This is an automated email from the ASF dual-hosted git repository.
bbender pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-native.git
The following commit(s) were added to refs/heads/develop by this push:
new 2f89fef GEODE-8102 Link and load OpenSSL library directly (#630)
2f89fef is described below
commit 2f89fef597402822ef23bf8120e70629d0561cb3
Author: Jacob Barrett <[email protected]>
AuthorDate: Fri Aug 14 11:16:55 2020 -0700
GEODE-8102 Link and load OpenSSL library directly (#630)
* Refactor TcpConn
* Moves TLS support into the main library.
* Creates hard dependency on OpenSSL.
* Reduces issues with loading non-system libraries at runtime.
* Simplifies socket code.
* Fixes dependency library copy.
* Delay load OpenSSL libraries on Windows
* Fixes leak
* Clang-tidy cleanup
---
CMakeLists.txt | 2 -
clicache/integration-test/test.bat.in | 1 -
clicache/integration-test2/CMakeLists.txt | 7 -
clicache/src/CMakeLists.txt | 34 ++--
cppcache/CMakeLists.txt | 1 +
cppcache/integration-test/CMakeLists.txt | 2 +-
cppcache/integration-test/test.bat.in | 1 -
cppcache/integration-test/test.sh.in | 1 -
cppcache/integration/test/CMakeLists.txt | 11 +-
cppcache/shared/CMakeLists.txt | 5 +
cppcache/src/Connector.hpp | 10 +-
cppcache/src/SslSockStream.cpp | 124 ------------
cppcache/src/SslSockStream.hpp | 96 ----------
cppcache/src/TcpConn.cpp | 202 +++++++-------------
cppcache/src/TcpConn.hpp | 99 +++-------
cppcache/src/TcpSslConn.cpp | 207 +++++++--------------
cppcache/src/TcpSslConn.hpp | 96 +++++-----
cppcache/src/TcrConnection.cpp | 12 +-
cppcache/src/TcrConnection.hpp | 2 +-
cryptoimpl/CMakeLists.txt | 62 ------
cryptoimpl/SSLImpl.cpp | 145 ---------------
cryptoimpl/SSLImpl.hpp | 88 ---------
cryptoimpl/Ssl.hpp | 46 -----
.../security/sslclientserver.html.md.erb | 2 -
.../security/sslclientserver.html.md.erb | 2 -
examples/cmake/FindGeodeNative.cmake.in | 27 ---
examples/cpp/sslputget/CMakeLists.txt.in | 26 +--
openssl-compat/CMakeLists.txt | 30 ---
openssl-compat/openssl-compat.h | 86 ---------
templates/security/CMakeLists.txt | 1 -
tests/cpp/security/CMakeLists.txt | 1 -
31 files changed, 259 insertions(+), 1170 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index e18aa29..60f2ed1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -359,9 +359,7 @@ find_package(OpenSSL REQUIRED)
add_subdirectory(tests/javaobject)
add_subdirectory(dependencies)
-add_subdirectory(openssl-compat)
add_subdirectory(cppcache)
-add_subdirectory(cryptoimpl)
add_subdirectory(sqliteimpl)
add_subdirectory(templates/security)
add_subdirectory(docs/api)
diff --git a/clicache/integration-test/test.bat.in
b/clicache/integration-test/test.bat.in
index 87874b1..1d7949d 100644
--- a/clicache/integration-test/test.bat.in
+++ b/clicache/integration-test/test.bat.in
@@ -21,7 +21,6 @@ set
PATH=$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:Apache.Geode>>;%PATH%
set PATH=$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:framework>>;%PATH%
set PATH=$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:testobject>>;%PATH%
set PATH=$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:SqLiteImpl>>;%PATH%
-set PATH=$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:cryptoImpl>>;%PATH%
set PATH=$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:securityImpl>>;%PATH%
set PATH=$<JOIN:$<SHELL_PATH:${PATH}>,;>;%PATH%
diff --git a/clicache/integration-test2/CMakeLists.txt
b/clicache/integration-test2/CMakeLists.txt
index a6c31d4..3437621 100644
--- a/clicache/integration-test2/CMakeLists.txt
+++ b/clicache/integration-test2/CMakeLists.txt
@@ -91,10 +91,3 @@ if(NOT "${STRONG_NAME_KEY}" STREQUAL "")
endif()
add_dependencies(${PROJECT_NAME} nuget-restore)
-
-add_custom_command(TARGET ${PROJECT_NAME} POST_BUILD
- COMMAND ${CMAKE_COMMAND} -E copy_if_different
- $<SHELL_PATH:$<TARGET_FILE:cryptoImpl>>
- $<$<CONFIG:Debug>:$<SHELL_PATH:$<TARGET_PDB_FILE:cryptoImpl>>>
- $<SHELL_PATH:$<TARGET_FILE_DIR:${PROJECT_NAME}>>
-)
diff --git a/clicache/src/CMakeLists.txt b/clicache/src/CMakeLists.txt
index e38c8c0..8ad3b32 100644
--- a/clicache/src/CMakeLists.txt
+++ b/clicache/src/CMakeLists.txt
@@ -23,7 +23,7 @@
configure_file(${CMAKE_CURRENT_SOURCE_DIR}/impl/AssemblyInfo.cpp.in ${CMAKE_CURR
list(APPEND CONFIGURE_IN_FILES
${CMAKE_CURRENT_SOURCE_DIR}/impl/AssemblyInfo.cpp.in)
list(APPEND CONFIGURE_OUT_FILES
${CMAKE_CURRENT_BINARY_DIR}/impl/AssemblyInfo.cpp)
-add_library(${PROJECT_NAME} SHARED
+add_library(Apache.Geode SHARED
Apache.Geode.rc
AttributesMutator.cpp
AttributesMutator.hpp
@@ -302,7 +302,7 @@ add_library(${PROJECT_NAME} SHARED
${CONFIGURE_OUT_FILES}
)
-set_target_properties(${PROJECT_NAME} PROPERTIES
+set_target_properties(Apache.Geode PROPERTIES
COMMON_LANGUAGE_RUNTIME ""
OUTPUT_NAME ${PRODUCT_DLL_NAME}
VS_GLOBAL_CLRSupport "true"
@@ -313,7 +313,7 @@ set_target_properties(${PROJECT_NAME} PROPERTIES
FOLDER cli
)
-target_compile_options(${PROJECT_NAME}
+target_compile_options(Apache.Geode
PRIVATE
/bigobj # C1128 - large number of templates causes too many section.
/Zm32 # C3859 - internal heap limit reached
@@ -324,12 +324,12 @@ target_compile_options(${PROJECT_NAME}
/wd4947 /wd4251 /wd4635
)
-target_include_directories(${PROJECT_NAME}
+target_include_directories(Apache.Geode
PRIVATE
$<TARGET_PROPERTY:apache-geode,SOURCE_DIR>/../src
)
-target_link_libraries(${PROJECT_NAME}
+target_link_libraries(Apache.Geode
PUBLIC
psapi
PRIVATE
@@ -339,28 +339,32 @@ target_link_libraries(${PROJECT_NAME}
_WarningsAsError
)
+target_link_options(Apache.Geode
+ PRIVATE
+ /DELAYLOAD:libssl-1_1-x64.dll
+ /DELAYLOAD:libcrypto-1_1-x64.dll
+)
+
string(REPLACE "/RTC1" "" CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG}")
set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS}
${SHARED_LINKER_FLAGS_STRONG_KEY}")
include(PrecompiledHeader)
-add_precompiled_header(${PROJECT_NAME} geode_includes.hpp FORCEINCLUDE)
+add_precompiled_header(Apache.Geode geode_includes.hpp FORCEINCLUDE)
-install(TARGETS ${PROJECT_NAME}
+install(TARGETS Apache.Geode
RUNTIME DESTINATION bin
ARCHIVE DESTINATION lib
)
-IF(MSVC)
- INSTALL (
- FILES $<TARGET_PDB_FILE:${PROJECT_NAME}>
- DESTINATION bin
- CONFIGURATIONS Debug RelWithDebInfo
- )
-ENDIF(MSVC)
+install (
+ FILES $<TARGET_PDB_FILE:${PROJECT_NAME}>
+ DESTINATION bin
+ CONFIGURATIONS Debug RelWithDebInfo
+)
-add_dependencies(client-libraries ${PROJECT_NAME})
+add_dependencies(client-libraries Apache.Geode)
add_subdirectory(templates)
diff --git a/cppcache/CMakeLists.txt b/cppcache/CMakeLists.txt
index 6564bcf..eecd64e 100644
--- a/cppcache/CMakeLists.txt
+++ b/cppcache/CMakeLists.txt
@@ -83,6 +83,7 @@ endif()
target_link_libraries(_apache-geode INTERFACE
ACE::ACE
+ ACE::ACE_SSL
Boost::boost
Boost::filesystem
Boost::thread
diff --git a/cppcache/integration-test/CMakeLists.txt
b/cppcache/integration-test/CMakeLists.txt
index 1fc9e32..6dd225e 100644
--- a/cppcache/integration-test/CMakeLists.txt
+++ b/cppcache/integration-test/CMakeLists.txt
@@ -132,7 +132,7 @@ foreach(FILE ${SOURCES})
endif()
# Some tests depend on these library
- add_dependencies(${TEST} securityImpl cryptoImpl SqLiteImpl)
+ add_dependencies(${TEST} securityImpl SqLiteImpl)
add_clangformat(${TEST})
diff --git a/cppcache/integration-test/test.bat.in
b/cppcache/integration-test/test.bat.in
index 8bf1f6b..096d783 100644
--- a/cppcache/integration-test/test.bat.in
+++ b/cppcache/integration-test/test.bat.in
@@ -21,7 +21,6 @@ set
PATH=%PATH%;$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:apache-geode>>
set PATH=%PATH%;$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:framework>>
set PATH=%PATH%;$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:testobject>>
set PATH=%PATH%;$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:SqLiteImpl>>
-set PATH=%PATH%;$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:cryptoImpl>>
set PATH=%PATH%;$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:securityImpl>>
set PATH=%PATH%;$<SHELL_PATH:$<TARGET_LINKER_FILE_DIR:unit_test_callbacks>>
set PATH=%PATH%;$<JOIN:$<SHELL_PATH:${PATH}>,;>
diff --git a/cppcache/integration-test/test.sh.in
b/cppcache/integration-test/test.sh.in
index 920cf9b..8eb6368 100644
--- a/cppcache/integration-test/test.sh.in
+++ b/cppcache/integration-test/test.sh.in
@@ -22,7 +22,6 @@ export
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<TARGET_LINKER_FILE_DIR:apache-geode>
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<TARGET_LINKER_FILE_DIR:framework>
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<TARGET_LINKER_FILE_DIR:testobject>
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<TARGET_LINKER_FILE_DIR:SqLiteImpl>
-export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<TARGET_LINKER_FILE_DIR:cryptoImpl>
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<TARGET_LINKER_FILE_DIR:securityImpl>
export
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<TARGET_LINKER_FILE_DIR:unit_test_callbacks>
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$<JOIN:${LD_LIBRARY_PATH},:>
diff --git a/cppcache/integration/test/CMakeLists.txt
b/cppcache/integration/test/CMakeLists.txt
index 6779c00..6c66734 100644
--- a/cppcache/integration/test/CMakeLists.txt
+++ b/cppcache/integration/test/CMakeLists.txt
@@ -70,19 +70,18 @@ target_link_libraries(cpp-integration-test
Boost::log
Boost::filesystem
Boost::chrono
- cryptoImpl
PRIVATE
_WarningsAsError
internal
)
-add_dependencies(cpp-integration-test cryptoImpl)
-
if(WIN32)
- foreach (_target apache-geode testobject cryptoImpl)
- add_custom_command(TARGET cpp-integration-test POST_BUILD COMMAND
${CMAKE_COMMAND} -E copy_if_different
+ foreach (_target apache-geode testobject)
+ add_custom_command(TARGET cpp-integration-test
+ DEPENDS ${_target}
+ COMMAND ${CMAKE_COMMAND} -E copy_if_different
"$<TARGET_FILE:${_target}>"
- "$<$<CONFIG:Debug>:$<TARGET_PDB_FILE:${_target}>>"
+
"$<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:$<TARGET_PDB_FILE:${_target}>>"
"$<TARGET_FILE_DIR:cpp-integration-test>")
endforeach()
endif()
diff --git a/cppcache/shared/CMakeLists.txt b/cppcache/shared/CMakeLists.txt
index 6922cf3..adb3db5 100644
--- a/cppcache/shared/CMakeLists.txt
+++ b/cppcache/shared/CMakeLists.txt
@@ -22,6 +22,11 @@ if (MSVC)
PRIVATE
/bigobj # C1128 - large number of templates causes too many section.
)
+ target_link_options(apache-geode
+ PRIVATE
+ /DELAYLOAD:libssl-1_1-x64.dll
+ /DELAYLOAD:libcrypto-1_1-x64.dll
+ )
endif()
generate_export_file( "apache-geode" )
diff --git a/cppcache/src/Connector.hpp b/cppcache/src/Connector.hpp
index 1c445c3..b34285d 100644
--- a/cppcache/src/Connector.hpp
+++ b/cppcache/src/Connector.hpp
@@ -22,7 +22,6 @@
#include <chrono>
-#include <geode/ExceptionTypes.hpp>
#include <geode/internal/geode_globals.hpp>
namespace apache {
@@ -40,10 +39,10 @@ constexpr std::chrono::milliseconds DEFAULT_WRITE_TIMEOUT =
DEFAULT_TIMEOUT;
class Connector {
public:
- /* create one socket connection with settings */
Connector() {}
- /* destroy the connection */
virtual ~Connector() {}
+ Connector(const Connector &) = delete;
+ Connector &operator=(const Connector &) = delete;
/**
* Reads <code>len</code> bytes of data and stores them into the buffer
@@ -102,11 +101,6 @@ class Connector {
* Returns local port for this TCP connection
*/
virtual uint16_t getPort() = 0;
-
- private:
- // Disallow copy constructor and assignment operator.
- Connector(const Connector &);
- Connector &operator=(const Connector &);
};
} // namespace client
} // namespace geode
diff --git a/cppcache/src/SslSockStream.cpp b/cppcache/src/SslSockStream.cpp
deleted file mode 100644
index 7a1ae29..0000000
--- a/cppcache/src/SslSockStream.cpp
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "SslSockStream.hpp"
-
-#include <geode/ExceptionTypes.hpp>
-
-#include "util/Log.hpp"
-
-namespace apache {
-namespace geode {
-namespace client {
-
-void *SslSockStream::getACESSLFuncPtr(const char *function_name) {
- void *func = m_dll.symbol(function_name);
- if (func == nullptr) {
- char msg[1000];
- std::snprintf(msg, 1000, "cannot find function %s in library %s",
- function_name, "cryptoImpl");
- LOGERROR(msg);
- throw IllegalStateException(msg);
- }
- return func;
-}
-
-void SslSockStream::initACESSLFuncPtrs() {
- const char *libName = "cryptoImpl";
- if (m_dll.open(libName, ACE_DEFAULT_SHLIB_MODE, 0) == -1) {
- int32_t lastError = ACE_OS::last_error();
- LOGERROR("Failed to open cryptoImpl . Errno: %d : %s", lastError,
- ACE_OS::strerror(lastError));
- char msg[1000] = {0};
- std::snprintf(msg, 1000, "cannot open library: %s", libName);
- LOGERROR(msg);
- throw FileNotFoundException(msg);
- }
-
-#define ASSIGN_SSL_FUNC_PTR(OrigName) \
- OrigName##_Ptr = (OrigName##_Type)getACESSLFuncPtr(#OrigName);
-
- ASSIGN_SSL_FUNC_PTR(gf_initSslImpl)
- ASSIGN_SSL_FUNC_PTR(gf_clearSslImpl)
- ASSIGN_SSL_FUNC_PTR(gf_set_option)
- ASSIGN_SSL_FUNC_PTR(gf_listen)
- ASSIGN_SSL_FUNC_PTR(gf_connect)
- ASSIGN_SSL_FUNC_PTR(gf_recv_n)
- ASSIGN_SSL_FUNC_PTR(gf_send_n)
- ASSIGN_SSL_FUNC_PTR(gf_get_local_addr)
-}
-
-SslSockStream::SslSockStream(ACE_HANDLE sock, const char *pubkey,
- const char *privkey)
- : m_ctx(nullptr),
- m_sock(sock),
- m_pubkey(pubkey),
- m_privkey(privkey),
- gf_initSslImpl_Ptr(nullptr),
- gf_clearSslImpl_Ptr(nullptr),
- gf_set_option_Ptr(nullptr),
- gf_listen_Ptr(nullptr),
- gf_connect_Ptr(nullptr),
- gf_recv_n_Ptr(nullptr),
- gf_send_n_Ptr(nullptr),
- gf_get_local_addr_Ptr(nullptr) {}
-
-void SslSockStream::init() {
- initACESSLFuncPtrs();
- m_ctx = gf_initSslImpl_Ptr(m_sock, m_pubkey, m_privkey);
- LOGDEBUG("Got %p as SSL socket context address", m_ctx);
-}
-
-int SslSockStream::set_option(int level, int option, void *optval,
- int optlen) const {
- return gf_set_option_Ptr(m_ctx, level, option, optval, optlen);
-}
-
-int SslSockStream::listen(ACE_INET_Addr addr, unsigned waitSeconds) {
- return gf_listen_Ptr(m_ctx, addr, waitSeconds);
-}
-
-int SslSockStream::connect(ACE_INET_Addr ipaddr, unsigned waitSeconds) {
- return gf_connect_Ptr(m_ctx, ipaddr, waitSeconds);
-}
-
-ssize_t SslSockStream::recv_n(void *buf, size_t len,
- const ACE_Time_Value *timeout,
- size_t *bytes_transferred) const {
- return gf_recv_n_Ptr(m_ctx, buf, len, timeout, bytes_transferred);
-}
-
-ssize_t SslSockStream::send_n(const void *buf, size_t len,
- const ACE_Time_Value *timeout,
- size_t *bytes_transferred) const {
- return gf_send_n_Ptr(m_ctx, buf, len, timeout, bytes_transferred);
-}
-
-int SslSockStream::get_local_addr(ACE_Addr &addr) const {
- return gf_get_local_addr_Ptr(m_ctx, addr);
-}
-
-int SslSockStream::close() {
- gf_clearSslImpl_Ptr(m_ctx);
- m_ctx = nullptr;
- return 0;
-}
-
-SslSockStream::~SslSockStream() { close(); }
-} // namespace client
-} // namespace geode
-} // namespace apache
diff --git a/cppcache/src/SslSockStream.hpp b/cppcache/src/SslSockStream.hpp
deleted file mode 100644
index b3c6eb0..0000000
--- a/cppcache/src/SslSockStream.hpp
+++ /dev/null
@@ -1,96 +0,0 @@
-#pragma once
-
-#ifndef GEODE_SSLSOCKSTREAM_H_
-#define GEODE_SSLSOCKSTREAM_H_
-
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <ace/DLL.h>
-#include <ace/INET_Addr.h>
-
-namespace apache {
-namespace geode {
-namespace client {
-
-class SslSockStream {
- private:
- SslSockStream();
- SslSockStream(const SslSockStream &);
-
- ACE_DLL m_dll;
-
- void *m_ctx;
- ACE_HANDLE m_sock;
- const char *m_pubkey;
- const char *m_privkey;
-
- typedef void *(*gf_initSslImpl_Type)(ACE_HANDLE, const char *, const char *);
- typedef void (*gf_clearSslImpl_Type)(void *);
- typedef int (*gf_set_option_Type)(void *, int, int, void *, int);
- typedef int (*gf_listen_Type)(void *, ACE_INET_Addr, unsigned);
- typedef int (*gf_connect_Type)(void *, ACE_INET_Addr, unsigned);
- typedef ssize_t (*gf_recv_n_Type)(void *, void *, size_t,
- const ACE_Time_Value *, size_t *);
- typedef ssize_t (*gf_send_n_Type)(void *, const void *, size_t,
- const ACE_Time_Value *, size_t *);
- typedef int (*gf_get_local_addr_Type)(void *, ACE_Addr &);
-
-#define DECLARE_SSL_FUNC_PTR(OrigName) OrigName##_Type OrigName##_Ptr;
-
- DECLARE_SSL_FUNC_PTR(gf_initSslImpl)
- DECLARE_SSL_FUNC_PTR(gf_clearSslImpl)
- DECLARE_SSL_FUNC_PTR(gf_set_option)
- DECLARE_SSL_FUNC_PTR(gf_listen)
- DECLARE_SSL_FUNC_PTR(gf_connect)
- DECLARE_SSL_FUNC_PTR(gf_recv_n)
- DECLARE_SSL_FUNC_PTR(gf_send_n)
- DECLARE_SSL_FUNC_PTR(gf_get_local_addr)
-
- void initACESSLFuncPtrs();
- void *getACESSLFuncPtr(const char *function_name);
-
- protected:
- public:
- SslSockStream(ACE_HANDLE, const char *, const char *);
- ~SslSockStream();
-
- void init();
-
- int set_option(int level, int option, void *optval, int optlen) const;
-
- int listen(ACE_INET_Addr addr, unsigned waitSeconds);
-
- int connect(ACE_INET_Addr ipaddr, unsigned waitSeconds);
-
- ssize_t recv_n(void *buf, size_t len, const ACE_Time_Value *timeout =
nullptr,
- size_t *bytes_transferred = nullptr) const;
-
- ssize_t send_n(const void *buf, size_t len,
- const ACE_Time_Value *timeout = nullptr,
- size_t *bytes_transferred = nullptr) const;
-
- int get_local_addr(ACE_Addr &) const;
-
- int close();
-
-}; // class SslSockStream
-} // namespace client
-} // namespace geode
-} // namespace apache
-
-#endif // GEODE_SSLSOCKSTREAM_H_
diff --git a/cppcache/src/TcpConn.cpp b/cppcache/src/TcpConn.cpp
index 4cfa126..76acc9f 100644
--- a/cppcache/src/TcpConn.cpp
+++ b/cppcache/src/TcpConn.cpp
@@ -17,28 +17,27 @@
#include "TcpConn.hpp"
-#include <chrono>
-#include <memory>
#include <thread>
-#include <ace/SOCK_Acceptor.h>
#include <ace/SOCK_Connector.h>
+#include <boost/interprocess/mapped_region.hpp>
+#include <geode/ExceptionTypes.hpp>
#include <geode/internal/chrono/duration.hpp>
-#include "CacheImpl.hpp"
-#include "DistributedSystem.hpp"
#include "util/Log.hpp"
namespace apache {
namespace geode {
namespace client {
+const size_t TcpConn::kChunkSize = TcpConn::getDefaultChunkSize();
+
void TcpConn::clearNagle(ACE_HANDLE sock) {
int32_t val = 1;
if (0 != ACE_OS::setsockopt(sock, IPPROTO_TCP, 1,
- reinterpret_cast<const char *>(&val),
+ reinterpret_cast<const char*>(&val),
sizeof(val))) {
int32_t lastError = ACE_OS::last_error();
LOGERROR("Failed to set TCP_NODELAY on socket. Errno: %d: %s", lastError,
@@ -52,14 +51,14 @@ int32_t TcpConn::maxSize(ACE_HANDLE sock, int32_t flag,
int32_t size) {
int32_t inc = 32120;
val = size - (3 * inc);
if (val < 0) val = 0;
- if (size == 0) size = m_maxBuffSizePool;
+ if (size == 0) size = maxBuffSizePool_;
int32_t red = 0;
int32_t lastRed = -1;
while (lastRed != red) {
lastRed = red;
val += inc;
if (0 != ACE_OS::setsockopt(sock, SOL_SOCKET, flag,
- reinterpret_cast<const char *>(&val),
+ reinterpret_cast<const char*>(&val),
sizeof(val))) {
int32_t lastError = ACE_OS::last_error();
LOGERROR("Failed to set socket options. Errno: %d : %s ", lastError,
@@ -67,7 +66,7 @@ int32_t TcpConn::maxSize(ACE_HANDLE sock, int32_t flag,
int32_t size) {
}
int plen = sizeof(val);
if (0 != ACE_OS::getsockopt(sock, SOL_SOCKET, flag,
- reinterpret_cast<char *>(&val), &plen)) {
+ reinterpret_cast<char*>(&val), &plen)) {
int32_t lastError = ACE_OS::last_error();
LOGERROR(
"Failed to get buffer size for flag %d on socket. Errno: %d : %s",
@@ -76,7 +75,7 @@ int32_t TcpConn::maxSize(ACE_HANDLE sock, int32_t flag,
int32_t size) {
#ifdef _LINUX
val /= 2;
#endif
- if ((val >= m_maxBuffSizePool) || (val >= size)) continue;
+ if ((val >= maxBuffSizePool_) || (val >= size)) continue;
red = val;
}
return val;
@@ -84,13 +83,12 @@ int32_t TcpConn::maxSize(ACE_HANDLE sock, int32_t flag,
int32_t size) {
void TcpConn::createSocket(ACE_HANDLE sock) {
LOGDEBUG("Creating plain socket stream");
- m_io = new ACE_SOCK_Stream(sock);
- // m_io->enable(ACE_NONBLOCK);
+ stream_ = std::unique_ptr<ACE_SOCK_Stream>(new ACE_SOCK_Stream(sock));
}
void TcpConn::init() {
#ifdef WITH_IPV6
- ACE_HANDLE sock = ACE_OS::socket(m_addr.get_type(), SOCK_STREAM, 0);
+ ACE_HANDLE sock = ACE_OS::socket(inetAddress_.get_type(), SOCK_STREAM, 0);
#else
ACE_HANDLE sock = ACE_OS::socket(AF_INET, SOCK_STREAM, 0);
#endif
@@ -126,142 +124,68 @@ void TcpConn::init() {
connect();
}
-TcpConn::TcpConn(const char *ipaddr, std::chrono::microseconds waitSeconds,
- int32_t maxBuffSizePool)
- : m_io(nullptr),
- m_addr(ipaddr),
- m_waitMilliSeconds(waitSeconds),
- m_maxBuffSizePool(maxBuffSizePool),
- m_chunkSize(getDefaultChunkSize()) {}
-
-TcpConn::TcpConn(const char *hostname, int32_t port,
+TcpConn::TcpConn(const std::string& address,
std::chrono::microseconds waitSeconds, int32_t
maxBuffSizePool)
- : m_io(nullptr),
- m_addr(port, hostname),
- m_waitMilliSeconds(waitSeconds),
- m_maxBuffSizePool(maxBuffSizePool),
- m_chunkSize(getDefaultChunkSize()) {}
-
-void TcpConn::listen(const char *hostname, int32_t port,
- std::chrono::microseconds waitSeconds) {
- ACE_INET_Addr addr(port, hostname);
- listen(addr, waitSeconds);
-}
-
-void TcpConn::listen(const char *ipaddr,
- std::chrono::microseconds waitSeconds) {
- ACE_INET_Addr addr(ipaddr);
- listen(addr, waitSeconds);
-}
-
-void TcpConn::listen(ACE_INET_Addr addr,
- std::chrono::microseconds waitSeconds) {
- using apache::geode::internal::chrono::duration::to_string;
-
- ACE_SOCK_Acceptor listener(addr, 1);
- int32_t retVal = 0;
- if (waitSeconds > std::chrono::microseconds::zero()) {
- ACE_Time_Value wtime(waitSeconds);
- retVal = listener.accept(*m_io, nullptr, &wtime);
- } else {
- retVal = listener.accept(*m_io, nullptr);
- }
- if (retVal == -1) {
- char msg[256];
- int32_t lastError = ACE_OS::last_error();
- if (lastError == ETIME || lastError == ETIMEDOUT) {
- throw TimeoutException(
- "TcpConn::listen Attempt to listen timed out after " +
- to_string(waitSeconds) + ".");
- }
- std::snprintf(msg, 256, "TcpConn::listen failed with errno: %d: %s",
- lastError, ACE_OS::strerror(lastError));
- throw GeodeIOException(msg);
- }
-}
-
-void TcpConn::connect(const char *hostname, int32_t port,
- std::chrono::microseconds waitSeconds) {
- ACE_INET_Addr addr(port, hostname);
- m_addr = addr;
- m_waitMilliSeconds = waitSeconds;
- connect();
-}
+ : stream_(nullptr),
+ maxBuffSizePool_(maxBuffSizePool),
+ inetAddress_(address.c_str()),
+ timeout_(waitSeconds) {}
-void TcpConn::connect(const char *ipaddr,
- std::chrono::microseconds waitSeconds) {
- ACE_INET_Addr addr(ipaddr);
- m_addr = addr;
- m_waitMilliSeconds = waitSeconds;
- connect();
-}
+TcpConn::TcpConn(const std::string& hostname, uint16_t port,
+ std::chrono::microseconds waitSeconds, int32_t
maxBuffSizePool)
+ : stream_(nullptr),
+ maxBuffSizePool_(maxBuffSizePool),
+ inetAddress_(port, hostname.c_str()),
+ timeout_(waitSeconds) {}
void TcpConn::connect() {
using apache::geode::internal::chrono::duration::to_string;
- ACE_INET_Addr ipaddr = m_addr;
- std::chrono::microseconds waitMicroSeconds = m_waitMilliSeconds;
-
ACE_OS::signal(SIGPIPE, SIG_IGN); // Ignore broken pipe
- LOGFINER("Connecting plain socket stream to %s:%d waiting %s micro sec",
- ipaddr.get_host_name(), ipaddr.get_port_number(),
- to_string(waitMicroSeconds).c_str());
+ LOGFINER(std::string("Connecting plain socket stream to ") +
+ inetAddress_.get_host_name() + ":" +
+ std::to_string(inetAddress_.get_port_number()) + " waiting " +
+ to_string(timeout_));
- ACE_SOCK_Connector conn;
- int32_t retVal = 0;
- if (waitMicroSeconds > std::chrono::microseconds::zero()) {
- // passing waittime as microseconds
- ACE_Time_Value wtime(waitMicroSeconds);
- retVal = conn.connect(*m_io, ipaddr, &wtime);
- } else {
- retVal = conn.connect(*m_io, ipaddr);
- }
- if (retVal == -1) {
- char msg[256];
- int32_t lastError = ACE_OS::last_error();
+ const ACE_Time_Value aceTimeout(timeout_);
+ const auto timeout =
+ (timeout_ > std::chrono::microseconds::zero()) ? &aceTimeout : nullptr;
+ if (ACE_SOCK_Connector{}.connect(*stream_, inetAddress_, timeout) == -1) {
+ const auto lastError = ACE_OS::last_error();
if (lastError == ETIME || lastError == ETIMEDOUT) {
- // this is only called by constructor, so we must delete m_io
- _GEODE_SAFE_DELETE(m_io);
throw TimeoutException(
- "TcpConn::connect Attempt to connect timed out after" +
- to_string(waitMicroSeconds) + ".");
+ "TcpConn::connect Attempt to connect timed out after " +
+ to_string(timeout_) + ".");
}
- std::snprintf(msg, 256, "TcpConn::connect failed with errno: %d: %s",
- lastError, ACE_OS::strerror(lastError));
- // this is only called by constructor, so we must delete m_io
close();
- throw GeodeIOException(msg);
+ throw GeodeIOException("TcpConn::connect failed with errno: " +
+ ACE_errno_to_string(lastError));
}
- int rc = this->m_io->enable(ACE_NONBLOCK);
- if (-1 == rc) {
- char msg[256];
- int32_t lastError = ACE_OS::last_error();
- std::snprintf(msg, 256, "TcpConn::NONBLOCK: %d: %s", lastError,
- ACE_OS::strerror(lastError));
- LOGINFO(msg);
+ if (stream_->enable(ACE_NONBLOCK)) {
+ LOGINFO("TcpConn::NONBLOCK: " + ACE_errno_to_string(ACE_OS::last_error()));
}
}
void TcpConn::close() {
- if (m_io != nullptr) {
- m_io->close();
- _GEODE_SAFE_DELETE(m_io);
+ if (stream_) {
+ stream_->close();
+ stream_ = nullptr;
}
}
-size_t TcpConn::receive(char *buff, size_t len,
+size_t TcpConn::receive(char* buff, size_t len,
std::chrono::microseconds waitSeconds) {
return socketOp(SOCK_READ, buff, len, waitSeconds);
}
-size_t TcpConn::send(const char *buff, size_t len,
+size_t TcpConn::send(const char* buff, size_t len,
std::chrono::microseconds waitSeconds) {
- return socketOp(SOCK_WRITE, const_cast<char *>(buff), len, waitSeconds);
+ return socketOp(SOCK_WRITE, const_cast<char*>(buff), len, waitSeconds);
}
-size_t TcpConn::socketOp(TcpConn::SockOp op, char *buff, size_t len,
+size_t TcpConn::socketOp(TcpConn::SockOp op, char* buff, size_t len,
std::chrono::microseconds waitDuration) {
{
ACE_Time_Value waitTime(waitDuration);
@@ -270,23 +194,18 @@ size_t TcpConn::socketOp(TcpConn::SockOp op, char *buff,
size_t len,
ssize_t retVal;
bool errnoSet = false;
- auto sendlen = len;
size_t totalsend = 0;
-
while (len > 0 && waitTime > ACE_Time_Value::zero) {
- if (len > m_chunkSize) {
- sendlen = m_chunkSize;
- len -= m_chunkSize;
+ size_t sendlen;
+ if (len > kChunkSize) {
+ sendlen = kChunkSize;
+ len -= kChunkSize;
} else {
sendlen = len;
len = 0;
}
do {
- if (op == SOCK_READ) {
- retVal = m_io->recv_n(buff, sendlen, &waitTime, &readLen);
- } else {
- retVal = m_io->send_n(buff, sendlen, &waitTime, &readLen);
- }
+ retVal = doOperation(op, buff, sendlen, waitTime, readLen);
sendlen -= readLen;
totalsend += readLen;
if (retVal < 0) {
@@ -318,14 +237,35 @@ size_t TcpConn::socketOp(TcpConn::SockOp op, char *buff,
size_t len,
return totalsend;
}
}
+ssize_t TcpConn::doOperation(const TcpConn::SockOp& op, void* buff,
+ size_t sendlen, ACE_Time_Value& waitTime,
+ size_t& readLen) const {
+ if (op == SOCK_READ) {
+ return stream_->recv_n(buff, sendlen, &waitTime, &readLen);
+ } else {
+ return stream_->send_n(buff, sendlen, &waitTime, &readLen);
+ }
+}
// Return the local port for this TCP connection.
uint16_t TcpConn::getPort() {
ACE_INET_Addr localAddr;
- m_io->get_local_addr(localAddr);
+ stream_->get_local_addr(localAddr);
return localAddr.get_port_number();
}
+size_t TcpConn::getDefaultChunkSize() {
+ //
+ auto pageSize = boost::interprocess::mapped_region::get_page_size();
+ if (pageSize > 16000000) {
+ return 16000000;
+ } else if (pageSize > 0) {
+ return pageSize + (16000000 / pageSize) * pageSize;
+ }
+
+ return 16000000;
+}
+
} // namespace client
} // namespace geode
} // namespace apache
diff --git a/cppcache/src/TcpConn.hpp b/cppcache/src/TcpConn.hpp
index 0bbec30..3a3295a 100644
--- a/cppcache/src/TcpConn.hpp
+++ b/cppcache/src/TcpConn.hpp
@@ -20,40 +20,37 @@
#ifndef GEODE_TCPCONN_H_
#define GEODE_TCPCONN_H_
+#include <chrono>
+#include <memory>
+
#include <ace/SOCK_Stream.h>
-#include <boost/interprocess/mapped_region.hpp>
#include <geode/internal/geode_globals.hpp>
#include "Connector.hpp"
-#include "util/Log.hpp"
namespace apache {
namespace geode {
namespace client {
-#ifdef WIN32
-
-#define TCPLEVEL IPPROTO_TCP
-
-#else
-
-#include <sys/socket.h>
-#include <sys/types.h>
-
-#define TCPLEVEL SOL_TCP
+inline std::string ACE_errno_to_string(decltype(ACE_OS::last_error()) error) {
+ return std::to_string(error) + ": " + ACE_OS::strerror(error);
+}
-#endif
-
-class APACHE_GEODE_EXPORT TcpConn : public Connector {
+class TcpConn : public Connector {
private:
- ACE_SOCK_Stream* m_io;
+ std::unique_ptr<ACE_SOCK_Stream> stream_;
+ const int32_t maxBuffSizePool_;
- protected:
- ACE_INET_Addr m_addr;
- std::chrono::microseconds m_waitMilliSeconds;
+ /**
+ * Attempt to set chunk size to nearest OS page size for perf improvement
+ */
+ static size_t getDefaultChunkSize();
- int32_t m_maxBuffSizePool;
+ protected:
+ ACE_INET_Addr inetAddress_;
+ std::chrono::microseconds timeout_;
+ static const size_t kChunkSize;
enum SockOp { SOCK_READ, SOCK_WRITE };
@@ -65,75 +62,33 @@ class APACHE_GEODE_EXPORT TcpConn : public Connector {
virtual void createSocket(ACE_HANDLE sock);
+ virtual ssize_t doOperation(const SockOp& op, void* buff, size_t sendlen,
+ ACE_Time_Value& waitTime, size_t& readLen) const;
+
public:
- size_t m_chunkSize;
-
- static size_t getDefaultChunkSize() {
- // Attempt to set chunk size to nearest OS page size
- // for perf improvement
- auto pageSize = boost::interprocess::mapped_region::get_page_size();
- if (pageSize > 16000000) {
- return 16000000;
- } else if (pageSize > 0) {
- return pageSize + (16000000 / pageSize) * pageSize;
- }
-
- return 16000000;
- }
-
- TcpConn(const char* hostname, int32_t port,
+ TcpConn(const std::string& hostname, uint16_t port,
std::chrono::microseconds waitSeconds, int32_t maxBuffSizePool);
- TcpConn(const char* ipaddr, std::chrono::microseconds waitSeconds,
+
+ TcpConn(const std::string& address, std::chrono::microseconds waitSeconds,
int32_t maxBuffSizePool);
- virtual ~TcpConn() override { close(); }
+ ~TcpConn() override {}
- // Close this tcp connection
- virtual void close() override;
+ void close() override;
void init() override;
- // Listen
- void listen(const char* hostname, int32_t port,
- std::chrono::microseconds waitSeconds = DEFAULT_READ_TIMEOUT);
- void listen(const char* ipaddr,
- std::chrono::microseconds waitSeconds = DEFAULT_READ_TIMEOUT);
-
- virtual void listen(
- ACE_INET_Addr addr,
- std::chrono::microseconds waitSeconds = DEFAULT_READ_TIMEOUT);
-
- // connect
- void connect(const char* hostname, int32_t port,
- std::chrono::microseconds waitSeconds =
DEFAULT_CONNECT_TIMEOUT);
- void connect(const char* ipaddr,
- std::chrono::microseconds waitSeconds =
DEFAULT_CONNECT_TIMEOUT);
-
virtual void connect();
size_t receive(char* buff, size_t len,
std::chrono::microseconds waitSeconds) override;
+
size_t send(const char* buff, size_t len,
std::chrono::microseconds waitSeconds) override;
- virtual void setOption(int32_t level, int32_t option, void* val, size_t len)
{
- if (m_io->set_option(level, option, val, static_cast<int32_t>(len)) == -1)
{
- int32_t lastError = ACE_OS::last_error();
- LOGERROR("Failed to set option, errno: %d: %s", lastError,
- ACE_OS::strerror(lastError));
- }
- }
-
- void setIntOption(int32_t level, int32_t option, int32_t val) {
- setOption(level, option, &val, sizeof(int32_t));
- }
-
- void setBoolOption(int32_t level, int32_t option, bool val) {
- setOption(level, option, &val, sizeof(bool));
- }
-
virtual uint16_t getPort() override;
};
+
} // namespace client
} // namespace geode
} // namespace apache
diff --git a/cppcache/src/TcpSslConn.cpp b/cppcache/src/TcpSslConn.cpp
index 104b4b4..a72843e 100644
--- a/cppcache/src/TcpSslConn.cpp
+++ b/cppcache/src/TcpSslConn.cpp
@@ -17,69 +17,25 @@
#include "TcpSslConn.hpp"
-#include <chrono>
-#include <thread>
+#include <memory>
+#include <ace/SSL/SSL_SOCK_Connector.h>
+
+#include <geode/ExceptionTypes.hpp>
#include <geode/SystemProperties.hpp>
-#include "CacheImpl.hpp"
-#include "DistributedSystem.hpp"
+#include "util/Log.hpp"
namespace apache {
namespace geode {
namespace client {
-Ssl* TcpSslConn::getSSLImpl(ACE_HANDLE sock, const char* pubkeyfile,
- const char* privkeyfile) {
- const char* libName = "cryptoImpl";
- if (m_dll.open(libName, RTLD_NOW | RTLD_GLOBAL, 0) == -1) {
- char msg[1000] = {0};
- std::snprintf(msg, 1000, "cannot open library: %s", libName);
- LOGERROR(msg);
- throw FileNotFoundException(msg);
- }
-
- gf_create_SslImpl func =
- reinterpret_cast<gf_create_SslImpl>(m_dll.symbol("gf_create_SslImpl"));
- if (func == nullptr) {
- char msg[1000];
- std::snprintf(msg, 1000,
- "cannot find function %s in library gf_create_SslImpl",
- "cryptoImpl");
- LOGERROR(msg);
- throw IllegalStateException(msg);
- }
- return reinterpret_cast<Ssl*>(
- func(sock, pubkeyfile, privkeyfile, m_pemPassword));
-}
+std::atomic_flag TcpSslConn::initialized_ = ATOMIC_FLAG_INIT;
void TcpSslConn::createSocket(ACE_HANDLE sock) {
LOGDEBUG("Creating SSL socket stream");
- try {
- m_ssl = getSSLImpl(sock, m_pubkeyfile, m_privkeyfile);
- } catch (std::exception& e) {
- throw SslException(e.what());
- }
-}
-
-void TcpSslConn::listen(ACE_INET_Addr addr,
- std::chrono::microseconds waitSeconds) {
- using apache::geode::internal::chrono::duration::to_string;
-
- int32_t retVal = m_ssl->listen(addr, waitSeconds);
-
- if (retVal == -1) {
- char msg[256];
- int32_t lastError = ACE_OS::last_error();
- if (lastError == ETIME || lastError == ETIMEDOUT) {
- throw TimeoutException(
- "TcpSslConn::listen Attempt to listen timed out after" +
- to_string(waitSeconds) + ".");
- }
- std::snprintf(msg, 255, "TcpSslConn::listen failed with errno: %d: %s",
- lastError, ACE_OS::strerror(lastError));
- throw GeodeIOException(msg);
- }
+ stream_ = std::unique_ptr<ACE_SSL_SOCK_Stream>(new ACE_SSL_SOCK_Stream());
+ stream_->set_handle(sock);
}
void TcpSslConn::connect() {
@@ -87,107 +43,88 @@ void TcpSslConn::connect() {
ACE_OS::signal(SIGPIPE, SIG_IGN); // Ignore broken pipe
- // m_ssl->init();
-
- std::chrono::microseconds waitMicroSeconds = m_waitMilliSeconds;
-
- LOGDEBUG("Connecting SSL socket stream to %s:%d waiting %s micro sec",
- m_addr.get_host_name(), m_addr.get_port_number(),
- to_string(waitMicroSeconds).c_str());
-
- int32_t retVal = m_ssl->connect(m_addr, waitMicroSeconds);
-
- if (retVal == -1) {
- char msg[256];
- int32_t lastError = ACE_OS::last_error();
+ LOGFINER(std::string("Connecting SSL socket stream to ") +
+ inetAddress_.get_host_name() + ":" +
+ std::to_string(inetAddress_.get_port_number()) + " waiting " +
+ to_string(timeout_));
+
+ ACE_SSL_SOCK_Connector conn;
+ ACE_Time_Value actTimeout(timeout_);
+ if (ACE_SSL_SOCK_Connector{}.connect(
+ *stream_, inetAddress_,
+ timeout_ > std::chrono::microseconds::zero() ? &actTimeout
+ : nullptr) == -1) {
+ const auto lastError = ACE_OS::last_error();
if (lastError == ETIME || lastError == ETIMEDOUT) {
- // this is only called by constructor, so we must delete m_ssl
- _GEODE_SAFE_DELETE(m_ssl);
throw TimeoutException(
"TcpSslConn::connect Attempt to connect timed out after " +
- to_string(waitMicroSeconds) + ".");
+ to_string(timeout_) + ".");
}
- std::snprintf(msg, 256, "TcpSslConn::connect failed with errno: %d: %s",
- lastError, ACE_OS::strerror(lastError));
- // this is only called by constructor, so we must delete m_ssl
- _GEODE_SAFE_DELETE(m_ssl);
- throw GeodeIOException(msg);
+ close();
+ throw GeodeIOException("TcpSslConn::connect failed with errno: " +
+ ACE_errno_to_string(lastError));
}
}
void TcpSslConn::close() {
- if (m_ssl != nullptr) {
- m_ssl->close();
- gf_destroy_SslImpl func = reinterpret_cast<gf_destroy_SslImpl>(
- m_dll.symbol("gf_destroy_SslImpl"));
- func(m_ssl);
- m_ssl = nullptr;
+ if (stream_) {
+ stream_->close();
+ stream_ = nullptr;
}
}
-size_t TcpSslConn::socketOp(TcpConn::SockOp op, char* buff, size_t len,
- std::chrono::microseconds waitDuration) {
- {
- // passing wait time as micro seconds
- ACE_Time_Value waitTime(waitDuration);
- auto endTime = std::chrono::steady_clock::now() + waitDuration;
- size_t readLen = 0;
- bool errnoSet = false;
-
- auto sendlen = len;
- size_t totalsend = 0;
-
- while (len > 0 && waitTime > ACE_Time_Value::zero) {
- if (len > m_chunkSize) {
- sendlen = m_chunkSize;
- len -= m_chunkSize;
- } else {
- sendlen = len;
- len = 0;
- }
- do {
- ssize_t retVal;
- if (op == SOCK_READ) {
- retVal = m_ssl->recv(buff, sendlen, &waitTime, &readLen);
- } else {
- retVal = m_ssl->send(buff, sendlen, &waitTime, &readLen);
- }
- sendlen -= readLen;
- totalsend += readLen;
- if (retVal < 0) {
- int32_t lastError = ACE_OS::last_error();
- if (lastError == EAGAIN) {
- std::this_thread::sleep_for(std::chrono::microseconds(100));
- } else {
- errnoSet = true;
- break;
- }
- } else if (retVal == 0 && readLen == 0) {
- ACE_OS::last_error(EPIPE);
- errnoSet = true;
- break;
- }
-
- buff += readLen;
-
- waitTime = endTime - std::chrono::steady_clock::now();
- if (waitTime <= ACE_Time_Value::zero) break;
- } while (sendlen > 0);
- if (errnoSet) break;
+uint16_t TcpSslConn::getPort() {
+ ACE_INET_Addr localAddr;
+ stream_->get_local_addr(localAddr);
+ return localAddr.get_port_number();
+}
+
+static int pem_passwd_cb(char* buf, int size, int /*rwflag*/, void* passwd) {
+ strncpy(buf, reinterpret_cast<char*>(passwd), size);
+ buf[size - 1] = '\0';
+ return static_cast<int>(strlen(buf));
+}
+
+void TcpSslConn::initSsl() {
+ if (!TcpSslConn::initialized_.test_and_set()) {
+ auto sslContext = ACE_SSL_Context::instance();
+
+ SSL_CTX_set_cipher_list(sslContext->context(), "DEFAULT");
+ sslContext->set_mode(ACE_SSL_Context::SSLv23_client);
+ sslContext->set_verify_peer();
+ if (sslContext->load_trusted_ca(trustStoreFile_.c_str()) != 0) {
+ throw SslException("Failed to read SSL trust store.");
}
- if (len > 0 && !errnoSet) {
- ACE_OS::last_error(ETIME);
+ if (!password_.empty()) {
+ SSL_CTX_set_default_passwd_cb(sslContext->context(), pem_passwd_cb);
+ SSL_CTX_set_default_passwd_cb_userdata(
+ sslContext->context(), const_cast<char*>(password_.c_str()));
}
- return totalsend;
+ if (!privateKeyFile_.empty()) {
+ if (sslContext->certificate(privateKeyFile_.c_str()) != 0) {
+ throw SslException("Failed to read SSL certificate.");
+ }
+ if (sslContext->private_key(privateKeyFile_.c_str()) != 0) {
+ throw SslException("Invalid SSL keystore password.");
+ }
+ if (SSL_CTX_use_certificate_chain_file(sslContext->context(),
+ privateKeyFile_.c_str()) <= 0) {
+ throw SslException("Failed to read SSL certificate chain.");
+ }
+ }
}
}
-uint16_t TcpSslConn::getPort() {
- ACE_INET_Addr localAddr;
- m_ssl->getLocalAddr(localAddr);
- return localAddr.get_port_number();
+ssize_t TcpSslConn::doOperation(const TcpConn::SockOp& op, void* buff,
+ size_t sendlen, ACE_Time_Value& waitTime,
+ size_t& readLen) const {
+ if (op == SOCK_READ) {
+ return stream_->recv_n(buff, sendlen, &waitTime, &readLen);
+ } else {
+ return stream_->send_n(buff, sendlen, &waitTime, &readLen);
+ }
}
} // namespace client
diff --git a/cppcache/src/TcpSslConn.hpp b/cppcache/src/TcpSslConn.hpp
index c14a5b5..6fca35f 100644
--- a/cppcache/src/TcpSslConn.hpp
+++ b/cppcache/src/TcpSslConn.hpp
@@ -20,9 +20,24 @@
#ifndef GEODE_TCPSSLCONN_H_
#define GEODE_TCPSSLCONN_H_
-#include <ace/DLL.h>
+#include <atomic>
+#include <chrono>
+#include <string>
+
+#if defined(_WIN32)
+#pragma warning(push)
+#pragma warning(disable : 4311)
+#pragma warning(disable : 4302)
+#endif
+
+#pragma pack(push)
+#include <ace/SSL/SSL_SOCK_Stream.h>
+#pragma pack(pop)
+
+#if defined(_WIN32)
+#pragma warning(pop)
+#endif
-#include "../../cryptoimpl/Ssl.hpp"
#include "TcpConn.hpp"
namespace apache {
@@ -31,69 +46,48 @@ namespace client {
class TcpSslConn : public TcpConn {
private:
- Ssl* m_ssl;
- ACE_DLL m_dll;
- const char* m_pubkeyfile;
- const char* m_privkeyfile;
- const char* m_pemPassword;
- // adongre: Added for Ticket #758
- // Pass extra parameter for the password
- typedef void* (*gf_create_SslImpl)(ACE_HANDLE, const char*, const char*,
- const char*);
- typedef void (*gf_destroy_SslImpl)(void*);
-
- Ssl* getSSLImpl(ACE_HANDLE sock, const char* pubkeyfile,
- const char* privkeyfile);
+ static std::atomic_flag initialized_;
+ const std::string trustStoreFile_;
+ const std::string privateKeyFile_;
+ const std::string password_;
+ std::unique_ptr<ACE_SSL_SOCK_Stream> stream_;
protected:
- size_t socketOp(SockOp op, char* buff, size_t len,
- std::chrono::microseconds waitDuration) override;
-
void createSocket(ACE_HANDLE sock) override;
+ ssize_t doOperation(const SockOp& op, void* buff, size_t sendlen,
+ ACE_Time_Value& waitTime, size_t& readLen) const
override;
+
+ void initSsl();
+
public:
- TcpSslConn(const char* hostname, int32_t port,
+ TcpSslConn(const std::string& hostname, uint16_t port,
std::chrono::microseconds waitSeconds, int32_t maxBuffSizePool,
- const char* pubkeyfile, const char* privkeyfile,
- const char* pemPassword)
+ std::string publicKeyFile, std::string privateKeyFile,
+ std::string password)
: TcpConn(hostname, port, waitSeconds, maxBuffSizePool),
- m_ssl(nullptr),
- m_pubkeyfile(pubkeyfile),
- m_privkeyfile(privkeyfile),
- m_pemPassword(pemPassword) {}
-
- TcpSslConn(const char* ipaddr, std::chrono::microseconds waitSeconds,
- int32_t maxBuffSizePool, const char* pubkeyfile,
- const char* privkeyfile, const char* pemPassword)
- : TcpConn(ipaddr, waitSeconds, maxBuffSizePool),
- m_ssl(nullptr),
- m_pubkeyfile(pubkeyfile),
- m_privkeyfile(privkeyfile),
- m_pemPassword(pemPassword) {}
+ trustStoreFile_(std::move(publicKeyFile)),
+ privateKeyFile_(std::move(privateKeyFile)),
+ password_(std::move(password)) {
+ initSsl();
+ }
- // TODO: Watch out for virt dtor calling virt methods!
+ TcpSslConn(const std::string& address, std::chrono::microseconds waitSeconds,
+ int32_t maxBuffSizePool, std::string publicKeyFile,
+ std::string privateKeyFile, std::string password)
+ : TcpConn(address, waitSeconds, maxBuffSizePool),
+ trustStoreFile_(std::move(publicKeyFile)),
+ privateKeyFile_(std::move(privateKeyFile)),
+ password_(std::move(password)) {
+ initSsl();
+ }
- virtual ~TcpSslConn() override {}
+ virtual ~TcpSslConn() noexcept override = default;
- // Close this tcp connection
void close() override;
- // Listen
- void listen(ACE_INET_Addr addr, std::chrono::microseconds waitSeconds =
- DEFAULT_READ_TIMEOUT) override;
-
- // connect
void connect() override;
- void setOption(int32_t level, int32_t option, void* val,
- size_t len) override {
- if (m_ssl->setOption(level, option, val, static_cast<int32_t>(len)) == -1)
{
- int32_t lastError = ACE_OS::last_error();
- LOGERROR("Failed to set option, errno: %d: %s", lastError,
- ACE_OS::strerror(lastError));
- }
- }
-
uint16_t getPort() override;
};
} // namespace client
diff --git a/cppcache/src/TcrConnection.cpp b/cppcache/src/TcrConnection.cpp
index 79a5002..8698fa5 100644
--- a/cppcache/src/TcrConnection.cpp
+++ b/cppcache/src/TcrConnection.cpp
@@ -425,19 +425,19 @@ bool TcrConnection::initTcrConnection(
}
Connector* TcrConnection::createConnection(
- const char* endpoint, std::chrono::microseconds connectTimeout,
+ const std::string& address, std::chrono::microseconds connectTimeout,
int32_t maxBuffSizePool) {
Connector* socket = nullptr;
auto& systemProperties = m_connectionManager->getCacheImpl()
->getDistributedSystem()
.getSystemProperties();
if (systemProperties.sslEnabled()) {
- socket = new TcpSslConn(endpoint, connectTimeout, maxBuffSizePool,
- systemProperties.sslTrustStore().c_str(),
- systemProperties.sslKeyStore().c_str(),
- systemProperties.sslKeystorePassword().c_str());
+ socket = new TcpSslConn(address, connectTimeout, maxBuffSizePool,
+ systemProperties.sslTrustStore(),
+ systemProperties.sslKeyStore(),
+ systemProperties.sslKeystorePassword());
} else {
- socket = new TcpConn(endpoint, connectTimeout, maxBuffSizePool);
+ socket = new TcpConn(address, connectTimeout, maxBuffSizePool);
}
// as socket.init() calls throws exception...
m_conn = socket;
diff --git a/cppcache/src/TcrConnection.hpp b/cppcache/src/TcrConnection.hpp
index 1a6f437..d74dfb5 100644
--- a/cppcache/src/TcrConnection.hpp
+++ b/cppcache/src/TcrConnection.hpp
@@ -367,7 +367,7 @@ class TcrConnection {
/** Create a normal or SSL connection */
Connector* createConnection(
- const char* ipaddr,
+ const std::string& address,
std::chrono::microseconds waitSeconds = DEFAULT_CONNECT_TIMEOUT,
int32_t maxBuffSizePool = 0);
diff --git a/cryptoimpl/CMakeLists.txt b/cryptoimpl/CMakeLists.txt
deleted file mode 100644
index 44aadd7..0000000
--- a/cryptoimpl/CMakeLists.txt
+++ /dev/null
@@ -1,62 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-project(cryptoImpl LANGUAGES CXX)
-
-add_library(cryptoImpl SHARED
- ${CMAKE_CURRENT_BINARY_DIR}/cryptoimpl_export.h
- Ssl.hpp
- SSLImpl.hpp
- SSLImpl.cpp
-)
-
-include(GenerateExportHeader)
-generate_export_header(cryptoImpl)
-
-target_include_directories(cryptoImpl
- PUBLIC
- $<BUILD_INTERFACE:${CMAKE_CURRENT_BINARY_DIR}>)
-
-set_target_properties(cryptoImpl PROPERTIES
- CXX_VISIBILITY_PRESET hidden
- VISIBILITY_INLINES_HIDDEN ON
- FOLDER cpp/test/integration)
-
-target_link_libraries(cryptoImpl
- PRIVATE
- openssl-compat
- ACE::ACE_SSL
- _WarningsAsError
- PUBLIC
- c++11
-)
-
-IF(MSVC)
- INSTALL (
- FILES $<TARGET_PDB_FILE:${PROJECT_NAME}>
- DESTINATION bin
- CONFIGURATIONS Debug RelWithDebInfo
- )
-ENDIF(MSVC)
-
-add_clangformat(cryptoImpl)
-
-if ("Windows" STREQUAL ${CMAKE_SYSTEM_NAME} )
- install(TARGETS cryptoImpl
- RUNTIME DESTINATION bin)
-else()
- install (TARGETS cryptoImpl DESTINATION lib)
-endif()
-
diff --git a/cryptoimpl/SSLImpl.cpp b/cryptoimpl/SSLImpl.cpp
deleted file mode 100644
index dad15a5..0000000
--- a/cryptoimpl/SSLImpl.cpp
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "SSLImpl.hpp"
-
-#include <cstdint>
-#include <stdexcept>
-
-#include <ace/Guard_T.h>
-
-namespace apache {
-namespace geode {
-namespace client {
-
-ACE_Recursive_Thread_Mutex SSLImpl::s_mutex;
-volatile bool SSLImpl::s_initialized = false;
-
-void *gf_create_SslImpl(ACE_HANDLE sock, const char *pubkeyfile,
- const char *privkeyfile, const char *pemPassword) {
- return reinterpret_cast<void *>(
- new SSLImpl(sock, pubkeyfile, privkeyfile, pemPassword));
-}
-
-void gf_destroy_SslImpl(void *impl) {
- SSLImpl *theLib = reinterpret_cast<SSLImpl *>(impl);
- delete theLib;
-}
-
-extern "C" {
-static int pem_passwd_cb(char *buf, int size, int /*rwflag*/, void *passwd) {
- strncpy(buf, (char *)passwd, size);
- buf[size - 1] = '\0';
- return static_cast<int>(strlen(buf));
-}
-}
-
-SSLImpl::SSLImpl(ACE_HANDLE sock, const char *pubkeyfile,
- const char *privkeyfile, const char *password) {
- ACE_Guard<ACE_Recursive_Thread_Mutex> guard(SSLImpl::s_mutex);
-
- if (SSLImpl::s_initialized == false) {
- ACE_SSL_Context *sslContext = ACE_SSL_Context::instance();
-
- SSL_CTX_set_cipher_list(sslContext->context(), "DEFAULT");
- sslContext->set_mode(ACE_SSL_Context::SSLv23_client);
- sslContext->set_verify_peer();
- if (sslContext->load_trusted_ca(pubkeyfile) != 0) {
- throw std::invalid_argument("Failed to read SSL trust store.");
- }
-
- if (strlen(password) > 0) {
- SSL_CTX_set_default_passwd_cb(sslContext->context(), pem_passwd_cb);
- SSL_CTX_set_default_passwd_cb_userdata(sslContext->context(),
- const_cast<char *>(password));
- }
-
- if (privkeyfile && *privkeyfile) {
- if (sslContext->certificate(privkeyfile) != 0) {
- throw std::invalid_argument("Failed to read SSL certificate.");
- }
- if (sslContext->private_key(privkeyfile) != 0) {
- throw std::invalid_argument("Invalid SSL keystore password.");
- }
- if (::SSL_CTX_use_certificate_chain_file(sslContext->context(),
- privkeyfile) <= 0) {
- throw std::invalid_argument("Failed to read SSL certificate chain.");
- }
- }
- SSLImpl::s_initialized = true;
- }
- m_io = new ACE_SSL_SOCK_Stream();
- m_io->set_handle(sock);
-}
-
-SSLImpl::~SSLImpl() {
- ACE_Guard<ACE_Recursive_Thread_Mutex> guard(SSLImpl::s_mutex);
-
- if (m_io) {
- delete m_io;
- }
-}
-
-void SSLImpl::close() {
- ACE_Guard<ACE_Recursive_Thread_Mutex> guard(SSLImpl::s_mutex);
-
- if (m_io) {
- m_io->close();
- }
-}
-
-int SSLImpl::setOption(int level, int option, void *optval, int optlen) {
- return m_io->set_option(level, option, optval, optlen);
-}
-
-int SSLImpl::listen(ACE_INET_Addr addr, std::chrono::microseconds waitSeconds)
{
- ACE_SSL_SOCK_Acceptor listener(addr, 1);
- if (waitSeconds > std::chrono::microseconds::zero()) {
- ACE_Time_Value wtime(waitSeconds);
- return listener.accept(*m_io, nullptr, &wtime);
- } else {
- return listener.accept(*m_io, nullptr);
- }
-}
-
-int SSLImpl::connect(ACE_INET_Addr ipaddr,
- std::chrono::microseconds waitSeconds) {
- ACE_SSL_SOCK_Connector conn;
- if (waitSeconds > std::chrono::microseconds::zero()) {
- ACE_Time_Value wtime(waitSeconds);
- return conn.connect(*m_io, ipaddr, &wtime);
- } else {
- return conn.connect(*m_io, ipaddr);
- }
-}
-
-ssize_t SSLImpl::recv(void *buf, size_t len, const ACE_Time_Value *timeout,
- size_t *bytes_transferred) {
- return m_io->recv_n(buf, len, 0, timeout, bytes_transferred);
-}
-
-ssize_t SSLImpl::send(const void *buf, size_t len,
- const ACE_Time_Value *timeout,
- size_t *bytes_transferred) {
- return m_io->send_n(buf, len, 0, timeout, bytes_transferred);
-}
-
-int SSLImpl::getLocalAddr(ACE_Addr &addr) { return m_io->get_local_addr(addr);
}
-
-} // namespace client
-} // namespace geode
-} // namespace apache
diff --git a/cryptoimpl/SSLImpl.hpp b/cryptoimpl/SSLImpl.hpp
deleted file mode 100644
index a70e965..0000000
--- a/cryptoimpl/SSLImpl.hpp
+++ /dev/null
@@ -1,88 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#ifndef GEODE_CRYPTOIMPL_SSLIMPL_H_
-#define GEODE_CRYPTOIMPL_SSLIMPL_H_
-
-#ifdef _WIN32
-#pragma warning(push)
-#pragma warning(disable : 4311)
-#pragma warning(disable : 4302)
-#endif
-
-#pragma pack(push)
-
-#ifdef _WIN32
-#pragma error_messages(off, macroredef)
-#endif
-
-#include <ace/INET_Addr.h>
-#include <ace/OS.h>
-#include <ace/Recursive_Thread_Mutex.h>
-#include <ace/SOCK_IO.h>
-#include <ace/SSL/SSL_SOCK_Acceptor.h>
-#include <ace/SSL/SSL_SOCK_Connector.h>
-#include <ace/Time_Value.h>
-
-#ifdef _WIN32
-#pragma error_messages(on, macroredef)
-#endif
-
-#pragma pack(pop)
-
-#include "Ssl.hpp"
-#include "cryptoimpl_export.h"
-
-namespace apache {
-namespace geode {
-namespace client {
-
-class SSLImpl : public apache::geode::client::Ssl {
- private:
- ACE_SSL_SOCK_Stream* m_io;
- static ACE_Recursive_Thread_Mutex s_mutex;
- volatile static bool s_initialized;
-
- public:
- SSLImpl(ACE_HANDLE sock, const char* pubkeyfile, const char* privkeyfile,
- const char* password);
- virtual ~SSLImpl() override;
-
- int setOption(int, int, void*, int) override;
- int listen(ACE_INET_Addr, std::chrono::microseconds) override;
- int connect(ACE_INET_Addr, std::chrono::microseconds) override;
- ssize_t recv(void*, size_t, const ACE_Time_Value*, size_t*) override;
- ssize_t send(const void*, size_t, const ACE_Time_Value*, size_t*) override;
- int getLocalAddr(ACE_Addr&) override;
- void close() override;
-};
-
-extern "C" {
-CRYPTOIMPL_EXPORT void* gf_create_SslImpl(ACE_HANDLE sock,
- const char* pubkeyfile,
- const char* privkeyfile,
- const char* pemPassword);
-CRYPTOIMPL_EXPORT void gf_destroy_SslImpl(void* impl);
-}
-
-} // namespace client
-} // namespace geode
-} // namespace apache
-
-#endif // GEODE_CRYPTOIMPL_SSLIMPL_H_
diff --git a/cryptoimpl/Ssl.hpp b/cryptoimpl/Ssl.hpp
deleted file mode 100644
index 45b8da5..0000000
--- a/cryptoimpl/Ssl.hpp
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#ifndef GEODE_CRYPTOIMPL_SSL_H_
-#define GEODE_CRYPTOIMPL_SSL_H_
-
-#include <chrono>
-
-#include <ace/INET_Addr.h>
-#include <ace/OS.h>
-
-namespace apache {
-namespace geode {
-namespace client {
-class Ssl {
- public:
- virtual ~Ssl() {}
- virtual int setOption(int, int, void*, int) = 0;
- virtual int listen(ACE_INET_Addr, std::chrono::microseconds) = 0;
- virtual int connect(ACE_INET_Addr, std::chrono::microseconds) = 0;
- virtual ssize_t recv(void*, size_t, const ACE_Time_Value*, size_t*) = 0;
- virtual ssize_t send(const void*, size_t, const ACE_Time_Value*, size_t*) =
0;
- virtual int getLocalAddr(ACE_Addr&) = 0;
- virtual void close() = 0;
-};
-} // namespace client
-} // namespace geode
-} // namespace apache
-
-#endif // GEODE_CRYPTOIMPL_SSL_H_
diff --git a/docs/geode-native-docs-cpp/security/sslclientserver.html.md.erb
b/docs/geode-native-docs-cpp/security/sslclientserver.html.md.erb
index 763222a..cfaf52e 100644
--- a/docs/geode-native-docs-cpp/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs-cpp/security/sslclientserver.html.md.erb
@@ -68,8 +68,6 @@ Specifically, ensure that:
For details on stopping and starting locators and cache servers with SSL, see
[Starting Up and Shutting Down Your
System](geodeman/configuring/running/starting_up_shutting_down.html).
-The <%=vars.product_name%> Native’s libcryptoImpl found in /lib must be linked
at compile time. This binary is used to interact with OpenSSL. Link
libcryptoImpl, native client, and your application code. We highly recommend
using cmake.
-
**Example locator start command**
Ensure that all required SSL properties are configured in your server's
`geode.properties` file. Then start your locator as follows:
diff --git a/docs/geode-native-docs-dotnet/security/sslclientserver.html.md.erb
b/docs/geode-native-docs-dotnet/security/sslclientserver.html.md.erb
index 763222a..cfaf52e 100644
--- a/docs/geode-native-docs-dotnet/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs-dotnet/security/sslclientserver.html.md.erb
@@ -68,8 +68,6 @@ Specifically, ensure that:
For details on stopping and starting locators and cache servers with SSL, see
[Starting Up and Shutting Down Your
System](geodeman/configuring/running/starting_up_shutting_down.html).
-The <%=vars.product_name%> Native’s libcryptoImpl found in /lib must be linked
at compile time. This binary is used to interact with OpenSSL. Link
libcryptoImpl, native client, and your application code. We highly recommend
using cmake.
-
**Example locator start command**
Ensure that all required SSL properties are configured in your server's
`geode.properties` file. Then start your locator as follows:
diff --git a/examples/cmake/FindGeodeNative.cmake.in
b/examples/cmake/FindGeodeNative.cmake.in
index c254c8e..906fec0 100644
--- a/examples/cmake/FindGeodeNative.cmake.in
+++ b/examples/cmake/FindGeodeNative.cmake.in
@@ -26,7 +26,6 @@
#
# ``@PRODUCT_NAME_NOSPACE@::cpp``
# ``@PRODUCT_NAME_NOSPACE@::dotnet``
-# ``@PRODUCT_NAME_NOSPACE@::crypto``
#
# Result Variables
# ^^^^^^^^^^^^^^^^
@@ -89,21 +88,6 @@ find_path(@PRODUCT_NAME_NOSPACE@_CPP_INCLUDE_DIR NAMES
geode/CacheFactory.hpp
# End - component "cpp"
-# Begin - component "crypto"
-set(_@PRODUCT_NAME_NOSPACE@_CRYPTO_NAMES cryptoImpl)
-
-set(_CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES})
-set(CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_SHARED_LIBRARY_SUFFIX})
-find_library(@PRODUCT_NAME_NOSPACE@_CRYPTO_LIBRARY
- NAMES ${_@PRODUCT_NAME_NOSPACE@_CRYPTO_NAMES}
- HINTS ${_@PRODUCT_NAME_NOSPACE@_HINTS}
- PATHS ${_@PRODUCT_NAME_NOSPACE@_PATHS}
- PATH_SUFFIXES @PRODUCT_LIB_NAME@/lib lib @PRODUCT_LIB_NAME@/bin bin
-)
-set(CMAKE_FIND_LIBRARY_SUFFIXES ${_CMAKE_FIND_LIBRARY_SUFFIXES})
-# End - component "crypto"
-
-
# Begin - component "dotnet"
set(_@PRODUCT_NAME_NOSPACE@_DOTNET_NAMES @[email protected])
@@ -125,9 +109,6 @@ if (@PRODUCT_NAME_NOSPACE@_FIND_COMPONENTS)
if (component STREQUAL "cpp")
list(APPEND _@PRODUCT_NAME_NOSPACE@_REQUIRED_VARS
@PRODUCT_NAME_NOSPACE@_CPP_LIBRARY @PRODUCT_NAME_NOSPACE@_CPP_INCLUDE_DIR)
endif()
- if (component STREQUAL "crypto")
- list(APPEND _@PRODUCT_NAME_NOSPACE@_REQUIRED_VARS
@PRODUCT_NAME_NOSPACE@_CRYPTO_LIBRARY)
- endif()
if (component STREQUAL "dotnet")
list(APPEND _@PRODUCT_NAME_NOSPACE@_REQUIRED_VARS
@PRODUCT_NAME_NOSPACE@_DOTNET_LIBRARY)
endif()
@@ -150,14 +131,6 @@ if(@PRODUCT_NAME_NOSPACE@_FOUND)
INTERFACE_INCLUDE_DIRECTORIES
"${@PRODUCT_NAME_NOSPACE@_CPP_INCLUDE_DIR}")
endif()
- set(@PRODUCT_NAME_NOSPACE@_CRYPTO_TARGET "@PRODUCT_NAME_NOSPACE@::crypto")
- if(NOT TARGET ${@PRODUCT_NAME_NOSPACE@_CRYPTO_TARGET})
- add_library(${@PRODUCT_NAME_NOSPACE@_CRYPTO_TARGET} UNKNOWN IMPORTED)
- set_target_properties(${@PRODUCT_NAME_NOSPACE@_CRYPTO_TARGET} PROPERTIES
- IMPORTED_LINK_INTERFACE_LANGUAGES "CXX"
- IMPORTED_LOCATION "${@PRODUCT_NAME_NOSPACE@_CRYPTO_LIBRARY}")
- endif()
-
set(@PRODUCT_NAME_NOSPACE@_DOTNET_TARGET "@PRODUCT_NAME_NOSPACE@::dotnet")
if(NOT TARGET ${@PRODUCT_NAME_NOSPACE@_DOTNET_TARGET})
add_library(${@PRODUCT_NAME_NOSPACE@_DOTNET_TARGET} UNKNOWN IMPORTED)
diff --git a/examples/cpp/sslputget/CMakeLists.txt.in
b/examples/cpp/sslputget/CMakeLists.txt.in
index 5f346af..d84fa79 100644
--- a/examples/cpp/sslputget/CMakeLists.txt.in
+++ b/examples/cpp/sslputget/CMakeLists.txt.in
@@ -47,33 +47,15 @@ file(GLOB SSL_CERTIFICATES
file(INSTALL ${SSL_CERTIFICATES} DESTINATION ${CMAKE_CURRENT_BINARY_DIR})
-# This is needed on Linux to force libcryptoImpl.so to be linked in.
-# Not currently supported in latest cmake, but ticket created:
https://gitlab.kitware.com/cmake/cmake/issues/20174
-if ("Linux" STREQUAL ${CMAKE_SYSTEM_NAME} )
- set_target_properties(${PROJECT_NAME} PROPERTIES
- LINK_WHAT_YOU_USE TRUE)
-endif()
-
-if (NOT WIN32)
- target_link_libraries(${PROJECT_NAME}
- PUBLIC
- @PRODUCT_NAME_NOSPACE@::cpp
- @PRODUCT_NAME_NOSPACE@::crypto
- )
-else()
- target_link_libraries(${PROJECT_NAME}
- PUBLIC
- @PRODUCT_NAME_NOSPACE@::cpp
- )
-endif()
+target_link_libraries(${PROJECT_NAME}
+ PUBLIC
+ @PRODUCT_NAME_NOSPACE@::cpp
+)
if(WIN32)
add_custom_command(TARGET ${PROJECT_NAME} POST_BUILD
COMMAND ${CMAKE_COMMAND} -E copy
$<SHELL_PATH:$<TARGET_FILE_DIR:@PRODUCT_NAME_NOSPACE@::cpp>/../bin/@[email protected]>
$<SHELL_PATH:$<TARGET_FILE_DIR:${PROJECT_NAME}>>
- COMMAND ${CMAKE_COMMAND} -E copy
-
$<SHELL_PATH:$<TARGET_FILE_DIR:@PRODUCT_NAME_NOSPACE@::crypto>/../bin/cryptoImpl.dll>
- $<SHELL_PATH:$<TARGET_FILE_DIR:${PROJECT_NAME}>>
)
endif()
diff --git a/openssl-compat/CMakeLists.txt b/openssl-compat/CMakeLists.txt
deleted file mode 100644
index 20ec26e..0000000
--- a/openssl-compat/CMakeLists.txt
+++ /dev/null
@@ -1,30 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-project(openssl-compat LANGUAGES CXX)
-
-add_library(openssl-compat INTERFACE)
-
-target_include_directories(openssl-compat
- INTERFACE
- $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}>
-)
-
-find_package(OpenSSL COMPONENTS Crypto)
-
-target_link_libraries(openssl-compat
- INTERFACE
- OpenSSL::Crypto
-)
diff --git a/openssl-compat/openssl-compat.h b/openssl-compat/openssl-compat.h
deleted file mode 100644
index 87dfbab..0000000
--- a/openssl-compat/openssl-compat.h
+++ /dev/null
@@ -1,86 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef OPENSSL_COMPAT_H
-#define OPENSSL_COMPAT_H
-
-#include <openssl/opensslv.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-
-#include <openssl/dh.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-static inline void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM
**q,
- const BIGNUM **g) {
- if (p) *p = dh->p;
- if (q) *q = dh->q;
- if (g) *g = dh->g;
-}
-
-static inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
- const BIGNUM **priv_key) {
- if (pub_key) *pub_key = dh->pub_key;
- if (priv_key) *priv_key = dh->priv_key;
-}
-
-static inline int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) {
- if (!(dh->pub_key || pub_key)) {
- return 0;
- }
-
- if (pub_key) {
- BN_free(dh->pub_key);
- dh->pub_key = pub_key;
- }
- if (priv_key) {
- BN_free(dh->priv_key);
- dh->priv_key = priv_key;
- }
-
- return 1;
-}
-
-static inline int DH_set_length(DH *dh, long length) {
- dh->length = length;
- return 1;
-}
-
-static inline EVP_MD_CTX *EVP_MD_CTX_new(void) {
- return reinterpret_cast<EVP_MD_CTX *>(OPENSSL_malloc(sizeof(EVP_MD_CTX)));
-}
-
-static inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) {
- EVP_MD_CTX_cleanup(ctx);
- OPENSSL_free(ctx);
-}
-
-static inline int EVP_PKEY_up_ref(EVP_PKEY *pkey) {
- return CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-}
-
-static inline void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *,
- const void **, const X509_ALGOR *algor) {
- *paobj = algor->algorithm;
-}
-
-#define X509_F_X509_PUBKEY_DECODE X509_F_X509_PUBKEY_GET
-
-#endif /* OPENSSL_VERSION_NUMBER */
-
-#endif /* OPENSSL_COMPAT_H */
diff --git a/templates/security/CMakeLists.txt
b/templates/security/CMakeLists.txt
index 36ce124..99dc067 100644
--- a/templates/security/CMakeLists.txt
+++ b/templates/security/CMakeLists.txt
@@ -39,7 +39,6 @@ target_link_libraries(securityImpl
apache-geode
OpenSSL::Crypto
PRIVATE
- openssl-compat
_WarningsAsError
)
diff --git a/tests/cpp/security/CMakeLists.txt
b/tests/cpp/security/CMakeLists.txt
index 8396cc2..847bb5d 100644
--- a/tests/cpp/security/CMakeLists.txt
+++ b/tests/cpp/security/CMakeLists.txt
@@ -46,7 +46,6 @@ target_link_libraries(security
OpenSSL::Crypto
OpenSSL::SSL
PRIVATE
- openssl-compat
ACE::ACE
_WarningsAsError
)
