aahmed-se commented on a change in pull request #2475: Add host name
verification
URL: https://github.com/apache/incubator-pulsar/pull/2475#discussion_r214493521
##########
File path: pulsar-client-cpp/lib/ConnectionPool.cc
##########
@@ -37,6 +45,27 @@ Future<Result, ClientConnectionWeakPtr>
ConnectionPool::getConnectionAsync(
const std::string& logicalAddress, const std::string& physicalAddress) {
boost::unique_lock<boost::mutex> lock(mutex_);
+ if (clientConfiguration_.isValidateHostName()) {
+ // Create a context that uses the default paths for
+ // finding CA certificates.
+ ssl::context ctx(ssl::context::sslv23);
+ ctx.set_default_verify_paths();
+
+ // Open a socket and connect it to the remote host.
+ boost::asio::io_service io_service;
+ ssl_socket sock(io_service, ctx);
+ tcp::resolver resolver(io_service);
+ tcp::resolver::query query(physicalAddress, "https");
+ boost::asio::connect(sock.lowest_layer(), resolver.resolve(query));
+ sock.lowest_layer().set_option(tcp::no_delay(true));
+
+ // Perform SSL handshake and verify the remote host's
+ // certificate.
+ sock.set_verify_mode(ssl::verify_peer);
+ sock.set_verify_callback(ssl::rfc2818_verification(physicalAddress));
+ sock.handshake(ssl_socket::client);
Review comment:
I will add unit test first I need to fix the build
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
