activemq-cpp icon indicating copy to clipboard operation
activemq-cpp copied to clipboard
verified publisher icon apache

Private to protected transition of getOpenSSLCtx method

Open tsunday opened this issue 9 years ago • 0 comments

Overview of the change

This small change allows to override default behaviour of OpenSSLContextSpi in derived classes. Base OpenSSLContexSpi was partially designed to allow overriding - see virtual methods like providerInit() or providerGetSocketFactory(). As for now ActiveMQ-Cpp doesn't support changing any of the cipher suites or protocol version used within OpenSSL secure connection. This fix allows users of the library to override default OpenSSLContextSpi with their own class. The main reason of changing the access level of getOpenSSLCtx method was the need of executing some of the openssl library functions on SSL_CTX object from derived class in overrided providerInit() method. Leaving this getter private prevents from changing any of the SSL_CTX parameters and makes derived classes useless.

Example usage

#include <openssl/ssl.h>

class MyOpenSSLContextSpi : public decaf::internal::net::ssl::openssl::OpenSSLContextSpi
{
    public:
        MyOpenSSLContextSpi();

        virtual void providerInit(decaf::security::SecureRandom* random);
};

void MyOpenSSLContextSpi::providerInit(decaf::security::SecureRandom* random)
{
    OpenSSLContextSpi::providerInit(random);

    SSL_CTX* ctx = static_cast<SSL_CTX*>(getOpenSSLCtx()); // private to protected conversion required
    SSL_CTX_set_cipher_list(ctx, "RC4-SHA");
}

tsunday avatar Jul 13 '16 06:07 tsunday