Repository: nifi-minifi-cpp
Updated Branches:
  refs/heads/master 0c31102da -> d422e725c


MINIFI-388 Disable dynamic loading of TLS libs in civet, install libressl 
instead of openssl
to resolve conflict with libcurl deps, and backport fix for civetweb which 
fixes compatibility with libressl

This closes #131.

Signed-off-by: Marc Parisi <phroc...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/commit/d422e725
Tree: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/tree/d422e725
Diff: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/diff/d422e725

Branch: refs/heads/master
Commit: d422e725cb0afb44a38c1062e832c1db284fd57b
Parents: 0c31102
Author: Andrew I. Christianson <a...@andyic.org>
Authored: Mon Aug 21 12:19:54 2017 -0400
Committer: Marc Parisi <phroc...@apache.org>
Committed: Fri Sep 1 10:22:35 2017 -0400

----------------------------------------------------------------------
 CMakeLists.txt                           |  3 ++-
 docker/Dockerfile                        |  6 ++++--
 thirdparty/civetweb-1.9.1/src/civetweb.c | 26 +++++++++++++++++++++++++-
 3 files changed, 31 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/d422e725/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 361f9a5..292bc8d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -101,9 +101,10 @@ set(prefix "lib")
 set(suffix ".a")
 set(JSONCPP_LIB "${JSONCPP_LIB_DIR}/lib/${prefix}jsoncpp${suffix}")
 
+set(CIVETWEB_ENABLE_SSL_DYNAMIC_LOADING OFF CACHE BOOL "Disable dynamic SSL 
library loading")
 set(CIVETWEB_ENABLE_CXX ON CACHE BOOL "Enable civet C++ library")
 add_subdirectory(thirdparty/yaml-cpp-yaml-cpp-0.5.3)
-add_subdirectory(thirdparty/civetweb-1.9.1)
+add_subdirectory(thirdparty/civetweb-1.9.1 EXCLUDE_FROM_ALL)
 include_directories(thirdparty/concurrentqueue)
 add_subdirectory(libminifi)
 add_subdirectory(main)

http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/d422e725/docker/Dockerfile
----------------------------------------------------------------------
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 213015c..7688439 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -44,7 +44,8 @@ RUN apk --update --no-cache upgrade && apk --update 
--no-cache add gcc \
        git \
        unzip \
        gpsd-dev \
-       openssl-dev
+       libressl-dev \
+       zlib-dev
 
 ENV USER minificpp
 ENV MINIFI_BASE_DIR /opt/minifi
@@ -86,7 +87,8 @@ RUN apk --update --no-cache upgrade && apk add --update 
--no-cache \
        curl \
        unzip \
        gpsd \
-       openssl
+       libressl \
+       zlib
 
 # Start MiNiFi CPP in the foreground
 ENV USER minificpp

http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/d422e725/thirdparty/civetweb-1.9.1/src/civetweb.c
----------------------------------------------------------------------
diff --git a/thirdparty/civetweb-1.9.1/src/civetweb.c 
b/thirdparty/civetweb-1.9.1/src/civetweb.c
index da491b6..ba916da 100644
--- a/thirdparty/civetweb-1.9.1/src/civetweb.c
+++ b/thirdparty/civetweb-1.9.1/src/civetweb.c
@@ -11826,6 +11826,9 @@ ssl_get_client_cert_info(struct mg_connection *conn)
                unsigned char buf[256];
                int len;
                unsigned int ulen;
+               int ilen;
+               unsigned char *tmp_buf;
+               unsigned char *tmp_p;
 
                /* Handle to algorithm used for fingerprint */
                const EVP_MD *digest = EVP_get_digestbyname("sha1");
@@ -11856,7 +11859,24 @@ ssl_get_client_cert_info(struct mg_connection *conn)
 
                /* Calculate SHA1 fingerprint and store as a hex string */
                ulen = 0;
-               ASN1_digest((int (*)())i2d_X509, digest, (char *)cert, buf, 
&ulen);
+
+               /* ASN1_digest is deprecated. Do the calculation manually,
+                * using EVP_Digest. */
+               ilen = i2d_X509(cert, NULL);
+               tmp_buf =
+                       (ilen > 0)
+                               ? (unsigned char *)mg_malloc((unsigned)ilen + 1)
+                               : NULL;
+               if (tmp_buf) {
+                       tmp_p = tmp_buf;
+                       (void)i2d_X509(cert, &tmp_p);
+                       if (!EVP_Digest(
+                                       tmp_buf, (unsigned)ilen, buf, &ulen, 
digest, NULL)) {
+                               ulen = 0;
+                       }
+                       mg_free(tmp_buf);
+               }
+
                if (!hexdump2string(
                        buf, (int)ulen, str_finger, (int)sizeof(str_finger))) {
                        *str_finger = 0;
@@ -12109,7 +12129,11 @@ set_ssl_option(struct mg_context *ctx)
        SSL_CTX_set_options(ctx->ssl_ctx, ssl_get_protocol(protocol_ver));
        SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_DH_USE);
        SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+/* BEGIN Backport of commit from civetweb.c 
https://github.com/civetweb/civetweb/commit/e849ce4b54c09d5b4441e371f17cf13368ac2234
 */
+#if !defined(NO_SSL_DL)
        SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1);
+#endif /* NO_SSL_DL */
+/* END Backport of commit from civetweb.c 
https://github.com/civetweb/civetweb/commit/e849ce4b54c09d5b4441e371f17cf13368ac2234
 */
 
        /* If a callback has been specified, call it. */
        callback_ret =

Reply via email to