[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a diff in pull request #1583: MINIFICPP-1719 Replace LibreSSL with OpenSSL 3.1
adamdebreceni commented on code in PR #1583: URL: https://github.com/apache/nifi-minifi-cpp/pull/1583#discussion_r1219180190 ## libminifi/src/controllers/SSLContextService.cpp: ## @@ -112,6 +112,22 @@ const core::Property SSLContextService::ClientCertKeyUsage( ->build()); #endif // WIN32 +namespace { +bool is_valid_and_readable_path(const std::filesystem::path& path_to_be_tested) { + std::ifstream file_to_be_tested(path_to_be_tested); + return file_to_be_tested.good(); +} + +#ifdef WIN32 +std::string getCertName(const utils::tls::X509_unique_ptr& cert) { + const size_t BUFFER_SIZE = 256; + char name_buffer[BUFFER_SIZE]; + X509_NAME_oneline(X509_get_subject_name(cert.get()), name_buffer, BUFFER_SIZE); Review Comment: according to [this](https://www.openssl.org/docs/man3.1/man3/X509_NAME_oneline.html) the usage of `X509_NAME_oneline` is "strongly discouraged in new applications" although not yet deprecated -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi-minifi-cpp] adamdebreceni commented on a diff in pull request #1583: MINIFICPP-1719 Replace LibreSSL with OpenSSL 3.1
adamdebreceni commented on code in PR #1583: URL: https://github.com/apache/nifi-minifi-cpp/pull/1583#discussion_r1219166825 ## extensions/standard-processors/tests/integration/TLSServerSocketSupportedProtocolsTest.cpp: ## @@ -194,21 +195,21 @@ class SimpleSSLTestClient { class SimpleSSLTestClientTLSv1 : public SimpleSSLTestClient { public: SimpleSSLTestClientTLSv1(const std::string& host, const std::string& port) - : SimpleSSLTestClient(TLSv1_client_method(), host, port) { + : SimpleSSLTestClient(SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_3, host, port) { Review Comment: [this](https://www.openssl.org/docs/man3.1/man3/SSL_CTX_set_options.html) documentation claims that these are deprecated and that `SSL_CTX_set_min_proto_version` and `SSL_CTX_set_max_proto_version` should be used instead -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org