Merge lp:~brianaker/gearmand/ssl-update into lp:gearmand
- ssl-update
- Merge into 1.2
Proposed by
Brian Aker
Status: | Merged |
---|---|
Merged at revision: | 805 |
Proposed branch: | lp:~brianaker/gearmand/ssl-update |
Merge into: | lp:gearmand |
Diff against target: |
875 lines (+340/-130) 22 files modified
Makefile.am (+2/-2) configure.ac (+13/-5) libgearman-server/io.cc (+67/-20) libgearman-server/log.cc (+22/-28) libgearman-server/plugins/protocol/gear/protocol.cc (+27/-15) libgearman-server/plugins/protocol/gear/protocol.h (+3/-0) libgearman/client.hpp (+14/-0) libgearman/connection.cc (+13/-5) libgearman/error.hpp (+1/-1) libgearman/interface/universal.hpp (+50/-10) libgearman/ostream.hpp (+1/-0) libgearman/ssl.h (+0/-5) libgearman/universal.cc (+24/-22) libgearman/vector.hpp (+5/-0) libgearman/worker.hpp (+12/-0) libtest/client.cc (+17/-16) libtest/gearmand.cc (+3/-0) libtest/include.am (+1/-0) libtest/is_local.cc (+17/-0) libtest/ssl.h (+45/-0) libtest/test.hpp (+2/-0) tests/libgearman-1.0/client_test.cc (+1/-1) |
To merge this branch: | bzr merge lp:~brianaker/gearmand/ssl-update |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Tangent Trunk | Pending | ||
Review via email: mp+173294@code.launchpad.net |
Commit message
Description of the change
To post a comment you must log in.
- 805. By Tangent.Org Continuous Integration
-
Merge lp:~brianaker/gearmand/ssl-update Build: jenkins-
Gearmand- 703
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'Makefile.am' |
2 | --- Makefile.am 2013-06-05 21:59:31 +0000 |
3 | +++ Makefile.am 2013-07-06 00:44:27 +0000 |
4 | @@ -78,8 +78,8 @@ |
5 | echo '#define GEARMAND_CA_CERTIFICATE "$(sysconfdir)/ssl/certs/gearmand-ca.pem"'; \ |
6 | echo '#define GEARMAND_SERVER_PEM "$(sysconfdir)/ssl/certs/gearmand.pem"'; \ |
7 | echo '#define GEARMAND_SERVER_KEY "$(sysconfdir)/ssl/certs/gearmand.key"'; \ |
8 | - echo '#define GEARMAND_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \ |
9 | - echo '#define GEARMAND_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \ |
10 | + echo '#define GEARMAN_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \ |
11 | + echo '#define GEARMAN_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \ |
12 | echo '#define LOCALSTATEDIR "$(localstatedir)"'; \ |
13 | echo '#define GEARMAND_PID "$(localstatedir)/gearmand.pid"'; \ |
14 | } | sed '/""/d' > $@-t |
15 | |
16 | === modified file 'configure.ac' |
17 | --- configure.ac 2013-06-30 22:09:00 +0000 |
18 | +++ configure.ac 2013-07-06 00:44:27 +0000 |
19 | @@ -226,15 +226,23 @@ |
20 | # Check for CyaSSL |
21 | AC_DEFUN([AX_ENABLE_SSL], |
22 | [AC_PREREQ([2.63])dnl |
23 | + m4_define([_SSL_ENABLE_DEFAULT], [m4_if($1, no, no, no)])dnl |
24 | AC_ARG_ENABLE([ssl], |
25 | [AS_HELP_STRING([--enable-ssl], |
26 | - [Enable ssl support for Gearman --enable-debug (yes|no) @<:@default=no@:>@])], |
27 | - [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl])], |
28 | - [AC_MSG_WARN([ssl will not be enabled])]) |
29 | + [Enable ssl support for Gearman @<:@default=]_SSL_ENABLE_DEFAULT[@:>@])], |
30 | + [AS_CASE([$enableval], |
31 | + [yes],[enable_ssl=yes], |
32 | + [no],[enable_ssl=no], |
33 | + [enable_ssl=no]) |
34 | + ], |
35 | + [enable_ssl=]_SSL_ENABLE_DEFAULT) |
36 | + AS_IF([test "x${enable_ssl}" = "xyes"], |
37 | + [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl],[], |
38 | + [AC_MSG_ERROR([Unable to find cyassl]) |
39 | + enable_ssl=no])]) |
40 | ]) |
41 | AX_ENABLE_SSL |
42 | -#AC_SUBST([CYASSL]) |
43 | -#AC_SUBST([CYASSL_LIB]) |
44 | + |
45 | AX_ENABLE_LIBMEMCACHED |
46 | |
47 | AC_DEFINE([GEARMAND_BLOBSLAP_WORKER],[1],[Have Gearman Blobslap Worker]) |
48 | |
49 | === modified file 'libgearman-server/io.cc' |
50 | --- libgearman-server/io.cc 2013-06-26 23:50:02 +0000 |
51 | +++ libgearman-server/io.cc 2013-07-06 00:44:27 +0000 |
52 | @@ -242,6 +242,7 @@ |
53 | return GEARMAND_ERRNO; |
54 | |
55 | case gearmand_io_st::GEARMAND_CON_UNIVERSAL_CONNECTED: |
56 | + uint32_t loop_counter= 0; |
57 | while (connection->send_buffer_size) |
58 | { |
59 | ssize_t write_size; |
60 | @@ -249,6 +250,37 @@ |
61 | if (con->_ssl) |
62 | { |
63 | write_size= CyaSSL_send(con->_ssl, connection->send_buffer_ptr, connection->send_buffer_size, MSG_NOSIGNAL|MSG_DONTWAIT); |
64 | + |
65 | + // I consider this to be a bug in CyaSSL_send() that is uses a zero in this manner |
66 | + if (write_size <= 0) |
67 | + { |
68 | + int err; |
69 | + switch ((err= CyaSSL_get_error(con->_ssl, write_size))) |
70 | + { |
71 | + case SSL_ERROR_WANT_CONNECT: |
72 | + case SSL_ERROR_WANT_ACCEPT: |
73 | + write_size= -1; |
74 | + errno= EAGAIN; |
75 | + break; |
76 | + |
77 | + case SSL_ERROR_WANT_WRITE: |
78 | + case SSL_ERROR_WANT_READ: |
79 | + write_size= -1; |
80 | + errno= EAGAIN; |
81 | + break; |
82 | + |
83 | + default: |
84 | + { |
85 | + char errorString[80]; |
86 | + CyaSSL_ERR_error_string(err, errorString); |
87 | + _connection_close(connection); |
88 | + return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s:%s SSL failure(%s)", |
89 | + connection->context == NULL ? "-" : connection->context->host, |
90 | + connection->context == NULL ? "-" : connection->context->port, |
91 | + errorString); |
92 | + } |
93 | + } |
94 | + } |
95 | } |
96 | else |
97 | #endif |
98 | @@ -258,9 +290,17 @@ |
99 | |
100 | if (write_size == 0) // detect infinite loop? |
101 | { |
102 | - gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes to peer %s:%s", |
103 | + ++loop_counter; |
104 | + gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes of %u to peer %s:%s", |
105 | + uint32_t(connection->send_buffer_size), |
106 | connection->context == NULL ? "-" : connection->context->host, |
107 | connection->context == NULL ? "-" : connection->context->port); |
108 | + |
109 | + if (loop_counter > 5) |
110 | + { |
111 | + _connection_close(connection); |
112 | + return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "send() failed to send data"); |
113 | + } |
114 | continue; |
115 | } |
116 | else if (write_size == -1) |
117 | @@ -268,6 +308,9 @@ |
118 | int local_errno= errno; |
119 | switch (local_errno) |
120 | { |
121 | +#if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN |
122 | + case EWOULDBLOCK: |
123 | +#endif |
124 | case EAGAIN: |
125 | { |
126 | gearmand_error_t gret= gearmand_io_set_events(con, POLLOUT); |
127 | @@ -706,7 +749,10 @@ |
128 | } |
129 | return ret; |
130 | } |
131 | - gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "read %lu bytes", (unsigned long)recv_size); |
132 | + gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "%s:%s read %lu bytes", |
133 | + connection->context == NULL ? "-" : connection->context->host, |
134 | + connection->context == NULL ? "-" : connection->context->port, |
135 | + (unsigned long)recv_size); |
136 | |
137 | connection->recv_buffer_size+= recv_size; |
138 | } |
139 | @@ -927,24 +973,25 @@ |
140 | |
141 | void gearmand_sockfd_close(int& sockfd) |
142 | { |
143 | - if (sockfd == INVALID_SOCKET) |
144 | - { |
145 | - gearmand_error("gearmand_sockfd_close() called with an invalid socket"); |
146 | - return; |
147 | - } |
148 | - |
149 | - /* in case of death shutdown to avoid blocking at close() */ |
150 | - if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN) |
151 | - { |
152 | - gearmand_perror(errno, "shutdown"); |
153 | - assert(errno != ENOTSOCK); |
154 | - } |
155 | - else if (closesocket(sockfd) == SOCKET_ERROR) |
156 | - { |
157 | - gearmand_perror(errno, "close"); |
158 | - } |
159 | - |
160 | - sockfd= INVALID_SOCKET; |
161 | + if (sockfd != INVALID_SOCKET) |
162 | + { |
163 | + /* in case of death shutdown to avoid blocking at close() */ |
164 | + if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN) |
165 | + { |
166 | + gearmand_perror(errno, "shutdown"); |
167 | + assert(errno != ENOTSOCK); |
168 | + } |
169 | + else if (closesocket(sockfd) == SOCKET_ERROR) |
170 | + { |
171 | + gearmand_perror(errno, "close"); |
172 | + } |
173 | + |
174 | + sockfd= INVALID_SOCKET; |
175 | + } |
176 | + else |
177 | + { |
178 | + gearmand_warning("gearmand_sockfd_close() called with an invalid socket"); |
179 | + } |
180 | } |
181 | |
182 | void gearmand_pipe_close(int& pipefd) |
183 | |
184 | === modified file 'libgearman-server/log.cc' |
185 | --- libgearman-server/log.cc 2013-06-10 22:49:06 +0000 |
186 | +++ libgearman-server/log.cc 2013-07-06 00:44:27 +0000 |
187 | @@ -116,6 +116,26 @@ |
188 | return GEARMAND_INVALID_ARGUMENT; |
189 | } |
190 | |
191 | +static gearmand_error_t __errno_to_gearmand_error_t(int local_errno) |
192 | +{ |
193 | + gearmand_error_t error_to_report= GEARMAND_ERRNO; |
194 | + |
195 | + switch (local_errno) |
196 | + { |
197 | + case ENOMEM: |
198 | + error_to_report= GEARMAND_MEMORY_ALLOCATION_FAILURE; |
199 | + |
200 | + case ECONNRESET: |
201 | + case EHOSTDOWN: |
202 | + error_to_report= GEARMAND_LOST_CONNECTION; |
203 | + |
204 | + default: |
205 | + break; |
206 | + } |
207 | + |
208 | + return error_to_report; |
209 | +} |
210 | + |
211 | /** |
212 | * Log a message. |
213 | * |
214 | @@ -303,20 +323,7 @@ |
215 | } |
216 | } |
217 | |
218 | - switch (local_errno) |
219 | - { |
220 | - case ENOMEM: |
221 | - return GEARMAND_MEMORY_ALLOCATION_FAILURE; |
222 | - |
223 | - case ECONNRESET: |
224 | - case EHOSTDOWN: |
225 | - return GEARMAND_LOST_CONNECTION; |
226 | - |
227 | - default: |
228 | - break; |
229 | - } |
230 | - |
231 | - return GEARMAND_ERRNO; |
232 | + return __errno_to_gearmand_error_t(local_errno); |
233 | } |
234 | |
235 | gearmand_error_t gearmand_log_error(const char *position, const char *function, const char *format, ...) |
236 | @@ -415,20 +422,7 @@ |
237 | } |
238 | } |
239 | |
240 | - switch (local_errno) |
241 | - { |
242 | - case ENOMEM: |
243 | - return GEARMAND_MEMORY_ALLOCATION_FAILURE; |
244 | - |
245 | - case ECONNRESET: |
246 | - case EHOSTDOWN: |
247 | - return GEARMAND_LOST_CONNECTION; |
248 | - |
249 | - default: |
250 | - break; |
251 | - } |
252 | - |
253 | - return GEARMAND_ERRNO; |
254 | + return __errno_to_gearmand_error_t(local_errno); |
255 | } |
256 | |
257 | gearmand_error_t gearmand_log_gerror(const char *position, const char *function, const gearmand_error_t rc, const char *format, ...) |
258 | |
259 | === modified file 'libgearman-server/plugins/protocol/gear/protocol.cc' |
260 | --- libgearman-server/plugins/protocol/gear/protocol.cc 2013-06-30 02:48:43 +0000 |
261 | +++ libgearman-server/plugins/protocol/gear/protocol.cc 2013-07-06 00:44:27 +0000 |
262 | @@ -312,7 +312,7 @@ |
263 | { |
264 | if ((connection->_ssl= CyaSSL_new(Gearmand()->ctx_ssl())) == NULL) |
265 | { |
266 | - return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_new() failed"); |
267 | + return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_MEMORY_ALLOCATION_FAILURE, "CyaSSL_new() failed to return a valid object"); |
268 | } |
269 | |
270 | CyaSSL_set_fd(connection->_ssl, connection->con.fd); |
271 | @@ -331,7 +331,7 @@ |
272 | int cyassl_error= CyaSSL_get_error(connection->_ssl, 0); |
273 | char cyassl_error_buffer[1024]= { 0 }; |
274 | CyaSSL_ERR_error_string(cyassl_error, cyassl_error_buffer); |
275 | - return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "%s(%d)", cyassl_error_buffer, cyassl_error); |
276 | + return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s(%d)", cyassl_error_buffer, cyassl_error); |
277 | } |
278 | } |
279 | gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "GearSSL connection made: %d", connection->con.fd); |
280 | @@ -349,6 +349,9 @@ |
281 | Gear::Gear() : |
282 | Plugin("Gear"), |
283 | _port(GEARMAN_DEFAULT_TCP_PORT_STRING), |
284 | + _ssl_ca_file(GEARMAND_CA_CERTIFICATE), |
285 | + _ssl_certificate(GEARMAND_SERVER_PEM), |
286 | + _ssl_key(GEARMAND_SERVER_KEY), |
287 | opt_ssl(false) |
288 | { |
289 | command_line_options().add_options() |
290 | @@ -356,6 +359,12 @@ |
291 | "Port the server should listen on.") |
292 | ("ssl", boost::program_options::bool_switch(&opt_ssl)->default_value(false), |
293 | "Enable ssl connections.") |
294 | + ("ssl-ca-file", boost::program_options::value(&_ssl_ca_file), |
295 | + "CA file.") |
296 | + ("ssl-certificate", boost::program_options::value(&_ssl_certificate), |
297 | + "SSL certificate.") |
298 | + ("ssl-key", boost::program_options::value(&_ssl_key), |
299 | + "SSL key for certificate.") |
300 | ; |
301 | } |
302 | |
303 | @@ -400,20 +409,23 @@ |
304 | { |
305 | gearmand->init_ssl(); |
306 | |
307 | - if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS) |
308 | + if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), _ssl_ca_file.c_str(), 0) != SSL_SUCCESS) |
309 | { |
310 | - gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", GEARMAND_CA_CERTIFICATE); |
311 | - } |
312 | - |
313 | - if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), GEARMAND_SERVER_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
314 | - { |
315 | - gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", GEARMAND_SERVER_PEM); |
316 | - } |
317 | - |
318 | - if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), GEARMAND_SERVER_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
319 | - { |
320 | - gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", GEARMAND_SERVER_KEY); |
321 | - } |
322 | + gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", _ssl_ca_file.c_str()); |
323 | + } |
324 | + gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading CA certificate : %s", _ssl_ca_file.c_str()); |
325 | + |
326 | + if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), _ssl_certificate.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
327 | + { |
328 | + gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", _ssl_certificate.c_str()); |
329 | + } |
330 | + gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate : %s", _ssl_certificate.c_str()); |
331 | + |
332 | + if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), _ssl_key.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
333 | + { |
334 | + gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", _ssl_key.c_str()); |
335 | + } |
336 | + gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate key : %s", _ssl_key.c_str()); |
337 | |
338 | assert(gearmand->ctx_ssl()); |
339 | } |
340 | |
341 | === modified file 'libgearman-server/plugins/protocol/gear/protocol.h' |
342 | --- libgearman-server/plugins/protocol/gear/protocol.h 2013-06-05 21:59:31 +0000 |
343 | +++ libgearman-server/plugins/protocol/gear/protocol.h 2013-07-06 00:44:27 +0000 |
344 | @@ -58,6 +58,9 @@ |
345 | |
346 | private: |
347 | std::string _port; |
348 | + std::string _ssl_ca_file; |
349 | + std::string _ssl_certificate; |
350 | + std::string _ssl_key; |
351 | bool opt_ssl; |
352 | }; |
353 | |
354 | |
355 | === modified file 'libgearman/client.hpp' |
356 | --- libgearman/client.hpp 2013-03-15 21:54:07 +0000 |
357 | +++ libgearman/client.hpp 2013-07-06 00:44:27 +0000 |
358 | @@ -56,6 +56,8 @@ |
359 | { |
360 | throw std::runtime_error("gearman_client_create() failed"); |
361 | } |
362 | + |
363 | + enable_ssl(); |
364 | } |
365 | |
366 | Client(const gearman_client_st* arg) |
367 | @@ -66,6 +68,8 @@ |
368 | { |
369 | throw std::runtime_error("gearman_client_create() failed"); |
370 | } |
371 | + |
372 | + enable_ssl(); |
373 | } |
374 | |
375 | Client(in_port_t arg) |
376 | @@ -77,6 +81,8 @@ |
377 | throw std::runtime_error("gearman_client_create() failed"); |
378 | } |
379 | gearman_client_add_server(_client, "localhost", arg); |
380 | + |
381 | + enable_ssl(); |
382 | } |
383 | |
384 | gearman_client_st* operator&() const |
385 | @@ -94,6 +100,14 @@ |
386 | gearman_client_free(_client); |
387 | } |
388 | |
389 | + void enable_ssl() |
390 | + { |
391 | + if (getenv("GEARMAND_CA_CERTIFICATE")) |
392 | + { |
393 | + gearman_client_add_options(_client, GEARMAN_CLIENT_SSL); |
394 | + } |
395 | + } |
396 | + |
397 | private: |
398 | gearman_client_st *_client; |
399 | |
400 | |
401 | === modified file 'libgearman/connection.cc' |
402 | --- libgearman/connection.cc 2013-06-30 05:13:06 +0000 |
403 | +++ libgearman/connection.cc 2013-07-06 00:44:27 +0000 |
404 | @@ -821,14 +821,21 @@ |
405 | if (_ssl) |
406 | { |
407 | write_size= CyaSSL_send(_ssl, send_buffer_ptr, send_buffer_size, MSG_NOSIGNAL); |
408 | - if (write_size < 0) |
409 | + if (write_size <= 0) |
410 | { |
411 | int err; |
412 | - switch ((err= CyaSSL_get_error(_ssl, 0))) |
413 | + switch ((err= CyaSSL_get_error(_ssl, write_size))) |
414 | { |
415 | + case SSL_ERROR_WANT_CONNECT: |
416 | + case SSL_ERROR_WANT_ACCEPT: |
417 | + write_size= -1; |
418 | + errno= EAGAIN; |
419 | + break; |
420 | + |
421 | case SSL_ERROR_WANT_WRITE: |
422 | case SSL_ERROR_WANT_READ: |
423 | - errno= EWOULDBLOCK; |
424 | + write_size= -1; |
425 | + errno= EAGAIN; |
426 | break; |
427 | |
428 | default: |
429 | @@ -1069,6 +1076,7 @@ |
430 | |
431 | if (data_size != recv_size) |
432 | { |
433 | + // @note fix this to test for error before blindly doing this opperation |
434 | recv_size+= recv_socket(static_cast<uint8_t *>(const_cast<void *>(data)) + recv_size, data_size - recv_size, ret); |
435 | recv_data_offset+= recv_size; |
436 | } |
437 | @@ -1098,9 +1106,9 @@ |
438 | if (_ssl) |
439 | { |
440 | read_size= CyaSSL_recv(_ssl, data, data_size, MSG_DONTWAIT); |
441 | - if (read_size < 0) |
442 | + if (read_size <= 0) |
443 | { |
444 | - int sendErr= CyaSSL_get_error(_ssl, 0); |
445 | + int sendErr= CyaSSL_get_error(_ssl, read_size); |
446 | if (sendErr != SSL_ERROR_WANT_READ) |
447 | { |
448 | char errorString[80]; |
449 | |
450 | === modified file 'libgearman/error.hpp' |
451 | --- libgearman/error.hpp 2013-07-02 23:51:10 +0000 |
452 | +++ libgearman/error.hpp 2013-07-06 00:44:27 +0000 |
453 | @@ -40,7 +40,7 @@ |
454 | |
455 | #define STRINGIFY(x) #x |
456 | #define TOSTRING(x) STRINGIFY(x) |
457 | -#define AT __FILE__ ":" TOSTRING(__LINE__) |
458 | +#define AT __FILE__ ":" TOSTRING(__LINE__) ":" |
459 | #define GEARMAN_AT __func__, AT |
460 | |
461 | #define gearman_perror(__universal, __message) gearman_universal_set_perror((__universal), __func__, AT, (__message)) |
462 | |
463 | === modified file 'libgearman/interface/universal.hpp' |
464 | --- libgearman/interface/universal.hpp 2013-06-05 21:59:31 +0000 |
465 | +++ libgearman/interface/universal.hpp 2013-07-06 00:44:27 +0000 |
466 | @@ -43,6 +43,7 @@ |
467 | #include "libgearman/interface/packet.hpp" |
468 | #include "libgearman/vector.h" |
469 | #include "libgearman/assert.hpp" |
470 | +#include "libgearman/ssl.h" |
471 | |
472 | enum universal_options_t |
473 | { |
474 | @@ -201,20 +202,59 @@ |
475 | options_++; |
476 | } |
477 | } |
478 | - |
479 | - // Only does something if SSL has been enabled. |
480 | - bool ret= init_ssl(); |
481 | - if (ret == false) |
482 | - { |
483 | - abort(); |
484 | - } |
485 | - } |
486 | - |
487 | + } |
488 | + |
489 | + const char* ssl_ca_file() const |
490 | + { |
491 | + if (getenv("GEARMAND_CA_CERTIFICATE")) |
492 | + { |
493 | + return getenv("GEARMAND_CA_CERTIFICATE"); |
494 | + } |
495 | + |
496 | + return GEARMAND_CA_CERTIFICATE; |
497 | + } |
498 | + |
499 | + const char* ssl_certificate() const |
500 | + { |
501 | + if (getenv("GEARMAN_CLIENT_PEM")) |
502 | + { |
503 | + return getenv("GEARMAN_CLIENT_PEM"); |
504 | + } |
505 | + |
506 | + return GEARMAN_CLIENT_PEM; |
507 | + } |
508 | + |
509 | + const char* ssl_key() const |
510 | + { |
511 | + if (getenv("GEARMAN_CLIENT_KEY")) |
512 | + { |
513 | + return getenv("GEARMAN_CLIENT_KEY"); |
514 | + } |
515 | + |
516 | + return GEARMAN_CLIENT_KEY; |
517 | + } |
518 | + |
519 | +private: |
520 | bool init_ssl(); |
521 | |
522 | +public: |
523 | struct CYASSL_CTX* ctx_ssl() |
524 | { |
525 | - return _ctx_ssl; |
526 | + if (ssl()) |
527 | + { |
528 | + if (_ctx_ssl == NULL) |
529 | + { |
530 | + if (init_ssl() == false) |
531 | + { |
532 | + abort(); |
533 | + } |
534 | + } |
535 | + assert(_ctx_ssl); |
536 | + |
537 | + return _ctx_ssl; |
538 | + } |
539 | + |
540 | + return NULL; |
541 | } |
542 | |
543 | ~gearman_universal_st(); |
544 | |
545 | === modified file 'libgearman/ostream.hpp' |
546 | --- libgearman/ostream.hpp 2012-11-12 06:50:33 +0000 |
547 | +++ libgearman/ostream.hpp 2013-07-06 00:44:27 +0000 |
548 | @@ -43,6 +43,7 @@ |
549 | static inline std::ostream& operator<<(std::ostream& output, const gearman_packet_st &arg) |
550 | { |
551 | const char* command_str; |
552 | + // gearman_strcommand() |
553 | switch(arg.command) |
554 | { |
555 | case GEARMAN_COMMAND_TEXT: command_str= "GEARMAN_COMMAND_TEXT"; |
556 | |
557 | === modified file 'libgearman/ssl.h' |
558 | --- libgearman/ssl.h 2013-06-05 21:59:31 +0000 |
559 | +++ libgearman/ssl.h 2013-07-06 00:44:27 +0000 |
560 | @@ -42,8 +42,3 @@ |
561 | #endif |
562 | |
563 | #include "configmake.h" |
564 | - |
565 | -#define CA_CERT_PEM GEARMAND_CA_CERTIFICATE |
566 | -#define CERT_PEM GEARMAND_CLIENT_PEM |
567 | -#define CERT_KEY_PEM GEARMAND_CLIENT_PEM |
568 | - |
569 | |
570 | === modified file 'libgearman/universal.cc' |
571 | --- libgearman/universal.cc 2013-07-02 23:16:11 +0000 |
572 | +++ libgearman/universal.cc 2013-07-06 00:44:27 +0000 |
573 | @@ -409,6 +409,8 @@ |
574 | { |
575 | CyaSSL_CTX_free(_ctx_ssl); |
576 | } |
577 | +#else |
578 | + assert(_ctx_ssl == NULL); |
579 | #endif |
580 | } |
581 | |
582 | @@ -438,32 +440,32 @@ |
583 | |
584 | bool gearman_universal_st::init_ssl() |
585 | { |
586 | - if (options._ssl) |
587 | + if (ssl()) |
588 | { |
589 | #if defined(HAVE_CYASSL) && HAVE_CYASSL |
590 | CyaSSL_Init(); |
591 | |
592 | - if ((_ctx_ssl = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL) |
593 | - { |
594 | - gearman_error(*this, GEARMAN_INVALID_ARGUMENT, "CyaTLSv1_client_method()"); |
595 | - return false; |
596 | - } |
597 | - |
598 | - if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS) |
599 | - { |
600 | - gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CA_CERT_PEM); |
601 | - return false; |
602 | - } |
603 | - |
604 | - if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, GEARMAND_CLIENT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
605 | - { |
606 | - gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_PEM); |
607 | - return false; |
608 | - } |
609 | - |
610 | - if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, GEARMAND_CLIENT_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
611 | - { |
612 | - gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_KEY_PEM); |
613 | + if ((_ctx_ssl= CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL) |
614 | + { |
615 | + gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "CyaTLSv1_client_method() failed"); |
616 | + return false; |
617 | + } |
618 | + |
619 | + if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, ssl_ca_file(), 0) != SSL_SUCCESS) |
620 | + { |
621 | + gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load CA certificate %s", ssl_ca_file()); |
622 | + return false; |
623 | + } |
624 | + |
625 | + if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, ssl_certificate(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
626 | + { |
627 | + gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate %s", ssl_certificate()); |
628 | + return false; |
629 | + } |
630 | + |
631 | + if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, ssl_key(), SSL_FILETYPE_PEM) != SSL_SUCCESS) |
632 | + { |
633 | + gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate key %s", ssl_key()); |
634 | return false; |
635 | } |
636 | #endif // defined(HAVE_CYASSL) && HAVE_CYASSL |
637 | |
638 | === modified file 'libgearman/vector.hpp' |
639 | --- libgearman/vector.hpp 2013-05-07 09:50:42 +0000 |
640 | +++ libgearman/vector.hpp 2013-07-06 00:44:27 +0000 |
641 | @@ -104,6 +104,11 @@ |
642 | return string; |
643 | } |
644 | |
645 | + const char* c_str() const |
646 | + { |
647 | + return string; |
648 | + } |
649 | + |
650 | const void* void_ptr() const |
651 | { |
652 | return (const void*)string; |
653 | |
654 | === modified file 'libgearman/worker.hpp' |
655 | --- libgearman/worker.hpp 2013-03-15 21:54:07 +0000 |
656 | +++ libgearman/worker.hpp 2013-07-06 00:44:27 +0000 |
657 | @@ -55,6 +55,8 @@ |
658 | { |
659 | throw std::runtime_error("gearman_worker_create() failed"); |
660 | } |
661 | + |
662 | + enable_ssl(); |
663 | } |
664 | |
665 | Worker(in_port_t arg) |
666 | @@ -66,6 +68,8 @@ |
667 | throw std::runtime_error("gearman_worker_create() failed"); |
668 | } |
669 | gearman_worker_add_server(_worker, "localhost", arg); |
670 | + |
671 | + enable_ssl(); |
672 | } |
673 | |
674 | gearman_worker_st* operator&() const |
675 | @@ -83,6 +87,14 @@ |
676 | gearman_worker_free(_worker); |
677 | } |
678 | |
679 | + void enable_ssl() |
680 | + { |
681 | + if (getenv("GEARMAND_CA_CERTIFICATE")) |
682 | + { |
683 | + gearman_worker_add_options(_worker, GEARMAN_WORKER_SSL); |
684 | + } |
685 | + } |
686 | + |
687 | private: |
688 | gearman_worker_st *_worker; |
689 | |
690 | |
691 | === modified file 'libtest/client.cc' |
692 | --- libtest/client.cc 2013-06-05 21:59:31 +0000 |
693 | +++ libtest/client.cc 2013-07-06 00:44:27 +0000 |
694 | @@ -54,10 +54,6 @@ |
695 | # include <cyassl/ssl.h> |
696 | #endif |
697 | |
698 | -#define CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem" |
699 | -#define CERT_PEM "/home/brian/cyassl/certs/server-cert.pem" |
700 | -#define CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem" |
701 | - |
702 | namespace libtest { |
703 | |
704 | SimpleClient::SimpleClient(const std::string& hostname_, in_port_t port_) : |
705 | @@ -72,6 +68,11 @@ |
706 | _ctx_ssl(NULL), |
707 | _ssl(NULL) |
708 | { |
709 | + if (is_ssl()) |
710 | + { |
711 | + _is_ssl= true; |
712 | + } |
713 | + |
714 | init_ssl(); |
715 | } |
716 | |
717 | @@ -87,19 +88,19 @@ |
718 | FATAL("CyaSSL_CTX_new error" == NULL); |
719 | } |
720 | |
721 | - if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, CA_CERT_PEM, 0) != SSL_SUCCESS) |
722 | + if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, YATL_CA_CERT_PEM, 0) != SSL_SUCCESS) |
723 | { |
724 | - FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", CA_CERT_PEM); |
725 | - } |
726 | - |
727 | - if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
728 | - { |
729 | - FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", CERT_PEM); |
730 | - } |
731 | - |
732 | - if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
733 | - { |
734 | - FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", CERT_KEY_PEM); |
735 | + FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", YATL_CA_CERT_PEM); |
736 | + } |
737 | + |
738 | + if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, YATL_CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
739 | + { |
740 | + FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", YATL_CERT_PEM); |
741 | + } |
742 | + |
743 | + if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, YATL_CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS) |
744 | + { |
745 | + FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", YATL_CERT_KEY_PEM); |
746 | } |
747 | #endif // defined(HAVE_CYASSL) && HAVE_CYASSL |
748 | } |
749 | |
750 | === modified file 'libtest/gearmand.cc' |
751 | --- libtest/gearmand.cc 2013-06-05 21:59:31 +0000 |
752 | +++ libtest/gearmand.cc 2013-07-06 00:44:27 +0000 |
753 | @@ -150,6 +150,9 @@ |
754 | if (is_ssl()) |
755 | { |
756 | add_option("--ssl"); |
757 | + add_option("--ssl-ca-file=" YATL_CA_CERT_PEM); |
758 | + add_option("--ssl-certificate=" YATL_CERT_PEM); |
759 | + add_option("--ssl-key=" YATL_CERT_KEY_PEM); |
760 | } |
761 | |
762 | return true; |
763 | |
764 | === modified file 'libtest/include.am' |
765 | --- libtest/include.am 2013-07-03 03:54:06 +0000 |
766 | +++ libtest/include.am 2013-07-06 00:44:27 +0000 |
767 | @@ -94,6 +94,7 @@ |
768 | noinst_HEADERS+= libtest/server_container.h |
769 | noinst_HEADERS+= libtest/signal.h |
770 | noinst_HEADERS+= libtest/socket.hpp |
771 | +noinst_HEADERS+= libtest/ssl.h |
772 | noinst_HEADERS+= libtest/stream.h |
773 | noinst_HEADERS+= libtest/strerror.h |
774 | noinst_HEADERS+= libtest/string.hpp |
775 | |
776 | === modified file 'libtest/is_local.cc' |
777 | --- libtest/is_local.cc 2013-06-05 21:59:31 +0000 |
778 | +++ libtest/is_local.cc 2013-07-06 00:44:27 +0000 |
779 | @@ -60,6 +60,23 @@ |
780 | void is_ssl(bool arg) |
781 | { |
782 | _is_ssl= arg; |
783 | + |
784 | + if (_is_ssl) |
785 | + { |
786 | + setenv("GEARMAND_CA_CERTIFICATE", YATL_CA_CERT_PEM, false); |
787 | + setenv("GEARMAND_SERVER_PEM", YATL_CERT_PEM, false); |
788 | + setenv("GEARMAND_SERVER_KEY", YATL_CERT_KEY_PEM, false); |
789 | + setenv("GEARMAND_CLIENT_PEM", YATL_CERT_PEM, false); |
790 | + setenv("GEARMAND_CLIENT_KEY", YATL_CERT_KEY_PEM, false); |
791 | + } |
792 | + else |
793 | + { |
794 | + unsetenv("GEARMAND_CA_CERTIFICATE"); |
795 | + unsetenv("GEARMAND_SERVER_PEM"); |
796 | + unsetenv("GEARMAND_SERVER_KEY"); |
797 | + unsetenv("GEARMAND_CLIENT_PEM"); |
798 | + unsetenv("GEARMAND_CLIENT_KEY"); |
799 | + } |
800 | } |
801 | |
802 | bool is_ssl() |
803 | |
804 | === added file 'libtest/ssl.h' |
805 | --- libtest/ssl.h 1970-01-01 00:00:00 +0000 |
806 | +++ libtest/ssl.h 2013-07-06 00:44:27 +0000 |
807 | @@ -0,0 +1,45 @@ |
808 | +/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab: |
809 | + * |
810 | + * Data Differential YATL (i.e. libtest) library |
811 | + * |
812 | + * Copyright (C) 2013 Data Differential, http://datadifferential.com/ |
813 | + * |
814 | + * Redistribution and use in source and binary forms, with or without |
815 | + * modification, are permitted provided that the following conditions are |
816 | + * met: |
817 | + * |
818 | + * * Redistributions of source code must retain the above copyright |
819 | + * notice, this list of conditions and the following disclaimer. |
820 | + * |
821 | + * * Redistributions in binary form must reproduce the above |
822 | + * copyright notice, this list of conditions and the following disclaimer |
823 | + * in the documentation and/or other materials provided with the |
824 | + * distribution. |
825 | + * |
826 | + * * The names of its contributors may not be used to endorse or |
827 | + * promote products derived from this software without specific prior |
828 | + * written permission. |
829 | + * |
830 | + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
831 | + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
832 | + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
833 | + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
834 | + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
835 | + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
836 | + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
837 | + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
838 | + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
839 | + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
840 | + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
841 | + * |
842 | + */ |
843 | + |
844 | +/* |
845 | + Location of ssl certs during testing. |
846 | +*/ |
847 | + |
848 | +#pragma once |
849 | + |
850 | +#define YATL_CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem" |
851 | +#define YATL_CERT_PEM "/home/brian/cyassl/certs/server-cert.pem" |
852 | +#define YATL_CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem" |
853 | |
854 | === modified file 'libtest/test.hpp' |
855 | --- libtest/test.hpp 2013-05-03 06:03:28 +0000 |
856 | +++ libtest/test.hpp 2013-07-06 00:44:27 +0000 |
857 | @@ -100,3 +100,5 @@ |
858 | #include <libtest/tmpfile.hpp> |
859 | #include <libtest/client.hpp> |
860 | #include <libtest/thread.hpp> |
861 | +#include <libtest/ssl.h> |
862 | + |
863 | |
864 | === modified file 'tests/libgearman-1.0/client_test.cc' |
865 | --- tests/libgearman-1.0/client_test.cc 2013-06-28 19:13:48 +0000 |
866 | +++ tests/libgearman-1.0/client_test.cc 2013-07-06 00:44:27 +0000 |
867 | @@ -459,7 +459,7 @@ |
868 | |
869 | ASSERT_EQ(GEARMAN_SUCCESS, rc); |
870 | |
871 | - test_truth(job_result); |
872 | + ASSERT_TRUE(job_result); |
873 | ASSERT_EQ(gearman_size(value), result_length); |
874 | |
875 | test_memcmp(gearman_c_str(value), job_result, gearman_size(value)); |