diff options
| author | Jeff Darcy <jdarcy@redhat.com> | 2012-07-17 10:50:43 -0400 |
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2012-07-17 13:18:32 -0700 |
| commit | aea7759f1240b1e97684273b9369472695173a66 (patch) | |
| tree | 2e019059c2f79a159e5c5d5bf56d943be1eff16e /xlators | |
| parent | ea0a0937a0524b8a449e470fbaea772a349d40fb (diff) | |
rpc-transport/socket: Add SSL support.
Based on OpenSSL. Key/certificate management is still manual. Enabling
SSL also enables multi-threading, though multi-threading can be forced on
or off using a separate option.
Change-Id: Icd9f256bb2fd8c6266a7abefdff16936b4f8922d
BUG: 764731
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.com/362
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-volgen.c | 17 | ||||
| -rw-r--r-- | xlators/protocol/server/src/server-rpc-fops.c | 3 |
2 files changed, 19 insertions, 1 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c index ff35b8b085e..ae86eb18c65 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volgen.c +++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c @@ -175,6 +175,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = { {"network.frame-timeout", "protocol/client", NULL, NULL, NO_DOC, 0}, {"network.ping-timeout", "protocol/client", NULL, NULL, NO_DOC, 0}, {"network.tcp-window-size", "protocol/client", NULL, NULL, NO_DOC, 0}, + { "client.ssl", "protocol/client", "transport.socket.ssl-enabled", NULL, NO_DOC, 0}, {"network.tcp-window-size", "protocol/server", NULL, NULL, NO_DOC, 0}, {"network.inode-lru-limit", "protocol/server", NULL, NULL, NO_DOC, 0}, @@ -182,6 +183,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = { {AUTH_REJECT_MAP_KEY, "protocol/server", "!server-auth", NULL, DOC, 0}, {"transport.keepalive", "protocol/server", "transport.socket.keepalive", NULL, NO_DOC, 0}, {"server.allow-insecure", "protocol/server", "rpc-auth-allow-insecure", NULL, NO_DOC, 0}, + { "server.ssl", "protocol/server", "transport.socket.ssl-enabled", NULL, NO_DOC, 0}, {"performance.write-behind", "performance/write-behind", "!perf", "on", NO_DOC, 0}, {"performance.read-ahead", "performance/read-ahead", "!perf", "on", NO_DOC, 0}, @@ -2157,6 +2159,8 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo, char *str = NULL; glusterd_brickinfo_t *brick = NULL; xlator_t *xl = NULL; + char *ssl_str = NULL; + gf_boolean_t ssl_bool; volname = volinfo->volname; @@ -2222,6 +2226,19 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo, } } + if (dict_get_str(set_dict,"client.ssl",&ssl_str) == 0) { + if (gf_string2boolean(ssl_str,&ssl_bool) == 0) { + if (ssl_bool) { + ret = xlator_set_option(xl, + "transport.socket.ssl-enabled", + "true"); + if (ret) { + goto out; + } + } + } + } + i++; } diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c index e7e5fce5395..da902847314 100644 --- a/xlators/protocol/server/src/server-rpc-fops.c +++ b/xlators/protocol/server/src/server-rpc-fops.c @@ -3462,7 +3462,8 @@ server3_3_release (rpcsvc_request_t *req) conn = req->trans->xl_private; if (!conn) { - req->rpc_err = GARBAGE_ARGS; + /* Handshake is not complete yet. */ + req->rpc_err = SYSTEM_ERR; goto out; } gf_fd_put (conn->fdtable, args.fd); |