You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by jf...@apache.org on 2014/02/21 19:50:55 UTC

git commit: Revert "THRIFT-2258 cpp: Add TLS v1.1/1.2 support to TSSLSocket.cpp"

Repository: thrift
Updated Branches:
  refs/heads/master 8b3ca02a2 -> db536cf6b


Revert "THRIFT-2258 cpp: Add TLS v1.1/1.2 support to TSSLSocket.cpp"

This reverts commit 01386c95a8f18d55cefc0ad0f33a1154e095f51a.


Project: http://git-wip-us.apache.org/repos/asf/thrift/repo
Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/db536cf6
Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/db536cf6
Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/db536cf6

Branch: refs/heads/master
Commit: db536cf6bb7a561ca83c7f4b8c1c7fd1fed00375
Parents: 8b3ca02
Author: jfarrell <jf...@apache.org>
Authored: Fri Feb 21 13:43:43 2014 -0500
Committer: jfarrell <jf...@apache.org>
Committed: Fri Feb 21 13:50:10 2014 -0500

----------------------------------------------------------------------
 lib/cpp/src/thrift/transport/TSSLSocket.cpp | 39 +++---------------------
 lib/cpp/src/thrift/transport/TSSLSocket.h   | 15 ++-------
 2 files changed, 6 insertions(+), 48 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/thrift/blob/db536cf6/lib/cpp/src/thrift/transport/TSSLSocket.cpp
----------------------------------------------------------------------
diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.cpp b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
index 5f91c89..ce971d3 100644
--- a/lib/cpp/src/thrift/transport/TSSLSocket.cpp
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.cpp
@@ -55,45 +55,14 @@ static bool matchName(const char* host, const char* pattern, int size);
 static char uppercase(char c);
 
 // SSLContext implementation
-SSLContext::SSLContext(const SSLProtocol& protocol) {
-  if(protocol == SSLProtocol::SSLTLS)
-  {
-    ctx_ = SSL_CTX_new(SSLv23_method());
-  }
-  else if(protocol == SSLProtocol::SSLv3)
-  {
-    ctx_ = SSL_CTX_new(SSLv3_method());
-  }
-  else if(protocol == SSLProtocol::TLSv1_0)
-  {
-    ctx_ = SSL_CTX_new(TLSv1_method());
-  }
-  else if(protocol == SSLProtocol::TLSv1_1)
-  {
-    ctx_ = SSL_CTX_new(TLSv1_1_method());
-  }
-  else if(protocol == SSLProtocol::TLSv1_2)
-  {
-    ctx_ = SSL_CTX_new(TLSv1_2_method());
-  }
-  else
-  {
-    /// UNKNOWN PROTOCOL!
-    throw TSSLException("SSL_CTX_new: Unknown protocol");
-  }
-
+SSLContext::SSLContext() {
+  ctx_ = SSL_CTX_new(TLSv1_method());
   if (ctx_ == NULL) {
     string errors;
     buildErrors(errors);
     throw TSSLException("SSL_CTX_new: " + errors);
   }
   SSL_CTX_set_mode(ctx_, SSL_MODE_AUTO_RETRY);
-
-  // Disable horribly insecure SSLv2!
-  if(protocol == SSLProtocol::SSLTLS)
-  {
-    SSL_CTX_set_options(ctx_, SSL_OP_NO_SSLv2);
-  }
 }
 
 SSLContext::~SSLContext() {
@@ -381,14 +350,14 @@ bool     TSSLSocketFactory::initialized = false;
 uint64_t TSSLSocketFactory::count_ = 0;
 Mutex    TSSLSocketFactory::mutex_;
 
-TSSLSocketFactory::TSSLSocketFactory(const SSLProtocol& protocol): server_(false) {
+TSSLSocketFactory::TSSLSocketFactory(): server_(false) {
   Guard guard(mutex_);
   if (count_ == 0) {
     initializeOpenSSL();
     randomize();
   }
   count_++;
-  ctx_ = boost::shared_ptr<SSLContext>(new SSLContext(protocol));
+  ctx_ = boost::shared_ptr<SSLContext>(new SSLContext);
 }
 
 TSSLSocketFactory::~TSSLSocketFactory() {

http://git-wip-us.apache.org/repos/asf/thrift/blob/db536cf6/lib/cpp/src/thrift/transport/TSSLSocket.h
----------------------------------------------------------------------
diff --git a/lib/cpp/src/thrift/transport/TSSLSocket.h b/lib/cpp/src/thrift/transport/TSSLSocket.h
index 02d5bda..b379d23 100644
--- a/lib/cpp/src/thrift/transport/TSSLSocket.h
+++ b/lib/cpp/src/thrift/transport/TSSLSocket.h
@@ -31,15 +31,6 @@ namespace apache { namespace thrift { namespace transport {
 class AccessManager;
 class SSLContext;
 
-enum SSLProtocol {
-  SSLTLS  = 0,  // Supports SSLv3 and TLSv1.
-  SSLv2   = 1,  // Supports SSLv3 only. => HORRIBLY INSECURE!
-  SSLv3   = 2,  // Supports SSLv3 only.
-  TLSv1_0 = 3,  // Supports TLSv1_0 only.
-  TLSv1_1 = 4,  // Supports TLSv1_1 only.
-  TLSv1_2 = 5   // Supports TLSv1_2 only.
-};
-
 /**
  * OpenSSL implementation for SSL socket interface.
  */
@@ -117,10 +108,8 @@ class TSSLSocketFactory {
  public:
   /**
    * Constructor/Destructor
-   *
-   * @param protocol The SSL/TLS protocol to use.
    */
-  TSSLSocketFactory(const SSLProtocol& protocol = SSLProtocol::SSLTLS);
+  TSSLSocketFactory();
   virtual ~TSSLSocketFactory();
   /**
    * Create an instance of TSSLSocket with a fresh new socket.
@@ -245,7 +234,7 @@ class TSSLException: public TTransportException {
  */
 class SSLContext {
  public:
-  SSLContext(const SSLProtocol& protocol = SSLProtocol::SSLTLS);
+  SSLContext();
   virtual ~SSLContext();
   SSL* createSSL();
   SSL_CTX* get() { return ctx_; }