[jira] [Commented] (GEODE-2113) Implement SSL over NIO

Wed, 19 Dec 2018 14:39:34 -0800 


    [ 
https://issues.apache.org/jira/browse/GEODE-2113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16725408#comment-16725408
 ] 

ASF subversion and git services commented on GEODE-2113:
--------------------------------------------------------

Commit 83f3ea79c81d88f65b1bdf9cef54f803f75fdd22 in geode's branch 
refs/heads/feature/GEODE-2113c from Bruce Schuchardt
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=83f3ea7 ]

Merge branch 'feature/GEODE-2113b' into feature/GEODE-2113c

This removes old-I/O use in TCPConduit peer-to-peer communications.

This was used for SSL/TLS secure commuications but Java has had an

SSLEngine implementation that allows you to implement secure

communications on new-I/O SocketChannels or any other transport
mechanism.

A new NioSSLEngine class wraps the JDK's SSLEngine and provides the
SSL
handshake as well as encryption/decryption of messages. SocketCreator
performs the SSL handshake and returns a NioSslEngine that TCPConduit

then uses for messaging.

The SSL handshake needs to be done in Connection.java now because the

ByteBuffer used to do the handshake is also used for reading messages
in
Receivers. Because of this the Handshake pool in TCPConduit became

obsolete and I deleted it.

I've also done a lot of cleanup of compilation warnings in
Connection.java
and removed references to "NIO". The primary SSL/TLS
changes in that class
are in writeFully (renamed from nioWriteFully)
and processBuffer (renamed
from processNIOBuffer).

While testing I noticed some places where we're creating non-daemon
threads that were keeping DUnit ChildVM processes from exiting.  I've
changed these places to use daemon threads.  Very few threads in Geode
should be non-daemon.

Porting client/server to use NioSSLEngine will be done under a separate

ticket and a different version of NioEngine may be created to secure
UDP
messaging.


> Implement SSL over NIO
> ----------------------
>
>                 Key: GEODE-2113
>                 URL: https://issues.apache.org/jira/browse/GEODE-2113
>             Project: Geode
>          Issue Type: Improvement
>          Components: messaging
>            Reporter: Addison
>            Assignee: Bruce Schuchardt
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> Java now has a nifty javax.net.ssl.SSLSocketFactory that can produce an 
> SSLSocket from an existing Socket.  This will let us create an SSLSocket that 
> has an NIO SocketChannel and get rid of all of the "Old IO" code.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to