Use ssl instead of being a proxy command

author: Dan Gudmundsson <[email protected]> 2010-08-25 15:23:30 +0200
committer: Ingela Anderton Andin <[email protected]> 2011-09-01 10:41:28 +0200
commit: 50392cec6e5bda7ac62abff3313eae551b006612 (patch)
tree: 18910c7df693f81ec3a892ad19f9e056a496e9d1
parent: 3e631a1851d1b0546e9ba1b52a22cf15b2e32501 (diff)
download: otp-50392cec6e5bda7ac62abff3313eae551b006612.tar.gz
otp-50392cec6e5bda7ac62abff3313eae551b006612.tar.bz2
otp-50392cec6e5bda7ac62abff3313eae551b006612.zip
4 files changed, 167 insertions, 44 deletions
diff --git a/lib/ssl/client.pem b/lib/ssl/client.pem
new file mode 100644
index 0000000000..90d88a259a
--- /dev/null
+++ b/lib/ssl/client.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgIFZ0ez/tEwDQYJKoZIhvcNAQEFBQAwdzEeMBwGCSqGSIb3
+DQEJARYPZGd1ZEBlcmxhbmcub3JnMQ0wCwYDVQQDEwRkZ3VkMRIwEAYDVQQHEwlT
+dG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZlcmxhbmcxFDASBgNVBAsT
+C3Rlc3RpbmcgZGVwMCIYDzIwMTAwODI1MDAwMDAwWhgPMjAxMDA5MDEwMDAwMDBa
+MHcxHjAcBgkqhkiG9w0BCQEWD2RndWRAZXJsYW5nLm9yZzENMAsGA1UEAxMEZGd1
+ZDESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQGEwJTRTEPMA0GA1UEChMGZXJs
+YW5nMRQwEgYDVQQLEwt0ZXN0aW5nIGRlcDCBnjANBgkqhkiG9w0BAQEFAAOBjAAw
+gYgCgYBk/3JXHJ02+rqJ1qJqtMtBhPh2HKRhy7SHFhIg0LbalsH+B0pXcP6c3b9p
+nY68FEqhB69jJfFgb98tW68+qDDh4aWeJc3cw3NslVvJXB5ADWsewrUoXx0hTHiL
+T/f+RC5BBvnfAZAJYXTxpoukiVZJvVuq7o/rVWDpQPfy8MNr/QIDAQABoxMwETAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAGXTeYefvpqgs6JcLTw8
+Hem8YrZIK1Icgu2QYRVZHuqFf45MBqrEUHHXNxDIWXD7U6shWezw5laB+5AcW8sq
+9RI+3CYU0wOb0XgFQmcIfCMFbhKvTdB5S7zjy3B39B264/cRBZXFdgAeILEDsBk0
+zgFSLCMULbtTxF+3zNJ/Fclq
+-----END CERTIFICATE-----
+
+XXX Following key assumed not encrypted
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgGT/clccnTb6uonWomq0y0GE+HYcpGHLtIcWEiDQttqWwf4HSldw
+/pzdv2mdjrwUSqEHr2Ml8WBv3y1brz6oMOHhpZ4lzdzDc2yVW8lcHkANax7CtShf
+HSFMeItP9/5ELkEG+d8BkAlhdPGmi6SJVkm9W6ruj+tVYOlA9/Lww2v9AgMBAAEC
+gYAH8urm3EOrXhRsYM4ro8sTfwmnEh4F7Ghq8Vu/5W1eytq9yYkaVLRVWEaGY3Ym
+a1psThSJsyTKOEPSaBLk1YvzQeITmgHLGpJ11qJOMZO6mvj7lSQBdCc2vuusajtw
+zFOaGe6MOrFEetOKBjnGri8byrEfqJogEH2+aiPEog40KQJBAKYtiPFqh91oC3qH
+AQ1uJodhyQTrTwSBltqN1Hp9nuE6ydfNWBd1aC9sIiDY1IjUhW89eJYEYvotougQ
+ntU+8UcCQQCblsff2IGl8SdHfhWjqT3Rsg4RMKgDH52Ym9U2kI5y6Z4E9G9tQXuR
+6/tohmWX/j6CFiORuz7FhVIQ7b4HuPqbAkBVuDthvMAk15zEMYu7b8x0HV7iKLdz
+7ZzxVCP8o3wnVnnz1brRLwD1JWRdaTwI8Qd7oEvppo2f25ai+p/UBEnVAkAuU9Ur
+59Gi0Y16kiZrVudbWwMpRy2f0HgiirQPzTc9LCarHwVWqNrcdkGju/DgMwn1vhXV
+PMXSFoJ7G+8raX7lAkA4Ck9izAs08+37jmhRxcmYpOjdCxA9yWrwALJysYKlTw4N
+Qwb7Q4uDQz6EunuTGfiXZz7Oep/0L+BXRJmvweBX
+-----END RSA PRIVATE KEY-----
+
diff --git a/lib/ssl/inet_proxy_dist.erl b/lib/ssl/inet_proxy_dist.erl
index 6308deabe6..9e415def3e 100644
--- a/lib/ssl/inet_proxy_dist.erl
+++ b/lib/ssl/inet_proxy_dist.erl
@@ -9,7 +9,7 @@
 -module(inet_proxy_dist).
 
 -export([childspecs/0, listen/1, accept/1, accept_connection/5,
-	 setup/5, close/1, select/1, is_node_name/1, tick/1]).
+	 setup/5, close/1, select/1, is_node_name/1]).
 
 -include_lib("kernel/src/net_address.hrl").
 -include_lib("kernel/src/dist.hrl").
@@ -126,7 +126,11 @@ do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
     end.
 
 close(Socket) ->
-    io:format("close called~n",[]),
+    try
+	erlang:error(foo)
+    catch _:_ ->
+	    io:format("close called ~p ~p~n",[Socket, erlang:get_stacktrace()])
+    end,
     gen_tcp:close(Socket),
     ok.
 
@@ -184,9 +188,6 @@ do_accept(Kernel, AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
 get_remote_id(Socket, Node) ->
     gen_server:call(proxy_server, {get_remote_id, {Socket,Node}}, infinity).
 
-tick(Socket) ->
-    gen_tcp:send(Socket, <<>>).
-
 check_ip(_) ->
     true.
 
diff --git a/lib/ssl/proxy_server.erl b/lib/ssl/proxy_server.erl
index 9b0d1f2400..38ec0ef0d8 100644
--- a/lib/ssl/proxy_server.erl
+++ b/lib/ssl/proxy_server.erl
@@ -20,6 +20,9 @@
 	 accept_loop
 	}).
 
+-define(PPRE, 4).
+-define(PPOST, 4).
+
 start_link() ->
     gen_server:start_link({local, proxy_server}, proxy_server, [], []).
 
@@ -30,9 +33,9 @@ init([]) ->
 
 handle_call(What = {listen, Name}, _From, State) ->
     io:format("~p: call listen ~p~n",[self(), What]),
-    case gen_tcp:listen(0, [{active, false}, {packet,2}]) of
+    case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
 	{ok, Socket} ->
-	    {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,2}]),
+	    {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
 	    TcpAddress = get_tcp_address(Socket),
 	    WorldTcpAddress = get_tcp_address(World),
 	    {_,Port} = WorldTcpAddress#net_address.address,
@@ -98,10 +101,10 @@ get_tcp_address(Socket) ->
 
 accept_loop(Proxy, Type, Listen, Extra) ->
     process_flag(priority, max),
-    case gen_tcp:accept(Listen) of
-	{ok, Socket} ->
-	    case Type of 
-		erts -> 
+    case Type of
+	erts ->
+	    case gen_tcp:accept(Listen) of
+		{ok, Socket} ->
 		    io:format("~p: erts accept~n",[self()]),
 		    Extra ! {accept,self(),Socket,inet,proxy},
 		    receive 
@@ -111,19 +114,26 @@ accept_loop(Proxy, Type, Listen, Extra) ->
 			{_Kernel, unsupported_protocol} ->
 			    exit(unsupported_protocol)
 		    end;
-		_ ->
+		Error ->
+		    exit(Error)
+	    end;
+	world ->
+	    case gen_tcp:accept(Listen) of
+		{ok, Socket} ->
+		    Opts = get_ssl_options(server),
+		    {ok, SslSocket} = ssl:ssl_accept(Socket, Opts),
 		    io:format("~p: world accept~n",[self()]),
-		    PairHandler = spawn(fun() -> setup_connection(Socket, Extra) end),
-		    ok = gen_tcp:controlling_process(Socket, PairHandler)
-	    end,
-	    accept_loop(Proxy, Type, Listen, Extra);
-	Error ->
-	    exit(Error)
-    end.
+		    PairHandler = spawn_link(fun() -> setup_connection(SslSocket, Extra) end),
+		    ok = ssl:controlling_process(SslSocket, PairHandler);
+		Error ->
+		    exit(Error)
+	    end
+    end,
+    accept_loop(Proxy, Type, Listen, Extra).
 
 
 try_connect(Port) ->
-    case gen_tcp:connect({127,0,0,1}, Port, [{active, false}, {packet,2}]) of
+    case gen_tcp:connect({127,0,0,1}, Port, [{active, false}, {packet,?PPRE}]) of
 	R = {ok, _S} ->
 	    R;
 	{error, _R} ->
@@ -132,9 +142,11 @@ try_connect(Port) ->
     end.
 
 setup_proxy(Ip, Port, Parent) ->
-    case gen_tcp:connect(Ip, Port, [{active, true}, binary, {packet,2}]) of
+    process_flag(trap_exit, true),
+    Opts = get_ssl_options(client),
+    case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
 	{ok, World} ->
-	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,2}]),
+	    {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,?PPRE}]),
 	    #net_address{address={_,LPort}} = get_tcp_address(ErtsL),
 	    Parent ! {self(), go_ahead, LPort},
 	    case gen_tcp:accept(ErtsL) of
@@ -150,69 +162,111 @@ setup_proxy(Ip, Port, Parent) ->
     end.
 
 setup_connection(World, ErtsListen) ->
+    process_flag(trap_exit, true),
     io:format("Setup connection ~n",[]),
     TcpAddress = get_tcp_address(ErtsListen),
     {_Addr,Port} = TcpAddress#net_address.address,
-    {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,2}]),
-    inet:setopts(World, [{active,true}, {packet, 2}]),
+    {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,?PPRE}]),
+    ssl:setopts(World, [{active,true}, {packet,?PPRE}]),
     io:format("~p ~n",[?LINE]),
     loop_conn_setup(World, Erts).
 
 loop_conn_setup(World, Erts) ->
     receive 
-	{tcp, World, Data = <<a, _/binary>>} ->
+	{ssl, World, Data = <<$a, _/binary>>} ->
 	    gen_tcp:send(Erts, Data),
-	    io:format("Handshake finished World -> Erts ~p ~c~n",[size(Data), a]),
-	    inet:setopts(World, [{packet, 4}]),
-	    inet:setopts(Erts, [{packet, 4}]),
+	    io:format("Handshake finished World -> Erts ~p ~c~n",[size(Data), $a]),
+	    ssl:setopts(World, [{packet,?PPOST}]),
+	    inet:setopts(Erts, [{packet,?PPOST}]),
 	    loop_conn(World, Erts);
-	{tcp, Erts, Data = <<a, _/binary>>} ->
-	    gen_tcp:send(World, Data),
-	    io:format("Handshake finished Erts -> World ~p ~c~n",[size(Data), a]),
-	    inet:setopts(World, [{packet, 4}]),
-	    inet:setopts(Erts, [{packet, 4}]),
+	{tcp, Erts, Data = <<$a, _/binary>>} ->
+	    ssl:send(World, Data),
+	    io:format("Handshake finished Erts -> World ~p ~c~n",[size(Data), $a]),
+	    ssl:setopts(World, [{packet,?PPOST}]),
+	    inet:setopts(Erts, [{packet,?PPOST}]),
 	    loop_conn(World, Erts);
 
-	{tcp, World, Data = <<H, _/binary>>} ->
+	{ssl, World, Data = <<H, _/binary>>} ->
 	    gen_tcp:send(Erts, Data),
 	    io:format("Handshake World -> Erts ~p ~c~n",[size(Data), H]),
 	    loop_conn_setup(World, Erts);
 	{tcp, Erts, Data = <<H, _/binary>>} ->
-	    gen_tcp:send(World, Data),
+	    ssl:send(World, Data),
 	    io:format("Handshake Erts -> World ~p ~c~n",[size(Data), H]),
 	    loop_conn_setup(World, Erts);
-	{tcp, World, Data} ->
+	{ssl, World, Data} ->
 	    gen_tcp:send(Erts, Data),
 	    io:format("World -> Erts ~p <<>>~n",[size(Data)]),
-	    loop_conn(World, Erts);
+	    loop_conn_setup(World, Erts);
 	{tcp, Erts, Data} ->
-	    gen_tcp:send(World, Data),
+	    ssl:send(World, Data),
 	    io:format("Erts -> World ~p <<>>~n",[size(Data)]),
-	    loop_conn(World, Erts);       
+	    loop_conn_setup(World, Erts);
 	Other ->
 	    io:format("~p ~p~n",[?LINE, Other])
     end.
 
-
 loop_conn(World, Erts) ->
     receive 
-	{tcp, World, Data = <<H, _/binary>>} ->
+	{ssl, World, Data = <<H, _/binary>>} ->
 	    gen_tcp:send(Erts, Data),
 	    io:format("World -> Erts ~p ~c~n",[size(Data), H]),
 	    loop_conn(World, Erts);
 	{tcp, Erts, Data = <<H, _/binary>>} ->
-	    gen_tcp:send(World, Data),
+	    ssl:send(World, Data),
 	    io:format("Erts -> World ~p ~c~n",[size(Data), H]),
 	    loop_conn(World, Erts);
-	{tcp, World, Data} ->
+	{ssl, World, Data} ->
 	    gen_tcp:send(Erts, Data),
 	    io:format("World -> Erts ~p <<>>~n",[size(Data)]),
 	    loop_conn(World, Erts);
 	{tcp, Erts, Data} ->
-	    gen_tcp:send(World, Data),
+	    ssl:send(World, Data),
 	    io:format("Erts -> World ~p <<>>~n",[size(Data)]),
 	    loop_conn(World, Erts);
 
 	Other ->
 	    io:format("~p ~p~n",[?LINE, Other])
     end.
+
+get_ssl_options(Type) ->
+    case init:get_argument(ssl_dist_opt) of
+	{ok, Args} ->
+	    ssl_options(Type, Args);
+	_ ->
+	    []
+    end.
+
+ssl_options(_,[]) ->
+    [];
+ssl_options(server, [["server_certfile", Value]|T]) ->
+    [{certfile, Value} | ssl_options(server,T)];
+ssl_options(client, [["client_certfile", Value]|T]) ->
+    [{certfile, Value} | ssl_options(client,T)];
+ssl_options(server, [["server_cacertfile", Value]|T]) ->
+    [{cacertfile, Value} | ssl_options(server,T)];
+ssl_options(server, [["server_keyfile", Value]|T]) ->
+    [{keyfile, Value} | ssl_options(server,T)];
+ssl_options(Type, [["client_certfile", _Value]|T]) ->
+    ssl_options(Type,T);
+ssl_options(Type, [["server_certfile", _Value]|T]) ->
+    ssl_options(Type,T);
+ssl_options(Type, [[Item, Value]|T]) ->
+    [{atomize(Item),fixup(Value)} | ssl_options(Type,T)];
+ssl_options(Type, [[Item,Value |T1]|T2]) ->
+    ssl_options(atomize(Type),[[Item,Value],T1|T2]);
+ssl_options(_,_) ->
+    exit(malformed_ssl_dist_opt).
+
+fixup(Value) ->
+    case catch list_to_integer(Value) of
+	{'EXIT',_} ->
+	    Value;
+	Int ->
+	    Int
+    end.
+
+atomize(List) when is_list(List) ->
+    list_to_atom(List);
+atomize(Atom) when is_atom(Atom) ->
+    Atom.
diff --git a/lib/ssl/server.pem b/lib/ssl/server.pem
new file mode 100644
index 0000000000..4e4aae5342
--- /dev/null
+++ b/lib/ssl/server.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIICezCCAeSgAwIBAgIFFX2Pz5EwDQYJKoZIhvcNAQEFBQAwczEcMBoGCSqGSIb3
+DQEJARYNQ0FAZXJsYW5nLm9yZzELMAkGA1UEAxMCQ0ExEjAQBgNVBAcTCVN0b2Nr
+aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBmVybGFuZzEUMBIGA1UECxMLdGVz
+dGluZyBkZXAwIhgPMjAxMDA4MjUwMDAwMDBaGA8yMDEwMDkwMTAwMDAwMFowdzEe
+MBwGCSqGSIb3DQEJARYPZGd1ZEBlcmxhbmcub3JnMQ0wCwYDVQQDEwRkZ3VkMRIw
+EAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZlcmxhbmcx
+FDASBgNVBAsTC3Rlc3RpbmcgZGVwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDAu0FFOt/gZUz5DLBtqA/YUNrq+xXevXTsR1I/uxzNS+nYWkMN81W5oI2yXJ08
+LLdat6APru64DWRGQPMn6BTr4ti9l9Nq4jQEY96G2ee+YrB5SAduxkWwg2qyNMb3
+s4OIq56tp+pzty/v8VcapUTn3uKJv3SL0eYWxASD79WmdQIDAQABoxMwETAPBgNV
+HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaT0GL8gIlnPBJS+81CnQos
+cMoZll7QdXLGxzSN1laxDrvHOHE9SAtrx1EJHcv8nh/jvhL715bVbnuaoAtgxQoW
+KF3A7DziDEYhkZd20G80rC+i6rx3n/+9T51RPhzymNbgSQhuVBFs0JXL73HPEqeZ
+wskDuSyiV8DCDjiwlgpq
+-----END CERTIFICATE-----
+
+XXX Following key assumed not encrypted
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDAu0FFOt/gZUz5DLBtqA/YUNrq+xXevXTsR1I/uxzNS+nYWkMN
+81W5oI2yXJ08LLdat6APru64DWRGQPMn6BTr4ti9l9Nq4jQEY96G2ee+YrB5SAdu
+xkWwg2qyNMb3s4OIq56tp+pzty/v8VcapUTn3uKJv3SL0eYWxASD79WmdQIDAQAB
+AoGAERwOjVDOsyMLFEj2GKYE0hVLefTUWjPDf35NZO79fZQxrE1HCqQBhjskmSLz
+qnXlyR3oDbxf4OL/deUqMO6/fJHVOD7O9UQRK26f01IZoTq0WmBMFP2C7upafzgx
+9gxddQ7j9B6rqz2agV/YUpvij7hfhXFmV/ogggeuVsyQ0AECQQDNSBH8WMVgky0I
+QLa7MfBLsiHQ5FXmVYU6i9C/QUpL7SWu6eV3edAm7xbtcWnqXEMxeC7D9NIAxDhO
+VaV21bR1AkEA8Flmsy/XRVPF2rmfz0o1Cc+9m6NZOQAUK9sHAXuL3HoTPcigS+f5
+fHbAGFPDBoolS9qRJs5AcL95majzpDnqAQJAJ/SjK47LvCRpW3XdG0p5DwK4+kO3
+RIHY0LBuDQvUPjsGXqk/9KVNEobu24B7sRYMLhDKaXG5flSy8OxSrHKkEQJBAKvg
+ItMs+RK4r5qUd7Xy6S7VAlCUZa+fYM1j2gSzZvcJzUy3dfoSL5VUDlbXP3YjwDwY
+VwibIfX+12SNL35XdAECQHLGnDKYLO3M7HCPf9Yp8tiOmD9mASKcXd3NdBg5mD/l
+oOlKIQhdAQS0BLFhyASfb6hzY0Mj8B2Nq5Z3sq8yD1s=
+-----END RSA PRIVATE KEY-----
+
author	Dan Gudmundsson <[email protected]>	2010-08-25 15:23:30 +0200
committer	Ingela Anderton Andin <[email protected]>	2011-09-01 10:41:28 +0200
commit	50392cec6e5bda7ac62abff3313eae551b006612 (patch)
tree	18910c7df693f81ec3a892ad19f9e056a496e9d1
parent	3e631a1851d1b0546e9ba1b52a22cf15b2e32501 (diff)
download	otp-50392cec6e5bda7ac62abff3313eae551b006612.tar.gz otp-50392cec6e5bda7ac62abff3313eae551b006612.tar.bz2 otp-50392cec6e5bda7ac62abff3313eae551b006612.zip