[GitHub] sohami commented on a change in pull request #1366: [DRILL-6581] C++ Client SSL Implementation Fixes/Improvements

Tue, 10 Jul 2018 16:19:52 -0700 

sohami commented on a change in pull request #1366: [DRILL-6581] C++ Client SSL 
Implementation Fixes/Improvements
URL: https://github.com/apache/drill/pull/1366#discussion_r201519782
 
 

 ##########
 File path: contrib/native/client/src/clientlib/channel.hpp
 ##########
 @@ -215,6 +287,52 @@ class UserProperties;
             static ChannelContext_t* getChannelContext(channelType_t t, 
DrillUserProperties* props);
     };
 
+    /// @brief Hostname verification callback wrapper.
+    class DrillSSLHostnameVerifier{
+        public:
+            /// @brief The constructor.
+            /// 
+            /// @param in_channel                  The Channel.
+            DrillSSLHostnameVerifier(Channel* in_channel) : 
m_channel(in_channel){
+                DRILL_LOG(LOG_INFO)
+                    << "DrillSSLHostnameVerifier::DrillSSLHostnameVerifier: 
+++++ Enter +++++" 
+                    << std::endl;
+            }
+
+            /// @brief Perform certificate verification.
+            /// 
+            /// @param in_preverified           Pre-verified indicator.
+            /// @param in_ctx                   Verify context.
+            bool operator()(
+                bool in_preverified,
+                boost::asio::ssl::verify_context& in_ctx){
+                DRILL_LOG(LOG_INFO) << "DrillSSLHostnameVerifier::operator(): 
+++++ Enter +++++" << std::endl;
+
+                // Gets the channel context.
+                SSLChannelContext_t* context = 
(SSLChannelContext_t*)(m_channel->getChannelContext());
+
+                // Retrieve the host before we perform Host name verification.
+                // This is because host with ZK mode is selected after the 
connect() function is called.
+                boost::asio::ssl::rfc2818_verification 
verifier(m_channel->getEndpoint()->getHost().c_str());
+
+                // Perform verification.
+                bool verified = verifier(in_preverified, in_ctx);
+
+                DRILL_LOG(LOG_DEBUG) 
+                    << "DrillSSLHostnameVerifier::operator(): Verification 
Result: " 
+                    << verified 
+                    << std::endl;
+
+                // Sets the result back to the context.
+                context->SetCertHostnameVerificationStatus(verified);
+                return verified && in_preverified;
 
 Review comment:
   I think we should just return the `verified` status here not `(verified && 
in_preverified)`

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to