Permalink
Browse files

work in progress

  • Loading branch information...
1 parent ad5990a commit eddc9d38a74c4f449e17f4f06dd4b808ea3e60ff Dave Parfitt committed Mar 22, 2013
Showing with 47 additions and 7 deletions.
  1. +35 −3 src/riak_core_connection.erl
  2. +10 −4 src/riak_core_service_mgr.erl
  3. +2 −0 src/riak_core_ssl_util.erl
View
38 src/riak_core_connection.erl
@@ -152,18 +152,26 @@ sync_connect_status(_Parent, {IP,Port}, {ClientProtocol, {Options, Module, Args}
MyName = symbolic_clustername(),
MyCaps = [{clustername, MyName}, {ssl_enabled, SSLEnabled}],
case exchange_handshakes_with(host, Socket, Transport, MyCaps) of
- {ok,Props} ->
+ {ok,TheirCaps} ->
%% ask for protocol, see what host has
case negotiate_proto_with_server(Socket, Transport, ClientProtocol) of
{ok,HostProtocol} ->
%% set client's requested Tcp options
?TRACE(?debugFmt("Setting user options on client side; ~p", [Options])),
- Transport:setopts(Socket, Options),
%% notify requester of connection and negotiated protocol from host
%% pass back returned value in case problem detected on connection
%% by module. requestor is responsible for transferring control
%% of the socket.
- Module:connected(Socket, Transport, {IP, Port}, HostProtocol, Args, Props);
+ Transport:setopts(Socket, Options),
+ case try_ssl(Socket, Transport, MyCaps, TheirCaps) of
+ {error, Reason} -> Reason;
+ {NewTransport, NewSocket} ->
+ lager:info("Transport is now ~p",
+ [NewTransport]),
+ Module:connected(NewSocket, NewTransport,
+ {IP, Port}, HostProtocol,
+ Args, TheirCaps)
+ end;
{error, Reason} ->
?TRACE(?debugFmt("negotiate_proto_with_server returned: ~p", [{error,Reason}])),
%% Module:connect_failed(ClientProtocol, {error, Reason}, Args),
@@ -185,6 +193,30 @@ sync_connect_status(_Parent, {IP,Port}, {ClientProtocol, {Options, Module, Args}
{error, Reason}
end.
+
+try_ssl(Socket, Transport, MyCaps, TheirCaps) ->
+ MySSL = proplists:get_value(ssl_enabled, TheirCaps, false),
+ TheirSSL = proplists:get_value(ssl_enabled, MyCaps, false),
+ case {MySSL, TheirSSL} of
+ {true, false} -> lager:info("FAILED TO USE SSL A"),
+ {Transport, Socket};
+ {false, true} -> lager:info("FAILED TO USE SSL B"),
+ {Transport, Socket};
+ {false, false} -> lager:info("NOT USING SSL"),
+ {Transport, Socket};
+ {true, true} -> lager:info("USING SSL"),
+ ssl:start(),
+ case riak_core_ssl_util:upgrade_client_to_ssl(Socket, riak_core) of
+ {ok, SSLSocket} ->
+ lager:info("Upgraded 1"),
+ {ranch_ssl, SSLSocket};
+ {error, Reason} ->
+ lager:error("SSL ERROR, ~p", [ Reason]),
+ {error, Reason}
+ end
+ end.
+
+
%% Negotiate the highest common major protocol revisision with the connected server.
%% client -> server : Prefs List = {SubProto, [{Major, Minor}]}
%% server -> client : selected version = {SubProto, {Major, HostMinor, ClientMinor}}
View
14 src/riak_core_service_mgr.erl
@@ -282,7 +282,7 @@ dispatch_service(Listener, Socket, Transport, _Args) ->
ok = Transport:setopts(Socket, ?CONNECT_OPTIONS),
%% Version 1.0 capabilities just passes our clustername
MyName = riak_core_connection:symbolic_clustername(),
-
+ ssl:start(),
SSLEnabled = app_helper:get_env(riak_core, ssl_enabled, false),
lager:info("SSL status = ~p", [SSLEnabled]),
MyCaps = [{clustername, MyName}, {ssl_enabled, SSLEnabled}],
@@ -320,14 +320,20 @@ start_negotiated_service(_Socket, _Transport, {error, Reason}, _Props) ->
{error, Reason};
%% Note that the callee is responsible for taking ownership of the socket via
%% Transport:controlling_process(Socket, Pid),
-start_negotiated_service(Socket, Transport,
+start_negotiated_service(Socket0, Transport0,
{NegotiatedProtocols, {Options, Module, Function, Args}},
Props) ->
%% Set requested Tcp socket options now that we've finished handshake phase
?TRACE(?debugFmt("Setting user options on service side; ~p", [Options])),
?TRACE(?debugFmt("negotiated protocols: ~p", [NegotiatedProtocols])),
- Transport:setopts(Socket, Options),
- %riak_core_ssl_util:upgrade_client_to_ssl(Socket, riak_core),
+ lager:error("SOCKET ACCEPT ~p", [Options]),
+ lager:error("SOCKET ~p", [Socket0]),
+ Transport0:setopts(Socket0, Options),
+ {Transport, Socket} = case riak_core_ssl_util:maybe_use_ssl(riak_core) of
+ false -> {ranch_tcp, Socket0};
+ _Config -> {ok, S} = ranch_ssl:accept(Socket0,5000),
+ {ranch_ssl, S}
+ end,
%% call service body function for matching protocol. The callee should start
%% a process or gen_server or such, and return {ok, pid()}.
View
2 src/riak_core_ssl_util.erl
@@ -47,9 +47,11 @@ maybe_use_ssl(App) ->
{fail_if_no_peer_cert, true},
{secure_renegotiate, true} %% both sides are erlang, so we can force this
],
+ lager:info("FOO"),
Enabled = app_helper:get_env(App, ssl_enabled, false) == true,
case validate_ssl_config(Enabled, SSLOpts) of
true ->
+ lager:info("FOO1"),
SSLOpts;
{error, Reason} ->
lager:error("Error, invalid SSL configuration: ~s", [Reason]),

0 comments on commit eddc9d3

Please sign in to comment.