Arne,
  I submitted a PR https://github.com/apache/nifi-minifi-cpp/pull/263 to
address these issues.

On Fri, Feb 9, 2018 at 8:38 AM, Marc <phroc...@apache.org> wrote:

> Arne,
>    Evidently the HTTPClient relies on an SSL Context Service. Try the
> following configuration in the config.yml file, where you define the
> context service and reference it from the RPG. Let me know if that works
> for you!
>
>   Additionally, I think you pointed out an inconsistency where we can
> improve the configuration and documentation. I've created
> https://issues.apache.org/jira/browse/MINIFICPP-396 and will take care of
> that ASAP. Thanks
>   very much for identifying this!
>
> Remote Processing Groups:
>     - name: NiFi Flow
>       id: 2438e3c8-015a-1000-79ca-83af40ec1998
>       url: https://127.0.0.1:8383/nifi
>       timeout: 30 secs
>       yield period: 5 sec
>       Input Ports:
>           - id: 2438e3c8-015a-1000-79ca-83af40ec1999
>             name: fromnifi
>             max concurrent tasks: 1
>             Properties:
>                 Port: 10443
>                 SSL Context Service: SSLMe
>                 Host Name: 127.0.0.1
>       Output Ports:
>           - id: ac82e521-015c-1000-2b21-41279516e19a
>             name: tominifi
>             max concurrent tasks: 2
>             Properties:
>                 Port: 10443
>                 SSL Context Service: SSLMe
>                 Host Name: 127.0.0.1
>
> Controller Services:
>     - name: SSLMe
>       id: 2438e3c8-015a-1000-79ca-83af40ec1974
>       class: SSLContextService
>       Properties:
>           Client Certificate: /opt/minifi/conf/client.pem
>           Private Key: /opt/minifi/conf/client.key
>           Passphrase: /opt/minifi/conf/password
>           CA Certificate certificate: /opt/minifi/conf/nifi-cert.pem
>
> On Fri, Feb 9, 2018 at 5:54 AM, Arne Oslebo <arne.osl...@uninett.no>
> wrote:
>
>> Hello,
>>
>> I'm trying to set up secure communication between minifi-cpp 0.4.0 and
>> nifi, but unfortunately it fails with the following errors:
>>
>> [org::apache::nifi::minifi::utils::HTTPClient] [error]
>> curl_easy_perform() failed SSL connect error
>> [org::apache::nifi::minifi::RemoteProcessorGroupPort] [error]
>> ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() failed
>>
>> I looked quickly at the code and it seems the problem is that HTTPClient
>> never calls configure_secure_connection and therefor never presents a
>> client certificate to nifi.
>>
>> The config.yml file defines a TailFail that send data directly to a
>> remote process group.
>>
>> My  minifi.properties file:
>> nifi.version=0.1.0
>> nifi.flow.configuration.file=/opt/minifi/conf/config.yml
>> nifi.administrative.yield.duration=30 sec
>> nifi.bored.yield.duration=10 millis
>> nifi.provenance.repository.directory.default=/opt/minifi/pro
>> venance_repository
>> nifi.provenance.repository.max.storage.time=1 MIN
>> nifi.provenance.repository.max.storage.size=1 MB
>> nifi.remote.input.secure=true
>> nifi.https.need.ClientAuth=true
>> nifi.https.client.certificate=/opt/minifi/conf/client.pem
>> nifi.https.client.private.key=/opt/minifi/conf/client.key
>> nifi.https.client.pass.phrase=/opt/minifi/conf/password
>> nifi.https.client.ca.certificate=/opt/minifi/conf/nifi-cert.pem
>> controller.socket.host=localhost
>> controller.socket.port=9998
>>
>> Certificates and key are correct and have been verified using curl from
>> the command line. Are there any other things I need to do to get minifi
>> to set up a secure connection? As far as I understand the "Security
>> Properties:" in config.yml is only used by the java version of minifi?
>>
>> Thanks,
>> Arne
>>
>>
>

Reply via email to