flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pritchard, Charles X. -ND" <Charles.X.Pritchard....@disney.com>
Subject RE: Adding SSL peer cert info to AvroSource
Date Thu, 30 Jan 2014 08:29:38 GMT
I need to put the CN on the cert into a variable; it's essentially an authenticated string
the server knows to be valid (since it has been signed).
I'd like to route messages to a directory based on the string or otherwise send them to a
fallback directory on a failed cert.



________________________________________
From: Mike Percy [mpercy@apache.org]
Sent: Wednesday, January 29, 2014 6:44 PM
To: user@flume.apache.org
Subject: Re: Adding SSL peer cert info to AvroSource

If it's using a signed cert then what do you need to put into the filter? You mean a list
of allowed peers? If so then you could either try to piggyback on the IpFilter and make it
accept hostnames, or yes add another filter config option such as hostFilter.

Mike


On Wed, Jan 29, 2014 at 12:23 PM, Pritchard, Charles X. -ND <Charles.X.Pritchard.-ND@disney.com<mailto:Charles.X.Pritchard.-ND@disney.com>>
wrote:
I’m trying to add in the feature to expose the client’s peer cert into AvroSource:
https://apache.googlesource.com/flume/+/trunk/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java

Per the bug request I filed in October:
https://issues.apache.org/jira/browse/FLUME-2204

Any ideas on how I might expose the data — it’s just a string for the CN from the peer
cert.
I’m having a difficult time figuring out how to expose this connection state information
so that Flume’s configuration magic can take hold from there.

It seems a little like I need to create yet-another-filter, kind of like IpFilter.


Any pointers?


The CN info may be used to route to a particular directory (in an HDFS sink) and/or set a
header for the AvroEvent, or possibly just validate a
header (header.CN == ssl peer CN   or FAIL).

-Charles


Mime
View raw message