[jira] [Commented] (MESOS-10003) Design doc for SSL on Windows

Wed, 09 Oct 2019 15:05:43 -0700 


    [ 
https://issues.apache.org/jira/browse/MESOS-10003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16948029#comment-16948029
 ] 

Joseph Wu commented on MESOS-10003:
-----------------------------------

For a Windows event loop OpenSSL socket implementation, we will need to create 
a new subclass for {{SocketImpl}}.

{code}
class WindowsSSLSocketImpl : public SocketImpl
{
public:
  // This will be the entry point for Socket::create(SSL).
  static Try<std::shared_ptr<SocketImpl>> create(int_fd s);

  WindowsSSLSocketImpl(int_fd _s);
  ~WindowsSSLSocketImpl() override;

  // Overrides for the 'SocketImpl' interface below.

  // Unreachable.
  Future<Nothing> connect(const Address& address) override;

  // This will initialize SSL objects then call windows::connect()
  // and chain that onto the appropriate call to SSL_do_handshake.
  Future<Nothing> connect(
      const Address& address,
      const openssl::TLSClientConfig& config) override;

  // These will call SSL_read or SSL_write as appropriate.
  // As long as the SSL context is set up correctly, these will be
  // thin wrappers.  (More details after the code block.)
  Future<size_t> recv(char* data, size_t size) override;
  Future<size_t> send(const char* data, size_t size) override;
  Future<size_t> sendfile(int_fd fd, off_t offset, size_t size) override;

  // Nothing SSL here, just a plain old listener.
  Try<Nothing> listen(int backlog) override;

  // This will initialize SSL objects then call windows::accept()
  // and then perform handshaking.  Any downgrading will
  // happen here.  Since we control the event loop, we can
  // easily peek at the first few bytes to check SSL-ness.
  Future<std::shared_ptr<SocketImpl>> accept() override;

  SocketImpl::Kind kind() const override { return SocketImpl::Kind::SSL; }
}
{code}

To set up the SSL context to use the Windows event loop, we will need to 
replace {{BIO_new_socket}} with a custom BIO wrapping our event loop's I/O 
methods (windows::read and windows::write).  This is not complicated 
(implementation of some callbacks).  And libevent has an example of this too, 
if needed.

> Design doc for SSL on Windows
> -----------------------------
>
>                 Key: MESOS-10003
>                 URL: https://issues.apache.org/jira/browse/MESOS-10003
>             Project: Mesos
>          Issue Type: Task
>          Components: libprocess
>            Reporter: Greg Mann
>            Assignee: Joseph Wu
>            Priority: Major
>              Labels: foundations
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to