You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Alex (JIRA)" <ji...@apache.org> on 2011/03/23 20:06:05 UTC
[jira] [Created] (THRIFT-1108) SSL support for the Ruby library
SSL support for the Ruby library
---------------------------------
Key: THRIFT-1108
URL: https://issues.apache.org/jira/browse/THRIFT-1108
Project: Thrift
Issue Type: Improvement
Components: Ruby - Library
Affects Versions: 0.6
Reporter: Alex
Priority: Minor
Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however for my purposes they work well.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Michael Stockton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13016075#comment-13016075 ]
Michael Stockton commented on THRIFT-1108:
------------------------------------------
Alex, I'm still not sure if your call to @handle.connect_nonblock will work on ruby-1.8.7 without using the openssl-nonblock gem. Can you clarify how this will work?
I was thinking more along the lines of having a method which a subclass can override which return what @handle should be -- whether than be an ssl socket or regular socket. This way, you avoid a superclass and subclass both defining @handle.
Have you though about supporting cert and key options? If not, it may be better to replace "ca=nil" in the constructor with "ssl_options = {}". Worst case, someone can add support later without affecting the constructor's arguments.
Your patch is looking better but we really need test code to go along with it. What problem are you having with rspec?
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex updated THRIFT-1108:
-------------------------
Attachment: (was: ssl_socket.rb)
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Michael Stockton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014688#comment-13014688 ]
Michael Stockton commented on THRIFT-1108:
------------------------------------------
Alex,
I'm not sure if it makes sense to use @handle.connect. You can't open an SSLSocket in a non-blocking fashion which makes the select loop and other logic pointless.
https://github.com/tarcieri/openssl-nonblock
It appears non-blocking methods were added to SSL in ruby-1.9.2. It would be nice to have this work with pre 1.9.2 so you have to add a dependency on the openssl-nonblock gem. With the nonblock gem or ruby-1.9.2, I think you'll be able to slim this patch down further if you merely make the same calls to an ssl socket or regular socket.
Can you also add some test code? See lib/rb/spec/.
Michael
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex updated THRIFT-1108:
-------------------------
Description: Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes. (was: Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however for my purposes they work well.)
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Attachments: ssl_server_socket.rb, ssl_socket.rb
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13020817#comment-13020817 ]
Alex commented on THRIFT-1108:
------------------------------
It seems that the Rakefile was written for a very old version of rspec, and as such it is not working on my system.
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Michael Stockton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014074#comment-13014074 ]
Michael Stockton commented on THRIFT-1108:
------------------------------------------
Alex,
Can you submit your changes as a diff? Patches are preferred over individual files.
I took a quick glance and it looks like your ssl_socket.rb is very similar to thrift/transport/socket.rb. I see room to de-duplicate a lot of code there. Same goes for ssl_server_socket.rb.
Michael
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_server_socket.rb, ssl_socket.rb
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014367#comment-13014367 ]
Alex commented on THRIFT-1108:
------------------------------
You made a good point about the code being duplicated. I've fixed it up a bit and attached it as a patch (against revision 1087555) as requested.
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13021834#comment-13021834 ]
Alex commented on THRIFT-1108:
------------------------------
When I get a chance I will put in that version specific behavior. Regarding the test case, I already figured out why the patch fails and have fixed the problem.
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex updated THRIFT-1108:
-------------------------
Attachment: ssl_support.diff
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Jake Farrell (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13115519#comment-13115519 ]
Jake Farrell commented on THRIFT-1108:
--------------------------------------
Alex, the ruby build has been reworked recently and should be easier for you to use on different systems. Can you add some test cases and make sure this works with each transport
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13014907#comment-13014907 ]
Alex commented on THRIFT-1108:
------------------------------
I've attached a patch that makes more sense. I did not add test code because I am unable to get the rspec stuff in the SVN repo working properly. If I can get it to work then I will create a spec and attach it.
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex updated THRIFT-1108:
-------------------------
Attachment: ssl_support.diff
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_server_socket.rb, ssl_socket.rb, ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex updated THRIFT-1108:
-------------------------
Attachment: ssl_server_socket.rb
ssl_socket.rb
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Attachments: ssl_server_socket.rb, ssl_socket.rb
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however for my purposes they work well.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (THRIFT-1108) SSL support for the
Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13020817#comment-13020817 ]
Alex edited comment on THRIFT-1108 at 4/18/11 5:57 PM:
-------------------------------------------------------
It seems that the Rakefile was written for a very old version of rspec, and as such it is not working on my system.
Regarding Ruby 1.8.7, I only use 1.9.2. This code may not be appropriate for inclusion in to the main, however I wanted it to be available to those who do use a more recent version of Ruby. I've made some changes to the patch as of late though, because the patch does not work as-is with a nonblocking server (and a framed transport). The problem is that calling select() on an OpenSSL BIO only works once (from what I can tell), and as a result you need to call sysread instead of readpartial and wrap it in a Timeout in the read method of Socket. I have tested my changes with both a SimpleServer and a NonblockingServer, and it seems to work fine. Do you want me to update this ticket with my changes, or do you want to discuss this via another medium?
was (Author: centromere):
It seems that the Rakefile was written for a very old version of rspec, and as such it is not working on my system.
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1108) SSL support for the Ruby library
Posted by "Michael Stockton (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13021782#comment-13021782 ]
Michael Stockton commented on THRIFT-1108:
------------------------------------------
We've tried to keep thrift working with 1.8 and 1.9. I think your patch would need to include support for both to be accepted. If you look at the gem I referenced, it merely adds nonblocking methods to OpenSSL::SSL::SSLSocket. You can use the RUBY_VERSION constant to conditionally require openssl-nonblock.
If you include a test case in your patch which fails, it may be easier for me to see the problem you're having. Again, for inclusion, we'd ideal want SSL support to work with each transport.
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex updated THRIFT-1108:
-------------------------
Attachment: (was: ssl_server_socket.rb)
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
> Attachments: ssl_support.diff
>
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1108) SSL support for the Ruby library
Posted by "Alex (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1108?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex updated THRIFT-1108:
-------------------------
Attachment: (was: ssl_support.diff)
> SSL support for the Ruby library
> ---------------------------------
>
> Key: THRIFT-1108
> URL: https://issues.apache.org/jira/browse/THRIFT-1108
> Project: Thrift
> Issue Type: Improvement
> Components: Ruby - Library
> Affects Versions: 0.6
> Reporter: Alex
> Priority: Minor
> Labels: ssl
>
> Attached are modified versions of the socket and server_socket files which include SSL support. I do not consider these implementations complete, however they work well for my purposes.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira