Gearman

Merge lp:~brianaker/gearmand/ssl-update into lp:gearmand

  1. ssl-update
  2. Merge into 1.2
Proposed by Brian Aker
Status: Merged
Merged at revision: 805
Proposed branch: lp:~brianaker/gearmand/ssl-update
Merge into: lp:gearmand
Diff against target: 875 lines (+340/-130)
22 files modified
Makefile.am (+2/-2)
configure.ac (+13/-5)
libgearman-server/io.cc (+67/-20)
libgearman-server/log.cc (+22/-28)
libgearman-server/plugins/protocol/gear/protocol.cc (+27/-15)
libgearman-server/plugins/protocol/gear/protocol.h (+3/-0)
libgearman/client.hpp (+14/-0)
libgearman/connection.cc (+13/-5)
libgearman/error.hpp (+1/-1)
libgearman/interface/universal.hpp (+50/-10)
libgearman/ostream.hpp (+1/-0)
libgearman/ssl.h (+0/-5)
libgearman/universal.cc (+24/-22)
libgearman/vector.hpp (+5/-0)
libgearman/worker.hpp (+12/-0)
libtest/client.cc (+17/-16)
libtest/gearmand.cc (+3/-0)
libtest/include.am (+1/-0)
libtest/is_local.cc (+17/-0)
libtest/ssl.h (+45/-0)
libtest/test.hpp (+2/-0)
tests/libgearman-1.0/client_test.cc (+1/-1)
To merge this branch: bzr merge lp:~brianaker/gearmand/ssl-update
Reviewer Review Type Date Requested Status
Tangent Trunk Pending
Review via email: mp+173294@code.launchpad.net
To post a comment you must log in.
lp:~brianaker/gearmand/ssl-update updated
805. By Tangent.Org Continuous Integration

Merge lp:~brianaker/gearmand/ssl-update Build: jenkins-Gearmand-703

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'Makefile.am'
--- Makefile.am 2013-06-05 21:59:31 +0000
+++ Makefile.am 2013-07-06 00:44:27 +0000
@@ -78,8 +78,8 @@
78 echo '#define GEARMAND_CA_CERTIFICATE "$(sysconfdir)/ssl/certs/gearmand-ca.pem"'; \78 echo '#define GEARMAND_CA_CERTIFICATE "$(sysconfdir)/ssl/certs/gearmand-ca.pem"'; \
79 echo '#define GEARMAND_SERVER_PEM "$(sysconfdir)/ssl/certs/gearmand.pem"'; \79 echo '#define GEARMAND_SERVER_PEM "$(sysconfdir)/ssl/certs/gearmand.pem"'; \
80 echo '#define GEARMAND_SERVER_KEY "$(sysconfdir)/ssl/certs/gearmand.key"'; \80 echo '#define GEARMAND_SERVER_KEY "$(sysconfdir)/ssl/certs/gearmand.key"'; \
81 echo '#define GEARMAND_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \81 echo '#define GEARMAN_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \
82 echo '#define GEARMAND_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \82 echo '#define GEARMAN_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \
83 echo '#define LOCALSTATEDIR "$(localstatedir)"'; \83 echo '#define LOCALSTATEDIR "$(localstatedir)"'; \
84 echo '#define GEARMAND_PID "$(localstatedir)/gearmand.pid"'; \84 echo '#define GEARMAND_PID "$(localstatedir)/gearmand.pid"'; \
85 } | sed '/""/d' > $@-t85 } | sed '/""/d' > $@-t
8686
=== modified file 'configure.ac'
--- configure.ac 2013-06-30 22:09:00 +0000
+++ configure.ac 2013-07-06 00:44:27 +0000
@@ -226,15 +226,23 @@
226# Check for CyaSSL226# Check for CyaSSL
227AC_DEFUN([AX_ENABLE_SSL],227AC_DEFUN([AX_ENABLE_SSL],
228 [AC_PREREQ([2.63])dnl228 [AC_PREREQ([2.63])dnl
229 m4_define([_SSL_ENABLE_DEFAULT], [m4_if($1, no, no, no)])dnl
229 AC_ARG_ENABLE([ssl],230 AC_ARG_ENABLE([ssl],
230 [AS_HELP_STRING([--enable-ssl],231 [AS_HELP_STRING([--enable-ssl],
231 [Enable ssl support for Gearman --enable-debug (yes|no) @<:@default=no@:>@])],232 [Enable ssl support for Gearman @<:@default=]_SSL_ENABLE_DEFAULT[@:>@])],
232 [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl])],233 [AS_CASE([$enableval],
233 [AC_MSG_WARN([ssl will not be enabled])])234 [yes],[enable_ssl=yes],
235 [no],[enable_ssl=no],
236 [enable_ssl=no])
237 ],
238 [enable_ssl=]_SSL_ENABLE_DEFAULT)
239 AS_IF([test "x${enable_ssl}" = "xyes"],
240 [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl],[],
241 [AC_MSG_ERROR([Unable to find cyassl])
242 enable_ssl=no])])
234 ])243 ])
235AX_ENABLE_SSL244AX_ENABLE_SSL
236#AC_SUBST([CYASSL])245
237#AC_SUBST([CYASSL_LIB])
238AX_ENABLE_LIBMEMCACHED246AX_ENABLE_LIBMEMCACHED
239247
240AC_DEFINE([GEARMAND_BLOBSLAP_WORKER],[1],[Have Gearman Blobslap Worker])248AC_DEFINE([GEARMAND_BLOBSLAP_WORKER],[1],[Have Gearman Blobslap Worker])
241249
=== modified file 'libgearman-server/io.cc'
--- libgearman-server/io.cc 2013-06-26 23:50:02 +0000
+++ libgearman-server/io.cc 2013-07-06 00:44:27 +0000
@@ -242,6 +242,7 @@
242 return GEARMAND_ERRNO;242 return GEARMAND_ERRNO;
243243
244 case gearmand_io_st::GEARMAND_CON_UNIVERSAL_CONNECTED:244 case gearmand_io_st::GEARMAND_CON_UNIVERSAL_CONNECTED:
245 uint32_t loop_counter= 0;
245 while (connection->send_buffer_size)246 while (connection->send_buffer_size)
246 {247 {
247 ssize_t write_size;248 ssize_t write_size;
@@ -249,6 +250,37 @@
249 if (con->_ssl)250 if (con->_ssl)
250 {251 {
251 write_size= CyaSSL_send(con->_ssl, connection->send_buffer_ptr, connection->send_buffer_size, MSG_NOSIGNAL|MSG_DONTWAIT);252 write_size= CyaSSL_send(con->_ssl, connection->send_buffer_ptr, connection->send_buffer_size, MSG_NOSIGNAL|MSG_DONTWAIT);
253
254 // I consider this to be a bug in CyaSSL_send() that is uses a zero in this manner
255 if (write_size <= 0)
256 {
257 int err;
258 switch ((err= CyaSSL_get_error(con->_ssl, write_size)))
259 {
260 case SSL_ERROR_WANT_CONNECT:
261 case SSL_ERROR_WANT_ACCEPT:
262 write_size= -1;
263 errno= EAGAIN;
264 break;
265
266 case SSL_ERROR_WANT_WRITE:
267 case SSL_ERROR_WANT_READ:
268 write_size= -1;
269 errno= EAGAIN;
270 break;
271
272 default:
273 {
274 char errorString[80];
275 CyaSSL_ERR_error_string(err, errorString);
276 _connection_close(connection);
277 return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s:%s SSL failure(%s)",
278 connection->context == NULL ? "-" : connection->context->host,
279 connection->context == NULL ? "-" : connection->context->port,
280 errorString);
281 }
282 }
283 }
252 }284 }
253 else285 else
254#endif286#endif
@@ -258,9 +290,17 @@
258290
259 if (write_size == 0) // detect infinite loop?291 if (write_size == 0) // detect infinite loop?
260 {292 {
261 gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes to peer %s:%s",293 ++loop_counter;
294 gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes of %u to peer %s:%s",
295 uint32_t(connection->send_buffer_size),
262 connection->context == NULL ? "-" : connection->context->host,296 connection->context == NULL ? "-" : connection->context->host,
263 connection->context == NULL ? "-" : connection->context->port);297 connection->context == NULL ? "-" : connection->context->port);
298
299 if (loop_counter > 5)
300 {
301 _connection_close(connection);
302 return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "send() failed to send data");
303 }
264 continue;304 continue;
265 }305 }
266 else if (write_size == -1)306 else if (write_size == -1)
@@ -268,6 +308,9 @@
268 int local_errno= errno;308 int local_errno= errno;
269 switch (local_errno)309 switch (local_errno)
270 {310 {
311#if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN
312 case EWOULDBLOCK:
313#endif
271 case EAGAIN:314 case EAGAIN:
272 {315 {
273 gearmand_error_t gret= gearmand_io_set_events(con, POLLOUT);316 gearmand_error_t gret= gearmand_io_set_events(con, POLLOUT);
@@ -706,7 +749,10 @@
706 }749 }
707 return ret;750 return ret;
708 }751 }
709 gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "read %lu bytes", (unsigned long)recv_size);752 gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "%s:%s read %lu bytes",
753 connection->context == NULL ? "-" : connection->context->host,
754 connection->context == NULL ? "-" : connection->context->port,
755 (unsigned long)recv_size);
710756
711 connection->recv_buffer_size+= recv_size;757 connection->recv_buffer_size+= recv_size;
712 }758 }
@@ -927,24 +973,25 @@
927973
928void gearmand_sockfd_close(int& sockfd)974void gearmand_sockfd_close(int& sockfd)
929{975{
930 if (sockfd == INVALID_SOCKET)976 if (sockfd != INVALID_SOCKET)
931 {977 {
932 gearmand_error("gearmand_sockfd_close() called with an invalid socket");978 /* in case of death shutdown to avoid blocking at close() */
933 return;979 if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN)
934 }980 {
935981 gearmand_perror(errno, "shutdown");
936 /* in case of death shutdown to avoid blocking at close() */982 assert(errno != ENOTSOCK);
937 if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN)983 }
938 {984 else if (closesocket(sockfd) == SOCKET_ERROR)
939 gearmand_perror(errno, "shutdown");985 {
940 assert(errno != ENOTSOCK);986 gearmand_perror(errno, "close");
941 }987 }
942 else if (closesocket(sockfd) == SOCKET_ERROR)988
943 {989 sockfd= INVALID_SOCKET;
944 gearmand_perror(errno, "close");990 }
945 }991 else
946992 {
947 sockfd= INVALID_SOCKET;993 gearmand_warning("gearmand_sockfd_close() called with an invalid socket");
994 }
948}995}
949996
950void gearmand_pipe_close(int& pipefd)997void gearmand_pipe_close(int& pipefd)
951998
=== modified file 'libgearman-server/log.cc'
--- libgearman-server/log.cc 2013-06-10 22:49:06 +0000
+++ libgearman-server/log.cc 2013-07-06 00:44:27 +0000
@@ -116,6 +116,26 @@
116 return GEARMAND_INVALID_ARGUMENT;116 return GEARMAND_INVALID_ARGUMENT;
117}117}
118118
119static gearmand_error_t __errno_to_gearmand_error_t(int local_errno)
120{
121 gearmand_error_t error_to_report= GEARMAND_ERRNO;
122
123 switch (local_errno)
124 {
125 case ENOMEM:
126 error_to_report= GEARMAND_MEMORY_ALLOCATION_FAILURE;
127
128 case ECONNRESET:
129 case EHOSTDOWN:
130 error_to_report= GEARMAND_LOST_CONNECTION;
131
132 default:
133 break;
134 }
135
136 return error_to_report;
137}
138
119/**139/**
120 * Log a message.140 * Log a message.
121 *141 *
@@ -303,20 +323,7 @@
303 }323 }
304 }324 }
305325
306 switch (local_errno)326 return __errno_to_gearmand_error_t(local_errno);
307 {
308 case ENOMEM:
309 return GEARMAND_MEMORY_ALLOCATION_FAILURE;
310
311 case ECONNRESET:
312 case EHOSTDOWN:
313 return GEARMAND_LOST_CONNECTION;
314
315 default:
316 break;
317 }
318
319 return GEARMAND_ERRNO;
320}327}
321328
322gearmand_error_t gearmand_log_error(const char *position, const char *function, const char *format, ...)329gearmand_error_t gearmand_log_error(const char *position, const char *function, const char *format, ...)
@@ -415,20 +422,7 @@
415 }422 }
416 }423 }
417424
418 switch (local_errno)425 return __errno_to_gearmand_error_t(local_errno);
419 {
420 case ENOMEM:
421 return GEARMAND_MEMORY_ALLOCATION_FAILURE;
422
423 case ECONNRESET:
424 case EHOSTDOWN:
425 return GEARMAND_LOST_CONNECTION;
426
427 default:
428 break;
429 }
430
431 return GEARMAND_ERRNO;
432}426}
433427
434gearmand_error_t gearmand_log_gerror(const char *position, const char *function, const gearmand_error_t rc, const char *format, ...)428gearmand_error_t gearmand_log_gerror(const char *position, const char *function, const gearmand_error_t rc, const char *format, ...)
435429
=== modified file 'libgearman-server/plugins/protocol/gear/protocol.cc'
--- libgearman-server/plugins/protocol/gear/protocol.cc 2013-06-30 02:48:43 +0000
+++ libgearman-server/plugins/protocol/gear/protocol.cc 2013-07-06 00:44:27 +0000
@@ -312,7 +312,7 @@
312 {312 {
313 if ((connection->_ssl= CyaSSL_new(Gearmand()->ctx_ssl())) == NULL)313 if ((connection->_ssl= CyaSSL_new(Gearmand()->ctx_ssl())) == NULL)
314 {314 {
315 return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_new() failed");315 return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_MEMORY_ALLOCATION_FAILURE, "CyaSSL_new() failed to return a valid object");
316 }316 }
317317
318 CyaSSL_set_fd(connection->_ssl, connection->con.fd);318 CyaSSL_set_fd(connection->_ssl, connection->con.fd);
@@ -331,7 +331,7 @@
331 int cyassl_error= CyaSSL_get_error(connection->_ssl, 0);331 int cyassl_error= CyaSSL_get_error(connection->_ssl, 0);
332 char cyassl_error_buffer[1024]= { 0 };332 char cyassl_error_buffer[1024]= { 0 };
333 CyaSSL_ERR_error_string(cyassl_error, cyassl_error_buffer);333 CyaSSL_ERR_error_string(cyassl_error, cyassl_error_buffer);
334 return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "%s(%d)", cyassl_error_buffer, cyassl_error);334 return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s(%d)", cyassl_error_buffer, cyassl_error);
335 }335 }
336 }336 }
337 gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "GearSSL connection made: %d", connection->con.fd);337 gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "GearSSL connection made: %d", connection->con.fd);
@@ -349,6 +349,9 @@
349Gear::Gear() :349Gear::Gear() :
350 Plugin("Gear"),350 Plugin("Gear"),
351 _port(GEARMAN_DEFAULT_TCP_PORT_STRING),351 _port(GEARMAN_DEFAULT_TCP_PORT_STRING),
352 _ssl_ca_file(GEARMAND_CA_CERTIFICATE),
353 _ssl_certificate(GEARMAND_SERVER_PEM),
354 _ssl_key(GEARMAND_SERVER_KEY),
352 opt_ssl(false)355 opt_ssl(false)
353 {356 {
354 command_line_options().add_options()357 command_line_options().add_options()
@@ -356,6 +359,12 @@
356 "Port the server should listen on.")359 "Port the server should listen on.")
357 ("ssl", boost::program_options::bool_switch(&opt_ssl)->default_value(false),360 ("ssl", boost::program_options::bool_switch(&opt_ssl)->default_value(false),
358 "Enable ssl connections.")361 "Enable ssl connections.")
362 ("ssl-ca-file", boost::program_options::value(&_ssl_ca_file),
363 "CA file.")
364 ("ssl-certificate", boost::program_options::value(&_ssl_certificate),
365 "SSL certificate.")
366 ("ssl-key", boost::program_options::value(&_ssl_key),
367 "SSL key for certificate.")
359 ;368 ;
360 }369 }
361370
@@ -400,20 +409,23 @@
400 {409 {
401 gearmand->init_ssl();410 gearmand->init_ssl();
402411
403 if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS)412 if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), _ssl_ca_file.c_str(), 0) != SSL_SUCCESS)
404 {413 {
405 gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", GEARMAND_CA_CERTIFICATE);414 gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", _ssl_ca_file.c_str());
406 }415 }
407416 gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading CA certificate : %s", _ssl_ca_file.c_str());
408 if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), GEARMAND_SERVER_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)417
409 { 418 if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), _ssl_certificate.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
410 gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", GEARMAND_SERVER_PEM);419 {
411 }420 gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", _ssl_certificate.c_str());
412421 }
413 if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), GEARMAND_SERVER_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS)422 gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate : %s", _ssl_certificate.c_str());
414 { 423
415 gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", GEARMAND_SERVER_KEY);424 if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), _ssl_key.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
416 }425 {
426 gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", _ssl_key.c_str());
427 }
428 gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate key : %s", _ssl_key.c_str());
417429
418 assert(gearmand->ctx_ssl());430 assert(gearmand->ctx_ssl());
419 }431 }
420432
=== modified file 'libgearman-server/plugins/protocol/gear/protocol.h'
--- libgearman-server/plugins/protocol/gear/protocol.h 2013-06-05 21:59:31 +0000
+++ libgearman-server/plugins/protocol/gear/protocol.h 2013-07-06 00:44:27 +0000
@@ -58,6 +58,9 @@
5858
59private:59private:
60 std::string _port;60 std::string _port;
61 std::string _ssl_ca_file;
62 std::string _ssl_certificate;
63 std::string _ssl_key;
61 bool opt_ssl;64 bool opt_ssl;
62};65};
6366
6467
=== modified file 'libgearman/client.hpp'
--- libgearman/client.hpp 2013-03-15 21:54:07 +0000
+++ libgearman/client.hpp 2013-07-06 00:44:27 +0000
@@ -56,6 +56,8 @@
56 {56 {
57 throw std::runtime_error("gearman_client_create() failed");57 throw std::runtime_error("gearman_client_create() failed");
58 }58 }
59
60 enable_ssl();
59 }61 }
6062
61 Client(const gearman_client_st* arg)63 Client(const gearman_client_st* arg)
@@ -66,6 +68,8 @@
66 {68 {
67 throw std::runtime_error("gearman_client_create() failed");69 throw std::runtime_error("gearman_client_create() failed");
68 }70 }
71
72 enable_ssl();
69 }73 }
7074
71 Client(in_port_t arg)75 Client(in_port_t arg)
@@ -77,6 +81,8 @@
77 throw std::runtime_error("gearman_client_create() failed");81 throw std::runtime_error("gearman_client_create() failed");
78 }82 }
79 gearman_client_add_server(_client, "localhost", arg);83 gearman_client_add_server(_client, "localhost", arg);
84
85 enable_ssl();
80 }86 }
8187
82 gearman_client_st* operator&() const88 gearman_client_st* operator&() const
@@ -94,6 +100,14 @@
94 gearman_client_free(_client);100 gearman_client_free(_client);
95 }101 }
96102
103 void enable_ssl()
104 {
105 if (getenv("GEARMAND_CA_CERTIFICATE"))
106 {
107 gearman_client_add_options(_client, GEARMAN_CLIENT_SSL);
108 }
109 }
110
97private:111private:
98 gearman_client_st *_client;112 gearman_client_st *_client;
99113
100114
=== modified file 'libgearman/connection.cc'
--- libgearman/connection.cc 2013-06-30 05:13:06 +0000
+++ libgearman/connection.cc 2013-07-06 00:44:27 +0000
@@ -821,14 +821,21 @@
821 if (_ssl)821 if (_ssl)
822 {822 {
823 write_size= CyaSSL_send(_ssl, send_buffer_ptr, send_buffer_size, MSG_NOSIGNAL);823 write_size= CyaSSL_send(_ssl, send_buffer_ptr, send_buffer_size, MSG_NOSIGNAL);
824 if (write_size < 0)824 if (write_size <= 0)
825 {825 {
826 int err;826 int err;
827 switch ((err= CyaSSL_get_error(_ssl, 0)))827 switch ((err= CyaSSL_get_error(_ssl, write_size)))
828 {828 {
829 case SSL_ERROR_WANT_CONNECT:
830 case SSL_ERROR_WANT_ACCEPT:
831 write_size= -1;
832 errno= EAGAIN;
833 break;
834
829 case SSL_ERROR_WANT_WRITE:835 case SSL_ERROR_WANT_WRITE:
830 case SSL_ERROR_WANT_READ:836 case SSL_ERROR_WANT_READ:
831 errno= EWOULDBLOCK;837 write_size= -1;
838 errno= EAGAIN;
832 break;839 break;
833840
834 default:841 default:
@@ -1069,6 +1076,7 @@
10691076
1070 if (data_size != recv_size)1077 if (data_size != recv_size)
1071 {1078 {
1079 // @note fix this to test for error before blindly doing this opperation
1072 recv_size+= recv_socket(static_cast<uint8_t *>(const_cast<void *>(data)) + recv_size, data_size - recv_size, ret);1080 recv_size+= recv_socket(static_cast<uint8_t *>(const_cast<void *>(data)) + recv_size, data_size - recv_size, ret);
1073 recv_data_offset+= recv_size;1081 recv_data_offset+= recv_size;
1074 }1082 }
@@ -1098,9 +1106,9 @@
1098 if (_ssl)1106 if (_ssl)
1099 {1107 {
1100 read_size= CyaSSL_recv(_ssl, data, data_size, MSG_DONTWAIT);1108 read_size= CyaSSL_recv(_ssl, data, data_size, MSG_DONTWAIT);
1101 if (read_size < 0)1109 if (read_size <= 0)
1102 {1110 {
1103 int sendErr= CyaSSL_get_error(_ssl, 0);1111 int sendErr= CyaSSL_get_error(_ssl, read_size);
1104 if (sendErr != SSL_ERROR_WANT_READ)1112 if (sendErr != SSL_ERROR_WANT_READ)
1105 {1113 {
1106 char errorString[80];1114 char errorString[80];
11071115
=== modified file 'libgearman/error.hpp'
--- libgearman/error.hpp 2013-07-02 23:51:10 +0000
+++ libgearman/error.hpp 2013-07-06 00:44:27 +0000
@@ -40,7 +40,7 @@
4040
41#define STRINGIFY(x) #x41#define STRINGIFY(x) #x
42#define TOSTRING(x) STRINGIFY(x)42#define TOSTRING(x) STRINGIFY(x)
43#define AT __FILE__ ":" TOSTRING(__LINE__)43#define AT __FILE__ ":" TOSTRING(__LINE__) ":"
44#define GEARMAN_AT __func__, AT44#define GEARMAN_AT __func__, AT
4545
46#define gearman_perror(__universal, __message) gearman_universal_set_perror((__universal), __func__, AT, (__message))46#define gearman_perror(__universal, __message) gearman_universal_set_perror((__universal), __func__, AT, (__message))
4747
=== modified file 'libgearman/interface/universal.hpp'
--- libgearman/interface/universal.hpp 2013-06-05 21:59:31 +0000
+++ libgearman/interface/universal.hpp 2013-07-06 00:44:27 +0000
@@ -43,6 +43,7 @@
43#include "libgearman/interface/packet.hpp"43#include "libgearman/interface/packet.hpp"
44#include "libgearman/vector.h" 44#include "libgearman/vector.h"
45#include "libgearman/assert.hpp" 45#include "libgearman/assert.hpp"
46#include "libgearman/ssl.h"
4647
47enum universal_options_t48enum universal_options_t
48{49{
@@ -201,20 +202,59 @@
201 options_++;202 options_++;
202 }203 }
203 }204 }
204205 }
205 // Only does something if SSL has been enabled.206
206 bool ret= init_ssl();207 const char* ssl_ca_file() const
207 if (ret == false)208 {
208 {209 if (getenv("GEARMAND_CA_CERTIFICATE"))
209 abort();210 {
210 }211 return getenv("GEARMAND_CA_CERTIFICATE");
211 }212 }
212213
214 return GEARMAND_CA_CERTIFICATE;
215 }
216
217 const char* ssl_certificate() const
218 {
219 if (getenv("GEARMAN_CLIENT_PEM"))
220 {
221 return getenv("GEARMAN_CLIENT_PEM");
222 }
223
224 return GEARMAN_CLIENT_PEM;
225 }
226
227 const char* ssl_key() const
228 {
229 if (getenv("GEARMAN_CLIENT_KEY"))
230 {
231 return getenv("GEARMAN_CLIENT_KEY");
232 }
233
234 return GEARMAN_CLIENT_KEY;
235 }
236
237private:
213 bool init_ssl();238 bool init_ssl();
214239
240public:
215 struct CYASSL_CTX* ctx_ssl() 241 struct CYASSL_CTX* ctx_ssl()
216 {242 {
217 return _ctx_ssl;243 if (ssl())
244 {
245 if (_ctx_ssl == NULL)
246 {
247 if (init_ssl() == false)
248 {
249 abort();
250 }
251 }
252 assert(_ctx_ssl);
253
254 return _ctx_ssl;
255 }
256
257 return NULL;
218 }258 }
219259
220 ~gearman_universal_st();260 ~gearman_universal_st();
221261
=== modified file 'libgearman/ostream.hpp'
--- libgearman/ostream.hpp 2012-11-12 06:50:33 +0000
+++ libgearman/ostream.hpp 2013-07-06 00:44:27 +0000
@@ -43,6 +43,7 @@
43static inline std::ostream& operator<<(std::ostream& output, const gearman_packet_st &arg)43static inline std::ostream& operator<<(std::ostream& output, const gearman_packet_st &arg)
44{44{
45 const char* command_str;45 const char* command_str;
46 // gearman_strcommand()
46 switch(arg.command)47 switch(arg.command)
47 {48 {
48 case GEARMAN_COMMAND_TEXT: command_str= "GEARMAN_COMMAND_TEXT";49 case GEARMAN_COMMAND_TEXT: command_str= "GEARMAN_COMMAND_TEXT";
4950
=== modified file 'libgearman/ssl.h'
--- libgearman/ssl.h 2013-06-05 21:59:31 +0000
+++ libgearman/ssl.h 2013-07-06 00:44:27 +0000
@@ -42,8 +42,3 @@
42#endif42#endif
4343
44#include "configmake.h"44#include "configmake.h"
45
46#define CA_CERT_PEM GEARMAND_CA_CERTIFICATE
47#define CERT_PEM GEARMAND_CLIENT_PEM
48#define CERT_KEY_PEM GEARMAND_CLIENT_PEM
49
5045
=== modified file 'libgearman/universal.cc'
--- libgearman/universal.cc 2013-07-02 23:16:11 +0000
+++ libgearman/universal.cc 2013-07-06 00:44:27 +0000
@@ -409,6 +409,8 @@
409 {409 {
410 CyaSSL_CTX_free(_ctx_ssl);410 CyaSSL_CTX_free(_ctx_ssl);
411 }411 }
412#else
413 assert(_ctx_ssl == NULL);
412#endif414#endif
413}415}
414416
@@ -438,32 +440,32 @@
438440
439bool gearman_universal_st::init_ssl()441bool gearman_universal_st::init_ssl()
440{442{
441 if (options._ssl)443 if (ssl())
442 {444 {
443#if defined(HAVE_CYASSL) && HAVE_CYASSL445#if defined(HAVE_CYASSL) && HAVE_CYASSL
444 CyaSSL_Init();446 CyaSSL_Init();
445447
446 if ((_ctx_ssl = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL)448 if ((_ctx_ssl= CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL)
447 {449 {
448 gearman_error(*this, GEARMAN_INVALID_ARGUMENT, "CyaTLSv1_client_method()");450 gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "CyaTLSv1_client_method() failed");
449 return false;451 return false;
450 }452 }
451453
452 if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS)454 if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, ssl_ca_file(), 0) != SSL_SUCCESS)
453 {455 {
454 gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CA_CERT_PEM);456 gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load CA certificate %s", ssl_ca_file());
455 return false;457 return false;
456 }458 }
457459
458 if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, GEARMAND_CLIENT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)460 if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, ssl_certificate(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
459 { 461 {
460 gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_PEM);462 gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate %s", ssl_certificate());
461 return false;463 return false;
462 }464 }
463465
464 if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, GEARMAND_CLIENT_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS)466 if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, ssl_key(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
465 { 467 {
466 gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_KEY_PEM);468 gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate key %s", ssl_key());
467 return false;469 return false;
468 }470 }
469#endif // defined(HAVE_CYASSL) && HAVE_CYASSL471#endif // defined(HAVE_CYASSL) && HAVE_CYASSL
470472
=== modified file 'libgearman/vector.hpp'
--- libgearman/vector.hpp 2013-05-07 09:50:42 +0000
+++ libgearman/vector.hpp 2013-07-06 00:44:27 +0000
@@ -104,6 +104,11 @@
104 return string;104 return string;
105 }105 }
106106
107 const char* c_str() const
108 {
109 return string;
110 }
111
107 const void* void_ptr() const112 const void* void_ptr() const
108 {113 {
109 return (const void*)string;114 return (const void*)string;
110115
=== modified file 'libgearman/worker.hpp'
--- libgearman/worker.hpp 2013-03-15 21:54:07 +0000
+++ libgearman/worker.hpp 2013-07-06 00:44:27 +0000
@@ -55,6 +55,8 @@
55 {55 {
56 throw std::runtime_error("gearman_worker_create() failed");56 throw std::runtime_error("gearman_worker_create() failed");
57 }57 }
58
59 enable_ssl();
58 }60 }
5961
60 Worker(in_port_t arg)62 Worker(in_port_t arg)
@@ -66,6 +68,8 @@
66 throw std::runtime_error("gearman_worker_create() failed");68 throw std::runtime_error("gearman_worker_create() failed");
67 }69 }
68 gearman_worker_add_server(_worker, "localhost", arg);70 gearman_worker_add_server(_worker, "localhost", arg);
71
72 enable_ssl();
69 }73 }
7074
71 gearman_worker_st* operator&() const75 gearman_worker_st* operator&() const
@@ -83,6 +87,14 @@
83 gearman_worker_free(_worker);87 gearman_worker_free(_worker);
84 }88 }
8589
90 void enable_ssl()
91 {
92 if (getenv("GEARMAND_CA_CERTIFICATE"))
93 {
94 gearman_worker_add_options(_worker, GEARMAN_WORKER_SSL);
95 }
96 }
97
86private:98private:
87 gearman_worker_st *_worker;99 gearman_worker_st *_worker;
88100
89101
=== modified file 'libtest/client.cc'
--- libtest/client.cc 2013-06-05 21:59:31 +0000
+++ libtest/client.cc 2013-07-06 00:44:27 +0000
@@ -54,10 +54,6 @@
54# include <cyassl/ssl.h>54# include <cyassl/ssl.h>
55#endif55#endif
5656
57#define CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem"
58#define CERT_PEM "/home/brian/cyassl/certs/server-cert.pem"
59#define CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem"
60
61namespace libtest {57namespace libtest {
6258
63SimpleClient::SimpleClient(const std::string& hostname_, in_port_t port_) :59SimpleClient::SimpleClient(const std::string& hostname_, in_port_t port_) :
@@ -72,6 +68,11 @@
72 _ctx_ssl(NULL),68 _ctx_ssl(NULL),
73 _ssl(NULL)69 _ssl(NULL)
74{70{
71 if (is_ssl())
72 {
73 _is_ssl= true;
74 }
75
75 init_ssl();76 init_ssl();
76}77}
7778
@@ -87,19 +88,19 @@
87 FATAL("CyaSSL_CTX_new error" == NULL);88 FATAL("CyaSSL_CTX_new error" == NULL);
88 }89 }
8990
90 if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, CA_CERT_PEM, 0) != SSL_SUCCESS)91 if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, YATL_CA_CERT_PEM, 0) != SSL_SUCCESS)
91 {92 {
92 FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", CA_CERT_PEM);93 FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", YATL_CA_CERT_PEM);
93 }94 }
9495
95 if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)96 if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, YATL_CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
96 { 97 {
97 FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", CERT_PEM);98 FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", YATL_CERT_PEM);
98 }99 }
99100
100 if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)101 if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, YATL_CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
101 { 102 {
102 FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", CERT_KEY_PEM);103 FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", YATL_CERT_KEY_PEM);
103 }104 }
104#endif // defined(HAVE_CYASSL) && HAVE_CYASSL105#endif // defined(HAVE_CYASSL) && HAVE_CYASSL
105 }106 }
106107
=== modified file 'libtest/gearmand.cc'
--- libtest/gearmand.cc 2013-06-05 21:59:31 +0000
+++ libtest/gearmand.cc 2013-07-06 00:44:27 +0000
@@ -150,6 +150,9 @@
150 if (is_ssl())150 if (is_ssl())
151 {151 {
152 add_option("--ssl");152 add_option("--ssl");
153 add_option("--ssl-ca-file=" YATL_CA_CERT_PEM);
154 add_option("--ssl-certificate=" YATL_CERT_PEM);
155 add_option("--ssl-key=" YATL_CERT_KEY_PEM);
153 }156 }
154157
155 return true;158 return true;
156159
=== modified file 'libtest/include.am'
--- libtest/include.am 2013-07-03 03:54:06 +0000
+++ libtest/include.am 2013-07-06 00:44:27 +0000
@@ -94,6 +94,7 @@
94noinst_HEADERS+= libtest/server_container.h94noinst_HEADERS+= libtest/server_container.h
95noinst_HEADERS+= libtest/signal.h95noinst_HEADERS+= libtest/signal.h
96noinst_HEADERS+= libtest/socket.hpp96noinst_HEADERS+= libtest/socket.hpp
97noinst_HEADERS+= libtest/ssl.h
97noinst_HEADERS+= libtest/stream.h98noinst_HEADERS+= libtest/stream.h
98noinst_HEADERS+= libtest/strerror.h99noinst_HEADERS+= libtest/strerror.h
99noinst_HEADERS+= libtest/string.hpp100noinst_HEADERS+= libtest/string.hpp
100101
=== modified file 'libtest/is_local.cc'
--- libtest/is_local.cc 2013-06-05 21:59:31 +0000
+++ libtest/is_local.cc 2013-07-06 00:44:27 +0000
@@ -60,6 +60,23 @@
60void is_ssl(bool arg)60void is_ssl(bool arg)
61{61{
62 _is_ssl= arg;62 _is_ssl= arg;
63
64 if (_is_ssl)
65 {
66 setenv("GEARMAND_CA_CERTIFICATE", YATL_CA_CERT_PEM, false);
67 setenv("GEARMAND_SERVER_PEM", YATL_CERT_PEM, false);
68 setenv("GEARMAND_SERVER_KEY", YATL_CERT_KEY_PEM, false);
69 setenv("GEARMAND_CLIENT_PEM", YATL_CERT_PEM, false);
70 setenv("GEARMAND_CLIENT_KEY", YATL_CERT_KEY_PEM, false);
71 }
72 else
73 {
74 unsetenv("GEARMAND_CA_CERTIFICATE");
75 unsetenv("GEARMAND_SERVER_PEM");
76 unsetenv("GEARMAND_SERVER_KEY");
77 unsetenv("GEARMAND_CLIENT_PEM");
78 unsetenv("GEARMAND_CLIENT_KEY");
79 }
63}80}
6481
65bool is_ssl()82bool is_ssl()
6683
=== added file 'libtest/ssl.h'
--- libtest/ssl.h 1970-01-01 00:00:00 +0000
+++ libtest/ssl.h 2013-07-06 00:44:27 +0000
@@ -0,0 +1,45 @@
1/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
2 *
3 * Data Differential YATL (i.e. libtest) library
4 *
5 * Copyright (C) 2013 Data Differential, http://datadifferential.com/
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are
9 * met:
10 *
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * * Redistributions in binary form must reproduce the above
15 * copyright notice, this list of conditions and the following disclaimer
16 * in the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * * The names of its contributors may not be used to endorse or
20 * promote products derived from this software without specific prior
21 * written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
29 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
30 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
31 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
32 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
33 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 *
35 */
36
37/*
38 Location of ssl certs during testing.
39*/
40
41#pragma once
42
43#define YATL_CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem"
44#define YATL_CERT_PEM "/home/brian/cyassl/certs/server-cert.pem"
45#define YATL_CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem"
046
=== modified file 'libtest/test.hpp'
--- libtest/test.hpp 2013-05-03 06:03:28 +0000
+++ libtest/test.hpp 2013-07-06 00:44:27 +0000
@@ -100,3 +100,5 @@
100#include <libtest/tmpfile.hpp>100#include <libtest/tmpfile.hpp>
101#include <libtest/client.hpp>101#include <libtest/client.hpp>
102#include <libtest/thread.hpp>102#include <libtest/thread.hpp>
103#include <libtest/ssl.h>
104
103105
=== modified file 'tests/libgearman-1.0/client_test.cc'
--- tests/libgearman-1.0/client_test.cc 2013-06-28 19:13:48 +0000
+++ tests/libgearman-1.0/client_test.cc 2013-07-06 00:44:27 +0000
@@ -459,7 +459,7 @@
459459
460 ASSERT_EQ(GEARMAN_SUCCESS, rc);460 ASSERT_EQ(GEARMAN_SUCCESS, rc);
461461
462 test_truth(job_result);462 ASSERT_TRUE(job_result);
463 ASSERT_EQ(gearman_size(value), result_length);463 ASSERT_EQ(gearman_size(value), result_length);
464464
465 test_memcmp(gearman_c_str(value), job_result, gearman_size(value));465 test_memcmp(gearman_c_str(value), job_result, gearman_size(value));

Subscribers

People subscribed via source and target branches

to all changes: