
    +#include <openssl/x509.h>
    +#include <openssl/ssl.h>
    +
    +#if defined _WIN32  || defined _WIN64
    +
    +#include <stdio.h>
    +#include <windows.h>
    +#include <wincrypt.h>
    +#include <cryptuiapi.h>
    +#include <iostream>
    +#include <tchar.h>
    +
    +
    +#pragma comment (lib, "crypt32.lib")
    +#pragma comment (lib, "cryptui.lib")
    +
    +#define MY_ENCODING_TYPE  (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
    +
    +inline
    +int loadSystemTrustStore(const SSL *ssl) {
    +    HCERTSTORE hStore;
    +    PCCERT_CONTEXT pContext = NULL;
    +    X509 *x509;
    +	char* stores[] = {
    +	    "CA",
    +		"MY",
    +		"ROOT",
    +		"SPC"
    +	};
    +     
    +    SSL_CTX * ctx = SSL_get_SSL_CTX(ssl);
    +    X509_STORE *store = SSL_CTX_get_cert_store(ctx);
    +
    +	for(int i=0; i<4; i++){
    +    hStore = CertOpenSystemStore(NULL, stores[i]);
    +
    +    if (!hStore)
    +        return 1;
    --- End diff --
    
    This means we will return with failure while opening any of the 4 system store. Should
we instead try all 4 system stores and log the ones for which failure happened (by appending
the names to string param suggested in above comment) but still succeed if anyone store was
successfully opened ? 
    
    But then I think we should also check if there is atleast one certificate which was added
to X509 store out of these system store ?


> Support SSL
> -----------
>
>                 Key: DRILL-5431
>                 URL: https://issues.apache.org/jira/browse/DRILL-5431
>             Project: Apache Drill
>          Issue Type: New Feature
>          Components: Client - Java, Client - ODBC
>            Reporter: Sudheesh Katkam
>            Assignee: Parth Chandra
>
> Support SSL between Drillbit and JDBC/ODBC drivers. Drill already supports HTTPS for
web traffic.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message