Hello Kudu Jenkins,
I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/4789
to look at the new patch set (#7).
Change subject: KuduRPC integration with OpenSSL
......................................................................
KuduRPC integration with OpenSSL
This patch adds SSL support for the RPC layer in Kudu. It uses the
OpenSSL library for this purpose.
This is acheived by subclassing 'Socket' to add 'SSLSocket' which
calls into the OpenSSL library for auth/read/write/shutdown.
SSL is enabled only at a 'Connection' object level, i.e. the
AcceptorPool still only works with regular 'Socket's, and the reactor
threads also use a regular 'Socket' on a new outgoing call.
The first point of any SSL activity happens in the context of the
negotiation pool, where the SSL handshake happens before the SASL
handshake. On a successful handshake, further communication is
encrypted on that 'Connection'.
A 'SSLFactory' is created at the 'Messenger' level. This factory is
in-charge of creating 'SSLSocket' objects when necessary and also
keeps a track of the certificates, keys and the SSL context that is
shared among all the sockets of that 'Messenger'.
The x509_check_host() function is ported from OpenSSL-1.1.0b which we
use when the version of OpenSSL detected is less that 1.0.2. It is
added in util/x509_check_host.cc/h
Added a parameter to the rpc-test to additionally run the tests with
SSL enabled.
Future TODOs:
- Make SSL methods (SSLv23, TLS1, etc.) configurable and OpenSSL
version aware. (Choosing APIs based on supported versions)
- Allow loading keys as strings vs files. (Need to use different APIs)
Change-Id: I27167faa4e6a78e59b46093055b16682c93af0ea
---
M CMakeLists.txt
M LICENSE.txt
M NOTICE.txt
M build-support/lint.sh
M src/kudu/rpc/connection.cc
M src/kudu/rpc/connection.h
M src/kudu/rpc/messenger.cc
M src/kudu/rpc/messenger.h
M src/kudu/rpc/negotiation.cc
M src/kudu/rpc/reactor.cc
M src/kudu/rpc/rpc-test-base.h
M src/kudu/rpc/rpc-test.cc
M src/kudu/rpc/sasl_client.cc
M src/kudu/rpc/sasl_client.h
M src/kudu/rpc/sasl_rpc-test.cc
M src/kudu/rpc/sasl_server.cc
M src/kudu/rpc/sasl_server.h
M src/kudu/util/CMakeLists.txt
M src/kudu/util/net/net_util-test.cc
M src/kudu/util/net/socket.cc
M src/kudu/util/net/socket.h
A src/kudu/util/net/ssl_factory.cc
A src/kudu/util/net/ssl_factory.h
A src/kudu/util/net/ssl_socket.cc
A src/kudu/util/net/ssl_socket.h
A src/kudu/util/x509_check_host.cc
A src/kudu/util/x509_check_host.h
27 files changed, 1,301 insertions(+), 120 deletions(-)
git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/89/4789/7
--
To view, visit http://gerrit.cloudera.org:8080/4789
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I27167faa4e6a78e59b46093055b16682c93af0ea
Gerrit-PatchSet: 7
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Sailesh Mukil <[email protected]>
Gerrit-Reviewer: Alexey Serbin <[email protected]>
Gerrit-Reviewer: Dan Burkert <[email protected]>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Sailesh Mukil <[email protected]>
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <[email protected]>
