You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@geode.apache.org by "bschuchardt (GitHub)" <gi...@apache.org> on 2018/12/19 22:42:11 UTC

[GitHub] [geode] bschuchardt opened pull request #3025: Feature/geode 2113c - implement SSL over NIO for peer-to-peer communication

Thank you for submitting a contribution to Apache Geode.

This removes old-I/O use in TCPConduit peer-to-peer communications.

This was used for SSL/TLS secure commuications but Java has had an

SSLEngine implementation that allows you to implement secure

communications on new-I/O SocketChannels or any other transport
mechanism.

A new NioSSLEngine class wraps the JDK's SSLEngine and provides the
SSL
handshake as well as encryption/decryption of messages. SocketCreator
performs the SSL handshake and returns a NioSslEngine that TCPConduit

then uses for messaging.

The SSL handshake needs to be done in Connection.java now because the

ByteBuffer used to do the handshake is also used for reading messages
in
Receivers. Because of this the Handshake pool in TCPConduit became

obsolete and I deleted it.

I've also done a lot of cleanup of compilation warnings in
Connection.java
and removed references to "NIO". The primary SSL/TLS
changes in that class
are in writeFully (renamed from nioWriteFully)
and processBuffer (renamed
from processNIOBuffer).

While testing I noticed some places where we're creating non-daemon
threads that were keeping DUnit ChildVM processes from exiting.  I've
changed these places to use daemon threads.  Very few threads in Geode
should be non-daemon.

Porting client/server to use NioSSLEngine will be done under a separate

ticket and a different version of NioEngine may be created to secure
UDP
messaging.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

### For all changes:
- [x] Is there a JIRA ticket associated with this PR? Is it referenced in the commit message?

- [x] Has your PR been rebased against the latest commit within the target branch (typically `develop`)?

- [ ] Is your initial contribution a single, squashed commit?

- [ ] Does `gradlew build` run cleanly?

- [x] Have you written or updated unit tests to verify your changes?

- [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?

### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and
submit an update to your PR as soon as possible. If you need help, please send an
email to dev@geode.apache.org.


[ Full content available at: https://github.com/apache/geode/pull/3025 ]
This message was relayed via gitbox.apache.org for notifications@geode.apache.org

[GitHub] [geode] bschuchardt commented on pull request #3025: Feature/geode 2113c - implement SSL over NIO for peer-to-peer communication

Posted by "bschuchardt (GitHub)" <gi...@apache.org>.
I'll revert this - we need to test with both old-style SSL settings and new-style settings

[ Full content available at: https://github.com/apache/geode/pull/3025 ]
This message was relayed via gitbox.apache.org for notifications@geode.apache.org

[GitHub] [geode] bschuchardt closed pull request #3025: Feature/geode 2113c - implement SSL over NIO for peer-to-peer communication

Posted by "bschuchardt (GitHub)" <gi...@apache.org>.
[ pull request closed by bschuchardt ]

[ Full content available at: https://github.com/apache/geode/pull/3025 ]
This message was relayed via gitbox.apache.org for notifications@geode.apache.org