You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesos.apache.org by jo...@apache.org on 2019/12/18 22:34:32 UTC
[mesos] 03/11: SSL Socket: Stubbed out a SSL socket class.

This is an automated email from the ASF dual-hosted git repository.

josephwu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mesos.git

commit 7afabb53fe0b6c0bf416807b0a2bc7c074db20e3
Author: Joseph Wu <jo...@apache.org>
AuthorDate: Wed Oct 9 16:37:45 2019 -0700

    SSL Socket: Stubbed out a SSL socket class.
    
    This creates some new files implementing the PollSocketImpl class,
    in preparation for implementing generic SSL sockets.
    
    The new class is used whenever SSL is enabled, but Libevent is not.
    
    Review: https://reviews.apache.org/r/71660
---
 3rdparty/libprocess/Makefile.am                | 13 +++-
 3rdparty/libprocess/src/CMakeLists.txt         | 12 +++-
 3rdparty/libprocess/src/openssl.cpp            |  2 +
 3rdparty/libprocess/src/socket.cpp             | 13 +++-
 3rdparty/libprocess/src/ssl/openssl_socket.cpp | 96 ++++++++++++++++++++++++++
 3rdparty/libprocess/src/ssl/openssl_socket.hpp | 59 ++++++++++++++++
 6 files changed, 190 insertions(+), 5 deletions(-)

diff --git a/3rdparty/libprocess/Makefile.am b/3rdparty/libprocess/Makefile.am
index 641251a..82ae581 100644
--- a/3rdparty/libprocess/Makefile.am
+++ b/3rdparty/libprocess/Makefile.am
@@ -251,11 +251,20 @@ if ENABLE_SSL
 libprocess_la_SOURCES +=			\
   src/jwt.cpp					\
   src/jwt_authenticator.cpp			\
-  src/posix/libevent/libevent_ssl_socket.cpp	\
-  src/posix/libevent/libevent_ssl_socket.hpp	\
   src/openssl.cpp				\
   src/openssl.hpp				\
   src/ssl/utilities.cpp
+
+if ENABLE_LIBEVENT
+libprocess_la_SOURCES +=			\
+  src/posix/libevent/libevent_ssl_socket.cpp	\
+  src/posix/libevent/libevent_ssl_socket.hpp
+else
+libprocess_la_SOURCES +=			\
+  src/ssl/openssl_socket.cpp			\
+  src/ssl/openssl_socket.hpp
+endif
+
 endif
 
 
diff --git a/3rdparty/libprocess/src/CMakeLists.txt b/3rdparty/libprocess/src/CMakeLists.txt
index 40c8ef9..6fa1f60 100644
--- a/3rdparty/libprocess/src/CMakeLists.txt
+++ b/3rdparty/libprocess/src/CMakeLists.txt
@@ -18,7 +18,14 @@
 # https://www.openssl.org
 ############################################
 if (ENABLE_SSL)
-  find_package(OpenSSL REQUIRED)
+  if (ENABLE_LIBEVENT)
+    find_package(OpenSSL REQUIRED)
+  else ()
+    # SSL without Libevent requires a more recent version of OpenSSL
+    # because of the APIs used by the implementation.
+    # TODO(josephw): Add compatibility for OpenSSL 1.0.
+    find_package(OpenSSL 1.1 REQUIRED)
+  endif ()
 endif ()
 
 
@@ -91,6 +98,9 @@ if (ENABLE_SSL)
   if (ENABLE_LIBEVENT)
     list(APPEND PROCESS_SRC
       posix/libevent/libevent_ssl_socket.cpp)
+  else ()
+    list(APPEND PROCESS_SRC
+      ssl/openssl_socket.cpp)
   endif ()
 endif ()
 
diff --git a/3rdparty/libprocess/src/openssl.cpp b/3rdparty/libprocess/src/openssl.cpp
index 8aab5ac..7dac99f 100644
--- a/3rdparty/libprocess/src/openssl.cpp
+++ b/3rdparty/libprocess/src/openssl.cpp
@@ -16,7 +16,9 @@
 #include <sys/param.h>
 #endif // __WINDOWS__
 
+#ifdef USE_LIBEVENT
 #include <event2/event-config.h>
+#endif // USE_LIBEVENT
 
 #include <openssl/err.h>
 #include <openssl/rand.h>
diff --git a/3rdparty/libprocess/src/socket.cpp b/3rdparty/libprocess/src/socket.cpp
index 606a1c4..f03ec0b 100644
--- a/3rdparty/libprocess/src/socket.cpp
+++ b/3rdparty/libprocess/src/socket.cpp
@@ -27,8 +27,13 @@
 #include <stout/unreachable.hpp>
 
 #ifdef USE_SSL_SOCKET
+#ifdef USE_LIBEVENT
 #include "posix/libevent/libevent_ssl_socket.hpp"
-#endif
+#else
+#include "ssl/openssl_socket.hpp"
+#endif // USE_LIBEVENT
+#endif // USE_SSL_SOCKET
+
 #include "poll_socket.hpp"
 
 using std::string;
@@ -44,8 +49,12 @@ Try<std::shared_ptr<SocketImpl>> SocketImpl::create(int_fd s, Kind kind)
       return PollSocketImpl::create(s);
 #ifdef USE_SSL_SOCKET
     case Kind::SSL:
+#ifdef USE_LIBEVENT
       return LibeventSSLSocketImpl::create(s);
-#endif
+#else
+      return OpenSSLSocketImpl::create(s);
+#endif // USE_LIBEVENT
+#endif // USE_SSL_SOCKET
   }
   UNREACHABLE();
 }
diff --git a/3rdparty/libprocess/src/ssl/openssl_socket.cpp b/3rdparty/libprocess/src/ssl/openssl_socket.cpp
new file mode 100644
index 0000000..8c1ea2f
--- /dev/null
+++ b/3rdparty/libprocess/src/ssl/openssl_socket.cpp
@@ -0,0 +1,96 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License
+
+#ifdef __WINDOWS__
+// NOTE: This must be included before the OpenSSL headers as it includes
+// `WinSock2.h` and `Windows.h` in the correct order.
+#include <stout/windows.hpp>
+#endif // __WINDOWS__
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include <process/socket.hpp>
+
+#include <stout/unimplemented.hpp>
+
+#include "openssl.hpp"
+#include "ssl/openssl_socket.hpp"
+
+namespace process {
+namespace network {
+namespace internal {
+
+Try<std::shared_ptr<SocketImpl>> OpenSSLSocketImpl::create(int_fd s)
+{
+  UNIMPLEMENTED;
+}
+
+
+OpenSSLSocketImpl::OpenSSLSocketImpl(int_fd _s)
+  : PollSocketImpl(_s) {}
+
+
+OpenSSLSocketImpl::~OpenSSLSocketImpl()
+{
+  UNIMPLEMENTED;
+}
+
+
+Future<Nothing> OpenSSLSocketImpl::connect(
+    const Address& address)
+{
+  LOG(FATAL) << "No TLS config was passed to a SSL socket.";
+}
+
+
+Future<Nothing> OpenSSLSocketImpl::connect(
+    const Address& address,
+    const openssl::TLSClientConfig& config)
+{
+  UNIMPLEMENTED;
+}
+
+
+Future<size_t> OpenSSLSocketImpl::recv(char* data, size_t size)
+{
+  UNIMPLEMENTED;
+}
+
+
+Future<size_t> OpenSSLSocketImpl::send(const char* data, size_t size)
+{
+  UNIMPLEMENTED;
+}
+
+
+Future<size_t> OpenSSLSocketImpl::sendfile(
+    int_fd fd, off_t offset, size_t size)
+{
+  UNIMPLEMENTED;
+}
+
+
+Future<std::shared_ptr<SocketImpl>> OpenSSLSocketImpl::accept()
+{
+  UNIMPLEMENTED;
+}
+
+
+Try<Nothing, SocketError> OpenSSLSocketImpl::shutdown(int how)
+{
+  UNIMPLEMENTED;
+}
+
+} // namespace internal {
+} // namespace network {
+} // namespace process {
diff --git a/3rdparty/libprocess/src/ssl/openssl_socket.hpp b/3rdparty/libprocess/src/ssl/openssl_socket.hpp
new file mode 100644
index 0000000..a71e372
--- /dev/null
+++ b/3rdparty/libprocess/src/ssl/openssl_socket.hpp
@@ -0,0 +1,59 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License
+
+#ifndef __SSL_SOCKET_WRAPPER__
+#define __SSL_SOCKET_WRAPPER__
+
+#include <process/socket.hpp>
+
+#include "poll_socket.hpp"
+
+namespace process {
+namespace network {
+namespace internal {
+
+class OpenSSLSocketImpl : public PollSocketImpl
+{
+public:
+  // See 'Socket::create()'.
+  static Try<std::shared_ptr<SocketImpl>> create(int_fd s);
+
+  OpenSSLSocketImpl(int_fd _s);
+  ~OpenSSLSocketImpl() override;
+
+  // Implement 'SocketImpl' interface.
+  Future<Nothing> connect(const Address& address) override;
+  Future<Nothing> connect(
+      const Address& address,
+      const openssl::TLSClientConfig& config) override;
+
+  Future<size_t> recv(char* data, size_t size) override;
+  Future<size_t> send(const char* data, size_t size) override;
+  Future<size_t> sendfile(int_fd fd, off_t offset, size_t size) override;
+  Future<std::shared_ptr<SocketImpl>> accept() override;
+  SocketImpl::Kind kind() const override { return SocketImpl::Kind::SSL; }
+
+  // Shuts down the socket.
+  //
+  // NOTE: Although this method accepts an integer which specifies the
+  // shutdown mode, this parameter is ignored because SSL connections
+  // do not have a concept of read/write-only shutdown. If either end
+  // of the socket is closed, then the futures of any outstanding read
+  // requests will be completed (possibly as failures).
+  Try<Nothing, SocketError> shutdown(int how) override;
+};
+
+} // namespace internal {
+} // namespace network {
+} // namespace process {
+
+#endif // __SSL_SOCKET_WRAPPER__