zookeeper-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [zookeeper] symat opened a new pull request #1107: ZOOKEEPER-2122: add SSL support for C-client
Date Thu, 03 Oct 2019 17:18:41 GMT
symat opened a new pull request #1107: ZOOKEEPER-2122: add SSL support for C-client
URL: https://github.com/apache/zookeeper/pull/1107
 
 
   This PR is based on the works of Asnish Amarnath and Suhas Dantkale. Most of the kudos
should go to them and those who were reviewing all the previous PRs.
   
   **The PR includes the following changes from PR#639:**
   - OPENSSL 1.0.2 version support in C-lient
   
   **The PR includes the following changes from PR#990:**
   - SSL connection on non-blocking socket is handled correctly
   - Support of Certificate Chains
   - Fix Memory leaks
   - Dynamically generated test certificates
   
   **The following new changes were added into the PR:**
   - fix CMake + VisualStudio2019 build with windows
   - fix C CLI to compile / work both with windows and linux (I tested them manually)
   - fix (and simplify) the way how the server is started with C unit tests, so it is compatible
with maven build now
   - the test case `testReadOnly` was failing with the previous PR because there was a bug
in the C-client code, I fixed that
   - I also added new test case: `testReadOnlyWithSSL`
   
   **Testing this PR on liniux:**
   ```
   git clean -xdf
   
   # compile ZooKeeper server plus the C-client code
   mvn clean install -DskipTests -Pfull-build
   
   # compile and execute C-client unit tests
   cd zookeeper-client/
   mvn clean install -Pfull-build
   ```
   
   
   **Compile the code on windows (only cmake is supported):**
   - download C-Make:  https://cmake.org/download/
   - Install community edition of Visual Studio: https://visualstudio.microsoft.com/downloads/
   - Download OpenSSL 1.0.2: https://slproweb.com/products/Win32OpenSSL.html (e.g. install
it to `c:\OpenSSL-Win64`)
   - compile the java code using: `mvn clean install -DskipTests`
   - go to the Client folder: `cd zookeeper-client\zookeeper-client-c`
   - configure the project:  `cmake . -D WITH_OPENSSL=c:\OpenSSL-Win64`
   - build the project: `cmake --build .`
   
   **Testing the C-client with SSL manually:**
   - run the zookeeper-client/zookeeper-client-c/ssl/gencerts.sh to generate certificate files
(e.g. copy it to an empty folder like `/tmp/ssl/` and start is)
   - start a ZooKeeper server, using some config file like this one:
   ```
   tickTime=3000
   initLimit=10
   syncLimit=5
   dataDir=/tmp/zkdata
   
   secureClientPort=22281
   serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
   ssl.keyStore.location=/tmp/ssl/server.jks
   ssl.keyStore.password=password
   ssl.trustStore.location=/tmp/ssl/servertrust.jks
   ssl.trustStore.password=password
   ```
   - start the command line client (cli.exe on windows, cli_mt or cli_st on linux): `./cli_mt
--host localhost:22281 --ssl /tmp/ssl/server.crt,/tmp/ssl/client.crt,/tmp/ssl/clientkey.pem,password`

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message