This is an automated email from the ASF dual-hosted git repository. mmartell pushed a commit to branch GEODE-8398-sni-support-dotnet in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 3f6eb81e4f2e95520736108e71e64d32a23ab75f Author: Blake Bender <[email protected]> AuthorDate: Fri Jul 31 16:11:24 2020 -0700 WIP: More progress - looks like we're actually hitting the proxy and doing things (~80% sure) --- cppcache/src/TcpSslConn.hpp | 18 +++++++----------- cppcache/src/TcrConnection.cpp | 20 ++++++++++++++++---- cppcache/src/ThinClientLocatorHelper.cpp | 3 +-- cppcache/src/ThinClientPoolDM.hpp | 2 ++ 4 files changed, 26 insertions(+), 17 deletions(-) diff --git a/cppcache/src/TcpSslConn.hpp b/cppcache/src/TcpSslConn.hpp index eb6afe0..e01eba5 100644 --- a/cppcache/src/TcpSslConn.hpp +++ b/cppcache/src/TcpSslConn.hpp @@ -53,15 +53,14 @@ class TcpSslConn : public TcpConn { void createSocket(ACE_HANDLE sock) override; public: - TcpSslConn( - std::chrono::microseconds waitSeconds, int32_t maxBuffSizePool, - const std::string& sniProxyHostname, uint16_t sniProxyPort, - const std::string& pubkeyfile, const std::string& privkeyfile, - const std::string& pemPassword) - : TcpConn(sniProxyHostname.c_str(), sniProxyPort, waitSeconds, maxBuffSizePool), + TcpSslConn(const std::string& hostname, std::chrono::microseconds waitSeconds, + int32_t maxBuffSizePool, const std::string& sniProxyHostname, + uint16_t sniProxyPort, const std::string& pubkeyfile, + const std::string& privkeyfile, const std::string& pemPassword) + : TcpConn(sniProxyHostname.c_str(), sniProxyPort, waitSeconds, + maxBuffSizePool), m_ssl(nullptr), - m_sniPort(sniProxyPort), - m_sniHostname(sniProxyHostname), + m_sniHostname(hostname), m_pubkeyfile(pubkeyfile), m_privkeyfile(privkeyfile), m_pemPassword(pemPassword) {} @@ -72,7 +71,6 @@ class TcpSslConn : public TcpConn { const std::string& pemPassword) : TcpConn(hostname.c_str(), port, connect_timeout, maxBuffSizePool), m_ssl(nullptr), - m_sniPort(0), m_sniHostname(""), m_pubkeyfile(pubkeyfile), m_privkeyfile(privkeyfile), @@ -89,8 +87,6 @@ class TcpSslConn : public TcpConn { m_privkeyfile(privkeyfile), m_pemPassword(pemPassword) {} - - virtual ~TcpSslConn() override {} private: diff --git a/cppcache/src/TcrConnection.cpp b/cppcache/src/TcrConnection.cpp index 79a5002..e6f432d 100644 --- a/cppcache/src/TcrConnection.cpp +++ b/cppcache/src/TcrConnection.cpp @@ -432,10 +432,22 @@ Connector* TcrConnection::createConnection( ->getDistributedSystem() .getSystemProperties(); if (systemProperties.sslEnabled()) { - socket = new TcpSslConn(endpoint, connectTimeout, maxBuffSizePool, - systemProperties.sslTrustStore().c_str(), - systemProperties.sslKeyStore().c_str(), - systemProperties.sslKeystorePassword().c_str()); + auto sniProxyHostname = m_poolDM->getSNIProxyHostname(); + auto sniPort = m_poolDM->getSNIPort(); + if (sniProxyHostname.empty()) { + socket = new TcpSslConn(endpoint, connectTimeout, maxBuffSizePool, + systemProperties.sslTrustStore().c_str(), + systemProperties.sslKeyStore().c_str(), + systemProperties.sslKeystorePassword().c_str()); + } else { + auto ipaddr = std::string(endpoint); + auto hostname = ipaddr.substr(0, ipaddr.find(':')); + socket = new TcpSslConn(hostname, connectTimeout, maxBuffSizePool, + sniProxyHostname, sniPort, + systemProperties.sslTrustStore().c_str(), + systemProperties.sslKeyStore().c_str(), + systemProperties.sslKeystorePassword().c_str()); + } } else { socket = new TcpConn(endpoint, connectTimeout, maxBuffSizePool); } diff --git a/cppcache/src/ThinClientLocatorHelper.cpp b/cppcache/src/ThinClientLocatorHelper.cpp index bbed2a0..c325d60 100644 --- a/cppcache/src/ThinClientLocatorHelper.cpp +++ b/cppcache/src/ThinClientLocatorHelper.cpp @@ -93,8 +93,7 @@ Connector* ThinClientLocatorHelper::createConnection( systemProperties.sslTrustStore(), systemProperties.sslKeyStore(), systemProperties.sslKeystorePassword()); } else { - socket = new TcpSslConn( - waitSeconds, maxBuffSizePool, m_sniProxyHost, + socket = new TcpSslConn(hostname, waitSeconds, maxBuffSizePool, m_sniProxyHost, m_sniProxyPort, systemProperties.sslTrustStore(), systemProperties.sslKeyStore(), systemProperties.sslKeystorePassword()); diff --git a/cppcache/src/ThinClientPoolDM.hpp b/cppcache/src/ThinClientPoolDM.hpp index 711e906..ffd3d90 100644 --- a/cppcache/src/ThinClientPoolDM.hpp +++ b/cppcache/src/ThinClientPoolDM.hpp @@ -168,6 +168,8 @@ class ThinClientPoolDM GfErrType getConnectionToAnEndPoint(std::string epNameStr, TcrConnection*& conn); + const std::string getSNIProxyHostname() { return m_attrs->getSniProxyHost(); } + uint16_t getSNIPort() { return m_attrs->getSniProxyPort(); } virtual inline bool isSticky() { return m_sticky; } virtual TcrEndpoint* getEndPoint( const std::shared_ptr<BucketServerLocation>& serverLocation,
