cpp-driver
cpp-driver copied to clipboard
datastax
Add cass_ssl_set_default_verify_paths API
Forwards SSL-configuration to use system default directories for finding certificate authorities.
Similar functionality is often desired / provided by similar SSL-context forwarding APIs, e.g. boost ssl context.
Sorry for the delay. Thanks for the PR. Looks great, very thorough.
Calling SSL_CTX_set_default_verify_paths() as default internally would be a bad idea because it might add CAs the application does not intend?
Would you be able to add a unit test for this? (Looks like it might be possible to control the default paths with env. variables e.g. SSL_CERT_DIR)
Thanks for your feedback.
I don't think SSL_CTX_set_default_verify_paths by default would be a good idea: For one, it would simply be a breaking change. And for two, it's probably preferable to stay as close as possible to the actual openssl API.
I've added a basic unit test to demonstrate the intended behavior. Thanks for the environment variable hint: I used SSL_CERT_FILE which should be simpler to use platform independently.
Happy easter, everyone!
I regret having mentioned platform independence ;).
Unfortunately, I don't have a windows box at hand to reproduce. But I'll try my best to make things work using your CI...
Ok, at this point I could use some help. Whats so special about the VS12 pipeline, that makes it succeed while all others fail? Any ideas?
Thanks for the test and trying to make it work on all platforms. I'll take a look.
I worked on this a bit yesterday on my local Windows machine. I thought I found the issue, and I'm able to get it working locally, but when I push it only one out of six CI builds works. I'll have to dig into this more.