|
librdkafka
The Apache Kafka C/C++ client library
|
|
librdkafka
The Apache Kafka C/C++ client library
|
SSL broker certificate verification class. More...
#include <rdkafkacpp.h>
Public Member Functions | |
| virtual bool | ssl_cert_verify_cb (const std::string &broker_name, int32_t broker_id, int *x509_error, int depth, const char *buf, size_t size, std::string &errstr)=0 |
| SSL broker certificate verification callback. More... | |
SSL broker certificate verification class.
|
pure virtual |
SSL broker certificate verification callback.
The verification callback is triggered from internal librdkafka threads upon connecting to a broker. On each connection attempt the callback will be called for each certificate in the broker's certificate chain, starting at the root certification, as long as the application callback returns 1 (valid certificate).
broker_name and broker_id correspond to the broker the connection is being made to. The x509_error argument indicates if OpenSSL's verification of the certificate succeed (0) or failed (an OpenSSL error code). The application may set the SSL context error code by returning 0 from the verify callback and providing a non-zero SSL context error code in x509_error. If the verify callback sets x509_error to 0, returns 1, and the original x509_error was non-zero, the error on the SSL context will be cleared. x509_error is always a valid pointer to an int.
depth is the depth of the current certificate in the chain, starting at the root certificate.
The certificate itself is passed in binary DER format in buf of size size.
The callback must 1 if verification succeeds, or 0 if verification fails and write a human-readable error message to errstr.
x509_error codes. 
1.8.8