You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by be...@apache.org on 2019/07/05 12:08:33 UTC
[mesos] 04/12: Added optional 'peer_hostname' argument to
Socket::connect().
This is an automated email from the ASF dual-hosted git repository.
bennoe pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git
commit 37aa3717d018e611ca5ac4bb6675645abe4e1ff7
Author: Benno Evers <be...@mesosphere.com>
AuthorDate: Tue Jun 18 02:07:48 2019 +0200
Added optional 'peer_hostname' argument to Socket::connect().
The Socket::connect() function now takes an optional string
as an additional argument. This is to prepare support for proper
TLS hostname validation.
With TCP, a connection is always made to a specific IP address,
with the hostname just serving as an artifact to help humans
remember that address.
With TLS, the roles are switched: A connection is made to a
specific hostname (which is recorded in a TLS certificate),
with the IP address just being a network-layer artifact to
help packets route to that hostname.
Therefore, a connecting TLS socket must be aware of the
hostname it is supposed to connect to.
Review: https://reviews.apache.org/r/70883
---
3rdparty/libprocess/include/process/http.hpp | 10 +++++++++-
3rdparty/libprocess/include/process/socket.hpp | 14 ++++++++++++--
3rdparty/libprocess/src/http.cpp | 19 +++++++++++++++----
3rdparty/libprocess/src/poll_socket.hpp | 4 +++-
.../src/posix/libevent/libevent_ssl_socket.cpp | 4 +++-
.../src/posix/libevent/libevent_ssl_socket.hpp | 5 ++++-
3rdparty/libprocess/src/posix/poll_socket.cpp | 4 +++-
3rdparty/libprocess/src/process.cpp | 4 ++--
3rdparty/libprocess/src/windows/poll_socket.cpp | 4 +++-
9 files changed, 54 insertions(+), 14 deletions(-)
diff --git a/3rdparty/libprocess/include/process/http.hpp b/3rdparty/libprocess/include/process/http.hpp
index 029605e..654bbc2 100644
--- a/3rdparty/libprocess/include/process/http.hpp
+++ b/3rdparty/libprocess/include/process/http.hpp
@@ -986,7 +986,9 @@ private:
const network::Address& _peerAddress);
friend Future<Connection> connect(
- const network::Address& address, Scheme scheme);
+ const network::Address& address,
+ Scheme scheme,
+ const Option<std::string>& peer_hostname);
friend Future<Connection> connect(const URL&);
// Forward declaration.
@@ -996,6 +998,12 @@ private:
};
+Future<Connection> connect(
+ const network::Address& address,
+ Scheme scheme,
+ const Option<std::string>& peer_hostname);
+
+
Future<Connection> connect(const network::Address& address, Scheme scheme);
diff --git a/3rdparty/libprocess/include/process/socket.hpp b/3rdparty/libprocess/include/process/socket.hpp
index 4f0f6e9..88f6486 100644
--- a/3rdparty/libprocess/include/process/socket.hpp
+++ b/3rdparty/libprocess/include/process/socket.hpp
@@ -149,7 +149,10 @@ public:
*/
virtual Future<std::shared_ptr<SocketImpl>> accept() = 0;
- virtual Future<Nothing> connect(const Address& address) = 0;
+ virtual Future<Nothing> connect(
+ const Address& address,
+ const Option<std::string>& peer_hostname) = 0;
+
virtual Future<size_t> recv(char* data, size_t size) = 0;
virtual Future<size_t> send(const char* data, size_t size) = 0;
virtual Future<size_t> sendfile(int_fd fd, off_t offset, size_t size) = 0;
@@ -360,7 +363,14 @@ public:
Future<Nothing> connect(const AddressType& address)
{
- return impl->connect(address);
+ return impl->connect(address, None());
+ }
+
+ Future<Nothing> connect(
+ const AddressType& address,
+ const Option<std::string>& peer_hostname)
+ {
+ return impl->connect(address, peer_hostname);
}
Future<size_t> recv(char* data, size_t size) const
diff --git a/3rdparty/libprocess/src/http.cpp b/3rdparty/libprocess/src/http.cpp
index 3e73ee9..0ed9aa8 100644
--- a/3rdparty/libprocess/src/http.cpp
+++ b/3rdparty/libprocess/src/http.cpp
@@ -1423,7 +1423,10 @@ Future<Nothing> Connection::disconnected()
}
-Future<Connection> connect(const network::Address& address, Scheme scheme)
+Future<Connection> connect(
+ const network::Address& address,
+ Scheme scheme,
+ const Option<string>& peer_hostname)
{
SocketImpl::Kind kind;
@@ -1446,7 +1449,7 @@ Future<Connection> connect(const network::Address& address, Scheme scheme)
return Failure("Failed to create socket: " + socket.error());
}
- return socket->connect(address)
+ return socket->connect(address, peer_hostname)
.then([socket, address]() -> Future<Connection> {
Try<network::Address> localAddress = socket->address();
if (localAddress.isError()) {
@@ -1459,6 +1462,14 @@ Future<Connection> connect(const network::Address& address, Scheme scheme)
}
+Future<Connection> connect(
+ const network::Address& address,
+ Scheme scheme)
+{
+ return connect(address, scheme, None());
+}
+
+
Future<Connection> connect(const URL& url)
{
// TODO(bmahler): Move address resolution into the URL class?
@@ -1489,12 +1500,12 @@ Future<Connection> connect(const URL& url)
// Default to 'http' if no scheme was specified.
if (url.scheme.isNone() || url.scheme == string("http")) {
- return connect(address, Scheme::HTTP);
+ return connect(address, Scheme::HTTP, url.domain);
}
if (url.scheme == string("https")) {
#ifdef USE_SSL_SOCKET
- return connect(address, Scheme::HTTPS);
+ return connect(address, Scheme::HTTPS, url.domain);
#else
return Failure("'https' scheme requires SSL enabled");
#endif
diff --git a/3rdparty/libprocess/src/poll_socket.hpp b/3rdparty/libprocess/src/poll_socket.hpp
index 15b7902..c60e454 100644
--- a/3rdparty/libprocess/src/poll_socket.hpp
+++ b/3rdparty/libprocess/src/poll_socket.hpp
@@ -32,7 +32,9 @@ public:
// Implementation of the SocketImpl interface.
Try<Nothing> listen(int backlog) override;
Future<std::shared_ptr<SocketImpl>> accept() override;
- Future<Nothing> connect(const Address& address) override;
+ Future<Nothing> connect(
+ const Address& address,
+ const Option<std::string>& peer_hostname) override;
Future<size_t> recv(char* data, size_t size) override;
Future<size_t> send(const char* data, size_t size) override;
Future<size_t> sendfile(int_fd fd, off_t offset, size_t size) override;
diff --git a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
index 1921d0e..13aaa23 100644
--- a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
+++ b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.cpp
@@ -511,7 +511,9 @@ LibeventSSLSocketImpl::LibeventSSLSocketImpl(
peer_hostname(std::move(_peer_hostname)) {}
-Future<Nothing> LibeventSSLSocketImpl::connect(const Address& address)
+Future<Nothing> LibeventSSLSocketImpl::connect(
+ const Address& address,
+ const Option<string>& peer_hostname_)
{
if (bev != nullptr) {
return Failure("Socket is already connected");
diff --git a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp
index 6ef5a86..ecb8a55 100644
--- a/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp
+++ b/3rdparty/libprocess/src/posix/libevent/libevent_ssl_socket.hpp
@@ -40,7 +40,10 @@ public:
~LibeventSSLSocketImpl() override;
// Implement 'SocketImpl' interface.
- Future<Nothing> connect(const Address& address) override;
+ Future<Nothing> connect(
+ const Address& address,
+ const Option<std::string>& peer_hostname) override;
+
Future<size_t> recv(char* data, size_t size) override;
// Send does not currently support discard. See implementation.
Future<size_t> send(const char* data, size_t size) override;
diff --git a/3rdparty/libprocess/src/posix/poll_socket.cpp b/3rdparty/libprocess/src/posix/poll_socket.cpp
index 74acb69..96c8df6 100644
--- a/3rdparty/libprocess/src/posix/poll_socket.cpp
+++ b/3rdparty/libprocess/src/posix/poll_socket.cpp
@@ -113,7 +113,9 @@ Future<std::shared_ptr<SocketImpl>> PollSocketImpl::accept()
}
-Future<Nothing> PollSocketImpl::connect(const Address& address)
+Future<Nothing> PollSocketImpl::connect(
+ const Address& address,
+ const Option<string>& /* peer_hostname */)
{
Try<Nothing, SocketError> connect = network::connect(get(), address);
if (connect.isError()) {
diff --git a/3rdparty/libprocess/src/process.cpp b/3rdparty/libprocess/src/process.cpp
index 799666f..d50f88d 100644
--- a/3rdparty/libprocess/src/process.cpp
+++ b/3rdparty/libprocess/src/process.cpp
@@ -1671,7 +1671,7 @@ void SocketManager::link(
if (connect) {
CHECK_SOME(socket);
- socket->connect(to.address)
+ socket->connect(to.address, to.host)
.onAny(lambda::bind(
&SocketManager::link_connect,
this,
@@ -2033,7 +2033,7 @@ void SocketManager::send(Message&& message, const SocketImpl::Kind& kind)
if (connect) {
CHECK_SOME(socket);
- socket->connect(address)
+ socket->connect(address, message.to.host)
.onAny(lambda::bind(
// TODO(benh): with C++14 we can use lambda instead of
// `std::bind` and capture `message` with a `std::move`.
diff --git a/3rdparty/libprocess/src/windows/poll_socket.cpp b/3rdparty/libprocess/src/windows/poll_socket.cpp
index 565b008..ab1deef 100644
--- a/3rdparty/libprocess/src/windows/poll_socket.cpp
+++ b/3rdparty/libprocess/src/windows/poll_socket.cpp
@@ -135,7 +135,9 @@ Future<std::shared_ptr<SocketImpl>> PollSocketImpl::accept()
}
-Future<Nothing> PollSocketImpl::connect(const Address& address)
+Future<Nothing> PollSocketImpl::connect(
+ const Address& address,
+ const Option<std::string>& /* peer_hostname */)
{
// Need to hold a copy of `this` so that the underlying socket
// doesn't end up getting reused before we return.