You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by Brian Geffon <br...@apache.org> on 2014/02/13 10:19:43 UTC
Re: [API Review] Add lifecycle hook for SSL_CTX initialization
Do you guys have any example plugins that use these hooks?
Brian
On Thursday, February 13, 2014, Wei Sun <su...@yahoo-inc.com> wrote:
> Hi all,
>
> I'd like to add two new lifecycle hooks,
> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK and
> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, as discussed on this jira:
>
>
> https://issues.apache.org/jira/browse/TS-2437?focusedCommentId=13897621&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13897621
>
> The reason for these hooks is that I have a use case to manipulate
> (overwrite) the OpenSSL related callbacks in my plugin. I think it is also
> useful for applications who have a need to change or retrieve the ssl
> related attributes (callbacks, certs, configurations, etc.).
>
> The doc for the hooks is attached in the Jira above, and below as well.
>
> There are no ABI / API incompatibilities with this patch.
>
> Please comment.
>
> Thanks,
> Wei Sun
>
> /*
> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK
>
> called every time after a server SSL_CTX has finished the
> initialization.
> It exposes the initialized SSL_CTX pointer.
>
> Event: TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED
>
> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK
>
> called once, after the client SSL_CTX has finished the
> initialization.
> It exposes the initialized SSL_CTX pointer.
>
> Event: TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED
> */
>
> @@ -322,6 +336,8 @@ extern "C"
> TS_LIFECYCLE_PORTS_INITIALIZED_HOOK,
> TS_LIFECYCLE_PORTS_READY_HOOK,
> TS_LIFECYCLE_CACHE_READY_HOOK,
> + TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
> + TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
> TS_LIFECYCLE_LAST_HOOK
> } TSLifecycleHookID;
>
> @@ -413,6 +429,8 @@ extern "C"
> TS_EVENT_LIFECYCLE_PORTS_INITIALIZED = 60018,
> TS_EVENT_LIFECYCLE_PORTS_READY = 60019,
> TS_EVENT_LIFECYCLE_CACHE_READY = 60020,
> + TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED = 60021,
> + TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED = 60022,
> TS_EVENT_MGMT_UPDATE = 60100,
>
>
Re: [API Review] Add lifecycle hook for SSL_CTX initialization
Posted by Wei Sun <su...@yahoo-inc.com>.
Tweak a little bit..
On 2/13/14 5:43 PM, "Wei Sun" <su...@yahoo-inc.com> wrote:
>Hi Brian,
>
>Below is a piece of code snippet I used in a test plugin, please let me
>know if you need more details.
>
>Thanks,
>Wei
>
>---
>
>int
>SSLCtxInitCallbackHandler(TSCont cnt, TSEvent id, void* ssl_ctx) {
> switch (id) {
> case TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED:
> {
> SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
> // init ssl_ctx callbacks
> }
>
> break;
>
> case TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED:
> {
> SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
> //handle ssl ctx
> }
> break;
> default:
> TSDebug("lifecycle-plugin", "Unexpected event %d", id);
> break;
> }
>
> return TS_EVENT_NONE;
>}
>
>void
>TSPluginInit(int argc, const char *argv[])
>{
> TSPluginRegistrationInfo info;
>
> info.plugin_name = (char *)("ats_session_reuse");
> info.vendor_name = (char *)("ssl_ctx");
> info.support_email = (char *)("dev@trafficserver.apache.org");
>
> if (TSPluginRegister(TS_SDK_VERSION_3_0, &info) != TS_SUCCESS) {
> TSError("Plugin registration failed.\n");
> }
TSCont cont = TSContCreate(SSLCtxInitCallbackHandler, NULL);
>
> TSLifecycleHookAdd(TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK, cont);
> TSLifecycleHookAdd(TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, cont);
>}
>
>
>
>On 2/13/14 5:19 PM, "Brian Geffon" <br...@apache.org> wrote:
>
>>Do you guys have any example plugins that use these hooks?
>>
>>Brian
>>
>>On Thursday, February 13, 2014, Wei Sun <su...@yahoo-inc.com> wrote:
>>
>>> Hi all,
>>>
>>> I'd like to add two new lifecycle hooks,
>>> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK and
>>> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, as discussed on this
>>>jira:
>>>
>>>
>>>
>>>https://issues.apache.org/jira/browse/TS-2437?focusedCommentId=13897621&
>>>p
>>>age=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#com
>>>m
>>>ent-13897621
>>>
>>> The reason for these hooks is that I have a use case to manipulate
>>> (overwrite) the OpenSSL related callbacks in my plugin. I think it is
>>>also
>>> useful for applications who have a need to change or retrieve the ssl
>>> related attributes (callbacks, certs, configurations, etc.).
>>>
>>> The doc for the hooks is attached in the Jira above, and below as well.
>>>
>>> There are no ABI / API incompatibilities with this patch.
>>>
>>> Please comment.
>>>
>>> Thanks,
>>> Wei Sun
>>>
>>> /*
>>> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK
>>>
>>> called every time after a server SSL_CTX has finished the
>>> initialization.
>>> It exposes the initialized SSL_CTX pointer.
>>>
>>> Event: TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED
>>>
>>> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK
>>>
>>> called once, after the client SSL_CTX has finished the
>>> initialization.
>>> It exposes the initialized SSL_CTX pointer.
>>>
>>> Event: TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED
>>> */
>>>
>>> @@ -322,6 +336,8 @@ extern "C"
>>> TS_LIFECYCLE_PORTS_INITIALIZED_HOOK,
>>> TS_LIFECYCLE_PORTS_READY_HOOK,
>>> TS_LIFECYCLE_CACHE_READY_HOOK,
>>> + TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
>>> + TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
>>> TS_LIFECYCLE_LAST_HOOK
>>> } TSLifecycleHookID;
>>>
>>> @@ -413,6 +429,8 @@ extern "C"
>>> TS_EVENT_LIFECYCLE_PORTS_INITIALIZED = 60018,
>>> TS_EVENT_LIFECYCLE_PORTS_READY = 60019,
>>> TS_EVENT_LIFECYCLE_CACHE_READY = 60020,
>>> + TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED = 60021,
>>> + TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED = 60022,
>>> TS_EVENT_MGMT_UPDATE = 60100,
>>>
>>>
>
Re: [API Review] Add lifecycle hook for SSL_CTX initialization
Posted by Wei Sun <su...@yahoo-inc.com>.
Hi Brian,
Below is a piece of code snippet I used in a test plugin, please let me
know if you need more details.
Thanks,
Wei
---
int
SSLCtxInitCallbackHandler(TSCont cnt, TSEvent id, void* ssl_ctx) {
switch (id) {
case TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED:
{
SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
// init ssl_ctx callbacks
}
break;
case TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED:
{
SSL_CTX *ctx = (SSL_CTX *)ssl_ctx;
//handle ssl ctx
}
break;
default:
TSDebug("lifecycle-plugin", "Unexpected event %d", id);
break;
}
return TS_EVENT_NONE;
}
void
TSPluginInit(int argc, const char *argv[])
{
TSPluginRegistrationInfo info;
info.plugin_name = (char *)("ats_session_reuse");
info.vendor_name = (char *)("ssl_ctx");
info.support_email = (char *)("dev@trafficserver.apache.org");
if (TSPluginRegister(TS_SDK_VERSION_3_0, &info) != TS_SUCCESS) {
TSError("Plugin registration failed.\n");
}
TSLifecycleHookAdd(TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
TSContCreate(SSLCtxInitCallbackHandler, NULL));
TSLifecycleHookAdd(TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
TSContCreate(SSLCtxInitCallbackHandler, NULL));
}
On 2/13/14 5:19 PM, "Brian Geffon" <br...@apache.org> wrote:
>Do you guys have any example plugins that use these hooks?
>
>Brian
>
>On Thursday, February 13, 2014, Wei Sun <su...@yahoo-inc.com> wrote:
>
>> Hi all,
>>
>> I'd like to add two new lifecycle hooks,
>> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK and
>> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK, as discussed on this jira:
>>
>>
>>
>>https://issues.apache.org/jira/browse/TS-2437?focusedCommentId=13897621&p
>>age=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comm
>>ent-13897621
>>
>> The reason for these hooks is that I have a use case to manipulate
>> (overwrite) the OpenSSL related callbacks in my plugin. I think it is
>>also
>> useful for applications who have a need to change or retrieve the ssl
>> related attributes (callbacks, certs, configurations, etc.).
>>
>> The doc for the hooks is attached in the Jira above, and below as well.
>>
>> There are no ABI / API incompatibilities with this patch.
>>
>> Please comment.
>>
>> Thanks,
>> Wei Sun
>>
>> /*
>> TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK
>>
>> called every time after a server SSL_CTX has finished the
>> initialization.
>> It exposes the initialized SSL_CTX pointer.
>>
>> Event: TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED
>>
>> TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK
>>
>> called once, after the client SSL_CTX has finished the
>> initialization.
>> It exposes the initialized SSL_CTX pointer.
>>
>> Event: TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED
>> */
>>
>> @@ -322,6 +336,8 @@ extern "C"
>> TS_LIFECYCLE_PORTS_INITIALIZED_HOOK,
>> TS_LIFECYCLE_PORTS_READY_HOOK,
>> TS_LIFECYCLE_CACHE_READY_HOOK,
>> + TS_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED_HOOK,
>> + TS_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED_HOOK,
>> TS_LIFECYCLE_LAST_HOOK
>> } TSLifecycleHookID;
>>
>> @@ -413,6 +429,8 @@ extern "C"
>> TS_EVENT_LIFECYCLE_PORTS_INITIALIZED = 60018,
>> TS_EVENT_LIFECYCLE_PORTS_READY = 60019,
>> TS_EVENT_LIFECYCLE_CACHE_READY = 60020,
>> + TS_EVENT_LIFECYCLE_SERVER_SSL_CTX_INITIALIZED = 60021,
>> + TS_EVENT_LIFECYCLE_CLIENT_SSL_CTX_INITIALIZED = 60022,
>> TS_EVENT_MGMT_UPDATE = 60100,
>>
>>