You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by jp...@apache.org on 2014/09/23 22:51:14 UTC
[1/5] git commit: Add documentation
Repository: trafficserver
Updated Branches:
refs/heads/master 338392cec -> c8bd8b125
Add documentation
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/8785687d
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/8785687d
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/8785687d
Branch: refs/heads/master
Commit: 8785687d9c0179ac675f2dd76b6804a7e964fae6
Parents: c5dfc23
Author: shinrich <sh...@network-geographics.com>
Authored: Tue Sep 23 15:06:41 2014 -0500
Committer: shinrich <sh...@network-geographics.com>
Committed: Tue Sep 23 15:07:39 2014 -0500
----------------------------------------------------------------------
doc/reference/api/TSVConnReenable.en.rst | 5 +++++
1 file changed, 5 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/8785687d/doc/reference/api/TSVConnReenable.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSVConnReenable.en.rst b/doc/reference/api/TSVConnReenable.en.rst
index c8efb3a..92dfb80 100644
--- a/doc/reference/api/TSVConnReenable.en.rst
+++ b/doc/reference/api/TSVConnReenable.en.rst
@@ -30,5 +30,10 @@ Description
Reenable the SSL connection :arg:`svc`. If a plugin hook is called, ATS processing on that connnection will not resume until this is invoked for that connection.
+If the server running Traffic Server has the appropriate openSSL patch installed, the SNI callback can return ``SSL_TLSEXT_ERR_READ_AGAIN`` to stop the SSL handshake processing. This results in ``SSL_accept`` returning ``SSL_ERROR_WANT_SNI_RESOLVE`` before completing the SSL handshake (only the client hello message will have been received). Additional processing could reenable the virtual connection causing the ``SSL_accept`` to be called again to complete the handshake exchange. In the case of a blind tunnel conversion, the SSL handshake will never be completed by Traffic Server.
+
+The plugin callbacks can halt the SSL handshake processing by not reenabling the connection (i.e., by not calling :c:func:`TSSslVConnReenable`). If a plugin SNI callback does not reenable the connection, the global callback will return ``SSL_TLSEXT_ERR_READ_AGAIN``.
+
+Without the openSSL patch, the handshake processing in ``SSL_accept`` will not be stopped even if the SNI callback does not reenable the connection.
[4/5] git commit: TS-3006 rebased documentation additions with master
Posted by jp...@apache.org.
TS-3006 rebased documentation additions with master
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/acd5f577
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/acd5f577
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/acd5f577
Branch: refs/heads/master
Commit: acd5f577bdceb15e25907bf8c9006d1ca4d98650
Parents: 8785687
Author: shinrich <sh...@network-geographics.com>
Authored: Tue Sep 23 15:08:29 2014 -0500
Committer: shinrich <sh...@network-geographics.com>
Committed: Tue Sep 23 15:08:29 2014 -0500
----------------------------------------------------------------------
plugins/experimental/ssl_cert_loader/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/acd5f577/plugins/experimental/ssl_cert_loader/Makefile.am
----------------------------------------------------------------------
diff --git a/plugins/experimental/ssl_cert_loader/Makefile.am b/plugins/experimental/ssl_cert_loader/Makefile.am
index 4b96937..fbae483 100644
--- a/plugins/experimental/ssl_cert_loader/Makefile.am
+++ b/plugins/experimental/ssl_cert_loader/Makefile.am
@@ -16,7 +16,7 @@
include $(top_srcdir)/build/plugins.mk
-AM_CPPFLAGS += -I$(top_builddir)/lib -I$(top_builddir)/lib/ts
+AM_CPPFLAGS += -I$(top_srcdir)/lib -I$(top_srcdir)/lib/ts
pkglib_LTLIBRARIES = ssl_cert_loader.la
[5/5] git commit: Merge branch 'ts-3006-more-fixes' of
https://github.com/shinrich/trafficserver
Posted by jp...@apache.org.
Merge branch 'ts-3006-more-fixes' of https://github.com/shinrich/trafficserver
This closes #117
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c8bd8b12
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c8bd8b12
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c8bd8b12
Branch: refs/heads/master
Commit: c8bd8b1258c7e479432e770ba609e6fd67c34d87
Parents: 338392c acd5f57
Author: James Peach <jp...@apache.org>
Authored: Tue Sep 23 13:50:44 2014 -0700
Committer: James Peach <jp...@apache.org>
Committed: Tue Sep 23 13:50:44 2014 -0700
----------------------------------------------------------------------
doc/reference/api/TSSslContextFindBy.en.rst | 56 ++++++++++++++++++++
doc/reference/api/TSVConnIsSsl.en.rst | 32 +++++++++++
doc/reference/api/TSVConnReenable.en.rst | 39 ++++++++++++++
.../api/TSVConnSslConnectionGet.en.rst | 41 ++++++++++++++
doc/reference/api/TSVConnTunnel.en.rst | 35 ++++++++++++
5 files changed, 203 insertions(+)
----------------------------------------------------------------------
[2/5] git commit: Add documentation for the SSL extensions.
Posted by jp...@apache.org.
Add documentation for the SSL extensions.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c5dfc23e
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c5dfc23e
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c5dfc23e
Branch: refs/heads/master
Commit: c5dfc23e40e880fd48a0eed1dc495cbb1b97ac64
Parents: 25bd7ab
Author: shinrich <sh...@network-geographics.com>
Authored: Tue Sep 23 15:04:52 2014 -0500
Committer: shinrich <sh...@network-geographics.com>
Committed: Tue Sep 23 15:07:39 2014 -0500
----------------------------------------------------------------------
doc/reference/api/TSSslContextFindBy.en.rst | 56 ++++++++++++++++++++
doc/reference/api/TSVConnIsSsl.en.rst | 32 +++++++++++
doc/reference/api/TSVConnReenable.en.rst | 34 ++++++++++++
.../api/TSVConnSslConnectionGet.en.rst | 41 ++++++++++++++
doc/reference/api/TSVConnTunnel.en.rst | 35 ++++++++++++
5 files changed, 198 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c5dfc23e/doc/reference/api/TSSslContextFindBy.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSSslContextFindBy.en.rst b/doc/reference/api/TSSslContextFindBy.en.rst
new file mode 100644
index 0000000..fc6a975
--- /dev/null
+++ b/doc/reference/api/TSSslContextFindBy.en.rst
@@ -0,0 +1,56 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed
+ with this work for additional information regarding copyright
+ ownership. The ASF licenses this file to you under the Apache
+ License, Version 2.0 (the "License"); you may not use this file
+ except in compliance with the License. You may obtain a copy of
+ the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied. See the License for the specific language governing
+ permissions and limitations under the License.
+
+
+TSSslContextFindByName
+======================
+
+Synopsis
+--------
+
+`#include <ts/ts.h>`
+
+
+.. c:function:: TSSslContext TSSslContextFindByName(const char *name)
+
+
+Description
+-----------
+
+ Look for a SSL context created from the :c:type:`ssl_multicert.config` file. Use the server name to search.
+
+TSSslContextFindByAddr
+=======================
+
+Synopsis
+--------
+
+`#include <ts/ts.h>`
+
+.. c:function:: TSSslContext TSSslContextFindByAddr(struct sockaddr const*)
+
+
+Description
+-----------
+
+ Look for a SSL context created from the :c:type:`ssl_multicert.config` file. Use the server address to search.
+
+Type
+----
+
+.. c:type:: TSSslContext
+
+ Corresponds to the SSL_CTX * value in openssl.
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c5dfc23e/doc/reference/api/TSVConnIsSsl.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSVConnIsSsl.en.rst b/doc/reference/api/TSVConnIsSsl.en.rst
new file mode 100644
index 0000000..c04c699
--- /dev/null
+++ b/doc/reference/api/TSVConnIsSsl.en.rst
@@ -0,0 +1,32 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed
+ with this work for additional information regarding copyright
+ ownership. The ASF licenses this file to you under the Apache
+ License, Version 2.0 (the "License"); you may not use this file
+ except in compliance with the License. You may obtain a copy of
+ the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied. See the License for the specific language governing
+ permissions and limitations under the License.
+
+
+TSVConnIsSsl
+============
+
+Synopsis
+--------
+
+`#include <ts/ts.h>`
+
+.. c:function:: int TSVConnIsSsl(TSVConn svc)
+
+Description
+-----------
+
+ Determines whether the connection associated with :arg:`svc` is being processed as an SSL connection. Returns 1 if it is being processed as SSL and 0 otherwise.
+
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c5dfc23e/doc/reference/api/TSVConnReenable.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSVConnReenable.en.rst b/doc/reference/api/TSVConnReenable.en.rst
new file mode 100644
index 0000000..c8efb3a
--- /dev/null
+++ b/doc/reference/api/TSVConnReenable.en.rst
@@ -0,0 +1,34 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed
+ with this work for additional information regarding copyright
+ ownership. The ASF licenses this file to you under the Apache
+ License, Version 2.0 (the "License"); you may not use this file
+ except in compliance with the License. You may obtain a copy of
+ the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied. See the License for the specific language governing
+ permissions and limitations under the License.
+
+
+TSVConnReenable
+===============
+
+Synopsis
+--------
+
+`#include <ts/ts.h>`
+
+.. c:function:: void TSSslVConnReenable(TSVConn svc)
+
+Description
+-----------
+
+ Reenable the SSL connection :arg:`svc`. If a plugin hook is called, ATS processing on that connnection will not resume until this is invoked for that connection.
+
+
+
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c5dfc23e/doc/reference/api/TSVConnSslConnectionGet.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSVConnSslConnectionGet.en.rst b/doc/reference/api/TSVConnSslConnectionGet.en.rst
new file mode 100644
index 0000000..610c8a0
--- /dev/null
+++ b/doc/reference/api/TSVConnSslConnectionGet.en.rst
@@ -0,0 +1,41 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed
+ with this work for additional information regarding copyright
+ ownership. The ASF licenses this file to you under the Apache
+ License, Version 2.0 (the "License"); you may not use this file
+ except in compliance with the License. You may obtain a copy of
+ the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied. See the License for the specific language governing
+ permissions and limitations under the License.
+
+
+TSVConnSslConnectionGet
+===========
+
+Synopsis
+--------
+
+`#include <ts/ts.h>`
+
+.. c:function:: TSSslVConnection TSVConnSslConnectionGet(TSVConn svc)
+
+
+Description
+-----------
+
+ Get the SSL (per connection) object from the SSl connection :arg:`svc`.
+
+
+Types
+-----
+
+.. c:type:: TSSslVConnection
+
+ The SSL (per connection) object. This is an opaque type that can be cast to the appropriate type (SSL * for the openSSL library).
+
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c5dfc23e/doc/reference/api/TSVConnTunnel.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/api/TSVConnTunnel.en.rst b/doc/reference/api/TSVConnTunnel.en.rst
new file mode 100644
index 0000000..982e1d4
--- /dev/null
+++ b/doc/reference/api/TSVConnTunnel.en.rst
@@ -0,0 +1,35 @@
+.. Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed
+ with this work for additional information regarding copyright
+ ownership. The ASF licenses this file to you under the Apache
+ License, Version 2.0 (the "License"); you may not use this file
+ except in compliance with the License. You may obtain a copy of
+ the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied. See the License for the specific language governing
+ permissions and limitations under the License.
+
+
+TSVConnTunnel
+===========
+
+Synopsis
+--------
+
+`#include <ts/ts.h>`
+
+.. c:function:: TSReturnCode TSVConnTunnel(TSVConn svc)
+
+
+Description
+-----------
+
+ Set the SSL connection :arg:`svc` to convert to a blind tunnel. Can be called from the TS_VCONN_PRE_ACCEPT_HOOK or the TS_SSL_SNI_HOOK.
+
+For this to work from the TS_SSL_SNI_HOOK, the openSSL patch must be applied which adds the ability to break out of the SSL_accept processing by returning SSL_TLSEXT_ERR_READ_AGAIN.
+
[3/5] git commit: TS-3006 Fix makefile to pull library for
experimental plugin from build tree not source tree.
Posted by jp...@apache.org.
TS-3006 Fix makefile to pull library for experimental plugin from build tree not
source tree.
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/25bd7abc
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/25bd7abc
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/25bd7abc
Branch: refs/heads/master
Commit: 25bd7abc0e5e66ee1da4fc6249de5d5a59a16c7c
Parents: 13a1844
Author: shinrich <sh...@network-geographics.com>
Authored: Tue Sep 23 11:54:57 2014 -0500
Committer: shinrich <sh...@network-geographics.com>
Committed: Tue Sep 23 15:07:39 2014 -0500
----------------------------------------------------------------------
plugins/experimental/ssl_cert_loader/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/25bd7abc/plugins/experimental/ssl_cert_loader/Makefile.am
----------------------------------------------------------------------
diff --git a/plugins/experimental/ssl_cert_loader/Makefile.am b/plugins/experimental/ssl_cert_loader/Makefile.am
index fbae483..4b96937 100644
--- a/plugins/experimental/ssl_cert_loader/Makefile.am
+++ b/plugins/experimental/ssl_cert_loader/Makefile.am
@@ -16,7 +16,7 @@
include $(top_srcdir)/build/plugins.mk
-AM_CPPFLAGS += -I$(top_srcdir)/lib -I$(top_srcdir)/lib/ts
+AM_CPPFLAGS += -I$(top_builddir)/lib -I$(top_builddir)/lib/ts
pkglib_LTLIBRARIES = ssl_cert_loader.la