Merge lp:~brianaker/gearmand/ssl-update into lp:gearmand

Proposed by Brian Aker on 2013-07-06
Status: Merged
Merged at revision: 805
Proposed branch: lp:~brianaker/gearmand/ssl-update
Merge into: lp:gearmand
Diff against target: 875 lines (+340/-130)
22 files modified
Makefile.am (+2/-2)
configure.ac (+13/-5)
libgearman-server/io.cc (+67/-20)
libgearman-server/log.cc (+22/-28)
libgearman-server/plugins/protocol/gear/protocol.cc (+27/-15)
libgearman-server/plugins/protocol/gear/protocol.h (+3/-0)
libgearman/client.hpp (+14/-0)
libgearman/connection.cc (+13/-5)
libgearman/error.hpp (+1/-1)
libgearman/interface/universal.hpp (+50/-10)
libgearman/ostream.hpp (+1/-0)
libgearman/ssl.h (+0/-5)
libgearman/universal.cc (+24/-22)
libgearman/vector.hpp (+5/-0)
libgearman/worker.hpp (+12/-0)
libtest/client.cc (+17/-16)
libtest/gearmand.cc (+3/-0)
libtest/include.am (+1/-0)
libtest/is_local.cc (+17/-0)
libtest/ssl.h (+45/-0)
libtest/test.hpp (+2/-0)
tests/libgearman-1.0/client_test.cc (+1/-1)
To merge this branch: bzr merge lp:~brianaker/gearmand/ssl-update
Reviewer Review Type Date Requested Status
Tangent Trunk 2013-07-06 Pending
Review via email: mp+173294@code.launchpad.net
To post a comment you must log in.
lp:~brianaker/gearmand/ssl-update updated on 2013-07-06
805. By Tangent.Org Continuous Integration on 2013-07-06

Merge lp:~brianaker/gearmand/ssl-update Build: jenkins-Gearmand-703

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Makefile.am'
2--- Makefile.am 2013-06-05 21:59:31 +0000
3+++ Makefile.am 2013-07-06 00:44:27 +0000
4@@ -78,8 +78,8 @@
5 echo '#define GEARMAND_CA_CERTIFICATE "$(sysconfdir)/ssl/certs/gearmand-ca.pem"'; \
6 echo '#define GEARMAND_SERVER_PEM "$(sysconfdir)/ssl/certs/gearmand.pem"'; \
7 echo '#define GEARMAND_SERVER_KEY "$(sysconfdir)/ssl/certs/gearmand.key"'; \
8- echo '#define GEARMAND_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \
9- echo '#define GEARMAND_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \
10+ echo '#define GEARMAN_CLIENT_PEM "$(sysconfdir)/ssl/certs/gearman.pem"'; \
11+ echo '#define GEARMAN_CLIENT_KEY "$(sysconfdir)/ssl/certs/gearman.key"'; \
12 echo '#define LOCALSTATEDIR "$(localstatedir)"'; \
13 echo '#define GEARMAND_PID "$(localstatedir)/gearmand.pid"'; \
14 } | sed '/""/d' > $@-t
15
16=== modified file 'configure.ac'
17--- configure.ac 2013-06-30 22:09:00 +0000
18+++ configure.ac 2013-07-06 00:44:27 +0000
19@@ -226,15 +226,23 @@
20 # Check for CyaSSL
21 AC_DEFUN([AX_ENABLE_SSL],
22 [AC_PREREQ([2.63])dnl
23+ m4_define([_SSL_ENABLE_DEFAULT], [m4_if($1, no, no, no)])dnl
24 AC_ARG_ENABLE([ssl],
25 [AS_HELP_STRING([--enable-ssl],
26- [Enable ssl support for Gearman --enable-debug (yes|no) @<:@default=no@:>@])],
27- [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl])],
28- [AC_MSG_WARN([ssl will not be enabled])])
29+ [Enable ssl support for Gearman @<:@default=]_SSL_ENABLE_DEFAULT[@:>@])],
30+ [AS_CASE([$enableval],
31+ [yes],[enable_ssl=yes],
32+ [no],[enable_ssl=no],
33+ [enable_ssl=no])
34+ ],
35+ [enable_ssl=]_SSL_ENABLE_DEFAULT)
36+ AS_IF([test "x${enable_ssl}" = "xyes"],
37+ [AX_CHECK_LIBRARY([CYASSL],[cyassl/ssl.h],[cyassl],[],
38+ [AC_MSG_ERROR([Unable to find cyassl])
39+ enable_ssl=no])])
40 ])
41 AX_ENABLE_SSL
42-#AC_SUBST([CYASSL])
43-#AC_SUBST([CYASSL_LIB])
44+
45 AX_ENABLE_LIBMEMCACHED
46
47 AC_DEFINE([GEARMAND_BLOBSLAP_WORKER],[1],[Have Gearman Blobslap Worker])
48
49=== modified file 'libgearman-server/io.cc'
50--- libgearman-server/io.cc 2013-06-26 23:50:02 +0000
51+++ libgearman-server/io.cc 2013-07-06 00:44:27 +0000
52@@ -242,6 +242,7 @@
53 return GEARMAND_ERRNO;
54
55 case gearmand_io_st::GEARMAND_CON_UNIVERSAL_CONNECTED:
56+ uint32_t loop_counter= 0;
57 while (connection->send_buffer_size)
58 {
59 ssize_t write_size;
60@@ -249,6 +250,37 @@
61 if (con->_ssl)
62 {
63 write_size= CyaSSL_send(con->_ssl, connection->send_buffer_ptr, connection->send_buffer_size, MSG_NOSIGNAL|MSG_DONTWAIT);
64+
65+ // I consider this to be a bug in CyaSSL_send() that is uses a zero in this manner
66+ if (write_size <= 0)
67+ {
68+ int err;
69+ switch ((err= CyaSSL_get_error(con->_ssl, write_size)))
70+ {
71+ case SSL_ERROR_WANT_CONNECT:
72+ case SSL_ERROR_WANT_ACCEPT:
73+ write_size= -1;
74+ errno= EAGAIN;
75+ break;
76+
77+ case SSL_ERROR_WANT_WRITE:
78+ case SSL_ERROR_WANT_READ:
79+ write_size= -1;
80+ errno= EAGAIN;
81+ break;
82+
83+ default:
84+ {
85+ char errorString[80];
86+ CyaSSL_ERR_error_string(err, errorString);
87+ _connection_close(connection);
88+ return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s:%s SSL failure(%s)",
89+ connection->context == NULL ? "-" : connection->context->host,
90+ connection->context == NULL ? "-" : connection->context->port,
91+ errorString);
92+ }
93+ }
94+ }
95 }
96 else
97 #endif
98@@ -258,9 +290,17 @@
99
100 if (write_size == 0) // detect infinite loop?
101 {
102- gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes to peer %s:%s",
103+ ++loop_counter;
104+ gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "send() sent zero bytes of %u to peer %s:%s",
105+ uint32_t(connection->send_buffer_size),
106 connection->context == NULL ? "-" : connection->context->host,
107 connection->context == NULL ? "-" : connection->context->port);
108+
109+ if (loop_counter > 5)
110+ {
111+ _connection_close(connection);
112+ return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "send() failed to send data");
113+ }
114 continue;
115 }
116 else if (write_size == -1)
117@@ -268,6 +308,9 @@
118 int local_errno= errno;
119 switch (local_errno)
120 {
121+#if defined(EWOULDBLOCK) && EWOULDBLOCK != EAGAIN
122+ case EWOULDBLOCK:
123+#endif
124 case EAGAIN:
125 {
126 gearmand_error_t gret= gearmand_io_set_events(con, POLLOUT);
127@@ -706,7 +749,10 @@
128 }
129 return ret;
130 }
131- gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "read %lu bytes", (unsigned long)recv_size);
132+ gearmand_log_debug(GEARMAN_DEFAULT_LOG_PARAM, "%s:%s read %lu bytes",
133+ connection->context == NULL ? "-" : connection->context->host,
134+ connection->context == NULL ? "-" : connection->context->port,
135+ (unsigned long)recv_size);
136
137 connection->recv_buffer_size+= recv_size;
138 }
139@@ -927,24 +973,25 @@
140
141 void gearmand_sockfd_close(int& sockfd)
142 {
143- if (sockfd == INVALID_SOCKET)
144- {
145- gearmand_error("gearmand_sockfd_close() called with an invalid socket");
146- return;
147- }
148-
149- /* in case of death shutdown to avoid blocking at close() */
150- if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN)
151- {
152- gearmand_perror(errno, "shutdown");
153- assert(errno != ENOTSOCK);
154- }
155- else if (closesocket(sockfd) == SOCKET_ERROR)
156- {
157- gearmand_perror(errno, "close");
158- }
159-
160- sockfd= INVALID_SOCKET;
161+ if (sockfd != INVALID_SOCKET)
162+ {
163+ /* in case of death shutdown to avoid blocking at close() */
164+ if (shutdown(sockfd, SHUT_RDWR) == SOCKET_ERROR && get_socket_errno() != ENOTCONN)
165+ {
166+ gearmand_perror(errno, "shutdown");
167+ assert(errno != ENOTSOCK);
168+ }
169+ else if (closesocket(sockfd) == SOCKET_ERROR)
170+ {
171+ gearmand_perror(errno, "close");
172+ }
173+
174+ sockfd= INVALID_SOCKET;
175+ }
176+ else
177+ {
178+ gearmand_warning("gearmand_sockfd_close() called with an invalid socket");
179+ }
180 }
181
182 void gearmand_pipe_close(int& pipefd)
183
184=== modified file 'libgearman-server/log.cc'
185--- libgearman-server/log.cc 2013-06-10 22:49:06 +0000
186+++ libgearman-server/log.cc 2013-07-06 00:44:27 +0000
187@@ -116,6 +116,26 @@
188 return GEARMAND_INVALID_ARGUMENT;
189 }
190
191+static gearmand_error_t __errno_to_gearmand_error_t(int local_errno)
192+{
193+ gearmand_error_t error_to_report= GEARMAND_ERRNO;
194+
195+ switch (local_errno)
196+ {
197+ case ENOMEM:
198+ error_to_report= GEARMAND_MEMORY_ALLOCATION_FAILURE;
199+
200+ case ECONNRESET:
201+ case EHOSTDOWN:
202+ error_to_report= GEARMAND_LOST_CONNECTION;
203+
204+ default:
205+ break;
206+ }
207+
208+ return error_to_report;
209+}
210+
211 /**
212 * Log a message.
213 *
214@@ -303,20 +323,7 @@
215 }
216 }
217
218- switch (local_errno)
219- {
220- case ENOMEM:
221- return GEARMAND_MEMORY_ALLOCATION_FAILURE;
222-
223- case ECONNRESET:
224- case EHOSTDOWN:
225- return GEARMAND_LOST_CONNECTION;
226-
227- default:
228- break;
229- }
230-
231- return GEARMAND_ERRNO;
232+ return __errno_to_gearmand_error_t(local_errno);
233 }
234
235 gearmand_error_t gearmand_log_error(const char *position, const char *function, const char *format, ...)
236@@ -415,20 +422,7 @@
237 }
238 }
239
240- switch (local_errno)
241- {
242- case ENOMEM:
243- return GEARMAND_MEMORY_ALLOCATION_FAILURE;
244-
245- case ECONNRESET:
246- case EHOSTDOWN:
247- return GEARMAND_LOST_CONNECTION;
248-
249- default:
250- break;
251- }
252-
253- return GEARMAND_ERRNO;
254+ return __errno_to_gearmand_error_t(local_errno);
255 }
256
257 gearmand_error_t gearmand_log_gerror(const char *position, const char *function, const gearmand_error_t rc, const char *format, ...)
258
259=== modified file 'libgearman-server/plugins/protocol/gear/protocol.cc'
260--- libgearman-server/plugins/protocol/gear/protocol.cc 2013-06-30 02:48:43 +0000
261+++ libgearman-server/plugins/protocol/gear/protocol.cc 2013-07-06 00:44:27 +0000
262@@ -312,7 +312,7 @@
263 {
264 if ((connection->_ssl= CyaSSL_new(Gearmand()->ctx_ssl())) == NULL)
265 {
266- return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_new() failed");
267+ return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_MEMORY_ALLOCATION_FAILURE, "CyaSSL_new() failed to return a valid object");
268 }
269
270 CyaSSL_set_fd(connection->_ssl, connection->con.fd);
271@@ -331,7 +331,7 @@
272 int cyassl_error= CyaSSL_get_error(connection->_ssl, 0);
273 char cyassl_error_buffer[1024]= { 0 };
274 CyaSSL_ERR_error_string(cyassl_error, cyassl_error_buffer);
275- return gearmand_log_error(GEARMAN_DEFAULT_LOG_PARAM, "%s(%d)", cyassl_error_buffer, cyassl_error);
276+ return gearmand_log_gerror(GEARMAN_DEFAULT_LOG_PARAM, GEARMAND_LOST_CONNECTION, "%s(%d)", cyassl_error_buffer, cyassl_error);
277 }
278 }
279 gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "GearSSL connection made: %d", connection->con.fd);
280@@ -349,6 +349,9 @@
281 Gear::Gear() :
282 Plugin("Gear"),
283 _port(GEARMAN_DEFAULT_TCP_PORT_STRING),
284+ _ssl_ca_file(GEARMAND_CA_CERTIFICATE),
285+ _ssl_certificate(GEARMAND_SERVER_PEM),
286+ _ssl_key(GEARMAND_SERVER_KEY),
287 opt_ssl(false)
288 {
289 command_line_options().add_options()
290@@ -356,6 +359,12 @@
291 "Port the server should listen on.")
292 ("ssl", boost::program_options::bool_switch(&opt_ssl)->default_value(false),
293 "Enable ssl connections.")
294+ ("ssl-ca-file", boost::program_options::value(&_ssl_ca_file),
295+ "CA file.")
296+ ("ssl-certificate", boost::program_options::value(&_ssl_certificate),
297+ "SSL certificate.")
298+ ("ssl-key", boost::program_options::value(&_ssl_key),
299+ "SSL key for certificate.")
300 ;
301 }
302
303@@ -400,20 +409,23 @@
304 {
305 gearmand->init_ssl();
306
307- if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS)
308+ if (CyaSSL_CTX_load_verify_locations(gearmand->ctx_ssl(), _ssl_ca_file.c_str(), 0) != SSL_SUCCESS)
309 {
310- gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", GEARMAND_CA_CERTIFICATE);
311- }
312-
313- if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), GEARMAND_SERVER_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
314- {
315- gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", GEARMAND_SERVER_PEM);
316- }
317-
318- if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), GEARMAND_SERVER_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS)
319- {
320- gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", GEARMAND_SERVER_KEY);
321- }
322+ gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_load_verify_locations() cannot local the ca certificate %s", _ssl_ca_file.c_str());
323+ }
324+ gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading CA certificate : %s", _ssl_ca_file.c_str());
325+
326+ if (CyaSSL_CTX_use_certificate_file(gearmand->ctx_ssl(), _ssl_certificate.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
327+ {
328+ gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_certificate_file() cannot obtain certificate %s", _ssl_certificate.c_str());
329+ }
330+ gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate : %s", _ssl_certificate.c_str());
331+
332+ if (CyaSSL_CTX_use_PrivateKey_file(gearmand->ctx_ssl(), _ssl_key.c_str(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
333+ {
334+ gearmand_log_fatal(GEARMAN_DEFAULT_LOG_PARAM, "CyaSSL_CTX_use_PrivateKey_file() cannot obtain certificate %s", _ssl_key.c_str());
335+ }
336+ gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Loading certificate key : %s", _ssl_key.c_str());
337
338 assert(gearmand->ctx_ssl());
339 }
340
341=== modified file 'libgearman-server/plugins/protocol/gear/protocol.h'
342--- libgearman-server/plugins/protocol/gear/protocol.h 2013-06-05 21:59:31 +0000
343+++ libgearman-server/plugins/protocol/gear/protocol.h 2013-07-06 00:44:27 +0000
344@@ -58,6 +58,9 @@
345
346 private:
347 std::string _port;
348+ std::string _ssl_ca_file;
349+ std::string _ssl_certificate;
350+ std::string _ssl_key;
351 bool opt_ssl;
352 };
353
354
355=== modified file 'libgearman/client.hpp'
356--- libgearman/client.hpp 2013-03-15 21:54:07 +0000
357+++ libgearman/client.hpp 2013-07-06 00:44:27 +0000
358@@ -56,6 +56,8 @@
359 {
360 throw std::runtime_error("gearman_client_create() failed");
361 }
362+
363+ enable_ssl();
364 }
365
366 Client(const gearman_client_st* arg)
367@@ -66,6 +68,8 @@
368 {
369 throw std::runtime_error("gearman_client_create() failed");
370 }
371+
372+ enable_ssl();
373 }
374
375 Client(in_port_t arg)
376@@ -77,6 +81,8 @@
377 throw std::runtime_error("gearman_client_create() failed");
378 }
379 gearman_client_add_server(_client, "localhost", arg);
380+
381+ enable_ssl();
382 }
383
384 gearman_client_st* operator&() const
385@@ -94,6 +100,14 @@
386 gearman_client_free(_client);
387 }
388
389+ void enable_ssl()
390+ {
391+ if (getenv("GEARMAND_CA_CERTIFICATE"))
392+ {
393+ gearman_client_add_options(_client, GEARMAN_CLIENT_SSL);
394+ }
395+ }
396+
397 private:
398 gearman_client_st *_client;
399
400
401=== modified file 'libgearman/connection.cc'
402--- libgearman/connection.cc 2013-06-30 05:13:06 +0000
403+++ libgearman/connection.cc 2013-07-06 00:44:27 +0000
404@@ -821,14 +821,21 @@
405 if (_ssl)
406 {
407 write_size= CyaSSL_send(_ssl, send_buffer_ptr, send_buffer_size, MSG_NOSIGNAL);
408- if (write_size < 0)
409+ if (write_size <= 0)
410 {
411 int err;
412- switch ((err= CyaSSL_get_error(_ssl, 0)))
413+ switch ((err= CyaSSL_get_error(_ssl, write_size)))
414 {
415+ case SSL_ERROR_WANT_CONNECT:
416+ case SSL_ERROR_WANT_ACCEPT:
417+ write_size= -1;
418+ errno= EAGAIN;
419+ break;
420+
421 case SSL_ERROR_WANT_WRITE:
422 case SSL_ERROR_WANT_READ:
423- errno= EWOULDBLOCK;
424+ write_size= -1;
425+ errno= EAGAIN;
426 break;
427
428 default:
429@@ -1069,6 +1076,7 @@
430
431 if (data_size != recv_size)
432 {
433+ // @note fix this to test for error before blindly doing this opperation
434 recv_size+= recv_socket(static_cast<uint8_t *>(const_cast<void *>(data)) + recv_size, data_size - recv_size, ret);
435 recv_data_offset+= recv_size;
436 }
437@@ -1098,9 +1106,9 @@
438 if (_ssl)
439 {
440 read_size= CyaSSL_recv(_ssl, data, data_size, MSG_DONTWAIT);
441- if (read_size < 0)
442+ if (read_size <= 0)
443 {
444- int sendErr= CyaSSL_get_error(_ssl, 0);
445+ int sendErr= CyaSSL_get_error(_ssl, read_size);
446 if (sendErr != SSL_ERROR_WANT_READ)
447 {
448 char errorString[80];
449
450=== modified file 'libgearman/error.hpp'
451--- libgearman/error.hpp 2013-07-02 23:51:10 +0000
452+++ libgearman/error.hpp 2013-07-06 00:44:27 +0000
453@@ -40,7 +40,7 @@
454
455 #define STRINGIFY(x) #x
456 #define TOSTRING(x) STRINGIFY(x)
457-#define AT __FILE__ ":" TOSTRING(__LINE__)
458+#define AT __FILE__ ":" TOSTRING(__LINE__) ":"
459 #define GEARMAN_AT __func__, AT
460
461 #define gearman_perror(__universal, __message) gearman_universal_set_perror((__universal), __func__, AT, (__message))
462
463=== modified file 'libgearman/interface/universal.hpp'
464--- libgearman/interface/universal.hpp 2013-06-05 21:59:31 +0000
465+++ libgearman/interface/universal.hpp 2013-07-06 00:44:27 +0000
466@@ -43,6 +43,7 @@
467 #include "libgearman/interface/packet.hpp"
468 #include "libgearman/vector.h"
469 #include "libgearman/assert.hpp"
470+#include "libgearman/ssl.h"
471
472 enum universal_options_t
473 {
474@@ -201,20 +202,59 @@
475 options_++;
476 }
477 }
478-
479- // Only does something if SSL has been enabled.
480- bool ret= init_ssl();
481- if (ret == false)
482- {
483- abort();
484- }
485- }
486-
487+ }
488+
489+ const char* ssl_ca_file() const
490+ {
491+ if (getenv("GEARMAND_CA_CERTIFICATE"))
492+ {
493+ return getenv("GEARMAND_CA_CERTIFICATE");
494+ }
495+
496+ return GEARMAND_CA_CERTIFICATE;
497+ }
498+
499+ const char* ssl_certificate() const
500+ {
501+ if (getenv("GEARMAN_CLIENT_PEM"))
502+ {
503+ return getenv("GEARMAN_CLIENT_PEM");
504+ }
505+
506+ return GEARMAN_CLIENT_PEM;
507+ }
508+
509+ const char* ssl_key() const
510+ {
511+ if (getenv("GEARMAN_CLIENT_KEY"))
512+ {
513+ return getenv("GEARMAN_CLIENT_KEY");
514+ }
515+
516+ return GEARMAN_CLIENT_KEY;
517+ }
518+
519+private:
520 bool init_ssl();
521
522+public:
523 struct CYASSL_CTX* ctx_ssl()
524 {
525- return _ctx_ssl;
526+ if (ssl())
527+ {
528+ if (_ctx_ssl == NULL)
529+ {
530+ if (init_ssl() == false)
531+ {
532+ abort();
533+ }
534+ }
535+ assert(_ctx_ssl);
536+
537+ return _ctx_ssl;
538+ }
539+
540+ return NULL;
541 }
542
543 ~gearman_universal_st();
544
545=== modified file 'libgearman/ostream.hpp'
546--- libgearman/ostream.hpp 2012-11-12 06:50:33 +0000
547+++ libgearman/ostream.hpp 2013-07-06 00:44:27 +0000
548@@ -43,6 +43,7 @@
549 static inline std::ostream& operator<<(std::ostream& output, const gearman_packet_st &arg)
550 {
551 const char* command_str;
552+ // gearman_strcommand()
553 switch(arg.command)
554 {
555 case GEARMAN_COMMAND_TEXT: command_str= "GEARMAN_COMMAND_TEXT";
556
557=== modified file 'libgearman/ssl.h'
558--- libgearman/ssl.h 2013-06-05 21:59:31 +0000
559+++ libgearman/ssl.h 2013-07-06 00:44:27 +0000
560@@ -42,8 +42,3 @@
561 #endif
562
563 #include "configmake.h"
564-
565-#define CA_CERT_PEM GEARMAND_CA_CERTIFICATE
566-#define CERT_PEM GEARMAND_CLIENT_PEM
567-#define CERT_KEY_PEM GEARMAND_CLIENT_PEM
568-
569
570=== modified file 'libgearman/universal.cc'
571--- libgearman/universal.cc 2013-07-02 23:16:11 +0000
572+++ libgearman/universal.cc 2013-07-06 00:44:27 +0000
573@@ -409,6 +409,8 @@
574 {
575 CyaSSL_CTX_free(_ctx_ssl);
576 }
577+#else
578+ assert(_ctx_ssl == NULL);
579 #endif
580 }
581
582@@ -438,32 +440,32 @@
583
584 bool gearman_universal_st::init_ssl()
585 {
586- if (options._ssl)
587+ if (ssl())
588 {
589 #if defined(HAVE_CYASSL) && HAVE_CYASSL
590 CyaSSL_Init();
591
592- if ((_ctx_ssl = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL)
593- {
594- gearman_error(*this, GEARMAN_INVALID_ARGUMENT, "CyaTLSv1_client_method()");
595- return false;
596- }
597-
598- if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, GEARMAND_CA_CERTIFICATE, 0) != SSL_SUCCESS)
599- {
600- gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CA_CERT_PEM);
601- return false;
602- }
603-
604- if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, GEARMAND_CLIENT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
605- {
606- gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_PEM);
607- return false;
608- }
609-
610- if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, GEARMAND_CLIENT_KEY, SSL_FILETYPE_PEM) != SSL_SUCCESS)
611- {
612- gearman_error(*this, GEARMAN_INVALID_ARGUMENT, CERT_KEY_PEM);
613+ if ((_ctx_ssl= CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL)
614+ {
615+ gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "CyaTLSv1_client_method() failed");
616+ return false;
617+ }
618+
619+ if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, ssl_ca_file(), 0) != SSL_SUCCESS)
620+ {
621+ gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load CA certificate %s", ssl_ca_file());
622+ return false;
623+ }
624+
625+ if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, ssl_certificate(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
626+ {
627+ gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate %s", ssl_certificate());
628+ return false;
629+ }
630+
631+ if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, ssl_key(), SSL_FILETYPE_PEM) != SSL_SUCCESS)
632+ {
633+ gearman_universal_set_error(*this, GEARMAN_INVALID_ARGUMENT, GEARMAN_AT, "Failed to load certificate key %s", ssl_key());
634 return false;
635 }
636 #endif // defined(HAVE_CYASSL) && HAVE_CYASSL
637
638=== modified file 'libgearman/vector.hpp'
639--- libgearman/vector.hpp 2013-05-07 09:50:42 +0000
640+++ libgearman/vector.hpp 2013-07-06 00:44:27 +0000
641@@ -104,6 +104,11 @@
642 return string;
643 }
644
645+ const char* c_str() const
646+ {
647+ return string;
648+ }
649+
650 const void* void_ptr() const
651 {
652 return (const void*)string;
653
654=== modified file 'libgearman/worker.hpp'
655--- libgearman/worker.hpp 2013-03-15 21:54:07 +0000
656+++ libgearman/worker.hpp 2013-07-06 00:44:27 +0000
657@@ -55,6 +55,8 @@
658 {
659 throw std::runtime_error("gearman_worker_create() failed");
660 }
661+
662+ enable_ssl();
663 }
664
665 Worker(in_port_t arg)
666@@ -66,6 +68,8 @@
667 throw std::runtime_error("gearman_worker_create() failed");
668 }
669 gearman_worker_add_server(_worker, "localhost", arg);
670+
671+ enable_ssl();
672 }
673
674 gearman_worker_st* operator&() const
675@@ -83,6 +87,14 @@
676 gearman_worker_free(_worker);
677 }
678
679+ void enable_ssl()
680+ {
681+ if (getenv("GEARMAND_CA_CERTIFICATE"))
682+ {
683+ gearman_worker_add_options(_worker, GEARMAN_WORKER_SSL);
684+ }
685+ }
686+
687 private:
688 gearman_worker_st *_worker;
689
690
691=== modified file 'libtest/client.cc'
692--- libtest/client.cc 2013-06-05 21:59:31 +0000
693+++ libtest/client.cc 2013-07-06 00:44:27 +0000
694@@ -54,10 +54,6 @@
695 # include <cyassl/ssl.h>
696 #endif
697
698-#define CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem"
699-#define CERT_PEM "/home/brian/cyassl/certs/server-cert.pem"
700-#define CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem"
701-
702 namespace libtest {
703
704 SimpleClient::SimpleClient(const std::string& hostname_, in_port_t port_) :
705@@ -72,6 +68,11 @@
706 _ctx_ssl(NULL),
707 _ssl(NULL)
708 {
709+ if (is_ssl())
710+ {
711+ _is_ssl= true;
712+ }
713+
714 init_ssl();
715 }
716
717@@ -87,19 +88,19 @@
718 FATAL("CyaSSL_CTX_new error" == NULL);
719 }
720
721- if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, CA_CERT_PEM, 0) != SSL_SUCCESS)
722+ if (CyaSSL_CTX_load_verify_locations(_ctx_ssl, YATL_CA_CERT_PEM, 0) != SSL_SUCCESS)
723 {
724- FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", CA_CERT_PEM);
725- }
726-
727- if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
728- {
729- FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", CERT_PEM);
730- }
731-
732- if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
733- {
734- FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", CERT_KEY_PEM);
735+ FATAL("CyaSSL_CTX_load_verify_locations(%s) cannot obtain certificate", YATL_CA_CERT_PEM);
736+ }
737+
738+ if (CyaSSL_CTX_use_certificate_file(_ctx_ssl, YATL_CERT_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
739+ {
740+ FATAL("CyaSSL_CTX_use_certificate_file(%s) cannot obtain certificate", YATL_CERT_PEM);
741+ }
742+
743+ if (CyaSSL_CTX_use_PrivateKey_file(_ctx_ssl, YATL_CERT_KEY_PEM, SSL_FILETYPE_PEM) != SSL_SUCCESS)
744+ {
745+ FATAL("CyaSSL_CTX_use_PrivateKey_file(%s) cannot obtain certificate", YATL_CERT_KEY_PEM);
746 }
747 #endif // defined(HAVE_CYASSL) && HAVE_CYASSL
748 }
749
750=== modified file 'libtest/gearmand.cc'
751--- libtest/gearmand.cc 2013-06-05 21:59:31 +0000
752+++ libtest/gearmand.cc 2013-07-06 00:44:27 +0000
753@@ -150,6 +150,9 @@
754 if (is_ssl())
755 {
756 add_option("--ssl");
757+ add_option("--ssl-ca-file=" YATL_CA_CERT_PEM);
758+ add_option("--ssl-certificate=" YATL_CERT_PEM);
759+ add_option("--ssl-key=" YATL_CERT_KEY_PEM);
760 }
761
762 return true;
763
764=== modified file 'libtest/include.am'
765--- libtest/include.am 2013-07-03 03:54:06 +0000
766+++ libtest/include.am 2013-07-06 00:44:27 +0000
767@@ -94,6 +94,7 @@
768 noinst_HEADERS+= libtest/server_container.h
769 noinst_HEADERS+= libtest/signal.h
770 noinst_HEADERS+= libtest/socket.hpp
771+noinst_HEADERS+= libtest/ssl.h
772 noinst_HEADERS+= libtest/stream.h
773 noinst_HEADERS+= libtest/strerror.h
774 noinst_HEADERS+= libtest/string.hpp
775
776=== modified file 'libtest/is_local.cc'
777--- libtest/is_local.cc 2013-06-05 21:59:31 +0000
778+++ libtest/is_local.cc 2013-07-06 00:44:27 +0000
779@@ -60,6 +60,23 @@
780 void is_ssl(bool arg)
781 {
782 _is_ssl= arg;
783+
784+ if (_is_ssl)
785+ {
786+ setenv("GEARMAND_CA_CERTIFICATE", YATL_CA_CERT_PEM, false);
787+ setenv("GEARMAND_SERVER_PEM", YATL_CERT_PEM, false);
788+ setenv("GEARMAND_SERVER_KEY", YATL_CERT_KEY_PEM, false);
789+ setenv("GEARMAND_CLIENT_PEM", YATL_CERT_PEM, false);
790+ setenv("GEARMAND_CLIENT_KEY", YATL_CERT_KEY_PEM, false);
791+ }
792+ else
793+ {
794+ unsetenv("GEARMAND_CA_CERTIFICATE");
795+ unsetenv("GEARMAND_SERVER_PEM");
796+ unsetenv("GEARMAND_SERVER_KEY");
797+ unsetenv("GEARMAND_CLIENT_PEM");
798+ unsetenv("GEARMAND_CLIENT_KEY");
799+ }
800 }
801
802 bool is_ssl()
803
804=== added file 'libtest/ssl.h'
805--- libtest/ssl.h 1970-01-01 00:00:00 +0000
806+++ libtest/ssl.h 2013-07-06 00:44:27 +0000
807@@ -0,0 +1,45 @@
808+/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab:
809+ *
810+ * Data Differential YATL (i.e. libtest) library
811+ *
812+ * Copyright (C) 2013 Data Differential, http://datadifferential.com/
813+ *
814+ * Redistribution and use in source and binary forms, with or without
815+ * modification, are permitted provided that the following conditions are
816+ * met:
817+ *
818+ * * Redistributions of source code must retain the above copyright
819+ * notice, this list of conditions and the following disclaimer.
820+ *
821+ * * Redistributions in binary form must reproduce the above
822+ * copyright notice, this list of conditions and the following disclaimer
823+ * in the documentation and/or other materials provided with the
824+ * distribution.
825+ *
826+ * * The names of its contributors may not be used to endorse or
827+ * promote products derived from this software without specific prior
828+ * written permission.
829+ *
830+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
831+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
832+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
833+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
834+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
835+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
836+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
837+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
838+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
839+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
840+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
841+ *
842+ */
843+
844+/*
845+ Location of ssl certs during testing.
846+*/
847+
848+#pragma once
849+
850+#define YATL_CA_CERT_PEM "/home/brian/cyassl/certs/ca-cert.pem"
851+#define YATL_CERT_PEM "/home/brian/cyassl/certs/server-cert.pem"
852+#define YATL_CERT_KEY_PEM "/home/brian/cyassl/certs/server-key.pem"
853
854=== modified file 'libtest/test.hpp'
855--- libtest/test.hpp 2013-05-03 06:03:28 +0000
856+++ libtest/test.hpp 2013-07-06 00:44:27 +0000
857@@ -100,3 +100,5 @@
858 #include <libtest/tmpfile.hpp>
859 #include <libtest/client.hpp>
860 #include <libtest/thread.hpp>
861+#include <libtest/ssl.h>
862+
863
864=== modified file 'tests/libgearman-1.0/client_test.cc'
865--- tests/libgearman-1.0/client_test.cc 2013-06-28 19:13:48 +0000
866+++ tests/libgearman-1.0/client_test.cc 2013-07-06 00:44:27 +0000
867@@ -459,7 +459,7 @@
868
869 ASSERT_EQ(GEARMAN_SUCCESS, rc);
870
871- test_truth(job_result);
872+ ASSERT_TRUE(job_result);
873 ASSERT_EQ(gearman_size(value), result_length);
874
875 test_memcmp(gearman_c_str(value), job_result, gearman_size(value));

Subscribers

People subscribed via source and target branches

to all changes: