Repository: nifi-minifi-cpp Updated Branches: refs/heads/master 0c31102da -> d422e725c
MINIFI-388 Disable dynamic loading of TLS libs in civet, install libressl instead of openssl to resolve conflict with libcurl deps, and backport fix for civetweb which fixes compatibility with libressl This closes #131. Signed-off-by: Marc Parisi <phroc...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/commit/d422e725 Tree: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/tree/d422e725 Diff: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/diff/d422e725 Branch: refs/heads/master Commit: d422e725cb0afb44a38c1062e832c1db284fd57b Parents: 0c31102 Author: Andrew I. Christianson <a...@andyic.org> Authored: Mon Aug 21 12:19:54 2017 -0400 Committer: Marc Parisi <phroc...@apache.org> Committed: Fri Sep 1 10:22:35 2017 -0400 ---------------------------------------------------------------------- CMakeLists.txt | 3 ++- docker/Dockerfile | 6 ++++-- thirdparty/civetweb-1.9.1/src/civetweb.c | 26 +++++++++++++++++++++++++- 3 files changed, 31 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/d422e725/CMakeLists.txt ---------------------------------------------------------------------- diff --git a/CMakeLists.txt b/CMakeLists.txt index 361f9a5..292bc8d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -101,9 +101,10 @@ set(prefix "lib") set(suffix ".a") set(JSONCPP_LIB "${JSONCPP_LIB_DIR}/lib/${prefix}jsoncpp${suffix}") +set(CIVETWEB_ENABLE_SSL_DYNAMIC_LOADING OFF CACHE BOOL "Disable dynamic SSL library loading") set(CIVETWEB_ENABLE_CXX ON CACHE BOOL "Enable civet C++ library") add_subdirectory(thirdparty/yaml-cpp-yaml-cpp-0.5.3) -add_subdirectory(thirdparty/civetweb-1.9.1) +add_subdirectory(thirdparty/civetweb-1.9.1 EXCLUDE_FROM_ALL) include_directories(thirdparty/concurrentqueue) add_subdirectory(libminifi) add_subdirectory(main) http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/d422e725/docker/Dockerfile ---------------------------------------------------------------------- diff --git a/docker/Dockerfile b/docker/Dockerfile index 213015c..7688439 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -44,7 +44,8 @@ RUN apk --update --no-cache upgrade && apk --update --no-cache add gcc \ git \ unzip \ gpsd-dev \ - openssl-dev + libressl-dev \ + zlib-dev ENV USER minificpp ENV MINIFI_BASE_DIR /opt/minifi @@ -86,7 +87,8 @@ RUN apk --update --no-cache upgrade && apk add --update --no-cache \ curl \ unzip \ gpsd \ - openssl + libressl \ + zlib # Start MiNiFi CPP in the foreground ENV USER minificpp http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/d422e725/thirdparty/civetweb-1.9.1/src/civetweb.c ---------------------------------------------------------------------- diff --git a/thirdparty/civetweb-1.9.1/src/civetweb.c b/thirdparty/civetweb-1.9.1/src/civetweb.c index da491b6..ba916da 100644 --- a/thirdparty/civetweb-1.9.1/src/civetweb.c +++ b/thirdparty/civetweb-1.9.1/src/civetweb.c @@ -11826,6 +11826,9 @@ ssl_get_client_cert_info(struct mg_connection *conn) unsigned char buf[256]; int len; unsigned int ulen; + int ilen; + unsigned char *tmp_buf; + unsigned char *tmp_p; /* Handle to algorithm used for fingerprint */ const EVP_MD *digest = EVP_get_digestbyname("sha1"); @@ -11856,7 +11859,24 @@ ssl_get_client_cert_info(struct mg_connection *conn) /* Calculate SHA1 fingerprint and store as a hex string */ ulen = 0; - ASN1_digest((int (*)())i2d_X509, digest, (char *)cert, buf, &ulen); + + /* ASN1_digest is deprecated. Do the calculation manually, + * using EVP_Digest. */ + ilen = i2d_X509(cert, NULL); + tmp_buf = + (ilen > 0) + ? (unsigned char *)mg_malloc((unsigned)ilen + 1) + : NULL; + if (tmp_buf) { + tmp_p = tmp_buf; + (void)i2d_X509(cert, &tmp_p); + if (!EVP_Digest( + tmp_buf, (unsigned)ilen, buf, &ulen, digest, NULL)) { + ulen = 0; + } + mg_free(tmp_buf); + } + if (!hexdump2string( buf, (int)ulen, str_finger, (int)sizeof(str_finger))) { *str_finger = 0; @@ -12109,7 +12129,11 @@ set_ssl_option(struct mg_context *ctx) SSL_CTX_set_options(ctx->ssl_ctx, ssl_get_protocol(protocol_ver)); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_SINGLE_DH_USE); SSL_CTX_set_options(ctx->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); +/* BEGIN Backport of commit from civetweb.c https://github.com/civetweb/civetweb/commit/e849ce4b54c09d5b4441e371f17cf13368ac2234 */ +#if !defined(NO_SSL_DL) SSL_CTX_set_ecdh_auto(ctx->ssl_ctx, 1); +#endif /* NO_SSL_DL */ +/* END Backport of commit from civetweb.c https://github.com/civetweb/civetweb/commit/e849ce4b54c09d5b4441e371f17cf13368ac2234 */ /* If a callback has been specified, call it. */ callback_ret =