You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2017/08/15 06:45:01 UTC
[trafficserver] branch quic-latest updated (5847855 -> 49e6fc7)
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a change to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.
from 5847855 Increase buffer sizes for UDP socket
new b82fd38 Make TLS 1.3 support optional
new 49e6fc7 Build QUIC modules only if TLS 1.3 is available
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
build/crypto.m4 | 28 ++++++++++++++++++++++++++++
cmd/traffic_layout/traffic_layout.cc | 1 +
configure.ac | 25 ++++++++++++-------------
iocore/net/Makefile.am | 18 ++++++++++++------
lib/ts/ink_config.h.in | 2 ++
proxy/Main.cc | 8 ++++++--
proxy/Makefile.am | 14 +++++++++++---
proxy/http/HttpProxyServerMain.cc | 14 ++++++++++----
8 files changed, 82 insertions(+), 28 deletions(-)
--
To stop receiving notification emails like this one, please contact
['"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>'].
[trafficserver] 02/02: Build QUIC modules only if TLS 1.3 is
available
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 49e6fc74cfe533e33ac39b4f7af44f30907cf464
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Aug 15 15:43:57 2017 +0900
Build QUIC modules only if TLS 1.3 is available
---
configure.ac | 9 +++++++++
iocore/net/Makefile.am | 18 ++++++++++++------
lib/ts/ink_config.h.in | 1 +
proxy/Main.cc | 8 ++++++--
proxy/Makefile.am | 14 +++++++++++---
proxy/http/HttpProxyServerMain.cc | 14 ++++++++++----
6 files changed, 49 insertions(+), 15 deletions(-)
diff --git a/configure.ac b/configure.ac
index a0e80d6..02a5de5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1143,6 +1143,15 @@ TS_CHECK_CRYPTO_DH_GET_2048_256
# Check for TLS 1.3 support
TS_CHECK_CRYPTO_TLS13
+# Check for QUIC support
+enable_quic=no
+AS_IF([test "x$enable_tls13" = "xyes"], [
+ enable_quic=yes
+])
+TS_ARG_ENABLE_VAR([use], [quic])
+AC_SUBST(use_quic)
+AM_CONDITIONAL([ENABLE_QUIC], [test "x$enable_quic" = "xyes"])
+
saved_LIBS="$LIBS"
TS_ADDTO([LIBS], ["$OPENSSL_LIBS"])
diff --git a/iocore/net/Makefile.am b/iocore/net/Makefile.am
index 252a4c3..10ce90d 100644
--- a/iocore/net/Makefile.am
+++ b/iocore/net/Makefile.am
@@ -16,7 +16,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+if ENABLE_QUIC
SUBDIRS = quic
+endif
AM_CPPFLAGS += \
$(iocore_include_dirs) \
@@ -114,9 +116,6 @@ libinknet_a_SOURCES = \
P_UDPIOEvent.h \
P_UDPNet.h \
P_UDPPacket.h \
- P_QUICPacketHandler.h \
- P_QUICNetProcessor.h \
- P_QUICNetVConnection.h \
P_UnixCompletionUtil.h \
P_UnixNet.h \
P_UnixNetProcessor.h \
@@ -139,9 +138,6 @@ libinknet_a_SOURCES = \
OCSPStapling.cc \
Socks.cc \
UDPIOEvent.cc \
- QUICPacketHandler.cc \
- QUICNetProcessor.cc \
- QUICNetVConnection.cc \
UnixConnection.cc \
UnixNet.cc \
UnixNetAccept.cc \
@@ -152,6 +148,16 @@ libinknet_a_SOURCES = \
UnixUDPNet.cc \
SSLDynlock.cc
+if ENABLE_QUIC
+libinknet_a_SOURCES += \
+ P_QUICPacketHandler.h \
+ P_QUICNetProcessor.h \
+ P_QUICNetVConnection.h \
+ QUICPacketHandler.cc \
+ QUICNetProcessor.cc \
+ QUICNetVConnection.cc
+endif
+
#test_UNUSED_SOURCES = \
# NetTest-http-server.c \
# test_I_Net.cc \
diff --git a/lib/ts/ink_config.h.in b/lib/ts/ink_config.h.in
index 1bb3875..71506cc 100644
--- a/lib/ts/ink_config.h.in
+++ b/lib/ts/ink_config.h.in
@@ -76,6 +76,7 @@
#define TS_USE_GET_DH_2048_256 @use_dh_get_2048_256@
#define TS_USE_TLS_ECKEY @use_tls_eckey@
#define TS_USE_TLS13 @use_tls13@
+#define TS_USE_QUIC @use_quic@
#define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@
#define TS_USE_REMOTE_UNWINDING @use_remote_unwinding@
#define TS_USE_SSLV3_CLIENT @use_sslv3_client@
diff --git a/proxy/Main.cc b/proxy/Main.cc
index 2bf8796..3557805 100644
--- a/proxy/Main.cc
+++ b/proxy/Main.cc
@@ -91,7 +91,9 @@ extern "C" int plock(int);
#include "I_Tasks.h"
#include "InkAPIInternal.h"
#include "HTTP2.h"
+#if TS_USE_QUIC == 1
#include "HQ.h"
+#endif
#include <ts/ink_cap.h>
@@ -1810,8 +1812,10 @@ main(int /* argc ATS_UNUSED */, const char **argv)
// Initialize HTTP/2
Http2::init();
+#if TS_USE_QUIC == 1
// Initialize HTTP/QUIC
HQ::init();
+#endif
if (!HttpProxyPort::loadValue(http_accept_port_descriptor)) {
HttpProxyPort::loadConfig();
@@ -1831,9 +1835,9 @@ main(int /* argc ATS_UNUSED */, const char **argv)
SSLConfigParams::init_ssl_ctx_cb = init_ssl_ctx_callback;
SSLConfigParams::load_ssl_file_cb = load_ssl_file_callback;
sslNetProcessor.start(-1, stacksize);
-
+#if TS_USE_QUIC == 1
quic_NetProcessor.start(-1, stacksize);
-
+#endif
pmgmt->registerPluginCallbacks(global_config_cbs);
cacheProcessor.afterInitCallbackSet(&CB_After_Cache_Init);
diff --git a/proxy/Makefile.am b/proxy/Makefile.am
index 220f8d8..7505dc0 100644
--- a/proxy/Makefile.am
+++ b/proxy/Makefile.am
@@ -19,7 +19,11 @@
include $(top_srcdir)/build/tidy.mk
# Note that hdrs is targeted from ../Makefile.am
-SUBDIRS = congest http http2 hq logging config
+SUBDIRS = congest http http2 logging config
+if ENABLE_QUIC
+SUBDIRS += hq
+endif
+
noinst_LIBRARIES =
bin_PROGRAMS = \
traffic_server \
@@ -180,7 +184,6 @@ endif
traffic_server_LDADD = \
http/libhttp.a \
http2/libhttp2.a \
- hq/libhq.a \
http/remap/libhttp_remap.a \
congest/libCongestionControl.a \
logging/liblogging.a \
@@ -197,6 +200,12 @@ traffic_server_LDADD = \
$(top_builddir)/lib/ts/libtsutil.la \
$(top_builddir)/lib/bindings/libbindings.la
+if ENABLE_QUIC
+traffic_server_LDADD += \
+ hq/libhq.a \
+ $(top_builddir)/iocore/net/quic/libquic.a
+endif
+
if BUILD_LUAJIT
traffic_server_LDADD += \
$(top_builddir)/lib/luajit/src/libluajit.a
@@ -204,7 +213,6 @@ endif
traffic_server_LDADD += \
$(top_builddir)/iocore/net/libinknet.a \
- $(top_builddir)/iocore/net/quic/libquic.a \
$(top_builddir)/iocore/eventsystem/libinkevent.a \
$(top_builddir)/lib/records/librecords_p.a \
$(top_builddir)/iocore/eventsystem/libinkevent.a \
diff --git a/proxy/http/HttpProxyServerMain.cc b/proxy/http/HttpProxyServerMain.cc
index 9beb3ac..6e27716 100644
--- a/proxy/http/HttpProxyServerMain.cc
+++ b/proxy/http/HttpProxyServerMain.cc
@@ -39,7 +39,9 @@
#include "ProtocolProbeSessionAccept.h"
#include "http2/Http2SessionAccept.h"
#include "HttpConnectionCount.h"
+#if TS_USE_QUIC == 1
#include "hq/HQSessionAccept.h"
+#endif
HttpSessionAccept *plugin_http_accept = nullptr;
HttpSessionAccept *plugin_http_transparent_accept = nullptr;
@@ -219,10 +221,12 @@ MakeHttpProxyAcceptor(HttpProxyAcceptor &acceptor, HttpProxyPort &port, unsigned
ssl_plugin_acceptors.push(ssl);
ssl->proxyPort = &port;
acceptor._accept = ssl;
+#if TS_USE_QUIC == 1
} else if (port.isQUIC()) {
// HTTP/QUIC
HQSessionAccept *hq = new HQSessionAccept(accept_opt);
acceptor._accept = hq;
+#endif
} else {
acceptor._accept = probe;
}
@@ -291,14 +295,16 @@ start_HttpProxyServer()
for (int i = 0, n = proxy_ports.length(); i < n; ++i) {
HttpProxyAcceptor &acceptor = HttpProxyAcceptors[i];
HttpProxyPort &port = proxy_ports[i];
- if (port.isQUIC()) {
- if (nullptr == quic_NetProcessor.main_accept(acceptor._accept, port.m_fd, acceptor._net_opt)) {
+ if (port.isSSL()) {
+ if (nullptr == sslNetProcessor.main_accept(acceptor._accept, port.m_fd, acceptor._net_opt)) {
return;
}
- } else if (port.isSSL()) {
- if (nullptr == sslNetProcessor.main_accept(acceptor._accept, port.m_fd, acceptor._net_opt)) {
+#if TS_USE_QUIC == 1
+ } else if (port.isQUIC()) {
+ if (nullptr == quic_NetProcessor.main_accept(acceptor._accept, port.m_fd, acceptor._net_opt)) {
return;
}
+#endif
} else if (!port.isPlugin()) {
if (nullptr == netProcessor.main_accept(acceptor._accept, port.m_fd, acceptor._net_opt)) {
return;
--
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.
[trafficserver] 01/02: Make TLS 1.3 support optional
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit b82fd38bb5408eefc6351780a88ed86940e28685
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Aug 15 12:27:10 2017 +0900
Make TLS 1.3 support optional
---
build/crypto.m4 | 28 ++++++++++++++++++++++++++++
cmd/traffic_layout/traffic_layout.cc | 1 +
configure.ac | 16 +++-------------
lib/ts/ink_config.h.in | 1 +
4 files changed, 33 insertions(+), 13 deletions(-)
diff --git a/build/crypto.m4 b/build/crypto.m4
index 3a3b03b..dea1c59 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -230,3 +230,31 @@ AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [
TS_ARG_ENABLE_VAR([use], [dh_get_2048_256])
AC_SUBST(use_dh_get_2048_256)
])
+
+AC_DEFUN([TS_CHECK_CRYPTO_TLS13], [
+ enable_tls13=yes
+ _tls13_saved_LIBS=$LIBS
+ TS_ADDTO(LIBS, [$OPENSSL_LIBS])
+ AC_MSG_CHECKING([whether TLS 1.3 is supported])
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM([[
+#include <openssl/ssl.h>
+ ]],
+ [[
+#ifndef TLS1_3_VERSION
+# error no TLS1_3 support
+#endif
+ ]])
+ ],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ enable_tls13=no
+ ])
+ LIBS=$_tls13_saved_LIBS
+ TS_ARG_ENABLE_VAR([use], [tls13])
+ AC_SUBST(use_tls13)
+])
diff --git a/cmd/traffic_layout/traffic_layout.cc b/cmd/traffic_layout/traffic_layout.cc
index 82a33c8..e959c54 100644
--- a/cmd/traffic_layout/traffic_layout.cc
+++ b/cmd/traffic_layout/traffic_layout.cc
@@ -108,6 +108,7 @@ produce_features(bool json)
print_feature("TS_USE_CERT_CB", TS_USE_CERT_CB, json);
print_feature("TS_USE_SET_RBIO", TS_USE_SET_RBIO, json);
print_feature("TS_USE_TLS_ECKEY", TS_USE_TLS_ECKEY, json);
+ print_feature("TS_USE_TLS13", TS_USE_TLS13, json);
print_feature("TS_USE_LINUX_NATIVE_AIO", TS_USE_LINUX_NATIVE_AIO, json);
print_feature("TS_HAS_SO_PEERCRED", TS_HAS_SO_PEERCRED, json);
print_feature("TS_USE_REMOTE_UNWINDING", TS_USE_REMOTE_UNWINDING, json);
diff --git a/configure.ac b/configure.ac
index 4e1692d..a0e80d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1140,6 +1140,9 @@ TS_CHECK_CRYPTO_SET_RBIO
# Check for DH_get_2048_256
TS_CHECK_CRYPTO_DH_GET_2048_256
+# Check for TLS 1.3 support
+TS_CHECK_CRYPTO_TLS13
+
saved_LIBS="$LIBS"
TS_ADDTO([LIBS], ["$OPENSSL_LIBS"])
@@ -1174,19 +1177,6 @@ AC_CHECK_FUNC([EVP_MD_CTX_reset], [],
AC_CHECK_FUNC([EVP_MD_CTX_free], [],
[AC_DEFINE([EVP_MD_CTX_free], [EVP_MD_CTX_destroy], [Renamed in OpenSSL 1.1])])
-AC_MSG_CHECKING([for TLS 1.3 is supported])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
- [[
- #ifndef TLS1_3_VERSION
- # error no TLS1_3 support
- #endif
- ]])
- ],
- [AC_MSG_RESULT([yes])],
- [AC_ERROR(OpenSSL 1.1.1+ or BoringSSL is required);
- AC_MSG_RESULT([no])])
-
-
AC_MSG_CHECKING([for OpenSSL is BoringSSL])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/base.h>]],
[[
diff --git a/lib/ts/ink_config.h.in b/lib/ts/ink_config.h.in
index 79b2c00..1bb3875 100644
--- a/lib/ts/ink_config.h.in
+++ b/lib/ts/ink_config.h.in
@@ -75,6 +75,7 @@
#define TS_USE_SET_RBIO @use_set_rbio@
#define TS_USE_GET_DH_2048_256 @use_dh_get_2048_256@
#define TS_USE_TLS_ECKEY @use_tls_eckey@
+#define TS_USE_TLS13 @use_tls13@
#define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@
#define TS_USE_REMOTE_UNWINDING @use_remote_unwinding@
#define TS_USE_SSLV3_CLIENT @use_sslv3_client@
--
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.