[kudu-CR] KuduRPC integration with OpenSSL

Sailesh Mukil (Code Review) Fri, 28 Oct 2016 01:28:09 -0700

Hello Kudu Jenkins,

I'd like you to reexamine a change.  Please visit


    http://gerrit.cloudera.org:8080/4789

to look at the new patch set (#6).

Change subject: KuduRPC integration with OpenSSL
......................................................................

KuduRPC integration with OpenSSL

This patch adds SSL support for the RPC layer in Kudu. It uses the
OpenSSL library for this purpose.

This is acheived by subclassing 'Socket' to add 'SSLSocket' which
calls into the OpenSSL library for auth/read/write/shutdown.

SSL is enabled only at a 'Connection' object level, i.e. the
AcceptorPool still only works with regular 'Socket's, and the reactor
threads also use a regular 'Socket' on a new outgoing call.

The first point of any SSL activity happens in the context of the
negotiation pool, where the SSL handshake happens before the SASL
handshake. On a successful handshake, further communication is
encrypted on that 'Connection'.

A 'SSLFactory' is created at the 'Messenger' level. This factory is
in-charge of creating 'SSLSocket' objects when necessary and also
keeps a track of the certificates, keys and the SSL context that is
shared among all the sockets of that 'Messenger'.

Added a parameter to the rpc-test to additionally run the tests with
SSL enabled.

Future TODOs:
 - Make SSL methods (SSLv23, TLS1, etc.) configurable and OpenSSL
   version aware. (Choosing APIs based on supported versions)
 - Allow loading keys as strings vs files. (Need to use different APIs)

Change-Id: I27167faa4e6a78e59b46093055b16682c93af0ea
---
M CMakeLists.txt
M LICENSE.txt
M src/kudu/rpc/connection.cc
M src/kudu/rpc/connection.h
M src/kudu/rpc/messenger.cc
M src/kudu/rpc/messenger.h
M src/kudu/rpc/negotiation.cc
M src/kudu/rpc/reactor.cc
M src/kudu/rpc/rpc-test-base.h
M src/kudu/rpc/rpc-test.cc
M src/kudu/rpc/sasl_client.cc
M src/kudu/rpc/sasl_client.h
M src/kudu/rpc/sasl_rpc-test.cc
M src/kudu/rpc/sasl_server.cc
M src/kudu/rpc/sasl_server.h
M src/kudu/util/CMakeLists.txt
M src/kudu/util/net/net_util-test.cc
M src/kudu/util/net/socket.cc
M src/kudu/util/net/socket.h
A src/kudu/util/net/ssl_factory.cc
A src/kudu/util/net/ssl_factory.h
A src/kudu/util/net/ssl_socket.cc
A src/kudu/util/net/ssl_socket.h
A src/kudu/util/x509_check_host.cc
A src/kudu/util/x509_check_host.h
25 files changed, 1,291 insertions(+), 118 deletions(-)


  git pull ssh://gerrit.cloudera.org:29418/kudu refs/changes/89/4789/6
-- 
To view, visit http://gerrit.cloudera.org:8080/4789
To unsubscribe, visit http://gerrit.cloudera.org:8080/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I27167faa4e6a78e59b46093055b16682c93af0ea
Gerrit-PatchSet: 6
Gerrit-Project: kudu
Gerrit-Branch: master
Gerrit-Owner: Sailesh Mukil <sail...@cloudera.com>
Gerrit-Reviewer: Alexey Serbin <aser...@cloudera.com>
Gerrit-Reviewer: Dan Burkert <danburk...@apache.org>
Gerrit-Reviewer: Kudu Jenkins
Gerrit-Reviewer: Sailesh Mukil <sail...@cloudera.com>
Gerrit-Reviewer: Tidy Bot
Gerrit-Reviewer: Todd Lipcon <t...@apache.org>

[kudu-CR] KuduRPC integration with OpenSSL

Reply via email to