Hi,
I'm in the process of implementing a dummy SSL authorization manager which
will allow self signed certificates, etc. and will not perform host name
verification.
For the skipping host name verification, I have overridden AccessManager
class in TSSLSocket.h, and passed an instance to TSSLSocket::access().
For allowing self-signed certificates, I have overridden
TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket>
TSSLSocketFactory::createSocket() as follows:
void DummyTSSLSocket::authorize() {
//no implementation
}
boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() {
boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_));
sslSocket->server(false);
boost::shared_ptr<AccessManager> accessManager
(new DummyAccessManager());
sslSocket->access(accessManager);
return sslSocket;
}
The authorize() method skips authorization of peer access while
createSocket() method creates and return an instance of DummyTSSLSocket, in
which the I have the empty authorize() method as above.
However, in my client code both these methods are not seem to be getting
called. I checked it with couts. I use it as follows:
boost::shared_ptr<TSSLSocketFactory> socketFactory
(new DummyTSSLSocketFactory());
//load private, public and trusted certificates
boost::shared_ptr<TSSLSocket> socket =
socketFactory->createSocket(host, port);
//rest of the implementation
Still I'm getting the original TSSLSocket::authorize() method's errors,
that means the overriden method in my class is not effective. Is there any
issue with my implementation?
The TSSLSocket interface and implementation that I followed are:
https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h
https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp
--
Thanks and Regards,
Isuru
