summaryrefslogtreecommitdiffstats
path: root/xlators
diff options
context:
space:
mode:
authorJeff Darcy <jdarcy@redhat.com>2012-07-17 10:50:43 -0400
committerAnand Avati <avati@redhat.com>2012-07-17 13:18:32 -0700
commitaea7759f1240b1e97684273b9369472695173a66 (patch)
tree2e019059c2f79a159e5c5d5bf56d943be1eff16e /xlators
parentea0a0937a0524b8a449e470fbaea772a349d40fb (diff)
rpc-transport/socket: Add SSL support.
Based on OpenSSL. Key/certificate management is still manual. Enabling SSL also enables multi-threading, though multi-threading can be forced on or off using a separate option. Change-Id: Icd9f256bb2fd8c6266a7abefdff16936b4f8922d BUG: 764731 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.com/362 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'xlators')
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-volgen.c17
-rw-r--r--xlators/protocol/server/src/server-rpc-fops.c3
2 files changed, 19 insertions, 1 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
index ff35b8b085e..ae86eb18c65 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
@@ -175,6 +175,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = {
{"network.frame-timeout", "protocol/client", NULL, NULL, NO_DOC, 0},
{"network.ping-timeout", "protocol/client", NULL, NULL, NO_DOC, 0},
{"network.tcp-window-size", "protocol/client", NULL, NULL, NO_DOC, 0},
+ { "client.ssl", "protocol/client", "transport.socket.ssl-enabled", NULL, NO_DOC, 0},
{"network.tcp-window-size", "protocol/server", NULL, NULL, NO_DOC, 0},
{"network.inode-lru-limit", "protocol/server", NULL, NULL, NO_DOC, 0},
@@ -182,6 +183,7 @@ static struct volopt_map_entry glusterd_volopt_map[] = {
{AUTH_REJECT_MAP_KEY, "protocol/server", "!server-auth", NULL, DOC, 0},
{"transport.keepalive", "protocol/server", "transport.socket.keepalive", NULL, NO_DOC, 0},
{"server.allow-insecure", "protocol/server", "rpc-auth-allow-insecure", NULL, NO_DOC, 0},
+ { "server.ssl", "protocol/server", "transport.socket.ssl-enabled", NULL, NO_DOC, 0},
{"performance.write-behind", "performance/write-behind", "!perf", "on", NO_DOC, 0},
{"performance.read-ahead", "performance/read-ahead", "!perf", "on", NO_DOC, 0},
@@ -2157,6 +2159,8 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
char *str = NULL;
glusterd_brickinfo_t *brick = NULL;
xlator_t *xl = NULL;
+ char *ssl_str = NULL;
+ gf_boolean_t ssl_bool;
volname = volinfo->volname;
@@ -2222,6 +2226,19 @@ volgen_graph_build_clients (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
}
}
+ if (dict_get_str(set_dict,"client.ssl",&ssl_str) == 0) {
+ if (gf_string2boolean(ssl_str,&ssl_bool) == 0) {
+ if (ssl_bool) {
+ ret = xlator_set_option(xl,
+ "transport.socket.ssl-enabled",
+ "true");
+ if (ret) {
+ goto out;
+ }
+ }
+ }
+ }
+
i++;
}
diff --git a/xlators/protocol/server/src/server-rpc-fops.c b/xlators/protocol/server/src/server-rpc-fops.c
index e7e5fce5395..da902847314 100644
--- a/xlators/protocol/server/src/server-rpc-fops.c
+++ b/xlators/protocol/server/src/server-rpc-fops.c
@@ -3462,7 +3462,8 @@ server3_3_release (rpcsvc_request_t *req)
conn = req->trans->xl_private;
if (!conn) {
- req->rpc_err = GARBAGE_ARGS;
+ /* Handshake is not complete yet. */
+ req->rpc_err = SYSTEM_ERR;
goto out;
}
gf_fd_put (conn->fdtable, args.fd);