Repository: nifi-minifi-cpp Updated Branches: refs/heads/master cb5ae08b9 -> 469b9d1bd
MINIFICPP-435: Use NSS when libcurl-openssl is not available. Bootstrap should default to using NSS when curl is not built with OpenSSL, such as the case for CENTOS 7 This closes #285. Signed-off-by: Aldrin Piri <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/commit/469b9d1b Tree: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/tree/469b9d1b Diff: http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/diff/469b9d1b Branch: refs/heads/master Commit: 469b9d1bd78ee89978776589bd604959d233c732 Parents: cb5ae08 Author: Marc Parisi <[email protected]> Authored: Mon Mar 19 09:41:35 2018 -0400 Committer: Aldrin Piri <[email protected]> Committed: Tue Mar 20 15:53:36 2018 -0400 ---------------------------------------------------------------------- README.md | 7 ++++--- bootstrap.sh | 11 ++++++++--- extensions/http-curl/CMakeLists.txt | 5 +++++ extensions/http-curl/client/HTTPClient.cpp | 12 +++++++++++- 4 files changed, 28 insertions(+), 7 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/469b9d1b/README.md ---------------------------------------------------------------------- diff --git a/README.md b/README.md index 2ad57b2..0c30eb0 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,7 @@ or greater is recommended. #### Libraries / Development Headers * libboost and boost-devel * 1.48.0 or greater -* libcurl-openssl +* libcurl-openssl (If not available or desired, NSS will be used by applying -DUSE_CURL_NSS) * librocksdb4.1 and librocksdb-dev * libuuid and uuid-dev * openssl @@ -157,7 +157,7 @@ Finally, it is required to add the `-lrt` compiler flag by using the #### Libraries * libuuid * librocksdb *** IF NOT INSTALLED, WILL BE BUILT FROM THIRD PARTY DIRECTORY *** -* libcurl-openssl +* libcurl-openssl (If not available or desired, NSS will be used by applying -DUSE_CURL_NSS) * libssl and libcrypto from openssl * libarchive * librdkafka @@ -201,7 +201,8 @@ $ yum install docker python-virtualenv $ yum install gpsd-devel $ # (Optional) for PacketCapture Processor $ yum install libpcap-devel -$ #depending on your yum repo you may need to manually build libcurl-openssl if you do not have it. +$ #depending on your yum repo you may need to manually build libcurl-openssl if you do not wish to use + libcurl with NSS support. By default we will use NSS when libcurl-openssl is not available. ``` ##### Aptitude based Linux Distributions http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/469b9d1b/bootstrap.sh ---------------------------------------------------------------------- diff --git a/bootstrap.sh b/bootstrap.sh index 48ef6a9..fde636d 100755 --- a/bootstrap.sh +++ b/bootstrap.sh @@ -450,7 +450,6 @@ CMAKE_REVISION=`echo $CMAKE_VERSION | cut -d. -f3` CMAKE_BUILD_COMMAND="${CMAKE_COMMAND} " - build_cmake_command(){ for option in "${OPTIONS[@]}" ; do @@ -500,7 +499,15 @@ build_cmake_command(){ add_os_flags + curl -V | grep OpenSSL &> /dev/null + if [ $? == 0 ]; then + echo "Using libcurl-openssl..." + else + CMAKE_BUILD_COMMAND="${CMAKE_BUILD_COMMAND} -DUSE_CURL_NSS=true .." + fi + CMAKE_BUILD_COMMAND="${CMAKE_BUILD_COMMAND} .." + continue_with_plan="Y" if [ ! "$NO_PROMPT" = "true" ]; then read -p "Command will be '${CMAKE_BUILD_COMMAND}', run this? [ Y/N ] " continue_with_plan @@ -514,8 +521,6 @@ build_cmake_command(){ build_cmake_command - - ### run the cmake command ${CMAKE_BUILD_COMMAND} http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/469b9d1b/extensions/http-curl/CMakeLists.txt ---------------------------------------------------------------------- diff --git a/extensions/http-curl/CMakeLists.txt b/extensions/http-curl/CMakeLists.txt index d5e966a..bea1195 100644 --- a/extensions/http-curl/CMakeLists.txt +++ b/extensions/http-curl/CMakeLists.txt @@ -27,6 +27,11 @@ include_directories(protocols client processors sitetosite) file(GLOB SOURCES "*.cpp" "protocols/*.cpp" "client/*.cpp" "processors/*.cpp" "sitetosite/*.cpp") +if (USE_CURL_NSS) + message("okay use nss") + add_definitions(-DUSE_CURL_NSS) +endif() + add_library(minifi-http-curl STATIC ${SOURCES}) set_property(TARGET minifi-http-curl PROPERTY POSITION_INDEPENDENT_CODE ON) if(THREADS_HAVE_PTHREAD_ARG) http://git-wip-us.apache.org/repos/asf/nifi-minifi-cpp/blob/469b9d1b/extensions/http-curl/client/HTTPClient.cpp ---------------------------------------------------------------------- diff --git a/extensions/http-curl/client/HTTPClient.cpp b/extensions/http-curl/client/HTTPClient.cpp index da0ba2e..119e369 100644 --- a/extensions/http-curl/client/HTTPClient.cpp +++ b/extensions/http-curl/client/HTTPClient.cpp @@ -331,11 +331,21 @@ bool HTTPClient::matches(const std::string &value, const std::string &sregex) { } void HTTPClient::configure_secure_connection(CURL *http_session) { - logger_->log_debug("Using certificate file %s", ssl_context_service_->getCertificateFile()); +#ifdef USE_CURL_NSS + logger_->log_debug("Using NSS and certificate file %s", ssl_context_service_->getCertificateFile()); + curl_easy_setopt(http_session, CURLOPT_CAINFO, 0); + curl_easy_setopt(http_session, CURLOPT_SSLCERTTYPE, "PEM"); + curl_easy_setopt(http_session, CURLOPT_SSLCERT, ssl_context_service_->getCertificateFile().c_str()); + curl_easy_setopt(http_session, CURLOPT_SSLKEY, ssl_context_service_->getPrivateKeyFile().c_str()); + curl_easy_setopt(http_session, CURLOPT_KEYPASSWD, ssl_context_service_->getPassphrase().c_str()); + curl_easy_setopt(http_session, CURLOPT_CAINFO, ssl_context_service_->getCACertificate().c_str()); +#else + logger_->log_debug("Using OpenSSL and certificate file %s", ssl_context_service_->getCertificateFile()); curl_easy_setopt(http_session, CURLOPT_SSL_CTX_FUNCTION, &configure_ssl_context); curl_easy_setopt(http_session, CURLOPT_SSL_CTX_DATA, static_cast<void*>(ssl_context_service_.get())); curl_easy_setopt(http_session, CURLOPT_CAINFO, 0); curl_easy_setopt(http_session, CURLOPT_CAPATH, 0); +#endif } bool HTTPClient::isSecure(const std::string &url) {
