flume-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Percy <mpe...@apache.org>
Subject Re: Adding SSL peer cert info to AvroSource
Date Thu, 30 Jan 2014 02:44:56 GMT
If it's using a signed cert then what do you need to put into the filter?
You mean a list of allowed peers? If so then you could either try to
piggyback on the IpFilter and make it accept hostnames, or yes add another
filter config option such as hostFilter.

Mike


On Wed, Jan 29, 2014 at 12:23 PM, Pritchard, Charles X. -ND <
Charles.X.Pritchard.-ND@disney.com> wrote:

> I’m trying to add in the feature to expose the client’s peer cert into
> AvroSource:
>
> https://apache.googlesource.com/flume/+/trunk/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
>
> Per the bug request I filed in October:
> https://issues.apache.org/jira/browse/FLUME-2204
>
> Any ideas on how I might expose the data — it’s just a string for the CN
> from the peer cert.
> I’m having a difficult time figuring out how to expose this connection
> state information so that Flume’s configuration magic can take hold from
> there.
>
> It seems a little like I need to create yet-another-filter, kind of like
> IpFilter.
>
>
> Any pointers?
>
>
> The CN info may be used to route to a particular directory (in an HDFS
> sink) and/or set a header for the AvroEvent, or possibly just validate a
> header (header.CN == ssl peer CN   or FAIL).
>
> -Charles
>

Mime
View raw message