This is an automated email from the ASF dual-hosted git repository. szaszm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi-minifi-cpp.git
commit 328a5e7d88c016957564c49969ad0aa43bd1e014 Author: Gabor Gyimesi <gamezb...@gmail.com> AuthorDate: Thu Mar 21 13:54:25 2024 +0100 MINIFICPP-2224 Drop support for disabling peer verification in InvokeHTTP Closes #1745 Signed-off-by: Marton Szasz <sza...@apache.org> --- PROCESSORS.md | 2 +- docker/test/integration/features/https.feature | 18 ------------------ extensions/http-curl/processors/InvokeHTTP.cpp | 3 +-- extensions/http-curl/processors/InvokeHTTP.h | 3 +-- 4 files changed, 3 insertions(+), 23 deletions(-) diff --git a/PROCESSORS.md b/PROCESSORS.md index c746f430f..a11083896 100644 --- a/PROCESSORS.md +++ b/PROCESSORS.md @@ -1358,7 +1358,7 @@ In the list below, the names of required properties appear in bold. Any other pr | send-message-body | true | true<br/>false | DEPRECATED. Only kept for backwards compatibility, no functionality is included. | | Send Message Body | true | true<br/>false | If true, sends the HTTP message body on POST/PUT/PATCH requests (default). If false, suppresses the message body and content-type header for these requests. | | Use Chunked Encoding | false | true<br/>false | When POST'ing, PUT'ing or PATCH'ing content set this property to true in order to not pass the 'Content-length' header and instead send 'Transfer-Encoding' with a value of 'chunked'. This will enable the data transfer mechanism which was introduced in HTTP 1.1 to pass data of unknown lengths in chunks. | -| Disable Peer Verification | false | true<br/>false | Disables peer verification for the SSL session | +| Disable Peer Verification | false | true<br/>false | DEPRECATED. The value is ignored, peer and host verification are always performed when using SSL/TLS. | | Put Response Body in Attribute | | | If set, the response body received back will be put into an attribute of the original FlowFile instead of a separate FlowFile. The attribute key to put to is determined by evaluating value of this property. | | Always Output Response | false | true<br/>false | Will force a response FlowFile to be generated and routed to the 'Response' relationship regardless of what the server status code received is | | Penalize on "No Retry" | false | true<br/>false | Enabling this property will penalize FlowFiles that are routed to the "No Retry" relationship. | diff --git a/docker/test/integration/features/https.feature b/docker/test/integration/features/https.feature index f19e339d1..f4ff9d246 100644 --- a/docker/test/integration/features/https.feature +++ b/docker/test/integration/features/https.feature @@ -54,24 +54,6 @@ Feature: Transfer data from and to MiNiFi using HTTPS Then no files are placed in the monitored directory in 10s of running time - Scenario: InvokeHTTP to ListenHTTP without an SSLContextService works without a proper server cert if peer verification is disabled - Given a GenerateFlowFile processor with the "Data Format" property set to "Text" - And the "Unique FlowFiles" property of the GenerateFlowFile processor is set to "false" - And the "Custom Text" property of the GenerateFlowFile processor is set to "sed do eiusmod tempor incididunt" - And a InvokeHTTP processor with the "Remote URL" property set to "https://server-${feature_id}:4430/contentListener" - And the "HTTP Method" property of the InvokeHTTP processor is set to "POST" - And the "Disable Peer Verification" property of the InvokeHTTP processor is set to "true" - And the "success" relationship of the GenerateFlowFile processor is connected to the InvokeHTTP - - And a ListenHTTP processor with the "Listening Port" property set to "4430" in a "server" flow - And the "SSL Certificate" property of the ListenHTTP processor is set to "/tmp/resources/self_signed_server.crt" - And a PutFile processor with the "Directory" property set to "/tmp/output" in the "server" flow - And the "success" relationship of the ListenHTTP processor is connected to the PutFile - - When both instances start up - Then a flowfile with the content "sed do eiusmod tempor incididunt" is placed in the monitored directory in less than 10s - - Scenario: InvokeHTTP to ListenHTTP with mutual TLS, using certificate files Given a GenerateFlowFile processor with the "Data Format" property set to "Text" And the "Unique FlowFiles" property of the GenerateFlowFile processor is set to "false" diff --git a/extensions/http-curl/processors/InvokeHTTP.cpp b/extensions/http-curl/processors/InvokeHTTP.cpp index 2a3fe7294..cced54c0a 100644 --- a/extensions/http-curl/processors/InvokeHTTP.cpp +++ b/extensions/http-curl/processors/InvokeHTTP.cpp @@ -108,7 +108,6 @@ void InvokeHTTP::setupMembersFromProperties(const core::ProcessContext& context) context.getProperty(InvokeHTTP::ProxyPassword, proxy_.password); follow_redirects_ = context.getProperty<bool>(InvokeHTTP::FollowRedirects).value_or(false); - disable_peer_verification_ = (context.getProperty(InvokeHTTP::DisablePeerVerification) | utils::andThen(&utils::string::toBool)).value_or(false); content_type_ = context.getProperty(InvokeHTTP::ContentType); if (auto ssl_context_name = context.getProperty(SSLContext)) { @@ -128,7 +127,7 @@ std::unique_ptr<minifi::extensions::curl::HTTPClient> InvokeHTTP::createHTTPClie setupClientTimeouts(*client, connect_timeout_, read_timeout_); client->setHTTPProxy(proxy_); client->setFollowRedirects(follow_redirects_); - client->setPeerVerification(!disable_peer_verification_); + client->setPeerVerification(true); if (send_message_body_ && content_type_) client->setContentType(*content_type_); setupClientTransferEncoding(*client, use_chunked_encoding_); diff --git a/extensions/http-curl/processors/InvokeHTTP.h b/extensions/http-curl/processors/InvokeHTTP.h index ccf2177c3..9da89866b 100644 --- a/extensions/http-curl/processors/InvokeHTTP.h +++ b/extensions/http-curl/processors/InvokeHTTP.h @@ -150,7 +150,7 @@ class InvokeHTTP : public core::Processor { .withDefaultValue("false") .build(); EXTENSIONAPI static constexpr auto DisablePeerVerification = core::PropertyDefinitionBuilder<>::createProperty("Disable Peer Verification") - .withDescription("Disables peer verification for the SSL session") + .withDescription("DEPRECATED. The value is ignored, peer and host verification are always performed when using SSL/TLS.") .withPropertyType(core::StandardPropertyTypes::BOOLEAN_TYPE) .withDefaultValue("false") .build(); @@ -297,7 +297,6 @@ class InvokeHTTP : public core::Processor { utils::HTTPProxy proxy_{}; bool follow_redirects_ = false; - bool disable_peer_verification_ = false; std::optional<std::string> content_type_;