pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mme...@apache.org
Subject [pulsar] branch master updated: Fixed C++ client hostname verification (#3582)
Date Tue, 12 Feb 2019 23:50:11 GMT
This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 285d16e  Fixed C++ client hostname verification (#3582)
285d16e is described below

commit 285d16ebe00bfdb5d131b57134d76e5181849164
Author: Matteo Merli <mmerli@apache.org>
AuthorDate: Tue Feb 12 15:50:06 2019 -0800

    Fixed C++ client hostname verification (#3582)
---
 pulsar-client-cpp/lib/ClientConnection.cc |  8 ++++++++
 pulsar-client-cpp/lib/ConnectionPool.cc   | 24 ------------------------
 2 files changed, 8 insertions(+), 24 deletions(-)

diff --git a/pulsar-client-cpp/lib/ClientConnection.cc b/pulsar-client-cpp/lib/ClientConnection.cc
index 8a782a2..9cf27e3 100644
--- a/pulsar-client-cpp/lib/ClientConnection.cc
+++ b/pulsar-client-cpp/lib/ClientConnection.cc
@@ -158,6 +158,14 @@ ClientConnection::ClientConnection(const std::string& logicalAddress,
const std:
             isTlsAllowInsecureConnection_ = true;
         } else {
             ctx.set_verify_mode(boost::asio::ssl::context::verify_peer);
+
+            if (clientConfiguration.isValidateHostName()) {
+                Url service_url;
+                Url::parse(physicalAddress, service_url);
+                LOG_DEBUG("Validating hostname for " << service_url.host() <<
":" << service_url.port());
+                ctx.set_verify_callback(boost::asio::ssl::rfc2818_verification(physicalAddress));
+            }
+
             std::string trustCertFilePath = clientConfiguration.getTlsTrustCertsFilePath();
             if (file_exists(trustCertFilePath)) {
                 ctx.load_verify_file(trustCertFilePath);
diff --git a/pulsar-client-cpp/lib/ConnectionPool.cc b/pulsar-client-cpp/lib/ConnectionPool.cc
index 598fe95..86c8948 100644
--- a/pulsar-client-cpp/lib/ConnectionPool.cc
+++ b/pulsar-client-cpp/lib/ConnectionPool.cc
@@ -46,30 +46,6 @@ Future<Result, ClientConnectionWeakPtr> ConnectionPool::getConnectionAsync(
     const std::string& logicalAddress, const std::string& physicalAddress) {
     std::unique_lock<std::mutex> lock(mutex_);
 
-    if (clientConfiguration_.isValidateHostName()) {
-        // Create a context that uses the default paths for
-        // finding CA certificates.
-        ssl::context ctx(ssl::context::sslv23);
-        ctx.set_default_verify_paths();
-
-        // Open a socket and connect it to the remote host.
-        boost::asio::io_service io_service;
-        ssl_socket sock(io_service, ctx);
-        tcp::resolver resolver(io_service);
-        Url service_url;
-        Url::parse(physicalAddress, service_url);
-        LOG_DEBUG("Validating hostname for " << service_url.host() << ":" <<
service_url.port());
-        tcp::resolver::query query(service_url.host(), std::to_string(service_url.port()));
-        boost::asio::connect(sock.lowest_layer(), resolver.resolve(query));
-        sock.lowest_layer().set_option(tcp::no_delay(true));
-
-        // Perform SSL handshake and verify the remote host's
-        // certificate.
-        sock.set_verify_mode(ssl::verify_peer);
-        sock.set_verify_callback(ssl::rfc2818_verification(physicalAddress));
-        sock.handshake(ssl_socket::client);
-    }
-
     if (poolConnections_) {
         PoolMap::iterator cnxIt = pool_.find(logicalAddress);
         if (cnxIt != pool_.end()) {


Mime
View raw message