Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
Avro >> mail # user >> Getting the SSL Client DN

Pritchard, Charles X. -ND... 2013-10-08, 18:26
Pritchard, Charles X. -ND... 2013-10-17, 17:11
Dr. Pala 2013-10-17, 21:07
Copy link to this message
Re: Getting the SSL Client DN
No, I haven't setup a local TLS channel.

There's a more complex example here from Flume's use of an avro protocol:

See: AdvancedChannelPipelineFactory
It's based on the example you were reading.

I did see some Netty examples using those methods -- it seems like state somewhere needs to be set around the time that the client certificate is checked.

The flume example pops back over to avro rpc NettyServer with its pipeline factory, but also uses SpecificResponder, and I haven't found a great point in which I might inject data,
as I am trying to add information from the SSL cert into the message being sent over the wire.

On Oct 17, 2013, at 2:07 PM, "Dr. Pala" <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote:

Hi Charles,

I am trying to work on an implementation that uses Netty + TLS - I managed to have my code to set it up and there are several methods you have to override in your implementation for the class that implements the X509TrustManager interface, in particular:

 *   public void checkClientTrusted(X509Certificate[] certs, String s);
 *   public void checkServerTrusted(X509Certificate[] certs, String s);
 *   public X509Certificate[] getAcceptedIssuers();

Is that what you were looking for ?

BTW, did you manage to successfully setup a TLS channel ? I can not find working examples for that. I sent a message to the list this morning about this (with some sample code), but I don't see it in the list, yet (Subject: Re: AVRO and SSL/TLS IPC calls).

On 10/08/2013 02:26 PM, Pritchard, Charles X. -ND wrote:

Avro RPC has a nice example of using Netty ChannelPipeline with an SSL handler. Are there any examples of actually pulling data from that interaction?

I'd like to be able to access the client certificate. It seems like this would be somewhere around addRPCPlugin but I just don't quite see how I'd get the client SSL context.
Best Regards,
Dr. Massimiliano Pala
Senior Security Research Scientist

Dr. Massimiliano Pala 2013-10-17, 23:16