tls: implement the MesaLink TLS backend

This commit adds a new TLS backend in mesalink_ssl_helper.cpp.
openssl/*.h are replaced with mesalink/openssl/*.h in some files.
parent 0b0422c8
...@@ -48,7 +48,12 @@ ...@@ -48,7 +48,12 @@
#endif #endif
extern "C" { extern "C" {
#ifndef USE_MESALINK
struct x509_st; struct x509_st;
#else
#include <mesalink/openssl/x509.h>
#define x509_st X509
#endif
} }
namespace brpc { namespace brpc {
......
This diff is collapsed.
...@@ -14,6 +14,9 @@ ...@@ -14,6 +14,9 @@
// Authors: Rujie Jiang (jiangrujie@baidu.com) // Authors: Rujie Jiang (jiangrujie@baidu.com)
#ifndef USE_MESALINK
#include <sys/socket.h> // recv #include <sys/socket.h> // recv
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
...@@ -829,3 +832,5 @@ void Print(std::ostream& os, X509* cert, const char* sep) { ...@@ -829,3 +832,5 @@ void Print(std::ostream& os, X509* cert, const char* sep) {
} }
} // namespace brpc } // namespace brpc
#endif // USE_MESALINK
...@@ -18,9 +18,15 @@ ...@@ -18,9 +18,15 @@
#define BRPC_SSL_HELPER_H #define BRPC_SSL_HELPER_H
#include <string.h> #include <string.h>
#ifndef USE_MESALINK
#include <openssl/ssl.h> #include <openssl/ssl.h>
// For some versions of openssl, SSL_* are defined inside this header // For some versions of openssl, SSL_* are defined inside this header
#include <openssl/ossl_typ.h> #include <openssl/ossl_typ.h>
#else
#include <mesalink/openssl/ssl.h>
#include <mesalink/openssl/err.h>
#include <mesalink/openssl/x509.h>
#endif
#include "brpc/socket_id.h" // SocketId #include "brpc/socket_id.h" // SocketId
#include "brpc/ssl_options.h" // ServerSSLOptions #include "brpc/ssl_options.h" // ServerSSLOptions
......
...@@ -14,8 +14,13 @@ ...@@ -14,8 +14,13 @@
// Authors: Ge,Jun (gejun@baidu.com) // Authors: Ge,Jun (gejun@baidu.com)
#ifndef USE_MESALINK
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/conf.h> #include <openssl/conf.h>
#else
#include <mesalink/openssl/ssl.h>
#endif
#include <gflags/gflags.h> #include <gflags/gflags.h>
#include <fcntl.h> // O_RDONLY #include <fcntl.h> // O_RDONLY
#include <signal.h> #include <signal.h>
......
...@@ -19,6 +19,11 @@ ...@@ -19,6 +19,11 @@
#include "butil/compat.h" // OS_MACOSX #include "butil/compat.h" // OS_MACOSX
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
#ifdef USE_MESALINK
#include <mesalink/openssl/ssl.h>
#include <mesalink/openssl/err.h>
#include <mesalink/openssl/x509.h>
#endif
#include <netinet/tcp.h> // getsockopt #include <netinet/tcp.h> // getsockopt
#include <gflags/gflags.h> #include <gflags/gflags.h>
#include "bthread/unstable.h" // bthread_timer_del #include "bthread/unstable.h" // bthread_timer_del
...@@ -1834,7 +1839,7 @@ int Socket::SSLHandshake(int fd, bool server_mode) { ...@@ -1834,7 +1839,7 @@ int Socket::SSLHandshake(int fd, bool server_mode) {
LOG(ERROR) << "Fail to CreateSSLSession"; LOG(ERROR) << "Fail to CreateSSLSession";
return -1; return -1;
} }
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME #if defined(SSL_CTRL_SET_TLSEXT_HOSTNAME) || defined(USE_MESALINK)
if (!_ssl_ctx->sni_name.empty()) { if (!_ssl_ctx->sni_name.empty()) {
SSL_set_tlsext_host_name(_ssl_session, _ssl_ctx->sni_name.c_str()); SSL_set_tlsext_host_name(_ssl_session, _ssl_ctx->sni_name.c_str());
} }
......
...@@ -17,6 +17,10 @@ ...@@ -17,6 +17,10 @@
// Date: Thu Nov 22 13:57:56 CST 2012 // Date: Thu Nov 22 13:57:56 CST 2012
#include <openssl/ssl.h> // SSL_* #include <openssl/ssl.h> // SSL_*
#ifdef USE_MESALINK
#include <mesalink/openssl/ssl.h>
#include <mesalink/openssl/err.h>
#endif
#include <sys/syscall.h> // syscall #include <sys/syscall.h> // syscall
#include <fcntl.h> // O_RDONLY #include <fcntl.h> // O_RDONLY
#include <errno.h> // errno #include <errno.h> // errno
...@@ -1033,6 +1037,7 @@ ssize_t IOBuf::cut_multiple_into_SSL_channel(SSL* ssl, IOBuf* const* pieces, ...@@ -1033,6 +1037,7 @@ ssize_t IOBuf::cut_multiple_into_SSL_channel(SSL* ssl, IOBuf* const* pieces,
} }
} }
#ifndef USE_MESALINK
// Flush remaining data inside the BIO buffer layer // Flush remaining data inside the BIO buffer layer
BIO* wbio = SSL_get_wbio(ssl); BIO* wbio = SSL_get_wbio(ssl);
if (BIO_wpending(wbio) > 0) { if (BIO_wpending(wbio) > 0) {
...@@ -1043,6 +1048,14 @@ ssize_t IOBuf::cut_multiple_into_SSL_channel(SSL* ssl, IOBuf* const* pieces, ...@@ -1043,6 +1048,14 @@ ssize_t IOBuf::cut_multiple_into_SSL_channel(SSL* ssl, IOBuf* const* pieces,
return rc; return rc;
} }
} }
#else
int rc = SSL_flush(ssl);
if (rc <= 0) {
*ssl_error = SSL_ERROR_SYSCALL;
return rc;
}
#endif
return nw; return nw;
} }
......
...@@ -39,7 +39,11 @@ struct const_iovec { ...@@ -39,7 +39,11 @@ struct const_iovec {
const void* iov_base; const void* iov_base;
size_t iov_len; size_t iov_len;
}; };
#ifndef USE_MESALINK
struct ssl_st; struct ssl_st;
#else
#define ssl_st MESALINK_SSL
#endif
} }
namespace butil { namespace butil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment