-
Notifications
You must be signed in to change notification settings - Fork 208
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PROTON-2137: Removing ssl init from ssl_server_options default constructor #210
PROTON-2137: Removing ssl init from ssl_server_options default constructor #210
Conversation
ac8d755
to
c909684
Compare
Weird, I just renamed the commit and travis-ci failed... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good idea, but is wrongly implemented currently.
cpp/src/connection_options.cpp
Outdated
pn_ssl_domain_t* ssl_domain = ssl_server_options.value.impl_ ? ssl_server_options.value.impl_->pn_domain() : NULL; | ||
if (pn_ssl_init(ssl, ssl_domain, NULL)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change is wrong unfortunately.
the comparison with the client case is misleading. pn_ssl_init(ssl, NULL, NULL)
will create an ssl connection with the default domain - however the default domain is a client domain so you can't do this if the connection is a server.
So you need to replace he NULL with something like pn_ssl_domain(PN_SSL_MODE_SERVER)
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is a shame that this wasn't picked up by any tests - I thought we had some ssl server tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@astitcher I replaced NULL by pn_ssl_domain(PN_SSL_MODE_SERVER) like you mentioned
@rabih-mourad Could you squash this into a single commit please - then I can rebase and merge it. |
1d9f152
to
1236c4b
Compare
@astitcher squash done. Will we add a test in this pull request or we will do another one for it? |
I'm happy to commit this as is. I think testing c++ ssl servers is probably a different issue. |
That travis failure was unrelated to the PR. Something changed either on Travis or in Brew (brew.sh) so that openssl .dynlib is no longer found when I think I know what to do about it. |
No description provided.