You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by Brian Geffon <br...@apache.org> on 2014/02/13 10:19:43 UTC

Re: [API Review] Add lifecycle hook for SSL_CTX initialization

Do you guys have any example plugins that use these hooks?

Brian

On Thursday, February 13, 2014, Wei Sun <su...@yahoo-inc.com> wrote:

> Hi all,
>
> I'd like to add two new lifecycle hooks,
> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK and
> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, as discussed on this jira:
>
>
> https://issues.apache.org/jira/browse/TS-2437?focusedCommentId=13897621&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13897621
>
> The reason for these hooks is that I have a use case to manipulate
> (overwrite) the OpenSSL related callbacks in my plugin. I think it is also
> useful for applications who have a need to change or retrieve the ssl
> related attributes (callbacks, certs, configurations, etc.).
>
> The doc for the hooks is attached in the Jira above, and below as well.
>
> There are no ABI / API incompatibilities with this patch.
>
> Please comment.
>
> Thanks,
> Wei Sun
>
> /*
>       TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK
>
>         called every time after a server SSL_CTX has finished the
> initialization.
>         It exposes the initialized SSL_CTX pointer.
>
>         Event: TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED
>
>       TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK
>
>         called once, after the client SSL_CTX has finished the
> initialization.
>         It exposes the initialized SSL_CTX pointer.
>
>         Event: TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED
> */
>
> @@ -322,6 +336,8 @@ extern "C"
>      TS_LIFECYCLE_PORTS_INITIALIZED_HOOK,
>      TS_LIFECYCLE_PORTS_READY_HOOK,
>      TS_LIFECYCLE_CACHE_READY_HOOK,
> +    TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
> +    TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
>      TS_LIFECYCLE_LAST_HOOK
>    } TSLifecycleHookID;
>
> @@ -413,6 +429,8 @@ extern "C"
>      TS_EVENT_LIFECYCLE_PORTS_INITIALIZED = 60018,
>      TS_EVENT_LIFECYCLE_PORTS_READY = 60019,
>      TS_EVENT_LIFECYCLE_CACHE_READY = 60020,
> +    TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED = 60021,
> +    TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED = 60022,
>      TS_EVENT_MGMT_UPDATE = 60100,
>
>

Re: [API Review] Add lifecycle hook for SSL_CTX initialization

Posted by Wei Sun <su...@yahoo-inc.com>.

Tweak a little bit..

On 2/13/14 5:43 PM, "Wei Sun" <su...@yahoo-inc.com> wrote:

>Hi Brian,
>
>Below is a piece of code snippet I used in a test plugin, please let me
>know if you need more details.
>
>Thanks,
>Wei
>
>---
>
>int
>SSLCtxInitCallbackHandler(TSCont cnt, TSEvent id, void* ssl_ctx) {
>  switch (id) {
>  case TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED:
>      {
>          SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
>          // init ssl_ctx callbacks
>      }
>
>      break;
>
>  case TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED:
>      {
>          SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
>          //handle ssl ctx
>      }
>      break;
>  default:
>    TSDebug("lifecycle-plugin", "Unexpected event %d", id);
>    break;
>  }
>
>  return TS_EVENT_NONE;
>}
>
>void
>TSPluginInit(int argc, const char *argv[])
>{
>  TSPluginRegistrationInfo info;
>
>  info.plugin_name = (char *)("ats_session_reuse");
>  info.vendor_name = (char *)("ssl_ctx");
>  info.support_email = (char *)("dev@trafficserver.apache.org");
>
>  if (TSPluginRegister(TS_SDK_VERSION_3_0, &info) != TS_SUCCESS) {
>    TSError("Plugin registration failed.\n");
>  }
    TSCont cont = TSContCreate(SSLCtxInitCallbackHandler, NULL);	
>
>  TSLifecycleHookAdd(TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK, cont);
>  TSLifecycleHookAdd(TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, cont);
>}
>
>
>
>On 2/13/14 5:19 PM, "Brian Geffon" <br...@apache.org> wrote:
>
>>Do you guys have any example plugins that use these hooks?
>>
>>Brian
>>
>>On Thursday, February 13, 2014, Wei Sun <su...@yahoo-inc.com> wrote:
>>
>>> Hi all,
>>>
>>> I'd like to add two new lifecycle hooks,
>>> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK and
>>> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, as discussed on this
>>>jira:
>>>
>>>
>>> 
>>>https://issues.apache.org/jira/browse/TS-2437?focusedCommentId=13897621&
>>>p
>>>age=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#com
>>>m
>>>ent-13897621
>>>
>>> The reason for these hooks is that I have a use case to manipulate
>>> (overwrite) the OpenSSL related callbacks in my plugin. I think it is
>>>also
>>> useful for applications who have a need to change or retrieve the ssl
>>> related attributes (callbacks, certs, configurations, etc.).
>>>
>>> The doc for the hooks is attached in the Jira above, and below as well.
>>>
>>> There are no ABI / API incompatibilities with this patch.
>>>
>>> Please comment.
>>>
>>> Thanks,
>>> Wei Sun
>>>
>>> /*
>>>       TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK
>>>
>>>         called every time after a server SSL_CTX has finished the
>>> initialization.
>>>         It exposes the initialized SSL_CTX pointer.
>>>
>>>         Event: TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED
>>>
>>>       TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK
>>>
>>>         called once, after the client SSL_CTX has finished the
>>> initialization.
>>>         It exposes the initialized SSL_CTX pointer.
>>>
>>>         Event: TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED
>>> */
>>>
>>> @@ -322,6 +336,8 @@ extern "C"
>>>      TS_LIFECYCLE_PORTS_INITIALIZED_HOOK,
>>>      TS_LIFECYCLE_PORTS_READY_HOOK,
>>>      TS_LIFECYCLE_CACHE_READY_HOOK,
>>> +    TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
>>> +    TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
>>>      TS_LIFECYCLE_LAST_HOOK
>>>    } TSLifecycleHookID;
>>>
>>> @@ -413,6 +429,8 @@ extern "C"
>>>      TS_EVENT_LIFECYCLE_PORTS_INITIALIZED = 60018,
>>>      TS_EVENT_LIFECYCLE_PORTS_READY = 60019,
>>>      TS_EVENT_LIFECYCLE_CACHE_READY = 60020,
>>> +    TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED = 60021,
>>> +    TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED = 60022,
>>>      TS_EVENT_MGMT_UPDATE = 60100,
>>>
>>>
>

Re: [API Review] Add lifecycle hook for SSL_CTX initialization

Posted by Wei Sun <su...@yahoo-inc.com>.

Hi Brian,

Below is a piece of code snippet I used in a test plugin, please let me
know if you need more details.

Thanks,
Wei

---

int
SSLCtxInitCallbackHandler(TSCont cnt, TSEvent id, void* ssl_ctx) {
  switch (id) {
  case TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED:
      {
          SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
          // init ssl_ctx callbacks
      }

      break;

  case TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED:
      {
          SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
          //handle ssl ctx
      }
      break;
  default:
    TSDebug("lifecycle-plugin", "Unexpected event %d", id);
    break;
  }

  return TS_EVENT_NONE;
}

void
TSPluginInit(int argc, const char *argv[])
{
  TSPluginRegistrationInfo info;

  info.plugin_name = (char *)("ats_session_reuse");
  info.vendor_name = (char *)("ssl_ctx");
  info.support_email = (char *)("dev@trafficserver.apache.org");

  if (TSPluginRegister(TS_SDK_VERSION_3_0, &info) != TS_SUCCESS) {
    TSError("Plugin registration failed.\n");
  }

  TSLifecycleHookAdd(TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
TSContCreate(SSLCtxInitCallbackHandler, NULL));
  TSLifecycleHookAdd(TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
TSContCreate(SSLCtxInitCallbackHandler, NULL));
}



On 2/13/14 5:19 PM, "Brian Geffon" <br...@apache.org> wrote:

>Do you guys have any example plugins that use these hooks?
>
>Brian
>
>On Thursday, February 13, 2014, Wei Sun <su...@yahoo-inc.com> wrote:
>
>> Hi all,
>>
>> I'd like to add two new lifecycle hooks,
>> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK and
>> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, as discussed on this jira:
>>
>>
>> 
>>https://issues.apache.org/jira/browse/TS-2437?focusedCommentId=13897621&p
>>age=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comm
>>ent-13897621
>>
>> The reason for these hooks is that I have a use case to manipulate
>> (overwrite) the OpenSSL related callbacks in my plugin. I think it is
>>also
>> useful for applications who have a need to change or retrieve the ssl
>> related attributes (callbacks, certs, configurations, etc.).
>>
>> The doc for the hooks is attached in the Jira above, and below as well.
>>
>> There are no ABI / API incompatibilities with this patch.
>>
>> Please comment.
>>
>> Thanks,
>> Wei Sun
>>
>> /*
>>       TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK
>>
>>         called every time after a server SSL_CTX has finished the
>> initialization.
>>         It exposes the initialized SSL_CTX pointer.
>>
>>         Event: TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED
>>
>>       TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK
>>
>>         called once, after the client SSL_CTX has finished the
>> initialization.
>>         It exposes the initialized SSL_CTX pointer.
>>
>>         Event: TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED
>> */
>>
>> @@ -322,6 +336,8 @@ extern "C"
>>      TS_LIFECYCLE_PORTS_INITIALIZED_HOOK,
>>      TS_LIFECYCLE_PORTS_READY_HOOK,
>>      TS_LIFECYCLE_CACHE_READY_HOOK,
>> +    TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
>> +    TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
>>      TS_LIFECYCLE_LAST_HOOK
>>    } TSLifecycleHookID;
>>
>> @@ -413,6 +429,8 @@ extern "C"
>>      TS_EVENT_LIFECYCLE_PORTS_INITIALIZED = 60018,
>>      TS_EVENT_LIFECYCLE_PORTS_READY = 60019,
>>      TS_EVENT_LIFECYCLE_CACHE_READY = 60020,
>> +    TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED = 60021,
>> +    TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED = 60022,
>>      TS_EVENT_MGMT_UPDATE = 60100,
>>
>>