[
https://issues.apache.org/jira/browse/THRIFT-151?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ping Li updated THRIFT-151:
---------------------------
Attachment: ssl-redesigned.patch
I created a diff for the redesigned SSL. Again, I'm not familiar with the make
file structure. This diff doesn't include required changes in the Makefile.
It's loaded only for review.
One issue I have is the error queue clean up issue in OpenSSL. If OpenSSL API
is called in a thread, it is important to call ERR_remove_state(0) at the end
of that thread. This is difficult to do in Thrift. In this diff,
ERR_remove_state(0) is called whenever an SSL socket is closed. As long as only
the Thrift application server is being used, this is not a problem. However, if
the SSL socket is passed around threads, the error queue of involved threads
may not be cleaned up correctly.
I tried a few approaches, but either didn't work or had other issues. Other
than the possible memory leak and unnecessary calls to ERR_remove_state(0),
this design is very clean.
I added tutorial/README.SSL. For working example, take a look at
test/cpp/src/TestClient.cpp and TestServer.cpp. OpenSSL initialization and
cleanup are taken care of inside TSSLSocketFactory, so you don't have to.
> TSSLServerSocket and TSSLSocket implementation
> ----------------------------------------------
>
> Key: THRIFT-151
> URL: https://issues.apache.org/jira/browse/THRIFT-151
> Project: Thrift
> Issue Type: Improvement
> Components: Library (C++)
> Reporter: Ian Pye
> Attachments: ssl-pingli.patch, ssl-redesigned.patch,
> ssl-test-pingli.patch, ssl.patch
>
> Original Estimate: 6h
> Remaining Estimate: 6h
>
> SSL Connections w/ autogenerated self signed x509 certs seem to be the state
> of the art for rpc layers.
> It would be good if there was a C++ implementation of TSocket and
> TServerSocket classes.
> This is similar to the Java issue Thrift 106.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
