aboutsummaryrefslogtreecommitdiffstats
path: root/lib/ssl
diff options
context:
space:
mode:
authorDan Gudmundsson <[email protected]>2010-08-25 15:23:30 +0200
committerIngela Anderton Andin <[email protected]>2011-09-01 10:41:28 +0200
commit50392cec6e5bda7ac62abff3313eae551b006612 (patch)
tree18910c7df693f81ec3a892ad19f9e056a496e9d1 /lib/ssl
parent3e631a1851d1b0546e9ba1b52a22cf15b2e32501 (diff)
downloadotp-50392cec6e5bda7ac62abff3313eae551b006612.tar.gz
otp-50392cec6e5bda7ac62abff3313eae551b006612.tar.bz2
otp-50392cec6e5bda7ac62abff3313eae551b006612.zip
Use ssl instead of being a proxy command
Diffstat (limited to 'lib/ssl')
-rw-r--r--lib/ssl/client.pem34
-rw-r--r--lib/ssl/inet_proxy_dist.erl11
-rw-r--r--lib/ssl/proxy_server.erl132
-rw-r--r--lib/ssl/server.pem34
4 files changed, 167 insertions, 44 deletions
diff --git a/lib/ssl/client.pem b/lib/ssl/client.pem
new file mode 100644
index 0000000000..90d88a259a
--- /dev/null
+++ b/lib/ssl/client.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIICfjCCAeegAwIBAgIFZ0ez/tEwDQYJKoZIhvcNAQEFBQAwdzEeMBwGCSqGSIb3
+DQEJARYPZGd1ZEBlcmxhbmcub3JnMQ0wCwYDVQQDEwRkZ3VkMRIwEAYDVQQHEwlT
+dG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZlcmxhbmcxFDASBgNVBAsT
+C3Rlc3RpbmcgZGVwMCIYDzIwMTAwODI1MDAwMDAwWhgPMjAxMDA5MDEwMDAwMDBa
+MHcxHjAcBgkqhkiG9w0BCQEWD2RndWRAZXJsYW5nLm9yZzENMAsGA1UEAxMEZGd1
+ZDESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQGEwJTRTEPMA0GA1UEChMGZXJs
+YW5nMRQwEgYDVQQLEwt0ZXN0aW5nIGRlcDCBnjANBgkqhkiG9w0BAQEFAAOBjAAw
+gYgCgYBk/3JXHJ02+rqJ1qJqtMtBhPh2HKRhy7SHFhIg0LbalsH+B0pXcP6c3b9p
+nY68FEqhB69jJfFgb98tW68+qDDh4aWeJc3cw3NslVvJXB5ADWsewrUoXx0hTHiL
+T/f+RC5BBvnfAZAJYXTxpoukiVZJvVuq7o/rVWDpQPfy8MNr/QIDAQABoxMwETAP
+BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAGXTeYefvpqgs6JcLTw8
+Hem8YrZIK1Icgu2QYRVZHuqFf45MBqrEUHHXNxDIWXD7U6shWezw5laB+5AcW8sq
+9RI+3CYU0wOb0XgFQmcIfCMFbhKvTdB5S7zjy3B39B264/cRBZXFdgAeILEDsBk0
+zgFSLCMULbtTxF+3zNJ/Fclq
+-----END CERTIFICATE-----
+
+XXX Following key assumed not encrypted
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgGT/clccnTb6uonWomq0y0GE+HYcpGHLtIcWEiDQttqWwf4HSldw
+/pzdv2mdjrwUSqEHr2Ml8WBv3y1brz6oMOHhpZ4lzdzDc2yVW8lcHkANax7CtShf
+HSFMeItP9/5ELkEG+d8BkAlhdPGmi6SJVkm9W6ruj+tVYOlA9/Lww2v9AgMBAAEC
+gYAH8urm3EOrXhRsYM4ro8sTfwmnEh4F7Ghq8Vu/5W1eytq9yYkaVLRVWEaGY3Ym
+a1psThSJsyTKOEPSaBLk1YvzQeITmgHLGpJ11qJOMZO6mvj7lSQBdCc2vuusajtw
+zFOaGe6MOrFEetOKBjnGri8byrEfqJogEH2+aiPEog40KQJBAKYtiPFqh91oC3qH
+AQ1uJodhyQTrTwSBltqN1Hp9nuE6ydfNWBd1aC9sIiDY1IjUhW89eJYEYvotougQ
+ntU+8UcCQQCblsff2IGl8SdHfhWjqT3Rsg4RMKgDH52Ym9U2kI5y6Z4E9G9tQXuR
+6/tohmWX/j6CFiORuz7FhVIQ7b4HuPqbAkBVuDthvMAk15zEMYu7b8x0HV7iKLdz
+7ZzxVCP8o3wnVnnz1brRLwD1JWRdaTwI8Qd7oEvppo2f25ai+p/UBEnVAkAuU9Ur
+59Gi0Y16kiZrVudbWwMpRy2f0HgiirQPzTc9LCarHwVWqNrcdkGju/DgMwn1vhXV
+PMXSFoJ7G+8raX7lAkA4Ck9izAs08+37jmhRxcmYpOjdCxA9yWrwALJysYKlTw4N
+Qwb7Q4uDQz6EunuTGfiXZz7Oep/0L+BXRJmvweBX
+-----END RSA PRIVATE KEY-----
+
diff --git a/lib/ssl/inet_proxy_dist.erl b/lib/ssl/inet_proxy_dist.erl
index 6308deabe6..9e415def3e 100644
--- a/lib/ssl/inet_proxy_dist.erl
+++ b/lib/ssl/inet_proxy_dist.erl
@@ -9,7 +9,7 @@
-module(inet_proxy_dist).
-export([childspecs/0, listen/1, accept/1, accept_connection/5,
- setup/5, close/1, select/1, is_node_name/1, tick/1]).
+ setup/5, close/1, select/1, is_node_name/1]).
-include_lib("kernel/src/net_address.hrl").
-include_lib("kernel/src/dist.hrl").
@@ -126,7 +126,11 @@ do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) ->
end.
close(Socket) ->
- io:format("close called~n",[]),
+ try
+ erlang:error(foo)
+ catch _:_ ->
+ io:format("close called ~p ~p~n",[Socket, erlang:get_stacktrace()])
+ end,
gen_tcp:close(Socket),
ok.
@@ -184,9 +188,6 @@ do_accept(Kernel, AcceptPid, Socket, MyNode, Allowed, SetupTime) ->
get_remote_id(Socket, Node) ->
gen_server:call(proxy_server, {get_remote_id, {Socket,Node}}, infinity).
-tick(Socket) ->
- gen_tcp:send(Socket, <<>>).
-
check_ip(_) ->
true.
diff --git a/lib/ssl/proxy_server.erl b/lib/ssl/proxy_server.erl
index 9b0d1f2400..38ec0ef0d8 100644
--- a/lib/ssl/proxy_server.erl
+++ b/lib/ssl/proxy_server.erl
@@ -20,6 +20,9 @@
accept_loop
}).
+-define(PPRE, 4).
+-define(PPOST, 4).
+
start_link() ->
gen_server:start_link({local, proxy_server}, proxy_server, [], []).
@@ -30,9 +33,9 @@ init([]) ->
handle_call(What = {listen, Name}, _From, State) ->
io:format("~p: call listen ~p~n",[self(), What]),
- case gen_tcp:listen(0, [{active, false}, {packet,2}]) of
+ case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of
{ok, Socket} ->
- {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,2}]),
+ {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]),
TcpAddress = get_tcp_address(Socket),
WorldTcpAddress = get_tcp_address(World),
{_,Port} = WorldTcpAddress#net_address.address,
@@ -98,10 +101,10 @@ get_tcp_address(Socket) ->
accept_loop(Proxy, Type, Listen, Extra) ->
process_flag(priority, max),
- case gen_tcp:accept(Listen) of
- {ok, Socket} ->
- case Type of
- erts ->
+ case Type of
+ erts ->
+ case gen_tcp:accept(Listen) of
+ {ok, Socket} ->
io:format("~p: erts accept~n",[self()]),
Extra ! {accept,self(),Socket,inet,proxy},
receive
@@ -111,19 +114,26 @@ accept_loop(Proxy, Type, Listen, Extra) ->
{_Kernel, unsupported_protocol} ->
exit(unsupported_protocol)
end;
- _ ->
+ Error ->
+ exit(Error)
+ end;
+ world ->
+ case gen_tcp:accept(Listen) of
+ {ok, Socket} ->
+ Opts = get_ssl_options(server),
+ {ok, SslSocket} = ssl:ssl_accept(Socket, Opts),
io:format("~p: world accept~n",[self()]),
- PairHandler = spawn(fun() -> setup_connection(Socket, Extra) end),
- ok = gen_tcp:controlling_process(Socket, PairHandler)
- end,
- accept_loop(Proxy, Type, Listen, Extra);
- Error ->
- exit(Error)
- end.
+ PairHandler = spawn_link(fun() -> setup_connection(SslSocket, Extra) end),
+ ok = ssl:controlling_process(SslSocket, PairHandler);
+ Error ->
+ exit(Error)
+ end
+ end,
+ accept_loop(Proxy, Type, Listen, Extra).
try_connect(Port) ->
- case gen_tcp:connect({127,0,0,1}, Port, [{active, false}, {packet,2}]) of
+ case gen_tcp:connect({127,0,0,1}, Port, [{active, false}, {packet,?PPRE}]) of
R = {ok, _S} ->
R;
{error, _R} ->
@@ -132,9 +142,11 @@ try_connect(Port) ->
end.
setup_proxy(Ip, Port, Parent) ->
- case gen_tcp:connect(Ip, Port, [{active, true}, binary, {packet,2}]) of
+ process_flag(trap_exit, true),
+ Opts = get_ssl_options(client),
+ case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of
{ok, World} ->
- {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,2}]),
+ {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,?PPRE}]),
#net_address{address={_,LPort}} = get_tcp_address(ErtsL),
Parent ! {self(), go_ahead, LPort},
case gen_tcp:accept(ErtsL) of
@@ -150,69 +162,111 @@ setup_proxy(Ip, Port, Parent) ->
end.
setup_connection(World, ErtsListen) ->
+ process_flag(trap_exit, true),
io:format("Setup connection ~n",[]),
TcpAddress = get_tcp_address(ErtsListen),
{_Addr,Port} = TcpAddress#net_address.address,
- {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,2}]),
- inet:setopts(World, [{active,true}, {packet, 2}]),
+ {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,?PPRE}]),
+ ssl:setopts(World, [{active,true}, {packet,?PPRE}]),
io:format("~p ~n",[?LINE]),
loop_conn_setup(World, Erts).
loop_conn_setup(World, Erts) ->
receive
- {tcp, World, Data = <<a, _/binary>>} ->
+ {ssl, World, Data = <<$a, _/binary>>} ->
gen_tcp:send(Erts, Data),
- io:format("Handshake finished World -> Erts ~p ~c~n",[size(Data), a]),
- inet:setopts(World, [{packet, 4}]),
- inet:setopts(Erts, [{packet, 4}]),
+ io:format("Handshake finished World -> Erts ~p ~c~n",[size(Data), $a]),
+ ssl:setopts(World, [{packet,?PPOST}]),
+ inet:setopts(Erts, [{packet,?PPOST}]),
loop_conn(World, Erts);
- {tcp, Erts, Data = <<a, _/binary>>} ->
- gen_tcp:send(World, Data),
- io:format("Handshake finished Erts -> World ~p ~c~n",[size(Data), a]),
- inet:setopts(World, [{packet, 4}]),
- inet:setopts(Erts, [{packet, 4}]),
+ {tcp, Erts, Data = <<$a, _/binary>>} ->
+ ssl:send(World, Data),
+ io:format("Handshake finished Erts -> World ~p ~c~n",[size(Data), $a]),
+ ssl:setopts(World, [{packet,?PPOST}]),
+ inet:setopts(Erts, [{packet,?PPOST}]),
loop_conn(World, Erts);
- {tcp, World, Data = <<H, _/binary>>} ->
+ {ssl, World, Data = <<H, _/binary>>} ->
gen_tcp:send(Erts, Data),
io:format("Handshake World -> Erts ~p ~c~n",[size(Data), H]),
loop_conn_setup(World, Erts);
{tcp, Erts, Data = <<H, _/binary>>} ->
- gen_tcp:send(World, Data),
+ ssl:send(World, Data),
io:format("Handshake Erts -> World ~p ~c~n",[size(Data), H]),
loop_conn_setup(World, Erts);
- {tcp, World, Data} ->
+ {ssl, World, Data} ->
gen_tcp:send(Erts, Data),
io:format("World -> Erts ~p <<>>~n",[size(Data)]),
- loop_conn(World, Erts);
+ loop_conn_setup(World, Erts);
{tcp, Erts, Data} ->
- gen_tcp:send(World, Data),
+ ssl:send(World, Data),
io:format("Erts -> World ~p <<>>~n",[size(Data)]),
- loop_conn(World, Erts);
+ loop_conn_setup(World, Erts);
Other ->
io:format("~p ~p~n",[?LINE, Other])
end.
-
loop_conn(World, Erts) ->
receive
- {tcp, World, Data = <<H, _/binary>>} ->
+ {ssl, World, Data = <<H, _/binary>>} ->
gen_tcp:send(Erts, Data),
io:format("World -> Erts ~p ~c~n",[size(Data), H]),
loop_conn(World, Erts);
{tcp, Erts, Data = <<H, _/binary>>} ->
- gen_tcp:send(World, Data),
+ ssl:send(World, Data),
io:format("Erts -> World ~p ~c~n",[size(Data), H]),
loop_conn(World, Erts);
- {tcp, World, Data} ->
+ {ssl, World, Data} ->
gen_tcp:send(Erts, Data),
io:format("World -> Erts ~p <<>>~n",[size(Data)]),
loop_conn(World, Erts);
{tcp, Erts, Data} ->
- gen_tcp:send(World, Data),
+ ssl:send(World, Data),
io:format("Erts -> World ~p <<>>~n",[size(Data)]),
loop_conn(World, Erts);
Other ->
io:format("~p ~p~n",[?LINE, Other])
end.
+
+get_ssl_options(Type) ->
+ case init:get_argument(ssl_dist_opt) of
+ {ok, Args} ->
+ ssl_options(Type, Args);
+ _ ->
+ []
+ end.
+
+ssl_options(_,[]) ->
+ [];
+ssl_options(server, [["server_certfile", Value]|T]) ->
+ [{certfile, Value} | ssl_options(server,T)];
+ssl_options(client, [["client_certfile", Value]|T]) ->
+ [{certfile, Value} | ssl_options(client,T)];
+ssl_options(server, [["server_cacertfile", Value]|T]) ->
+ [{cacertfile, Value} | ssl_options(server,T)];
+ssl_options(server, [["server_keyfile", Value]|T]) ->
+ [{keyfile, Value} | ssl_options(server,T)];
+ssl_options(Type, [["client_certfile", _Value]|T]) ->
+ ssl_options(Type,T);
+ssl_options(Type, [["server_certfile", _Value]|T]) ->
+ ssl_options(Type,T);
+ssl_options(Type, [[Item, Value]|T]) ->
+ [{atomize(Item),fixup(Value)} | ssl_options(Type,T)];
+ssl_options(Type, [[Item,Value |T1]|T2]) ->
+ ssl_options(atomize(Type),[[Item,Value],T1|T2]);
+ssl_options(_,_) ->
+ exit(malformed_ssl_dist_opt).
+
+fixup(Value) ->
+ case catch list_to_integer(Value) of
+ {'EXIT',_} ->
+ Value;
+ Int ->
+ Int
+ end.
+
+atomize(List) when is_list(List) ->
+ list_to_atom(List);
+atomize(Atom) when is_atom(Atom) ->
+ Atom.
diff --git a/lib/ssl/server.pem b/lib/ssl/server.pem
new file mode 100644
index 0000000000..4e4aae5342
--- /dev/null
+++ b/lib/ssl/server.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIICezCCAeSgAwIBAgIFFX2Pz5EwDQYJKoZIhvcNAQEFBQAwczEcMBoGCSqGSIb3
+DQEJARYNQ0FAZXJsYW5nLm9yZzELMAkGA1UEAxMCQ0ExEjAQBgNVBAcTCVN0b2Nr
+aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBmVybGFuZzEUMBIGA1UECxMLdGVz
+dGluZyBkZXAwIhgPMjAxMDA4MjUwMDAwMDBaGA8yMDEwMDkwMTAwMDAwMFowdzEe
+MBwGCSqGSIb3DQEJARYPZGd1ZEBlcmxhbmcub3JnMQ0wCwYDVQQDEwRkZ3VkMRIw
+EAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZlcmxhbmcx
+FDASBgNVBAsTC3Rlc3RpbmcgZGVwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDAu0FFOt/gZUz5DLBtqA/YUNrq+xXevXTsR1I/uxzNS+nYWkMN81W5oI2yXJ08
+LLdat6APru64DWRGQPMn6BTr4ti9l9Nq4jQEY96G2ee+YrB5SAduxkWwg2qyNMb3
+s4OIq56tp+pzty/v8VcapUTn3uKJv3SL0eYWxASD79WmdQIDAQABoxMwETAPBgNV
+HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaT0GL8gIlnPBJS+81CnQos
+cMoZll7QdXLGxzSN1laxDrvHOHE9SAtrx1EJHcv8nh/jvhL715bVbnuaoAtgxQoW
+KF3A7DziDEYhkZd20G80rC+i6rx3n/+9T51RPhzymNbgSQhuVBFs0JXL73HPEqeZ
+wskDuSyiV8DCDjiwlgpq
+-----END CERTIFICATE-----
+
+XXX Following key assumed not encrypted
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDAu0FFOt/gZUz5DLBtqA/YUNrq+xXevXTsR1I/uxzNS+nYWkMN
+81W5oI2yXJ08LLdat6APru64DWRGQPMn6BTr4ti9l9Nq4jQEY96G2ee+YrB5SAdu
+xkWwg2qyNMb3s4OIq56tp+pzty/v8VcapUTn3uKJv3SL0eYWxASD79WmdQIDAQAB
+AoGAERwOjVDOsyMLFEj2GKYE0hVLefTUWjPDf35NZO79fZQxrE1HCqQBhjskmSLz
+qnXlyR3oDbxf4OL/deUqMO6/fJHVOD7O9UQRK26f01IZoTq0WmBMFP2C7upafzgx
+9gxddQ7j9B6rqz2agV/YUpvij7hfhXFmV/ogggeuVsyQ0AECQQDNSBH8WMVgky0I
+QLa7MfBLsiHQ5FXmVYU6i9C/QUpL7SWu6eV3edAm7xbtcWnqXEMxeC7D9NIAxDhO
+VaV21bR1AkEA8Flmsy/XRVPF2rmfz0o1Cc+9m6NZOQAUK9sHAXuL3HoTPcigS+f5
+fHbAGFPDBoolS9qRJs5AcL95majzpDnqAQJAJ/SjK47LvCRpW3XdG0p5DwK4+kO3
+RIHY0LBuDQvUPjsGXqk/9KVNEobu24B7sRYMLhDKaXG5flSy8OxSrHKkEQJBAKvg
+ItMs+RK4r5qUd7Xy6S7VAlCUZa+fYM1j2gSzZvcJzUy3dfoSL5VUDlbXP3YjwDwY
+VwibIfX+12SNL35XdAECQHLGnDKYLO3M7HCPf9Yp8tiOmD9mASKcXd3NdBg5mD/l
+oOlKIQhdAQS0BLFhyASfb6hzY0Mj8B2Nq5Z3sq8yD1s=
+-----END RSA PRIVATE KEY-----
+