-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use OpenSSL to add support for SSL communication with the server. Script add debug mode support. #273
Conversation
(1)Add OpenSSL and debug options to the ‘build.sh’ script. (2)Add the ‘ENABLE_OPENSSL’ macro to cmakelist.txt. (3)Link the ‘libevent_openssl.a’ static library to support OpenSSL.
(1)Link static libraries on demand. (2)Add OpenSSL support and use the macro ‘ENABLE_OPENSSL’ to control OpenSSL compilation blocks. (3)Inline member defaults. The default value of the inline member is intuitive and error free, and the redundant structure list can be removed, which is also recommended. (4)Add ignore for vscode configuration in .gitignore.
(1)Add C compiler debugging options. (2)Remove the compiler debugging option from the child test cmake, which will result in inconsistent behavior between the upper and lower cmakes. (3)Move the SSL initialization context into the constructor so that it is constructed only once and the memory leak in the last commit code is fixed. (4)SSL handle is managed to bufferevent without memory management. Forced release will result in double-free.
(1)Extract SSL context initialization into a function. (2)Customize std::unique_ptr to manage SSL content and strengthen memory leak management. (3)Add the default certificate configuration path. (4)Add environment variables to dynamically modify the certificate configuration path. (5)Enhance friendly output prompt. (6)The communication function with the server is verified by self signed certificate. (7)Asan and lsan tests have been passed.
(1)Add OpenSSL library and compile script. (2)Remove the system dynamic library connection, and use the project OpenSSL static library link instead. (3)Fix some errors in CMakeList.txt.
(1)Add OpenSSL library and compile script. (2)Remove the system dynamic library connection, and use the project OpenSSL static library link instead. (3)Fix some errors in CMakeList.txt.
(1)Remove the OpenSSL option that controls whether or not it is required. (2)Remove the ENABLE_OPENSSL macro. OpenSSL is supported by default. (3)Add API to control whether OpenSSL support is enabled. (4)Add the ReadProperties utility function. (5)Add certificate related configuration in the properties configuration file. (6)Add friendly output prompts.
@WoodsCumming IMHO, we should guard SSL-code with a conditional compile macro, such that existing users won't have to install additional dependent packages when upgrading assuming they are using the shared library way. |
Good idea! We must consider the issue of smooth upgrades,BTW, In this PR, the OpenSSL library was built by script and link static by both rocketmq dynamic and static libraries. |
src/include/DefaultMQClient.h
Outdated
@@ -187,6 +192,8 @@ class DefaultMQClient { | |||
std::string m_instanceName; | |||
std::string m_nameSpace; | |||
std::string m_GroupName; | |||
std::string m_sslPropertyFile { DEFAULT_SSL_PROPERTY_FILE }; | |||
bool m_enableSsl { true }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO, it is better to keep ssl disabled.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK.I will modify it.
(1)Format the code with the 'format.sh' script. (2)SSL is turned off by default.
(1)Moving/Returning temporary object prevents copy elision, which may cause RVO and NRVO are invalid technologies. (2)Libevent only verifies whether the OpenSSL dynamic library has 'SSL_new' function as the basis for the existence of OpenSSL. (3)Add a dependent static library to MRI.
…r Mac OS. For example, there is buffer. o in libcrypto. a, and buffer. o in libevent_core. a, but the symbols of the two are complementary. The method of using 'ar x' and 'ar cru' will result in the loss of symbol in one of the above two buffer. o.
What is the purpose of the change
Use OpenSSL to add support for SSL communication with the server. Script add debug mode support.
Brief changelog
(1)Add OpenSSL and debug options to the ‘build.sh’ script.
(2)Add the ‘ENABLE_OPENSSL’ macro to cmakelist.txt.
(3)Link the ‘libevent_openssl.a’ static library to support OpenSSL.
(4)Link static libraries on demand.
(5)Add OpenSSL support and use the macro ‘ENABLE_OPENSSL’ to control OpenSSL compilation blocks.
(6)Inline member defaults. The default value of the inline member is intuitive and error free, and the redundant structure list can be removed, which is also recommended.
(7)Add ignore for vscode configuration in .gitignore.
(8)Add debugging information in debug mode.
(9)Add C compiler debugging options.
(10)Remove the compiler debugging option from the child test cmake, which will result in inconsistent behavior between the upper and lower cmakes.
(11)Move the SSL initialization context into the constructor so that it is constructed only once and the memory leak in the last commit code is fixed.
(12)SSL handle is managed to bufferevent without memory management. Forced release will result in double-free.
(13)Extract SSL context initialization into a function.
(14)Customize std::unique_ptr to manage SSL context and strengthen memory leak management.
(15)Add the default certificate configuration path.
(16)Add environment variables to dynamically modify the certificate configuration path.
(17)Enhance friendly output prompt.
(18)The communication function with the server is verified by self signed certificate.
(19)Asan and lsan tests have been passed.
(20)Remove the OpenSSL option that controls whether or not it is required.
(21)Remove the ENABLE_OPENSSL macro. OpenSSL is supported by default.
(22)Add API to control whether OpenSSL support is enabled.
(23)Add the ReadProperties utility function.
(24)Add certificate related configuration in the properties configuration file.
(25)Add friendly output prompts.
Verifying this change
Has been verified. Need your code review.
Follow this checklist to help us incorporate your contribution quickly and easily. Notice,
it would be helpful if you could finish the following 5 checklist(the last one is not necessary)before request the community to review your PR
.[ISSUE #123] Fix UnknownException when host config not exist
. Each commit in the pull request should have a meaningful subject line and body.