Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use OpenSSL to add support for SSL communication with the server. Script add debug mode support. #273

Merged
merged 17 commits into from
Mar 24, 2020

Conversation

WoodsCumming
Copy link
Contributor

@WoodsCumming WoodsCumming commented Mar 7, 2020

What is the purpose of the change

Use OpenSSL to add support for SSL communication with the server. Script add debug mode support.

Brief changelog

(1)Add OpenSSL and debug options to the ‘build.sh’ script.
(2)Add the ‘ENABLE_OPENSSL’ macro to cmakelist.txt.
(3)Link the ‘libevent_openssl.a’ static library to support OpenSSL.
(4)Link static libraries on demand.
(5)Add OpenSSL support and use the macro ‘ENABLE_OPENSSL’ to control OpenSSL compilation blocks.
(6)Inline member defaults. The default value of the inline member is intuitive and error free, and the redundant structure list can be removed, which is also recommended.
(7)Add ignore for vscode configuration in .gitignore.
(8)Add debugging information in debug mode.
(9)Add C compiler debugging options.
(10)Remove the compiler debugging option from the child test cmake, which will result in inconsistent behavior between the upper and lower cmakes.
(11)Move the SSL initialization context into the constructor so that it is constructed only once and the memory leak in the last commit code is fixed.
(12)SSL handle is managed to bufferevent without memory management. Forced release will result in double-free.
(13)Extract SSL context initialization into a function.
(14)Customize std::unique_ptr to manage SSL context and strengthen memory leak management.
(15)Add the default certificate configuration path.
(16)Add environment variables to dynamically modify the certificate configuration path.
(17)Enhance friendly output prompt.
(18)The communication function with the server is verified by self signed certificate.
(19)Asan and lsan tests have been passed.
(20)Remove the OpenSSL option that controls whether or not it is required.
(21)Remove the ENABLE_OPENSSL macro. OpenSSL is supported by default.
(22)Add API to control whether OpenSSL support is enabled.
(23)Add the ReadProperties utility function.
(24)Add certificate related configuration in the properties configuration file.
(25)Add friendly output prompts.

Verifying this change

Has been verified. Need your code review.

Follow this checklist to help us incorporate your contribution quickly and easily. Notice, it would be helpful if you could finish the following 5 checklist(the last one is not necessary)before request the community to review your PR.

  • Make sure there is a Github issue filed for the change (usually before you start working on it). Trivial changes like typos do not require a Github issue. Your pull request should address just this issue, without pulling in other changes - one PR resolves one issue.
  • Format the pull request title like [ISSUE #123] Fix UnknownException when host config not exist. Each commit in the pull request should have a meaningful subject line and body.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit-test(over 80% coverage) to verify your logic correction, more mock a little better when a cross-module dependency exists.
  • If this contribution is large, please file an Apache Individual Contributor License Agreement.

yizhe.wcm added 8 commits March 1, 2020 18:37
(1)Add OpenSSL and debug options to the ‘build.sh’ script.
(2)Add the ‘ENABLE_OPENSSL’ macro to cmakelist.txt.
(3)Link the ‘libevent_openssl.a’ static library to support OpenSSL.
(1)Link static libraries on demand.
(2)Add OpenSSL support and use the macro ‘ENABLE_OPENSSL’ to control OpenSSL compilation blocks.
(3)Inline member defaults. The default value of the inline member is intuitive and error free, and the redundant structure list can be removed, which is also recommended.
(4)Add ignore for vscode configuration in .gitignore.
(1)Add C compiler debugging options.
(2)Remove the compiler debugging option from the child test cmake, which will result in inconsistent behavior between the upper and lower cmakes.
(3)Move the SSL initialization context into the constructor so that it is constructed only once and the memory leak in the last commit code is fixed.
(4)SSL handle is managed to bufferevent without memory management. Forced release will result in double-free.
(1)Extract SSL context initialization into a function.
(2)Customize std::unique_ptr to manage SSL content and strengthen memory leak management.
(3)Add the default certificate configuration path.
(4)Add environment variables to dynamically modify the certificate configuration path.
(5)Enhance friendly output prompt.
(6)The communication function with the server is verified by self signed certificate.
(7)Asan and lsan tests have been passed.
(1)Add OpenSSL library and compile script.
(2)Remove the system dynamic library connection, and use the project OpenSSL static library link instead.
(3)Fix some errors in CMakeList.txt.
    (1)Add OpenSSL library and compile script.
    (2)Remove the system dynamic library connection, and use the project OpenSSL static library link instead.
    (3)Fix some errors in CMakeList.txt.
(1)Remove the OpenSSL option that controls whether or not it is required.
(2)Remove the ENABLE_OPENSSL macro. OpenSSL is supported by default.
(3)Add API to control whether OpenSSL support is enabled.
(4)Add the ReadProperties utility function.
(5)Add certificate related configuration in the properties configuration file.
(6)Add friendly output prompts.
@lizhanhui
Copy link
Contributor

@WoodsCumming IMHO, we should guard SSL-code with a conditional compile macro, such that existing users won't have to install additional dependent packages when upgrading assuming they are using the shared library way.

@ShannonDing ShannonDing added the enhancement New feature or request label Mar 15, 2020
@ShannonDing ShannonDing added this to the 2.2.0 milestone Mar 15, 2020
@ShannonDing ShannonDing linked an issue Mar 17, 2020 that may be closed by this pull request
@ShannonDing
Copy link
Member

@WoodsCumming IMHO, we should guard SSL-code with a conditional compile macro, such that existing users won't have to install additional dependent packages when upgrading assuming they are using the shared library way.

Good idea! We must consider the issue of smooth upgrades,BTW, In this PR, the OpenSSL library was built by script and link static by both rocketmq dynamic and static libraries.
So I think the users will no longer need to consider the dependencies include OpenSSL.

@@ -187,6 +192,8 @@ class DefaultMQClient {
std::string m_instanceName;
std::string m_nameSpace;
std::string m_GroupName;
std::string m_sslPropertyFile { DEFAULT_SSL_PROPERTY_FILE };
bool m_enableSsl { true };
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMO, it is better to keep ssl disabled.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK.I will modify it.

yizhe.wcm and others added 7 commits March 17, 2020 16:23
(1)Format the code with the 'format.sh' script.
(2)SSL is turned off by default.
(1)Moving/Returning temporary object prevents copy elision, which may cause RVO and NRVO are invalid technologies.
(2)Libevent only verifies whether the OpenSSL dynamic library has 'SSL_new' function as the basis for the existence of OpenSSL.
(3)Add a dependent static library to MRI.
…r Mac OS. For example, there is buffer. o in libcrypto. a, and buffer. o in libevent_core. a, but the symbols of the two are complementary. The method of using 'ar x' and 'ar cru' will result in the loss of symbol in one of the above two buffer. o.
@vongosling vongosling merged commit 81f36ec into apache:master Mar 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[FEATURE]Try to support connecting to broker with SSL.
4 participants