geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbarr...@apache.org
Subject [03/34] geode-native git commit: GEODE-2603 Native client doc: Update SSL page
Date Wed, 15 Mar 2017 17:51:04 GMT
GEODE-2603 Native client doc: Update SSL page


Project: http://git-wip-us.apache.org/repos/asf/geode-native/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode-native/commit/1176deea
Tree: http://git-wip-us.apache.org/repos/asf/geode-native/tree/1176deea
Diff: http://git-wip-us.apache.org/repos/asf/geode-native/diff/1176deea

Branch: refs/heads/feature/GEODE-2602
Commit: 1176deea39296e836ab86534d3ac52fb14872ec6
Parents: 06e8f39
Author: Dave Barnes <dbarnes@pivotal.io>
Authored: Tue Mar 7 17:33:46 2017 -0800
Committer: Dave Barnes <dbarnes@pivotal.io>
Committed: Tue Mar 7 17:33:46 2017 -0800

----------------------------------------------------------------------
 .../security/sslclientserver.html.md.erb        | 42 +++++++++++++-------
 1 file changed, 27 insertions(+), 15 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode-native/blob/1176deea/docs/geode-native-docs/security/sslclientserver.html.md.erb
----------------------------------------------------------------------
diff --git a/docs/geode-native-docs/security/sslclientserver.html.md.erb b/docs/geode-native-docs/security/sslclientserver.html.md.erb
index 6fd9ba7..89bb284 100644
--- a/docs/geode-native-docs/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs/security/sslclientserver.html.md.erb
@@ -29,25 +29,36 @@ Follow these instructions to download and install OpenSSL for your specific
oper
 
 The native client requires OpenSSL 1.0.1t or later. For Windows platforms, you can use either
the regular or the OpenSSL 1.0.1t "Light" version.
 
-**Note:**
-If you use Cygwin, it is recommended that you do not use the OpenSSL library that comes with
Cygwin because it is built with `cygwin.dll` as a dependency.
+**Note for Windows users:** If you use Cygwin, do not use the OpenSSL library that comes
with
+Cygwin, which is built with `cygwin.dll` as a dependency. Instead, download a fresh copy
from
+OpenSSL as described in the following section.
 
 ## Step 1. Download and install OpenSSL
 
-### <a id="security__section_5C95C2E4D9244B27BF8FD178E402D993" class="no-quick-link"></a>Linux
+To install OpenSSL:
 
-Download the OpenSSL tarball archive from the OpenSSL web site at [http://www.openssl.org/source/](http://www.openssl.org/source/).
Copy the downloaded tarball file into `NativeClient_xxxx/templates/security/openssl/Linux`
and run `buildit.sh`.
+1. Download the OpenSSL archive from the [OpenSSL web site](http://www.openssl.org/source/).

 
-### <a id="security__section_93651F296C1A4EA5A3FA045EC15FB506" class="no-quick-link"></a>Solaris
+2. Extract the archive in a directory of your choice. For example:
 
-Download the OpenSSL tarball archive from the OpenSSL web site at [http://www.openssl.org/source/](http://www.openssl.org/source/).
Copy the downloaded tarball file into `NativeClient_xxxx/templates/security/openssl/SunOS`
and run `buildit.sh`.
-
-### <a id="security__section_68961A8829D44BFB8F542F3317464E5E" class="no-quick-link"></a>Windows
+    ```
+    $ tar xvzf openssl-1.0.1u.tar.gz
+    x openssl-1.0.1u/ACKNOWLEDGMENTS
+    x openssl-1.0.1u/apps/
+    x openssl-1.0.1u/apps/app_rand.c
+    ...
+    ```
 
-Download the installer for OpenSSL from [http://www.openssl.org/related/binaries.html](http://www.openssl.org/related/binaries.html).
You can also use the OpenSSL "Light" version.
+3. Look in the top-level directory of the source distribution to identify the installation
instructions for your operating system:
 
-Use the downloaded OpenSSL installer to install it on Windows. You can usually accept the
default installation path (`C:\OpenSSL`).
+    ```
+    $ cd openssl-1.0.1u
+    $ ls INSTALL*
+    INSTALL        INSTALL.DJGPP      INSTALL.MacOS      INSTALL.NW        INSTALL.OS2
+    INSTALL.VMS    INSTALL.W32        INSTALL.W64        INSTALL.WCE
+    ```
 
+4. Build the OpenSSL library by following the instructions for your operating system.
 
 ## Step 2. Create keystores
 
@@ -75,7 +86,7 @@ Configure your system environment to build and run OpenSSL. Follow the environme
 <code>
 \> set GFCPP=_product-dir_<br />
 \> set OPENSSL=_path-to-installed-openssl_<br />
-\> set PATH=_path-to-jdk-or-jre_\bin;%GFCPP%\bin;%GFCPP%\ssl\_libs;%OPENSSL%\bin;%PATH%<br
/>
+\> set PATH=_jdk-or-jre-path_\bin;%GFCPP%\bin;%GFCPP%\ssl\_libs;%OPENSSL%\bin;%PATH%<br
/>
 \> set CLASSPATH=_path-to-gemfire-installation_\lib\gfSecurityImpl.jar;%CLASSPATH%
 </code>
 
@@ -88,16 +99,17 @@ Configure SSL properties.
 1.  In `gfcpp.properties`, set `ssl-enabled` to true and set `ssl-keystore` and `ssl-truststore`
to point to your keystore files. See [Security-Related System Properties (gfcpp.properties)](security-systemprops.html#security)
for a description of these properties.
 2.  On each locator, enable SSL and set the following SSL properties in the locator’s `gemfire.properties`
file:
 
-    ``` pre
+    ```
     ssl-enabled-components=server,locator
     ssl-protocols=any
     ssl-ciphers=SSL_RSA_WITH_NULL_SHA
     ```
+    Make sure your choice of cipher matches a cipher supported on the server.
 
+# Starting and stopping the client and server with SSL in place
 
-## Step 5. Start and stop the client and server
-
-Before you start and stop the client and server, make sure you configure the native client
with the SSL properties as described and with the servers or locators specified as usual.
+Before you start and stop the client and server, make sure you configure the native client
with the
+SSL properties as described and with the servers or locators specified as usual.
 
 Specifically, ensure that:
 


Mime
View raw message