Arne, I submitted a PR https://github.com/apache/nifi-minifi-cpp/pull/263 to address these issues.
On Fri, Feb 9, 2018 at 8:38 AM, Marc <phroc...@apache.org> wrote: > Arne, > Evidently the HTTPClient relies on an SSL Context Service. Try the > following configuration in the config.yml file, where you define the > context service and reference it from the RPG. Let me know if that works > for you! > > Additionally, I think you pointed out an inconsistency where we can > improve the configuration and documentation. I've created > https://issues.apache.org/jira/browse/MINIFICPP-396 and will take care of > that ASAP. Thanks > very much for identifying this! > > Remote Processing Groups: > - name: NiFi Flow > id: 2438e3c8-015a-1000-79ca-83af40ec1998 > url: https://127.0.0.1:8383/nifi > timeout: 30 secs > yield period: 5 sec > Input Ports: > - id: 2438e3c8-015a-1000-79ca-83af40ec1999 > name: fromnifi > max concurrent tasks: 1 > Properties: > Port: 10443 > SSL Context Service: SSLMe > Host Name: 127.0.0.1 > Output Ports: > - id: ac82e521-015c-1000-2b21-41279516e19a > name: tominifi > max concurrent tasks: 2 > Properties: > Port: 10443 > SSL Context Service: SSLMe > Host Name: 127.0.0.1 > > Controller Services: > - name: SSLMe > id: 2438e3c8-015a-1000-79ca-83af40ec1974 > class: SSLContextService > Properties: > Client Certificate: /opt/minifi/conf/client.pem > Private Key: /opt/minifi/conf/client.key > Passphrase: /opt/minifi/conf/password > CA Certificate certificate: /opt/minifi/conf/nifi-cert.pem > > On Fri, Feb 9, 2018 at 5:54 AM, Arne Oslebo <arne.osl...@uninett.no> > wrote: > >> Hello, >> >> I'm trying to set up secure communication between minifi-cpp 0.4.0 and >> nifi, but unfortunately it fails with the following errors: >> >> [org::apache::nifi::minifi::utils::HTTPClient] [error] >> curl_easy_perform() failed SSL connect error >> [org::apache::nifi::minifi::RemoteProcessorGroupPort] [error] >> ProcessGroup::refreshRemoteSite2SiteInfo -- curl_easy_perform() failed >> >> I looked quickly at the code and it seems the problem is that HTTPClient >> never calls configure_secure_connection and therefor never presents a >> client certificate to nifi. >> >> The config.yml file defines a TailFail that send data directly to a >> remote process group. >> >> My minifi.properties file: >> nifi.version=0.1.0 >> nifi.flow.configuration.file=/opt/minifi/conf/config.yml >> nifi.administrative.yield.duration=30 sec >> nifi.bored.yield.duration=10 millis >> nifi.provenance.repository.directory.default=/opt/minifi/pro >> venance_repository >> nifi.provenance.repository.max.storage.time=1 MIN >> nifi.provenance.repository.max.storage.size=1 MB >> nifi.remote.input.secure=true >> nifi.https.need.ClientAuth=true >> nifi.https.client.certificate=/opt/minifi/conf/client.pem >> nifi.https.client.private.key=/opt/minifi/conf/client.key >> nifi.https.client.pass.phrase=/opt/minifi/conf/password >> nifi.https.client.ca.certificate=/opt/minifi/conf/nifi-cert.pem >> controller.socket.host=localhost >> controller.socket.port=9998 >> >> Certificates and key are correct and have been verified using curl from >> the command line. Are there any other things I need to do to get minifi >> to set up a secure connection? As far as I understand the "Security >> Properties:" in config.yml is only used by the java version of minifi? >> >> Thanks, >> Arne >> >> >