FYI I tested this and it works without an issue. This approach can be used to override default SSL handshake behavior.
On Sun, Mar 31, 2013 at 12:17 PM, Isuru Haththotuwa <[email protected]>wrote: > Hi, > > I'm in the process of implementing a dummy SSL authorization manager which > will allow self signed certificates, etc. and will not perform host name > verification. > > For the skipping host name verification, I have overridden AccessManager > class in TSSLSocket.h, and passed an instance to TSSLSocket::access(). > > For allowing self-signed certificates, I have overridden > TSSLSocket::authorize() and boost::shared_ptr<TSSLSocket> > TSSLSocketFactory::createSocket() as follows: > > void DummyTSSLSocket::authorize() { > > //no implementation > } > > boost::shared_ptr<TSSLSocket> DummyTSSLSocketFactory::createSocket() { > > boost::shared_ptr<TSSLSocket> sslSocket (new DummyTSSLSocket(ctx_)); > sslSocket->server(false); > boost::shared_ptr<AccessManager> accessManager > (new DummyAccessManager()); > sslSocket->access(accessManager); > return sslSocket; > } > > The authorize() method skips authorization of peer access while > createSocket() method creates and return an instance of DummyTSSLSocket, in > which the I have the empty authorize() method as above. > > However, in my client code both these methods are not seem to be getting > called. I checked it with couts. I use it as follows: > > boost::shared_ptr<TSSLSocketFactory> socketFactory > (new DummyTSSLSocketFactory()); > //load private, public and trusted certificates > boost::shared_ptr<TSSLSocket> socket = > socketFactory->createSocket(host, port); > //rest of the implementation > > Still I'm getting the original TSSLSocket::authorize() method's errors, > that means the overriden method in my class is not effective. Is there any > issue with my implementation? > > The TSSLSocket interface and implementation that I followed are: > > https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.h > https://github.com/keynslug/libthrift/blob/master/transport/TSSLSocket.cpp > > -- > Thanks and Regards, > Isuru > -- Thanks and Regards, Isuru
