Arne,
   Evidently the HTTPClient relies on an SSL Context Service. Try the
following configuration in the config.yml file, where you define the
context service and reference it from the RPG. Let me know if that works
for you!

  Additionally, I think you pointed out an inconsistency where we can
improve the configuration and documentation. I've created
https://issues.apache.org/jira/browse/MINIFICPP-396 and will take care of
that ASAP. Thanks
  very much for identifying this!

Remote Processing Groups:
    - name: NiFi Flow
      id: 2438e3c8-015a-1000-79ca-83af40ec1998
      url: https://127.0.0.1:8383/nifi
      timeout: 30 secs
      yield period: 5 sec
      Input Ports:
          - id: 2438e3c8-015a-1000-79ca-83af40ec1999
            name: fromnifi
            max concurrent tasks: 1
            Properties:
                Port: 10443
                SSL Context Service: SSLMe
                Host Name: 127.0.0.1
      Output Ports:
          - id: ac82e521-015c-1000-2b21-41279516e19a
            name: tominifi
            max concurrent tasks: 2
            Properties:
                Port: 10443
                SSL Context Service: SSLMe
                Host Name: 127.0.0.1

Controller Services:
    - name: SSLMe
      id: 2438e3c8-015a-1000-79ca-83af40ec1974
      class: SSLContextService
      Properties:
          Client Certificate: /opt/minifi/conf/client.pem
          Private Key: /opt/minifi/conf/client.key
          Passphrase: /opt/minifi/conf/password
          CA Certificate certificate: /opt/minifi/conf/nifi-cert.pem

On Fri, Feb 9, 2018 at 5:54 AM, Arne Oslebo <arne.osl...@uninett.no> wrote:

> Hello,
>
> I'm trying to set up secure communication between minifi-cpp 0.4.0 and
> nifi, but unfortunately it fails with the following errors:
>
> [org::apache::nifi::minifi::utils::HTTPClient] [error]
> curl_easy_perform() failed SSL connect error
> [org::apache::nifi::minifi::RemoteProcessorGroupPort] [error]
> ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() failed
>
> I looked quickly at the code and it seems the problem is that HTTPClient
> never calls configure_secure_connection and therefor never presents a
> client certificate to nifi.
>
> The config.yml file defines a TailFail that send data directly to a
> remote process group.
>
> My  minifi.properties file:
> nifi.version=0.1.0
> nifi.flow.configuration.file=/opt/minifi/conf/config.yml
> nifi.administrative.yield.duration=30 sec
> nifi.bored.yield.duration=10 millis
> nifi.provenance.repository.directory.default=/opt/minifi/
> provenance_repository
> nifi.provenance.repository.max.storage.time=1 MIN
> nifi.provenance.repository.max.storage.size=1 MB
> nifi.remote.input.secure=true
> nifi.https.need.ClientAuth=true
> nifi.https.client.certificate=/opt/minifi/conf/client.pem
> nifi.https.client.private.key=/opt/minifi/conf/client.key
> nifi.https.client.pass.phrase=/opt/minifi/conf/password
> nifi.https.client.ca.certificate=/opt/minifi/conf/nifi-cert.pem
> controller.socket.host=localhost
> controller.socket.port=9998
>
> Certificates and key are correct and have been verified using curl from
> the command line. Are there any other things I need to do to get minifi
> to set up a secure connection? As far as I understand the "Security
> Properties:" in config.yml is only used by the java version of minifi?
>
> Thanks,
> Arne
>
>

Reply via email to