This is an automated email from the ASF dual-hosted git repository. bennoe pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 37aa3717d018e611ca5ac4bb6675645abe4e1ff7 Author: Benno Evers <[email protected]> AuthorDate: Tue Jun 18 02:07:48 2019 +0200 Added optional 'peer_hostname' argument to Socket::connect(). The Socket::connect() function now takes an optional string as an additional argument. This is to prepare support for proper TLS hostname validation. With TCP, a connection is always made to a specific IP address, with the hostname just serving as an artifact to help humans remember that address. With TLS, the roles are switched: A connection is made to a specific hostname (which is recorded in a TLS certificate), with the IP address just being a network-layer artifact to help packets route to that hostname. Therefore, a connecting TLS socket must be aware of the hostname it is supposed to connect to. Review: https://reviews.apache.org/r/70883 --- 3rdparty/libprocess/include/process/http.hpp | 10 +++++++++- 3rdparty/libprocess/include/process/socket.hpp | 14 ++++++++++++-- 3rdparty/libprocess/src/http.cpp | 19 +++++++++++++++---- 3rdparty/libprocess/src/poll_socket.hpp | 4 +++- .../src/posix/libevent/libevent_ssl_socket.cpp | 4 +++- .../src/posix/libevent/libevent_ssl_socket.hpp | 5 ++++- 3rdparty/libprocess/src/posix/poll_socket.cpp | 4 +++- 3rdparty/libprocess/src/process.cpp | 4 ++-- 3rdparty/libprocess/src/windows/poll_socket.cpp | 4 +++- 9 files changed, 54 insertions(+), 14 deletions(-) diff --git a/3rdparty/libprocess/include/process/http.hpp b/3rdparty/libprocess/include/process/http.hpp index 029605e..654bbc2 100644 --- a/3rdparty/libprocess/include/process/http.hpp +++ b/3rdparty/libprocess/include/process/http.hpp @@ -986,7 +986,9 @@ private: const network::Address& _peerAddress); friend Future<Connection> connect( - const network::Address& address, Scheme scheme); + const network::Address& address, + Scheme scheme, + const Option<std::string>& peer_hostname); friend Future<Connection> connect(const URL&); // Forward declaration. @@ -996,6 +998,12 @@ private: }; +Future<Connection> connect( + const network::Address& address, + Scheme scheme, + const Option<std::string>& peer_hostname); + + Future<Connection> connect(const network::Address& address, Scheme scheme); diff --git a/3rdparty/libprocess/include/process/socket.hpp b/3rdparty/libprocess/include/process/socket.hpp index 4f0f6e9..88f6486 100644 --- a/3rdparty/libprocess/include/process/socket.hpp +++ b/3rdparty/libprocess/include/process/socket.hpp @@ -149,7 +149,10 @@ public: */ virtual Future<std::shared_ptr<SocketImpl>> accept() = 0; - virtual Future<Nothing> connect(const Address& address) = 0; + virtual Future<Nothing> connect( + const Address& address, + const Option<std::string>& peer_hostname) = 0; + virtual Future<size_t> recv(char* data, size_t size) = 0; virtual Future<size_t> send(const char* data, size_t size) = 0; virtual Future<size_t> sendfile(int_fd fd, off_t offset, size_t size) = 0; @@ -360,7 +363,14 @@ public: Future<Nothing> connect(const AddressType& address) { - return impl->connect(address); + return impl->connect(address, None()); + } + + Future<Nothing> connect( + const AddressType& address, + const Option<std::string>& peer_hostname) + { + return impl->connect(address, peer_hostname); } Future<size_t> recv(char* data, size_t size) const diff --git a/3rdparty/libprocess/src/http.cpp b/3rdparty/libprocess/src/http.cpp index 3e73ee9..0ed9aa8 100644 --- a/3rdparty/libprocess/src/http.cpp +++ b/3rdparty/libprocess/src/http.cpp @@ -1423,7 +1423,10 @@ Future<Nothing> Connection::disconnected() } -Future<Connection> connect(const network::Address& address, Scheme scheme) +Future<Connection> connect( + const network::Address& address, + Scheme scheme, + const Option<string>& peer_hostname) { SocketImpl::Kind kind; @@ -1446,7 +1449,7 @@ Future<Connection> connect(const network::Address& address, Scheme scheme) return Failure("Failed to create socket: " + socket.error()); } - return socket->connect(address) + return socket->connect(address, peer_hostname) .then([socket, address]() -> Future<Connection> { Try<network::Address> localAddress = socket->address(); if (localAddress.isError()) { @@ -1459,6 +1462,14 @@ Future<Connection> connect(const network::Address& address, Scheme scheme) } +Future<Connection> connect( + const network::Address& address, + Scheme scheme) +{ + return connect(address, scheme, None()); +} + + Future<Connection> connect(const URL& url) { // TODO(bmahler): Move address resolution into the URL class? @@ -1489,12 +1500,12 @@ Future<Connection> connect(const URL& url) // Default to 'http' if no scheme was specified. if (url.scheme.isNone() || url.scheme == string("http")) { - return connect(address, Scheme::HTTP); + return connect(address, Scheme::HTTP, url.domain); } if (url.scheme == string("https")) { #ifdef USE_SSL_SOCKET - return connect(address, Scheme::HTTPS); + return connect(address, Scheme::HTTPS, url.domain); #else return Failure("'https' scheme requires SSL enabled"); #endif diff --git a/3rdparty/libprocess/src/poll_socket.hpp b/3rdparty/libprocess/src/poll_socket.hpp index 15b7902..c60e454 100644 --- a/3rdparty/libprocess/src/poll_socket.hpp +++ b/3rdparty/libprocess/src/poll_socket.hpp @@ -32,7 +32,9 @@ public: // Implementation of the SocketImpl interface. Try<Nothing> listen(int backlog) override; Future<std::shared_ptr<SocketImpl>> accept() override; - Future<Nothing> connect(const Address& address) override; + Future<Nothing> connect( + const Address& address, + const Option<std::string>& peer_hostname) override; Future<size_t> recv(char* data, size_t size) override; Future<size_t> send(const char* data, size_t size) override; Future<size_t> sendfile(int_fd fd, off_t offset, size_t size) override; diff --git a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp index 1921d0e..13aaa23 100644 --- a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp +++ b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp @@ -511,7 +511,9 @@ LibeventSSLSocketImpl::LibeventSSLSocketImpl( peer_hostname(std::move(_peer_hostname)) {} -Future<Nothing> LibeventSSLSocketImpl::connect(const Address& address) +Future<Nothing> LibeventSSLSocketImpl::connect( + const Address& address, + const Option<string>& peer_hostname_) { if (bev != nullptr) { return Failure("Socket is already connected"); diff --git a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp index 6ef5a86..ecb8a55 100644 --- a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp +++ b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp @@ -40,7 +40,10 @@ public: ~LibeventSSLSocketImpl() override; // Implement 'SocketImpl' interface. - Future<Nothing> connect(const Address& address) override; + Future<Nothing> connect( + const Address& address, + const Option<std::string>& peer_hostname) override; + Future<size_t> recv(char* data, size_t size) override; // Send does not currently support discard. See implementation. Future<size_t> send(const char* data, size_t size) override; diff --git a/3rdparty/libprocess/src/posix/poll_socket.cpp b/3rdparty/libprocess/src/posix/poll_socket.cpp index 74acb69..96c8df6 100644 --- a/3rdparty/libprocess/src/posix/poll_socket.cpp +++ b/3rdparty/libprocess/src/posix/poll_socket.cpp @@ -113,7 +113,9 @@ Future<std::shared_ptr<SocketImpl>> PollSocketImpl::accept() } -Future<Nothing> PollSocketImpl::connect(const Address& address) +Future<Nothing> PollSocketImpl::connect( + const Address& address, + const Option<string>& /* peer_hostname */) { Try<Nothing, SocketError> connect = network::connect(get(), address); if (connect.isError()) { diff --git a/3rdparty/libprocess/src/process.cpp b/3rdparty/libprocess/src/process.cpp index 799666f..d50f88d 100644 --- a/3rdparty/libprocess/src/process.cpp +++ b/3rdparty/libprocess/src/process.cpp @@ -1671,7 +1671,7 @@ void SocketManager::link( if (connect) { CHECK_SOME(socket); - socket->connect(to.address) + socket->connect(to.address, to.host) .onAny(lambda::bind( &SocketManager::link_connect, this, @@ -2033,7 +2033,7 @@ void SocketManager::send(Message&& message, const SocketImpl::Kind& kind) if (connect) { CHECK_SOME(socket); - socket->connect(address) + socket->connect(address, message.to.host) .onAny(lambda::bind( // TODO(benh): with C++14 we can use lambda instead of // `std::bind` and capture `message` with a `std::move`. diff --git a/3rdparty/libprocess/src/windows/poll_socket.cpp b/3rdparty/libprocess/src/windows/poll_socket.cpp index 565b008..ab1deef 100644 --- a/3rdparty/libprocess/src/windows/poll_socket.cpp +++ b/3rdparty/libprocess/src/windows/poll_socket.cpp @@ -135,7 +135,9 @@ Future<std::shared_ptr<SocketImpl>> PollSocketImpl::accept() } -Future<Nothing> PollSocketImpl::connect(const Address& address) +Future<Nothing> PollSocketImpl::connect( + const Address& address, + const Option<std::string>& /* peer_hostname */) { // Need to hold a copy of `this` so that the underlying socket // doesn't end up getting reused before we return.
