szaszm commented on code in PR #1600:
URL: https://github.com/apache/nifi-minifi-cpp/pull/1600#discussion_r1284937315
##########
libminifi/test/Utils.h:
##########
@@ -175,7 +175,7 @@ std::error_code sendMessagesViaSSL(const
std::vector<std::string_view>& contents
const asio::ip::tcp::endpoint& remote_endpoint,
const std::filesystem::path& ca_cert_path,
const std::optional<minifi::utils::net::SslData>& ssl_data = std::nullopt,
- asio::ssl::context::method method = asio::ssl::context::tlsv12_client) {
+ asio::ssl::context::method method = asio::ssl::context::tls_client) {
Review Comment:
Shouldn't we have `ctx.set_options(MINIFI_SSL_OPTIONS)` here as well?
##########
extensions/standard-processors/processors/PutTCP.cpp:
##########
@@ -169,6 +172,26 @@ SslSocket
ConnectionHandler<SslSocket>::createNewSocket(asio::io_context& io_con
return {io_context_, *ssl_context_};
}
+template<>
+void ConnectionHandler<TcpSocket>::shutdownSocket() {
+}
+
+template<>
+void ConnectionHandler<SslSocket>::shutdownSocket() {
+ gsl_Expects(ssl_context_);
+ if (socket_) {
+ asio::error_code ec;
+ socket_->lowest_layer().cancel(ec);
+ if (ec) {
+ logger_->log_error("Cancelling asynchronous operations of SSL socket
failed with: %s", ec.message());
+ }
+ socket_->shutdown(ec);
Review Comment:
Is `shutdown` synchronous or instantaneous?
##########
extensions/http-curl/client/HTTPClient.cpp:
##########
@@ -163,6 +163,11 @@ bool HTTPClient::setSpecificSSLVersion(utils::SSLVersion
specific_version) {
ssl_context_service_->setMaxTlsVersion(TLS1_2_VERSION);
break;
}
+ case utils::SSLVersion::TLSv1_3: {
Review Comment:
How do we set the default case to allow TLS 1.2 and 1.3?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
