Arne, Evidently the HTTPClient relies on an SSL Context Service. Try the following configuration in the config.yml file, where you define the context service and reference it from the RPG. Let me know if that works for you!
Additionally, I think you pointed out an inconsistency where we can improve the configuration and documentation. I've created https://issues.apache.org/jira/browse/MINIFICPP-396 and will take care of that ASAP. Thanks very much for identifying this! Remote Processing Groups: - name: NiFi Flow id: 2438e3c8-015a-1000-79ca-83af40ec1998 url: https://127.0.0.1:8383/nifi timeout: 30 secs yield period: 5 sec Input Ports: - id: 2438e3c8-015a-1000-79ca-83af40ec1999 name: fromnifi max concurrent tasks: 1 Properties: Port: 10443 SSL Context Service: SSLMe Host Name: 127.0.0.1 Output Ports: - id: ac82e521-015c-1000-2b21-41279516e19a name: tominifi max concurrent tasks: 2 Properties: Port: 10443 SSL Context Service: SSLMe Host Name: 127.0.0.1 Controller Services: - name: SSLMe id: 2438e3c8-015a-1000-79ca-83af40ec1974 class: SSLContextService Properties: Client Certificate: /opt/minifi/conf/client.pem Private Key: /opt/minifi/conf/client.key Passphrase: /opt/minifi/conf/password CA Certificate certificate: /opt/minifi/conf/nifi-cert.pem On Fri, Feb 9, 2018 at 5:54 AM, Arne Oslebo <[email protected]> wrote: > Hello, > > I'm trying to set up secure communication between minifi-cpp 0.4.0 and > nifi, but unfortunately it fails with the following errors: > > [org::apache::nifi::minifi::utils::HTTPClient] [error] > curl_easy_perform() failed SSL connect error > [org::apache::nifi::minifi::RemoteProcessorGroupPort] [error] > ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() failed > > I looked quickly at the code and it seems the problem is that HTTPClient > never calls configure_secure_connection and therefor never presents a > client certificate to nifi. > > The config.yml file defines a TailFail that send data directly to a > remote process group. > > My minifi.properties file: > nifi.version=0.1.0 > nifi.flow.configuration.file=/opt/minifi/conf/config.yml > nifi.administrative.yield.duration=30 sec > nifi.bored.yield.duration=10 millis > nifi.provenance.repository.directory.default=/opt/minifi/ > provenance_repository > nifi.provenance.repository.max.storage.time=1 MIN > nifi.provenance.repository.max.storage.size=1 MB > nifi.remote.input.secure=true > nifi.https.need.ClientAuth=true > nifi.https.client.certificate=/opt/minifi/conf/client.pem > nifi.https.client.private.key=/opt/minifi/conf/client.key > nifi.https.client.pass.phrase=/opt/minifi/conf/password > nifi.https.client.ca.certificate=/opt/minifi/conf/nifi-cert.pem > controller.socket.host=localhost > controller.socket.port=9998 > > Certificates and key are correct and have been verified using curl from > the command line. Are there any other things I need to do to get minifi > to set up a secure connection? As far as I understand the "Security > Properties:" in config.yml is only used by the java version of minifi? > > Thanks, > Arne > >
