Hello Kudu Jenkins, I'd like you to reexamine a change. Please visit
http://gerrit.cloudera.org:8080/4789 to look at the new patch set (#6). Change subject: KuduRPC integration with OpenSSL ...................................................................... KuduRPC integration with OpenSSL This patch adds SSL support for the RPC layer in Kudu. It uses the OpenSSL library for this purpose. This is acheived by subclassing 'Socket' to add 'SSLSocket' which calls into the OpenSSL library for auth/read/write/shutdown. SSL is enabled only at a 'Connection' object level, i.e. the AcceptorPool still only works with regular 'Socket's, and the reactor threads also use a regular 'Socket' on a new outgoing call. The first point of any SSL activity happens in the context of the negotiation pool, where the SSL handshake happens before the SASL handshake. On a successful handshake, further communication is encrypted on that 'Connection'. A 'SSLFactory' is created at the 'Messenger' level. This factory is in-charge of creating 'SSLSocket' objects when necessary and also keeps a track of the certificates, keys and the SSL context that is shared among all the sockets of that 'Messenger'. Added a parameter to the rpc-test to additionally run the tests with SSL enabled. Future TODOs: - Make SSL methods (SSLv23, TLS1, etc.) configurable and OpenSSL version aware. (Choosing APIs based on supported versions) - Allow loading keys as strings vs files. (Need to use different APIs) Change-Id: I27167faa4e6a78e59b46093055b16682c93af0ea --- M CMakeLists.txt M LICENSE.txt M src/kudu/rpc/connection.cc M src/kudu/rpc/connection.h M src/kudu/rpc/messenger.cc M src/kudu/rpc/messenger.h M src/kudu/rpc/negotiation.cc M src/kudu/rpc/reactor.cc M src/kudu/rpc/rpc-test-base.h M src/kudu/rpc/rpc-test.cc M src/kudu/rpc/sasl_client.cc M src/kudu/rpc/sasl_client.h M src/kudu/rpc/sasl_rpc-test.cc M src/kudu/rpc/sasl_server.cc M src/kudu/rpc/sasl_server.h M src/kudu/util/CMakeLists.txt M src/kudu/util/net/net_util-test.cc M src/kudu/util/net/socket.cc M src/kudu/util/net/socket.h A src/kudu/util/net/ssl_factory.cc A src/kudu/util/net/ssl_factory.h A src/kudu/util/net/ssl_socket.cc A src/kudu/util/net/ssl_socket.h A src/kudu/util/x509_check_host.cc A src/kudu/util/x509_check_host.h 25 files changed, 1,291 insertions(+), 118 deletions(-) git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/89/4789/6 -- To view, visit http://gerrit.cloudera.org:8080/4789 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-MessageType: newpatchset Gerrit-Change-Id: I27167faa4e6a78e59b46093055b16682c93af0ea Gerrit-PatchSet: 6 Gerrit-Project: kudu Gerrit-Branch: master Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com> Gerrit-Reviewer: Dan Burkert <danburk...@apache.org> Gerrit-Reviewer: Kudu Jenkins Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com> Gerrit-Reviewer: Tidy Bot Gerrit-Reviewer: Todd Lipcon <t...@apache.org>