You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Joseph Wu (Jira)" <ji...@apache.org> on 2019/10/09 21:34:00 UTC

[jira] [Comment Edited] (MESOS-10003) Design doc for SSL on Windows

    [ https://issues.apache.org/jira/browse/MESOS-10003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16948020#comment-16948020 ] 

Joseph Wu edited comment on MESOS-10003 at 10/9/19 9:33 PM:
------------------------------------------------------------

This is less of a design doc, and more of a design blurb, because the task here is to use the OpenSSL library directly.

Before proceeding, we will use OpenSSL's Basic I/O (BIO) abstraction a lot in this blurb, so reading this overview will help:
https://www.openssl.org/docs/man1.1.1/man7/bio.html

Our reference implementation is from libevent:
https://github.com/libevent/libevent/blob/master/bufferevent_openssl.c

We do not use all aspects of Libevent's SSL implementation.  We use the {{bufferevent_openssl_socket_new}} method, which is a thin wrapper around OpenSSL's {{BIO_new_socket}} and {{SSL_set_bio}} methods.
https://github.com/libevent/libevent/blob/master/bufferevent_openssl.c#L1441

{{BIO_new_socket}} takes a socket and transforms it into a source/sink BIO, while {{SSL_set_bio}} takes an SSL context and assigns the BIO to it, which allows use of methods like {{SSL_read}} and {{SSL_write}}.

Libevent also wraps a call to {{SSL_do_handshake}} when initializing a socket.

The role of libevent is to space out calls to read/write based on the bufferevents we give libevent.


was (Author: kaysoky):
This is less of a design doc, and more of a design blurb, because the task here is to use the OpenSSL library directly.

Before proceeding, we will use OpenSSL's Basic I/O (BIO) abstraction a lot in this blurb, so reading this overview will help:
https://www.openssl.org/docs/man1.1.1/man7/bio.html

Our reference implementation is from libevent:
https://github.com/libevent/libevent/blob/master/bufferevent_openssl.c

We do not use all aspects of Libevent's SSL implementation.  We use the {{bufferevent_openssl_socket_new}} method, which is a thin wrapper around OpenSSL's {{BIO_new_socket}} and {{SSL_set_bio}} methods.
https://github.com/libevent/libevent/blob/master/bufferevent_openssl.c#L1441

{{BIO_new_socket}} takes a socket and transforms it into a source/sink BIO, while {{SSL_set_bio}} takes an SSL context and assigns the BIO to it, which allows use of methods like {{SSL_read}} and {{SSL_write}}.

The role of libevent is to space out calls to read/write based on the bufferevents we give libevent.

> Design doc for SSL on Windows
> -----------------------------
>
>                 Key: MESOS-10003
>                 URL: https://issues.apache.org/jira/browse/MESOS-10003
>             Project: Mesos
>          Issue Type: Task
>          Components: libprocess
>            Reporter: Greg Mann
>            Assignee: Joseph Wu
>            Priority: Major
>              Labels: foundations
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)