Merge lp:~brianaker/gearmand/ssl-update into lp:gearmand
- ssl-update
- Merge into 1.2
Proposed by
Brian Aker
Status: | Merged |
---|---|
Merged at revision: | 805 |
Proposed branch: | lp:~brianaker/gearmand/ssl-update |
Merge into: | lp:gearmand |
Diff against target: |
875 lines (+340/-130) 22 files modified
Makefile.am (+2/-2) configure.ac (+13/-5) libgearman-server/io.cc (+67/-20) libgearman-server/log.cc (+22/-28) libgearman-server/plugins/protocol/gear/protocol.cc (+27/-15) libgearman-server/plugins/protocol/gear/protocol.h (+3/-0) libgearman/client.hpp (+14/-0) libgearman/connection.cc (+13/-5) libgearman/error.hpp (+1/-1) libgearman/interface/universal.hpp (+50/-10) libgearman/ostream.hpp (+1/-0) libgearman/ssl.h (+0/-5) libgearman/universal.cc (+24/-22) libgearman/vector.hpp (+5/-0) libgearman/worker.hpp (+12/-0) libtest/client.cc (+17/-16) libtest/gearmand.cc (+3/-0) libtest/include.am (+1/-0) libtest/is_local.cc (+17/-0) libtest/ssl.h (+45/-0) libtest/test.hpp (+2/-0) tests/libgearman-1.0/client_test.cc (+1/-1) |
To merge this branch: | bzr merge lp:~brianaker/gearmand/ssl-update |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Tangent Trunk | Pending | ||
Review via email: mp+173294@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
- 805. By Tangent.Org Continuous Integration
-
Merge lp:~brianaker/gearmand/ssl-update Build: jenkins-
Gearmand- 703
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'Makefile.am' | |||
2 | --- Makefile.am 2013-06-05 21:59:31 +0000 | |||
3 | +++ Makefile.am 2013-07-06 00:44:27 +0000 | |||
4 | @@ -78,8 +78,8 @@ | |||
5 | 78 | echo '#define GEARMAND_CA_CERTIFICATE "$(sysconfdir)/ssl/certs/gearmand-ca.pem"'; \ | 78 | echo '#define GEARMAND_CA_CERTIFICATE "$(sysconfdir)/ssl/certs/gearmand-ca.pem"'; \ |
6 | 79 | echo '#define GEARMAND_SERVER_PEM "$(sysconfdir)/ssl/certs/gearmand.pem"'; \ | 79 | echo '#define GEARMAND_SERVER_PEM "$(sysconfdir)/ssl/certs/gearmand.pem"'; \ |
7 | 80 | echo '#define GEARMAND_SERVER_KEY "$(sysconfdir)/ssl/certs/gearmand.key"'; \ | 80 | echo '#define GEARMAND_SERVER_KEY "$(sysconfdir)/ssl/certs/gearmand.key"'; \ |
10 | 81 | echo '#define GEARMAND_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \ | 81 | echo '#define GEARMAN_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \ |
11 | 82 | echo '#define GEARMAND_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \ | 82 | echo '#define GEARMAN_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \ |
12 | 83 | echo '#define LOCALSTATEDIR "$(localstatedir)"'; \ | 83 | echo '#define LOCALSTATEDIR "$(localstatedir)"'; \ |
13 | 84 | echo '#define GEARMAND_PID "$(localstatedir)/gearmand.pid"'; \ | 84 | echo '#define GEARMAND_PID "$(localstatedir)/gearmand.pid"'; \ |
14 | 85 | } | sed '/""/d' > $@-t | 85 | } | sed '/""/d' > $@-t |
15 | 86 | 86 | ||
16 | === modified file 'configure.ac' | |||
17 | --- configure.ac 2013-06-30 22:09:00 +0000 | |||
18 | +++ configure.ac 2013-07-06 00:44:27 +0000 | |||
19 | @@ -226,15 +226,23 @@ | |||
20 | 226 | # Check for CyaSSL | 226 | # Check for CyaSSL |
21 | 227 | AC_DEFUN([AX_ENABLE_SSL], | 227 | AC_DEFUN([AX_ENABLE_SSL], |
22 | 228 | [AC_PREREQ([2.63])dnl | 228 | [AC_PREREQ([2.63])dnl |
23 | 229 | m4_define([_SSL_ENABLE_DEFAULT], [m4_if($1, no, no, no)])dnl | ||
24 | 229 | AC_ARG_ENABLE([ssl], | 230 | AC_ARG_ENABLE([ssl], |
25 | 230 | [AS_HELP_STRING([--enable-ssl], | 231 | [AS_HELP_STRING([--enable-ssl], |
29 | 231 | [Enable ssl support for Gearman --enable-debug (yes|no) @<:@default=no@:>@])], | 232 | [Enable ssl support for Gearman @<:@default=]_SSL_ENABLE_DEFAULT[@:>@])], |
30 | 232 | [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl])], | 233 | [AS_CASE([$enableval], |
31 | 233 | [AC_MSG_WARN([ssl will not be enabled])]) | 234 | [yes],[enable_ssl=yes], |
32 | 235 | [no],[enable_ssl=no], | ||
33 | 236 | [enable_ssl=no]) | ||
34 | 237 | ], | ||
35 | 238 | [enable_ssl=]_SSL_ENABLE_DEFAULT) | ||
36 | 239 | AS_IF([test "x${enable_ssl}" = "xyes"], | ||
37 | 240 | [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl],[], | ||
38 | 241 | [AC_MSG_ERROR([Unable to find cyassl]) | ||
39 | 242 | enable_ssl=no])]) | ||
40 | 234 | ]) | 243 | ]) |
41 | 235 | AX_ENABLE_SSL | 244 | AX_ENABLE_SSL |
44 | 236 | #AC_SUBST([CYASSL]) | 245 | |
43 | 237 | #AC_SUBST([CYASSL_LIB]) | ||
45 | 238 | AX_ENABLE_LIBMEMCACHED | 246 | AX_ENABLE_LIBMEMCACHED |
46 | 239 | 247 | ||
47 | 240 | AC_DEFINE([GEARMAND_BLOBSLAP_WORKER],[1],[Have Gearman Blobslap Worker]) | 248 | AC_DEFINE([GEARMAND_BLOBSLAP_WORKER],[1],[Have Gearman Blobslap Worker]) |
48 | 241 | 249 | ||
49 | === modified file 'libgearman-server/io.cc' | |||
50 | --- libgearman-server/io.cc 2013-06-26 23:50:02 +0000 | |||
51 | +++ libgearman-server/io.cc 2013-07-06 00:44:27 +0000 | |||
52 | @@ -242,6 +242,7 @@ | |||
53 | 242 | return GEARMAND_ERRNO; | 242 | return GEARMAND_ERRNO; |
54 | 243 | 243 | ||
55 | 244 | case gearmand_io_st::GEARMAND_CON_UNIVERSAL_CONNECTED: | 244 | case gearmand_io_st::GEARMAND_CON_UNIVERSAL_CONNECTED: |
56 | 245 | uint32_t loop_counter= 0; | ||
57 | 245 | while (connection->send_buffer_size) | 246 | while (connection->send_buffer_size) |
58 | 246 | { | 247 | { |
59 | 247 | ssize_t write_size; | 248 | ssize_t write_size; |
60 | @@ -249,6 +250,37 @@ | |||
61 | 249 | if (con->_ssl) | 250 | if (con->_ssl) |
62 | 250 | { | 251 | { |
63 | 251 | write_size= CyaSSL_send(con->_ssl, connection->send_buffer_ptr, connection->send_buffer_size, MSG_NOSIGNAL|MSG_DONTWAIT); | 252 | write_size= CyaSSL_send(con->_ssl, connection->send_buffer_ptr, connection->send_buffer_size, MSG_NOSIGNAL|MSG_DONTWAIT); |
64 | 253 | |||
65 | 254 | // I consider this to be a bug in CyaSSL_send() that is uses a zero in this manner | ||
66 | 255 | if (write_size <= 0) | ||
67 | 256 | { | ||
68 | 257 | int err; | ||
69 | 258 | switch ((err= CyaSSL_get_error(con->_ssl, write_size))) | ||
70 | 259 | { | ||
71 | 260 | case SSL_ERROR_WANT_CONNECT: | ||
72 | 261 | case SSL_ERROR_WANT_ACCEPT: | ||
73 | 262 | write_size= -1; | ||
74 | 263 | errno= EAGAIN; | ||
75 | 264 | break; | ||
76 | 265 | |||
77 | 266 | case SSL_ERROR_WANT_WRITE: | ||
78 | 267 | case SSL_ERROR_WANT_READ: | ||
79 | 268 | write_size= -1; | ||
80 | 269 | errno= EAGAIN; | ||
81 | 270 | break; | ||
82 | 271 | |||
83 | 272 | default: | ||
84 | 273 | { | ||
85 | 274 | char errorString[80]; | ||
86 | 275 | CyaSSL_ERR_error_string(err, errorString); | ||
87 | 276 | _connection_close(connection); | ||
88 | 277 | return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s:%s SSL failure(%s)", | ||
89 | 278 | connection->context == NULL ? "-" : connection->context->host, | ||
90 | 279 | connection->context == NULL ? "-" : connection->context->port, | ||
91 | 280 | errorString); | ||
92 | 281 | } | ||
93 | 282 | } | ||
94 | 283 | } | ||
95 | 252 | } | 284 | } |
96 | 253 | else | 285 | else |
97 | 254 | #endif | 286 | #endif |
98 | @@ -258,9 +290,17 @@ | |||
99 | 258 | 290 | ||
100 | 259 | if (write_size == 0) // detect infinite loop? | 291 | if (write_size == 0) // detect infinite loop? |
101 | 260 | { | 292 | { |
103 | 261 | gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes to peer %s:%s", | 293 | ++loop_counter; |
104 | 294 | gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes of %u to peer %s:%s", | ||
105 | 295 | uint32_t(connection->send_buffer_size), | ||
106 | 262 | connection->context == NULL ? "-" : connection->context->host, | 296 | connection->context == NULL ? "-" : connection->context->host, |
107 | 263 | connection->context == NULL ? "-" : connection->context->port); | 297 | connection->context == NULL ? "-" : connection->context->port); |
108 | 298 | |||
109 | 299 | if (loop_counter > 5) | ||
110 | 300 | { | ||
111 | 301 | _connection_close(connection); | ||
112 | 302 | return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "send() failed to send data"); | ||
113 | 303 | } | ||
114 | 264 | continue; | 304 | continue; |
115 | 265 | } | 305 | } |
116 | 266 | else if (write_size == -1) | 306 | else if (write_size == -1) |
117 | @@ -268,6 +308,9 @@ | |||
118 | 268 | int local_errno= errno; | 308 | int local_errno= errno; |
119 | 269 | switch (local_errno) | 309 | switch (local_errno) |
120 | 270 | { | 310 | { |
121 | 311 | #if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN | ||
122 | 312 | case EWOULDBLOCK: | ||
123 | 313 | #endif | ||
124 | 271 | case EAGAIN: | 314 | case EAGAIN: |
125 | 272 | { | 315 | { |
126 | 273 | gearmand_error_t gret= gearmand_io_set_events(con, POLLOUT); | 316 | gearmand_error_t gret= gearmand_io_set_events(con, POLLOUT); |
127 | @@ -706,7 +749,10 @@ | |||
128 | 706 | } | 749 | } |
129 | 707 | return ret; | 750 | return ret; |
130 | 708 | } | 751 | } |
132 | 709 | gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "read %lu bytes", (unsigned long)recv_size); | 752 | gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "%s:%s read %lu bytes", |
133 | 753 | connection->context == NULL ? "-" : connection->context->host, | ||
134 | 754 | connection->context == NULL ? "-" : connection->context->port, | ||
135 | 755 | (unsigned long)recv_size); | ||
136 | 710 | 756 | ||
137 | 711 | connection->recv_buffer_size+= recv_size; | 757 | connection->recv_buffer_size+= recv_size; |
138 | 712 | } | 758 | } |
139 | @@ -927,24 +973,25 @@ | |||
140 | 927 | 973 | ||
141 | 928 | void gearmand_sockfd_close(int& sockfd) | 974 | void gearmand_sockfd_close(int& sockfd) |
142 | 929 | { | 975 | { |
161 | 930 | if (sockfd == INVALID_SOCKET) | 976 | if (sockfd != INVALID_SOCKET) |
162 | 931 | { | 977 | { |
163 | 932 | gearmand_error("gearmand_sockfd_close() called with an invalid socket"); | 978 | /* in case of death shutdown to avoid blocking at close() */ |
164 | 933 | return; | 979 | if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN) |
165 | 934 | } | 980 | { |
166 | 935 | 981 | gearmand_perror(errno, "shutdown"); | |
167 | 936 | /* in case of death shutdown to avoid blocking at close() */ | 982 | assert(errno != ENOTSOCK); |
168 | 937 | if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN) | 983 | } |
169 | 938 | { | 984 | else if (closesocket(sockfd) == SOCKET_ERROR) |
170 | 939 | gearmand_perror(errno, "shutdown"); | 985 | { |
171 | 940 | assert(errno != ENOTSOCK); | 986 | gearmand_perror(errno, "close"); |
172 | 941 | } | 987 | } |
173 | 942 | else if (closesocket(sockfd) == SOCKET_ERROR) | 988 | |
174 | 943 | { | 989 | sockfd= INVALID_SOCKET; |
175 | 944 | gearmand_perror(errno, "close"); | 990 | } |
176 | 945 | } | 991 | else |
177 | 946 | 992 | { | |
178 | 947 | sockfd= INVALID_SOCKET; | 993 | gearmand_warning("gearmand_sockfd_close() called with an invalid socket"); |
179 | 994 | } | ||
180 | 948 | } | 995 | } |
181 | 949 | 996 | ||
182 | 950 | void gearmand_pipe_close(int& pipefd) | 997 | void gearmand_pipe_close(int& pipefd) |
183 | 951 | 998 | ||
184 | === modified file 'libgearman-server/log.cc' | |||
185 | --- libgearman-server/log.cc 2013-06-10 22:49:06 +0000 | |||
186 | +++ libgearman-server/log.cc 2013-07-06 00:44:27 +0000 | |||
187 | @@ -116,6 +116,26 @@ | |||
188 | 116 | return GEARMAND_INVALID_ARGUMENT; | 116 | return GEARMAND_INVALID_ARGUMENT; |
189 | 117 | } | 117 | } |
190 | 118 | 118 | ||
191 | 119 | static gearmand_error_t __errno_to_gearmand_error_t(int local_errno) | ||
192 | 120 | { | ||
193 | 121 | gearmand_error_t error_to_report= GEARMAND_ERRNO; | ||
194 | 122 | |||
195 | 123 | switch (local_errno) | ||
196 | 124 | { | ||
197 | 125 | case ENOMEM: | ||
198 | 126 | error_to_report= GEARMAND_MEMORY_ALLOCATION_FAILURE; | ||
199 | 127 | |||
200 | 128 | case ECONNRESET: | ||
201 | 129 | case EHOSTDOWN: | ||
202 | 130 | error_to_report= GEARMAND_LOST_CONNECTION; | ||
203 | 131 | |||
204 | 132 | default: | ||
205 | 133 | break; | ||
206 | 134 | } | ||
207 | 135 | |||
208 | 136 | return error_to_report; | ||
209 | 137 | } | ||
210 | 138 | |||
211 | 119 | /** | 139 | /** |
212 | 120 | * Log a message. | 140 | * Log a message. |
213 | 121 | * | 141 | * |
214 | @@ -303,20 +323,7 @@ | |||
215 | 303 | } | 323 | } |
216 | 304 | } | 324 | } |
217 | 305 | 325 | ||
232 | 306 | switch (local_errno) | 326 | return __errno_to_gearmand_error_t(local_errno); |
219 | 307 | { | ||
220 | 308 | case ENOMEM: | ||
221 | 309 | return GEARMAND_MEMORY_ALLOCATION_FAILURE; | ||
222 | 310 | |||
223 | 311 | case ECONNRESET: | ||
224 | 312 | case EHOSTDOWN: | ||
225 | 313 | return GEARMAND_LOST_CONNECTION; | ||
226 | 314 | |||
227 | 315 | default: | ||
228 | 316 | break; | ||
229 | 317 | } | ||
230 | 318 | |||
231 | 319 | return GEARMAND_ERRNO; | ||
233 | 320 | } | 327 | } |
234 | 321 | 328 | ||
235 | 322 | gearmand_error_t gearmand_log_error(const char *position, const char *function, const char *format, ...) | 329 | gearmand_error_t gearmand_log_error(const char *position, const char *function, const char *format, ...) |
236 | @@ -415,20 +422,7 @@ | |||
237 | 415 | } | 422 | } |
238 | 416 | } | 423 | } |
239 | 417 | 424 | ||
254 | 418 | switch (local_errno) | 425 | return __errno_to_gearmand_error_t(local_errno); |
241 | 419 | { | ||
242 | 420 | case ENOMEM: | ||
243 | 421 | return GEARMAND_MEMORY_ALLOCATION_FAILURE; | ||
244 | 422 | |||
245 | 423 | case ECONNRESET: | ||
246 | 424 | case EHOSTDOWN: | ||
247 | 425 | return GEARMAND_LOST_CONNECTION; | ||
248 | 426 | |||
249 | 427 | default: | ||
250 | 428 | break; | ||
251 | 429 | } | ||
252 | 430 | |||
253 | 431 | return GEARMAND_ERRNO; | ||
255 | 432 | } | 426 | } |
256 | 433 | 427 | ||
257 | 434 | gearmand_error_t gearmand_log_gerror(const char *position, const char *function, const gearmand_error_t rc, const char *format, ...) | 428 | gearmand_error_t gearmand_log_gerror(const char *position, const char *function, const gearmand_error_t rc, const char *format, ...) |
258 | 435 | 429 | ||
259 | === modified file 'libgearman-server/plugins/protocol/gear/protocol.cc' | |||
260 | --- libgearman-server/plugins/protocol/gear/protocol.cc 2013-06-30 02:48:43 +0000 | |||
261 | +++ libgearman-server/plugins/protocol/gear/protocol.cc 2013-07-06 00:44:27 +0000 | |||
262 | @@ -312,7 +312,7 @@ | |||
263 | 312 | { | 312 | { |
264 | 313 | if ((connection->_ssl= CyaSSL_new(Gearmand()->ctx_ssl())) == NULL) | 313 | if ((connection->_ssl= CyaSSL_new(Gearmand()->ctx_ssl())) == NULL) |
265 | 314 | { | 314 | { |
267 | 315 | return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_new() failed"); | 315 | return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_MEMORY_ALLOCATION_FAILURE, "CyaSSL_new() failed to return a valid object"); |
268 | 316 | } | 316 | } |
269 | 317 | 317 | ||
270 | 318 | CyaSSL_set_fd(connection->_ssl, connection->con.fd); | 318 | CyaSSL_set_fd(connection->_ssl, connection->con.fd); |
271 | @@ -331,7 +331,7 @@ | |||
272 | 331 | int cyassl_error= CyaSSL_get_error(connection->_ssl, 0); | 331 | int cyassl_error= CyaSSL_get_error(connection->_ssl, 0); |
273 | 332 | char cyassl_error_buffer[1024]= { 0 }; | 332 | char cyassl_error_buffer[1024]= { 0 }; |
274 | 333 | CyaSSL_ERR_error_string(cyassl_error, cyassl_error_buffer); | 333 | CyaSSL_ERR_error_string(cyassl_error, cyassl_error_buffer); |
276 | 334 | return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "%s(%d)", cyassl_error_buffer, cyassl_error); | 334 | return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s(%d)", cyassl_error_buffer, cyassl_error); |
277 | 335 | } | 335 | } |
278 | 336 | } | 336 | } |
279 | 337 | gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "GearSSL connection made: %d", connection->con.fd); | 337 | gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "GearSSL connection made: %d", connection->con.fd); |
280 | @@ -349,6 +349,9 @@ | |||
281 | 349 | Gear::Gear() : | 349 | Gear::Gear() : |
282 | 350 | Plugin("Gear"), | 350 | Plugin("Gear"), |
283 | 351 | _port(GEARMAN_DEFAULT_TCP_PORT_STRING), | 351 | _port(GEARMAN_DEFAULT_TCP_PORT_STRING), |
284 | 352 | _ssl_ca_file(GEARMAND_CA_CERTIFICATE), | ||
285 | 353 | _ssl_certificate(GEARMAND_SERVER_PEM), | ||
286 | 354 | _ssl_key(GEARMAND_SERVER_KEY), | ||
287 | 352 | opt_ssl(false) | 355 | opt_ssl(false) |
288 | 353 | { | 356 | { |
289 | 354 | command_line_options().add_options() | 357 | command_line_options().add_options() |
290 | @@ -356,6 +359,12 @@ | |||
291 | 356 | "Port the server should listen on.") | 359 | "Port the server should listen on.") |
292 | 357 | ("ssl", boost::program_options::bool_switch(&opt_ssl)->default_value(false), | 360 | ("ssl", boost::program_options::bool_switch(&opt_ssl)->default_value(false), |
293 | 358 | "Enable ssl connections.") | 361 | "Enable ssl connections.") |
294 | 362 | ("ssl-ca-file", boost::program_options::value(&_ssl_ca_file), | ||
295 | 363 | "CA file.") | ||
296 | 364 | ("ssl-certificate", boost::program_options::value(&_ssl_certificate), | ||
297 | 365 | "SSL certificate.") | ||
298 | 366 | ("ssl-key", boost::program_options::value(&_ssl_key), | ||
299 | 367 | "SSL key for certificate.") | ||
300 | 359 | ; | 368 | ; |
301 | 360 | } | 369 | } |
302 | 361 | 370 | ||
303 | @@ -400,20 +409,23 @@ | |||
304 | 400 | { | 409 | { |
305 | 401 | gearmand->init_ssl(); | 410 | gearmand->init_ssl(); |
306 | 402 | 411 | ||
308 | 403 | if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS) | 412 | if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), _ssl_ca_file.c_str(), 0) != SSL_SUCCESS) |
309 | 404 | { | 413 | { |
322 | 405 | gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", GEARMAND_CA_CERTIFICATE); | 414 | gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", _ssl_ca_file.c_str()); |
323 | 406 | } | 415 | } |
324 | 407 | 416 | gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading CA certificate : %s", _ssl_ca_file.c_str()); | |
325 | 408 | if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), GEARMAND_SERVER_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) | 417 | |
326 | 409 | { | 418 | if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), _ssl_certificate.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
327 | 410 | gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", GEARMAND_SERVER_PEM); | 419 | { |
328 | 411 | } | 420 | gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", _ssl_certificate.c_str()); |
329 | 412 | 421 | } | |
330 | 413 | if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), GEARMAND_SERVER_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS) | 422 | gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate : %s", _ssl_certificate.c_str()); |
331 | 414 | { | 423 | |
332 | 415 | gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", GEARMAND_SERVER_KEY); | 424 | if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), _ssl_key.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
333 | 416 | } | 425 | { |
334 | 426 | gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", _ssl_key.c_str()); | ||
335 | 427 | } | ||
336 | 428 | gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate key : %s", _ssl_key.c_str()); | ||
337 | 417 | 429 | ||
338 | 418 | assert(gearmand->ctx_ssl()); | 430 | assert(gearmand->ctx_ssl()); |
339 | 419 | } | 431 | } |
340 | 420 | 432 | ||
341 | === modified file 'libgearman-server/plugins/protocol/gear/protocol.h' | |||
342 | --- libgearman-server/plugins/protocol/gear/protocol.h 2013-06-05 21:59:31 +0000 | |||
343 | +++ libgearman-server/plugins/protocol/gear/protocol.h 2013-07-06 00:44:27 +0000 | |||
344 | @@ -58,6 +58,9 @@ | |||
345 | 58 | 58 | ||
346 | 59 | private: | 59 | private: |
347 | 60 | std::string _port; | 60 | std::string _port; |
348 | 61 | std::string _ssl_ca_file; | ||
349 | 62 | std::string _ssl_certificate; | ||
350 | 63 | std::string _ssl_key; | ||
351 | 61 | bool opt_ssl; | 64 | bool opt_ssl; |
352 | 62 | }; | 65 | }; |
353 | 63 | 66 | ||
354 | 64 | 67 | ||
355 | === modified file 'libgearman/client.hpp' | |||
356 | --- libgearman/client.hpp 2013-03-15 21:54:07 +0000 | |||
357 | +++ libgearman/client.hpp 2013-07-06 00:44:27 +0000 | |||
358 | @@ -56,6 +56,8 @@ | |||
359 | 56 | { | 56 | { |
360 | 57 | throw std::runtime_error("gearman_client_create() failed"); | 57 | throw std::runtime_error("gearman_client_create() failed"); |
361 | 58 | } | 58 | } |
362 | 59 | |||
363 | 60 | enable_ssl(); | ||
364 | 59 | } | 61 | } |
365 | 60 | 62 | ||
366 | 61 | Client(const gearman_client_st* arg) | 63 | Client(const gearman_client_st* arg) |
367 | @@ -66,6 +68,8 @@ | |||
368 | 66 | { | 68 | { |
369 | 67 | throw std::runtime_error("gearman_client_create() failed"); | 69 | throw std::runtime_error("gearman_client_create() failed"); |
370 | 68 | } | 70 | } |
371 | 71 | |||
372 | 72 | enable_ssl(); | ||
373 | 69 | } | 73 | } |
374 | 70 | 74 | ||
375 | 71 | Client(in_port_t arg) | 75 | Client(in_port_t arg) |
376 | @@ -77,6 +81,8 @@ | |||
377 | 77 | throw std::runtime_error("gearman_client_create() failed"); | 81 | throw std::runtime_error("gearman_client_create() failed"); |
378 | 78 | } | 82 | } |
379 | 79 | gearman_client_add_server(_client, "localhost", arg); | 83 | gearman_client_add_server(_client, "localhost", arg); |
380 | 84 | |||
381 | 85 | enable_ssl(); | ||
382 | 80 | } | 86 | } |
383 | 81 | 87 | ||
384 | 82 | gearman_client_st* operator&() const | 88 | gearman_client_st* operator&() const |
385 | @@ -94,6 +100,14 @@ | |||
386 | 94 | gearman_client_free(_client); | 100 | gearman_client_free(_client); |
387 | 95 | } | 101 | } |
388 | 96 | 102 | ||
389 | 103 | void enable_ssl() | ||
390 | 104 | { | ||
391 | 105 | if (getenv("GEARMAND_CA_CERTIFICATE")) | ||
392 | 106 | { | ||
393 | 107 | gearman_client_add_options(_client, GEARMAN_CLIENT_SSL); | ||
394 | 108 | } | ||
395 | 109 | } | ||
396 | 110 | |||
397 | 97 | private: | 111 | private: |
398 | 98 | gearman_client_st *_client; | 112 | gearman_client_st *_client; |
399 | 99 | 113 | ||
400 | 100 | 114 | ||
401 | === modified file 'libgearman/connection.cc' | |||
402 | --- libgearman/connection.cc 2013-06-30 05:13:06 +0000 | |||
403 | +++ libgearman/connection.cc 2013-07-06 00:44:27 +0000 | |||
404 | @@ -821,14 +821,21 @@ | |||
405 | 821 | if (_ssl) | 821 | if (_ssl) |
406 | 822 | { | 822 | { |
407 | 823 | write_size= CyaSSL_send(_ssl, send_buffer_ptr, send_buffer_size, MSG_NOSIGNAL); | 823 | write_size= CyaSSL_send(_ssl, send_buffer_ptr, send_buffer_size, MSG_NOSIGNAL); |
409 | 824 | if (write_size < 0) | 824 | if (write_size <= 0) |
410 | 825 | { | 825 | { |
411 | 826 | int err; | 826 | int err; |
413 | 827 | switch ((err= CyaSSL_get_error(_ssl, 0))) | 827 | switch ((err= CyaSSL_get_error(_ssl, write_size))) |
414 | 828 | { | 828 | { |
415 | 829 | case SSL_ERROR_WANT_CONNECT: | ||
416 | 830 | case SSL_ERROR_WANT_ACCEPT: | ||
417 | 831 | write_size= -1; | ||
418 | 832 | errno= EAGAIN; | ||
419 | 833 | break; | ||
420 | 834 | |||
421 | 829 | case SSL_ERROR_WANT_WRITE: | 835 | case SSL_ERROR_WANT_WRITE: |
422 | 830 | case SSL_ERROR_WANT_READ: | 836 | case SSL_ERROR_WANT_READ: |
424 | 831 | errno= EWOULDBLOCK; | 837 | write_size= -1; |
425 | 838 | errno= EAGAIN; | ||
426 | 832 | break; | 839 | break; |
427 | 833 | 840 | ||
428 | 834 | default: | 841 | default: |
429 | @@ -1069,6 +1076,7 @@ | |||
430 | 1069 | 1076 | ||
431 | 1070 | if (data_size != recv_size) | 1077 | if (data_size != recv_size) |
432 | 1071 | { | 1078 | { |
433 | 1079 | // @note fix this to test for error before blindly doing this opperation | ||
434 | 1072 | recv_size+= recv_socket(static_cast<uint8_t *>(const_cast<void *>(data)) + recv_size, data_size - recv_size, ret); | 1080 | recv_size+= recv_socket(static_cast<uint8_t *>(const_cast<void *>(data)) + recv_size, data_size - recv_size, ret); |
435 | 1073 | recv_data_offset+= recv_size; | 1081 | recv_data_offset+= recv_size; |
436 | 1074 | } | 1082 | } |
437 | @@ -1098,9 +1106,9 @@ | |||
438 | 1098 | if (_ssl) | 1106 | if (_ssl) |
439 | 1099 | { | 1107 | { |
440 | 1100 | read_size= CyaSSL_recv(_ssl, data, data_size, MSG_DONTWAIT); | 1108 | read_size= CyaSSL_recv(_ssl, data, data_size, MSG_DONTWAIT); |
442 | 1101 | if (read_size < 0) | 1109 | if (read_size <= 0) |
443 | 1102 | { | 1110 | { |
445 | 1103 | int sendErr= CyaSSL_get_error(_ssl, 0); | 1111 | int sendErr= CyaSSL_get_error(_ssl, read_size); |
446 | 1104 | if (sendErr != SSL_ERROR_WANT_READ) | 1112 | if (sendErr != SSL_ERROR_WANT_READ) |
447 | 1105 | { | 1113 | { |
448 | 1106 | char errorString[80]; | 1114 | char errorString[80]; |
449 | 1107 | 1115 | ||
450 | === modified file 'libgearman/error.hpp' | |||
451 | --- libgearman/error.hpp 2013-07-02 23:51:10 +0000 | |||
452 | +++ libgearman/error.hpp 2013-07-06 00:44:27 +0000 | |||
453 | @@ -40,7 +40,7 @@ | |||
454 | 40 | 40 | ||
455 | 41 | #define STRINGIFY(x) #x | 41 | #define STRINGIFY(x) #x |
456 | 42 | #define TOSTRING(x) STRINGIFY(x) | 42 | #define TOSTRING(x) STRINGIFY(x) |
458 | 43 | #define AT __FILE__ ":" TOSTRING(__LINE__) | 43 | #define AT __FILE__ ":" TOSTRING(__LINE__) ":" |
459 | 44 | #define GEARMAN_AT __func__, AT | 44 | #define GEARMAN_AT __func__, AT |
460 | 45 | 45 | ||
461 | 46 | #define gearman_perror(__universal, __message) gearman_universal_set_perror((__universal), __func__, AT, (__message)) | 46 | #define gearman_perror(__universal, __message) gearman_universal_set_perror((__universal), __func__, AT, (__message)) |
462 | 47 | 47 | ||
463 | === modified file 'libgearman/interface/universal.hpp' | |||
464 | --- libgearman/interface/universal.hpp 2013-06-05 21:59:31 +0000 | |||
465 | +++ libgearman/interface/universal.hpp 2013-07-06 00:44:27 +0000 | |||
466 | @@ -43,6 +43,7 @@ | |||
467 | 43 | #include "libgearman/interface/packet.hpp" | 43 | #include "libgearman/interface/packet.hpp" |
468 | 44 | #include "libgearman/vector.h" | 44 | #include "libgearman/vector.h" |
469 | 45 | #include "libgearman/assert.hpp" | 45 | #include "libgearman/assert.hpp" |
470 | 46 | #include "libgearman/ssl.h" | ||
471 | 46 | 47 | ||
472 | 47 | enum universal_options_t | 48 | enum universal_options_t |
473 | 48 | { | 49 | { |
474 | @@ -201,20 +202,59 @@ | |||
475 | 201 | options_++; | 202 | options_++; |
476 | 202 | } | 203 | } |
477 | 203 | } | 204 | } |
487 | 204 | 205 | } | |
488 | 205 | // Only does something if SSL has been enabled. | 206 | |
489 | 206 | bool ret= init_ssl(); | 207 | const char* ssl_ca_file() const |
490 | 207 | if (ret == false) | 208 | { |
491 | 208 | { | 209 | if (getenv("GEARMAND_CA_CERTIFICATE")) |
492 | 209 | abort(); | 210 | { |
493 | 210 | } | 211 | return getenv("GEARMAND_CA_CERTIFICATE"); |
494 | 211 | } | 212 | } |
495 | 212 | 213 | ||
496 | 214 | return GEARMAND_CA_CERTIFICATE; | ||
497 | 215 | } | ||
498 | 216 | |||
499 | 217 | const char* ssl_certificate() const | ||
500 | 218 | { | ||
501 | 219 | if (getenv("GEARMAN_CLIENT_PEM")) | ||
502 | 220 | { | ||
503 | 221 | return getenv("GEARMAN_CLIENT_PEM"); | ||
504 | 222 | } | ||
505 | 223 | |||
506 | 224 | return GEARMAN_CLIENT_PEM; | ||
507 | 225 | } | ||
508 | 226 | |||
509 | 227 | const char* ssl_key() const | ||
510 | 228 | { | ||
511 | 229 | if (getenv("GEARMAN_CLIENT_KEY")) | ||
512 | 230 | { | ||
513 | 231 | return getenv("GEARMAN_CLIENT_KEY"); | ||
514 | 232 | } | ||
515 | 233 | |||
516 | 234 | return GEARMAN_CLIENT_KEY; | ||
517 | 235 | } | ||
518 | 236 | |||
519 | 237 | private: | ||
520 | 213 | bool init_ssl(); | 238 | bool init_ssl(); |
521 | 214 | 239 | ||
522 | 240 | public: | ||
523 | 215 | struct CYASSL_CTX* ctx_ssl() | 241 | struct CYASSL_CTX* ctx_ssl() |
524 | 216 | { | 242 | { |
526 | 217 | return _ctx_ssl; | 243 | if (ssl()) |
527 | 244 | { | ||
528 | 245 | if (_ctx_ssl == NULL) | ||
529 | 246 | { | ||
530 | 247 | if (init_ssl() == false) | ||
531 | 248 | { | ||
532 | 249 | abort(); | ||
533 | 250 | } | ||
534 | 251 | } | ||
535 | 252 | assert(_ctx_ssl); | ||
536 | 253 | |||
537 | 254 | return _ctx_ssl; | ||
538 | 255 | } | ||
539 | 256 | |||
540 | 257 | return NULL; | ||
541 | 218 | } | 258 | } |
542 | 219 | 259 | ||
543 | 220 | ~gearman_universal_st(); | 260 | ~gearman_universal_st(); |
544 | 221 | 261 | ||
545 | === modified file 'libgearman/ostream.hpp' | |||
546 | --- libgearman/ostream.hpp 2012-11-12 06:50:33 +0000 | |||
547 | +++ libgearman/ostream.hpp 2013-07-06 00:44:27 +0000 | |||
548 | @@ -43,6 +43,7 @@ | |||
549 | 43 | static inline std::ostream& operator<<(std::ostream& output, const gearman_packet_st &arg) | 43 | static inline std::ostream& operator<<(std::ostream& output, const gearman_packet_st &arg) |
550 | 44 | { | 44 | { |
551 | 45 | const char* command_str; | 45 | const char* command_str; |
552 | 46 | // gearman_strcommand() | ||
553 | 46 | switch(arg.command) | 47 | switch(arg.command) |
554 | 47 | { | 48 | { |
555 | 48 | case GEARMAN_COMMAND_TEXT: command_str= "GEARMAN_COMMAND_TEXT"; | 49 | case GEARMAN_COMMAND_TEXT: command_str= "GEARMAN_COMMAND_TEXT"; |
556 | 49 | 50 | ||
557 | === modified file 'libgearman/ssl.h' | |||
558 | --- libgearman/ssl.h 2013-06-05 21:59:31 +0000 | |||
559 | +++ libgearman/ssl.h 2013-07-06 00:44:27 +0000 | |||
560 | @@ -42,8 +42,3 @@ | |||
561 | 42 | #endif | 42 | #endif |
562 | 43 | 43 | ||
563 | 44 | #include "configmake.h" | 44 | #include "configmake.h" |
564 | 45 | |||
565 | 46 | #define CA_CERT_PEM GEARMAND_CA_CERTIFICATE | ||
566 | 47 | #define CERT_PEM GEARMAND_CLIENT_PEM | ||
567 | 48 | #define CERT_KEY_PEM GEARMAND_CLIENT_PEM | ||
568 | 49 | |||
569 | 50 | 45 | ||
570 | === modified file 'libgearman/universal.cc' | |||
571 | --- libgearman/universal.cc 2013-07-02 23:16:11 +0000 | |||
572 | +++ libgearman/universal.cc 2013-07-06 00:44:27 +0000 | |||
573 | @@ -409,6 +409,8 @@ | |||
574 | 409 | { | 409 | { |
575 | 410 | CyaSSL_CTX_free(_ctx_ssl); | 410 | CyaSSL_CTX_free(_ctx_ssl); |
576 | 411 | } | 411 | } |
577 | 412 | #else | ||
578 | 413 | assert(_ctx_ssl == NULL); | ||
579 | 412 | #endif | 414 | #endif |
580 | 413 | } | 415 | } |
581 | 414 | 416 | ||
582 | @@ -438,32 +440,32 @@ | |||
583 | 438 | 440 | ||
584 | 439 | bool gearman_universal_st::init_ssl() | 441 | bool gearman_universal_st::init_ssl() |
585 | 440 | { | 442 | { |
587 | 441 | if (options._ssl) | 443 | if (ssl()) |
588 | 442 | { | 444 | { |
589 | 443 | #if defined(HAVE_CYASSL) && HAVE_CYASSL | 445 | #if defined(HAVE_CYASSL) && HAVE_CYASSL |
590 | 444 | CyaSSL_Init(); | 446 | CyaSSL_Init(); |
591 | 445 | 447 | ||
613 | 446 | if ((_ctx_ssl = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL) | 448 | if ((_ctx_ssl= CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL) |
614 | 447 | { | 449 | { |
615 | 448 | gearman_error(*this, GEARMAN_INVALID_ARGUMENT, "CyaTLSv1_client_method()"); | 450 | gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "CyaTLSv1_client_method() failed"); |
616 | 449 | return false; | 451 | return false; |
617 | 450 | } | 452 | } |
618 | 451 | 453 | ||
619 | 452 | if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS) | 454 | if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, ssl_ca_file(), 0) != SSL_SUCCESS) |
620 | 453 | { | 455 | { |
621 | 454 | gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CA_CERT_PEM); | 456 | gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load CA certificate %s", ssl_ca_file()); |
622 | 455 | return false; | 457 | return false; |
623 | 456 | } | 458 | } |
624 | 457 | 459 | ||
625 | 458 | if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, GEARMAND_CLIENT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) | 460 | if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, ssl_certificate(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
626 | 459 | { | 461 | { |
627 | 460 | gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_PEM); | 462 | gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate %s", ssl_certificate()); |
628 | 461 | return false; | 463 | return false; |
629 | 462 | } | 464 | } |
630 | 463 | 465 | ||
631 | 464 | if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, GEARMAND_CLIENT_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS) | 466 | if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, ssl_key(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
632 | 465 | { | 467 | { |
633 | 466 | gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_KEY_PEM); | 468 | gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate key %s", ssl_key()); |
634 | 467 | return false; | 469 | return false; |
635 | 468 | } | 470 | } |
636 | 469 | #endif // defined(HAVE_CYASSL) && HAVE_CYASSL | 471 | #endif // defined(HAVE_CYASSL) && HAVE_CYASSL |
637 | 470 | 472 | ||
638 | === modified file 'libgearman/vector.hpp' | |||
639 | --- libgearman/vector.hpp 2013-05-07 09:50:42 +0000 | |||
640 | +++ libgearman/vector.hpp 2013-07-06 00:44:27 +0000 | |||
641 | @@ -104,6 +104,11 @@ | |||
642 | 104 | return string; | 104 | return string; |
643 | 105 | } | 105 | } |
644 | 106 | 106 | ||
645 | 107 | const char* c_str() const | ||
646 | 108 | { | ||
647 | 109 | return string; | ||
648 | 110 | } | ||
649 | 111 | |||
650 | 107 | const void* void_ptr() const | 112 | const void* void_ptr() const |
651 | 108 | { | 113 | { |
652 | 109 | return (const void*)string; | 114 | return (const void*)string; |
653 | 110 | 115 | ||
654 | === modified file 'libgearman/worker.hpp' | |||
655 | --- libgearman/worker.hpp 2013-03-15 21:54:07 +0000 | |||
656 | +++ libgearman/worker.hpp 2013-07-06 00:44:27 +0000 | |||
657 | @@ -55,6 +55,8 @@ | |||
658 | 55 | { | 55 | { |
659 | 56 | throw std::runtime_error("gearman_worker_create() failed"); | 56 | throw std::runtime_error("gearman_worker_create() failed"); |
660 | 57 | } | 57 | } |
661 | 58 | |||
662 | 59 | enable_ssl(); | ||
663 | 58 | } | 60 | } |
664 | 59 | 61 | ||
665 | 60 | Worker(in_port_t arg) | 62 | Worker(in_port_t arg) |
666 | @@ -66,6 +68,8 @@ | |||
667 | 66 | throw std::runtime_error("gearman_worker_create() failed"); | 68 | throw std::runtime_error("gearman_worker_create() failed"); |
668 | 67 | } | 69 | } |
669 | 68 | gearman_worker_add_server(_worker, "localhost", arg); | 70 | gearman_worker_add_server(_worker, "localhost", arg); |
670 | 71 | |||
671 | 72 | enable_ssl(); | ||
672 | 69 | } | 73 | } |
673 | 70 | 74 | ||
674 | 71 | gearman_worker_st* operator&() const | 75 | gearman_worker_st* operator&() const |
675 | @@ -83,6 +87,14 @@ | |||
676 | 83 | gearman_worker_free(_worker); | 87 | gearman_worker_free(_worker); |
677 | 84 | } | 88 | } |
678 | 85 | 89 | ||
679 | 90 | void enable_ssl() | ||
680 | 91 | { | ||
681 | 92 | if (getenv("GEARMAND_CA_CERTIFICATE")) | ||
682 | 93 | { | ||
683 | 94 | gearman_worker_add_options(_worker, GEARMAN_WORKER_SSL); | ||
684 | 95 | } | ||
685 | 96 | } | ||
686 | 97 | |||
687 | 86 | private: | 98 | private: |
688 | 87 | gearman_worker_st *_worker; | 99 | gearman_worker_st *_worker; |
689 | 88 | 100 | ||
690 | 89 | 101 | ||
691 | === modified file 'libtest/client.cc' | |||
692 | --- libtest/client.cc 2013-06-05 21:59:31 +0000 | |||
693 | +++ libtest/client.cc 2013-07-06 00:44:27 +0000 | |||
694 | @@ -54,10 +54,6 @@ | |||
695 | 54 | # include <cyassl/ssl.h> | 54 | # include <cyassl/ssl.h> |
696 | 55 | #endif | 55 | #endif |
697 | 56 | 56 | ||
698 | 57 | #define CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem" | ||
699 | 58 | #define CERT_PEM "/home/brian/cyassl/certs/server-cert.pem" | ||
700 | 59 | #define CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem" | ||
701 | 60 | |||
702 | 61 | namespace libtest { | 57 | namespace libtest { |
703 | 62 | 58 | ||
704 | 63 | SimpleClient::SimpleClient(const std::string& hostname_, in_port_t port_) : | 59 | SimpleClient::SimpleClient(const std::string& hostname_, in_port_t port_) : |
705 | @@ -72,6 +68,11 @@ | |||
706 | 72 | _ctx_ssl(NULL), | 68 | _ctx_ssl(NULL), |
707 | 73 | _ssl(NULL) | 69 | _ssl(NULL) |
708 | 74 | { | 70 | { |
709 | 71 | if (is_ssl()) | ||
710 | 72 | { | ||
711 | 73 | _is_ssl= true; | ||
712 | 74 | } | ||
713 | 75 | |||
714 | 75 | init_ssl(); | 76 | init_ssl(); |
715 | 76 | } | 77 | } |
716 | 77 | 78 | ||
717 | @@ -87,19 +88,19 @@ | |||
718 | 87 | FATAL("CyaSSL_CTX_new error" == NULL); | 88 | FATAL("CyaSSL_CTX_new error" == NULL); |
719 | 88 | } | 89 | } |
720 | 89 | 90 | ||
722 | 90 | if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, CA_CERT_PEM, 0) != SSL_SUCCESS) | 91 | if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, YATL_CA_CERT_PEM, 0) != SSL_SUCCESS) |
723 | 91 | { | 92 | { |
735 | 92 | FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", CA_CERT_PEM); | 93 | FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", YATL_CA_CERT_PEM); |
736 | 93 | } | 94 | } |
737 | 94 | 95 | ||
738 | 95 | if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) | 96 | if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, YATL_CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
739 | 96 | { | 97 | { |
740 | 97 | FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", CERT_PEM); | 98 | FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", YATL_CERT_PEM); |
741 | 98 | } | 99 | } |
742 | 99 | 100 | ||
743 | 100 | if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) | 101 | if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, YATL_CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
744 | 101 | { | 102 | { |
745 | 102 | FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", CERT_KEY_PEM); | 103 | FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", YATL_CERT_KEY_PEM); |
746 | 103 | } | 104 | } |
747 | 104 | #endif // defined(HAVE_CYASSL) && HAVE_CYASSL | 105 | #endif // defined(HAVE_CYASSL) && HAVE_CYASSL |
748 | 105 | } | 106 | } |
749 | 106 | 107 | ||
750 | === modified file 'libtest/gearmand.cc' | |||
751 | --- libtest/gearmand.cc 2013-06-05 21:59:31 +0000 | |||
752 | +++ libtest/gearmand.cc 2013-07-06 00:44:27 +0000 | |||
753 | @@ -150,6 +150,9 @@ | |||
754 | 150 | if (is_ssl()) | 150 | if (is_ssl()) |
755 | 151 | { | 151 | { |
756 | 152 | add_option("--ssl"); | 152 | add_option("--ssl"); |
757 | 153 | add_option("--ssl-ca-file=" YATL_CA_CERT_PEM); | ||
758 | 154 | add_option("--ssl-certificate=" YATL_CERT_PEM); | ||
759 | 155 | add_option("--ssl-key=" YATL_CERT_KEY_PEM); | ||
760 | 153 | } | 156 | } |
761 | 154 | 157 | ||
762 | 155 | return true; | 158 | return true; |
763 | 156 | 159 | ||
764 | === modified file 'libtest/include.am' | |||
765 | --- libtest/include.am 2013-07-03 03:54:06 +0000 | |||
766 | +++ libtest/include.am 2013-07-06 00:44:27 +0000 | |||
767 | @@ -94,6 +94,7 @@ | |||
768 | 94 | noinst_HEADERS+= libtest/server_container.h | 94 | noinst_HEADERS+= libtest/server_container.h |
769 | 95 | noinst_HEADERS+= libtest/signal.h | 95 | noinst_HEADERS+= libtest/signal.h |
770 | 96 | noinst_HEADERS+= libtest/socket.hpp | 96 | noinst_HEADERS+= libtest/socket.hpp |
771 | 97 | noinst_HEADERS+= libtest/ssl.h | ||
772 | 97 | noinst_HEADERS+= libtest/stream.h | 98 | noinst_HEADERS+= libtest/stream.h |
773 | 98 | noinst_HEADERS+= libtest/strerror.h | 99 | noinst_HEADERS+= libtest/strerror.h |
774 | 99 | noinst_HEADERS+= libtest/string.hpp | 100 | noinst_HEADERS+= libtest/string.hpp |
775 | 100 | 101 | ||
776 | === modified file 'libtest/is_local.cc' | |||
777 | --- libtest/is_local.cc 2013-06-05 21:59:31 +0000 | |||
778 | +++ libtest/is_local.cc 2013-07-06 00:44:27 +0000 | |||
779 | @@ -60,6 +60,23 @@ | |||
780 | 60 | void is_ssl(bool arg) | 60 | void is_ssl(bool arg) |
781 | 61 | { | 61 | { |
782 | 62 | _is_ssl= arg; | 62 | _is_ssl= arg; |
783 | 63 | |||
784 | 64 | if (_is_ssl) | ||
785 | 65 | { | ||
786 | 66 | setenv("GEARMAND_CA_CERTIFICATE", YATL_CA_CERT_PEM, false); | ||
787 | 67 | setenv("GEARMAND_SERVER_PEM", YATL_CERT_PEM, false); | ||
788 | 68 | setenv("GEARMAND_SERVER_KEY", YATL_CERT_KEY_PEM, false); | ||
789 | 69 | setenv("GEARMAND_CLIENT_PEM", YATL_CERT_PEM, false); | ||
790 | 70 | setenv("GEARMAND_CLIENT_KEY", YATL_CERT_KEY_PEM, false); | ||
791 | 71 | } | ||
792 | 72 | else | ||
793 | 73 | { | ||
794 | 74 | unsetenv("GEARMAND_CA_CERTIFICATE"); | ||
795 | 75 | unsetenv("GEARMAND_SERVER_PEM"); | ||
796 | 76 | unsetenv("GEARMAND_SERVER_KEY"); | ||
797 | 77 | unsetenv("GEARMAND_CLIENT_PEM"); | ||
798 | 78 | unsetenv("GEARMAND_CLIENT_KEY"); | ||
799 | 79 | } | ||
800 | 63 | } | 80 | } |
801 | 64 | 81 | ||
802 | 65 | bool is_ssl() | 82 | bool is_ssl() |
803 | 66 | 83 | ||
804 | === added file 'libtest/ssl.h' | |||
805 | --- libtest/ssl.h 1970-01-01 00:00:00 +0000 | |||
806 | +++ libtest/ssl.h 2013-07-06 00:44:27 +0000 | |||
807 | @@ -0,0 +1,45 @@ | |||
808 | 1 | /* vim:expandtab:shiftwidth=2:tabstop=2:smarttab: | ||
809 | 2 | * | ||
810 | 3 | * Data Differential YATL (i.e. libtest) library | ||
811 | 4 | * | ||
812 | 5 | * Copyright (C) 2013 Data Differential, http://datadifferential.com/ | ||
813 | 6 | * | ||
814 | 7 | * Redistribution and use in source and binary forms, with or without | ||
815 | 8 | * modification, are permitted provided that the following conditions are | ||
816 | 9 | * met: | ||
817 | 10 | * | ||
818 | 11 | * * Redistributions of source code must retain the above copyright | ||
819 | 12 | * notice, this list of conditions and the following disclaimer. | ||
820 | 13 | * | ||
821 | 14 | * * Redistributions in binary form must reproduce the above | ||
822 | 15 | * copyright notice, this list of conditions and the following disclaimer | ||
823 | 16 | * in the documentation and/or other materials provided with the | ||
824 | 17 | * distribution. | ||
825 | 18 | * | ||
826 | 19 | * * The names of its contributors may not be used to endorse or | ||
827 | 20 | * promote products derived from this software without specific prior | ||
828 | 21 | * written permission. | ||
829 | 22 | * | ||
830 | 23 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||
831 | 24 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||
832 | 25 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||
833 | 26 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | ||
834 | 27 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
835 | 28 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | ||
836 | 29 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
837 | 30 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
838 | 31 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
839 | 32 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
840 | 33 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
841 | 34 | * | ||
842 | 35 | */ | ||
843 | 36 | |||
844 | 37 | /* | ||
845 | 38 | Location of ssl certs during testing. | ||
846 | 39 | */ | ||
847 | 40 | |||
848 | 41 | #pragma once | ||
849 | 42 | |||
850 | 43 | #define YATL_CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem" | ||
851 | 44 | #define YATL_CERT_PEM "/home/brian/cyassl/certs/server-cert.pem" | ||
852 | 45 | #define YATL_CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem" | ||
853 | 0 | 46 | ||
854 | === modified file 'libtest/test.hpp' | |||
855 | --- libtest/test.hpp 2013-05-03 06:03:28 +0000 | |||
856 | +++ libtest/test.hpp 2013-07-06 00:44:27 +0000 | |||
857 | @@ -100,3 +100,5 @@ | |||
858 | 100 | #include <libtest/tmpfile.hpp> | 100 | #include <libtest/tmpfile.hpp> |
859 | 101 | #include <libtest/client.hpp> | 101 | #include <libtest/client.hpp> |
860 | 102 | #include <libtest/thread.hpp> | 102 | #include <libtest/thread.hpp> |
861 | 103 | #include <libtest/ssl.h> | ||
862 | 104 | |||
863 | 103 | 105 | ||
864 | === modified file 'tests/libgearman-1.0/client_test.cc' | |||
865 | --- tests/libgearman-1.0/client_test.cc 2013-06-28 19:13:48 +0000 | |||
866 | +++ tests/libgearman-1.0/client_test.cc 2013-07-06 00:44:27 +0000 | |||
867 | @@ -459,7 +459,7 @@ | |||
868 | 459 | 459 | ||
869 | 460 | ASSERT_EQ(GEARMAN_SUCCESS, rc); | 460 | ASSERT_EQ(GEARMAN_SUCCESS, rc); |
870 | 461 | 461 | ||
872 | 462 | test_truth(job_result); | 462 | ASSERT_TRUE(job_result); |
873 | 463 | ASSERT_EQ(gearman_size(value), result_length); | 463 | ASSERT_EQ(gearman_size(value), result_length); |
874 | 464 | 464 | ||
875 | 465 | test_memcmp(gearman_c_str(value), job_result, gearman_size(value)); | 465 | test_memcmp(gearman_c_str(value), job_result, gearman_size(value)); |