diff options
author | Dan Gudmundsson <[email protected]> | 2010-08-25 15:23:30 +0200 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2011-09-01 10:41:28 +0200 |
commit | 50392cec6e5bda7ac62abff3313eae551b006612 (patch) | |
tree | 18910c7df693f81ec3a892ad19f9e056a496e9d1 /lib/ssl | |
parent | 3e631a1851d1b0546e9ba1b52a22cf15b2e32501 (diff) | |
download | otp-50392cec6e5bda7ac62abff3313eae551b006612.tar.gz otp-50392cec6e5bda7ac62abff3313eae551b006612.tar.bz2 otp-50392cec6e5bda7ac62abff3313eae551b006612.zip |
Use ssl instead of being a proxy command
Diffstat (limited to 'lib/ssl')
-rw-r--r-- | lib/ssl/client.pem | 34 | ||||
-rw-r--r-- | lib/ssl/inet_proxy_dist.erl | 11 | ||||
-rw-r--r-- | lib/ssl/proxy_server.erl | 132 | ||||
-rw-r--r-- | lib/ssl/server.pem | 34 |
4 files changed, 167 insertions, 44 deletions
diff --git a/lib/ssl/client.pem b/lib/ssl/client.pem new file mode 100644 index 0000000000..90d88a259a --- /dev/null +++ b/lib/ssl/client.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIICfjCCAeegAwIBAgIFZ0ez/tEwDQYJKoZIhvcNAQEFBQAwdzEeMBwGCSqGSIb3 +DQEJARYPZGd1ZEBlcmxhbmcub3JnMQ0wCwYDVQQDEwRkZ3VkMRIwEAYDVQQHEwlT +dG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZlcmxhbmcxFDASBgNVBAsT +C3Rlc3RpbmcgZGVwMCIYDzIwMTAwODI1MDAwMDAwWhgPMjAxMDA5MDEwMDAwMDBa +MHcxHjAcBgkqhkiG9w0BCQEWD2RndWRAZXJsYW5nLm9yZzENMAsGA1UEAxMEZGd1 +ZDESMBAGA1UEBxMJU3RvY2tob2xtMQswCQYDVQQGEwJTRTEPMA0GA1UEChMGZXJs +YW5nMRQwEgYDVQQLEwt0ZXN0aW5nIGRlcDCBnjANBgkqhkiG9w0BAQEFAAOBjAAw +gYgCgYBk/3JXHJ02+rqJ1qJqtMtBhPh2HKRhy7SHFhIg0LbalsH+B0pXcP6c3b9p +nY68FEqhB69jJfFgb98tW68+qDDh4aWeJc3cw3NslVvJXB5ADWsewrUoXx0hTHiL +T/f+RC5BBvnfAZAJYXTxpoukiVZJvVuq7o/rVWDpQPfy8MNr/QIDAQABoxMwETAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAGXTeYefvpqgs6JcLTw8 +Hem8YrZIK1Icgu2QYRVZHuqFf45MBqrEUHHXNxDIWXD7U6shWezw5laB+5AcW8sq +9RI+3CYU0wOb0XgFQmcIfCMFbhKvTdB5S7zjy3B39B264/cRBZXFdgAeILEDsBk0 +zgFSLCMULbtTxF+3zNJ/Fclq +-----END CERTIFICATE----- + +XXX Following key assumed not encrypted +-----BEGIN RSA PRIVATE KEY----- +MIICWgIBAAKBgGT/clccnTb6uonWomq0y0GE+HYcpGHLtIcWEiDQttqWwf4HSldw +/pzdv2mdjrwUSqEHr2Ml8WBv3y1brz6oMOHhpZ4lzdzDc2yVW8lcHkANax7CtShf +HSFMeItP9/5ELkEG+d8BkAlhdPGmi6SJVkm9W6ruj+tVYOlA9/Lww2v9AgMBAAEC +gYAH8urm3EOrXhRsYM4ro8sTfwmnEh4F7Ghq8Vu/5W1eytq9yYkaVLRVWEaGY3Ym +a1psThSJsyTKOEPSaBLk1YvzQeITmgHLGpJ11qJOMZO6mvj7lSQBdCc2vuusajtw +zFOaGe6MOrFEetOKBjnGri8byrEfqJogEH2+aiPEog40KQJBAKYtiPFqh91oC3qH +AQ1uJodhyQTrTwSBltqN1Hp9nuE6ydfNWBd1aC9sIiDY1IjUhW89eJYEYvotougQ +ntU+8UcCQQCblsff2IGl8SdHfhWjqT3Rsg4RMKgDH52Ym9U2kI5y6Z4E9G9tQXuR +6/tohmWX/j6CFiORuz7FhVIQ7b4HuPqbAkBVuDthvMAk15zEMYu7b8x0HV7iKLdz +7ZzxVCP8o3wnVnnz1brRLwD1JWRdaTwI8Qd7oEvppo2f25ai+p/UBEnVAkAuU9Ur +59Gi0Y16kiZrVudbWwMpRy2f0HgiirQPzTc9LCarHwVWqNrcdkGju/DgMwn1vhXV +PMXSFoJ7G+8raX7lAkA4Ck9izAs08+37jmhRxcmYpOjdCxA9yWrwALJysYKlTw4N +Qwb7Q4uDQz6EunuTGfiXZz7Oep/0L+BXRJmvweBX +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssl/inet_proxy_dist.erl b/lib/ssl/inet_proxy_dist.erl index 6308deabe6..9e415def3e 100644 --- a/lib/ssl/inet_proxy_dist.erl +++ b/lib/ssl/inet_proxy_dist.erl @@ -9,7 +9,7 @@ -module(inet_proxy_dist). -export([childspecs/0, listen/1, accept/1, accept_connection/5, - setup/5, close/1, select/1, is_node_name/1, tick/1]). + setup/5, close/1, select/1, is_node_name/1]). -include_lib("kernel/src/net_address.hrl"). -include_lib("kernel/src/dist.hrl"). @@ -126,7 +126,11 @@ do_setup(Kernel, Node, Type, MyNode, LongOrShortNames, SetupTime) -> end. close(Socket) -> - io:format("close called~n",[]), + try + erlang:error(foo) + catch _:_ -> + io:format("close called ~p ~p~n",[Socket, erlang:get_stacktrace()]) + end, gen_tcp:close(Socket), ok. @@ -184,9 +188,6 @@ do_accept(Kernel, AcceptPid, Socket, MyNode, Allowed, SetupTime) -> get_remote_id(Socket, Node) -> gen_server:call(proxy_server, {get_remote_id, {Socket,Node}}, infinity). -tick(Socket) -> - gen_tcp:send(Socket, <<>>). - check_ip(_) -> true. diff --git a/lib/ssl/proxy_server.erl b/lib/ssl/proxy_server.erl index 9b0d1f2400..38ec0ef0d8 100644 --- a/lib/ssl/proxy_server.erl +++ b/lib/ssl/proxy_server.erl @@ -20,6 +20,9 @@ accept_loop }). +-define(PPRE, 4). +-define(PPOST, 4). + start_link() -> gen_server:start_link({local, proxy_server}, proxy_server, [], []). @@ -30,9 +33,9 @@ init([]) -> handle_call(What = {listen, Name}, _From, State) -> io:format("~p: call listen ~p~n",[self(), What]), - case gen_tcp:listen(0, [{active, false}, {packet,2}]) of + case gen_tcp:listen(0, [{active, false}, {packet,?PPRE}]) of {ok, Socket} -> - {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,2}]), + {ok, World} = gen_tcp:listen(0, [{active, false}, binary, {packet,?PPRE}]), TcpAddress = get_tcp_address(Socket), WorldTcpAddress = get_tcp_address(World), {_,Port} = WorldTcpAddress#net_address.address, @@ -98,10 +101,10 @@ get_tcp_address(Socket) -> accept_loop(Proxy, Type, Listen, Extra) -> process_flag(priority, max), - case gen_tcp:accept(Listen) of - {ok, Socket} -> - case Type of - erts -> + case Type of + erts -> + case gen_tcp:accept(Listen) of + {ok, Socket} -> io:format("~p: erts accept~n",[self()]), Extra ! {accept,self(),Socket,inet,proxy}, receive @@ -111,19 +114,26 @@ accept_loop(Proxy, Type, Listen, Extra) -> {_Kernel, unsupported_protocol} -> exit(unsupported_protocol) end; - _ -> + Error -> + exit(Error) + end; + world -> + case gen_tcp:accept(Listen) of + {ok, Socket} -> + Opts = get_ssl_options(server), + {ok, SslSocket} = ssl:ssl_accept(Socket, Opts), io:format("~p: world accept~n",[self()]), - PairHandler = spawn(fun() -> setup_connection(Socket, Extra) end), - ok = gen_tcp:controlling_process(Socket, PairHandler) - end, - accept_loop(Proxy, Type, Listen, Extra); - Error -> - exit(Error) - end. + PairHandler = spawn_link(fun() -> setup_connection(SslSocket, Extra) end), + ok = ssl:controlling_process(SslSocket, PairHandler); + Error -> + exit(Error) + end + end, + accept_loop(Proxy, Type, Listen, Extra). try_connect(Port) -> - case gen_tcp:connect({127,0,0,1}, Port, [{active, false}, {packet,2}]) of + case gen_tcp:connect({127,0,0,1}, Port, [{active, false}, {packet,?PPRE}]) of R = {ok, _S} -> R; {error, _R} -> @@ -132,9 +142,11 @@ try_connect(Port) -> end. setup_proxy(Ip, Port, Parent) -> - case gen_tcp:connect(Ip, Port, [{active, true}, binary, {packet,2}]) of + process_flag(trap_exit, true), + Opts = get_ssl_options(client), + case ssl:connect(Ip, Port, [{active, true}, binary, {packet,?PPRE}] ++ Opts) of {ok, World} -> - {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,2}]), + {ok, ErtsL} = gen_tcp:listen(0, [{active, true}, binary, {packet,?PPRE}]), #net_address{address={_,LPort}} = get_tcp_address(ErtsL), Parent ! {self(), go_ahead, LPort}, case gen_tcp:accept(ErtsL) of @@ -150,69 +162,111 @@ setup_proxy(Ip, Port, Parent) -> end. setup_connection(World, ErtsListen) -> + process_flag(trap_exit, true), io:format("Setup connection ~n",[]), TcpAddress = get_tcp_address(ErtsListen), {_Addr,Port} = TcpAddress#net_address.address, - {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,2}]), - inet:setopts(World, [{active,true}, {packet, 2}]), + {ok, Erts} = gen_tcp:connect({127,0,0,1}, Port, [{active, true}, binary, {packet,?PPRE}]), + ssl:setopts(World, [{active,true}, {packet,?PPRE}]), io:format("~p ~n",[?LINE]), loop_conn_setup(World, Erts). loop_conn_setup(World, Erts) -> receive - {tcp, World, Data = <<a, _/binary>>} -> + {ssl, World, Data = <<$a, _/binary>>} -> gen_tcp:send(Erts, Data), - io:format("Handshake finished World -> Erts ~p ~c~n",[size(Data), a]), - inet:setopts(World, [{packet, 4}]), - inet:setopts(Erts, [{packet, 4}]), + io:format("Handshake finished World -> Erts ~p ~c~n",[size(Data), $a]), + ssl:setopts(World, [{packet,?PPOST}]), + inet:setopts(Erts, [{packet,?PPOST}]), loop_conn(World, Erts); - {tcp, Erts, Data = <<a, _/binary>>} -> - gen_tcp:send(World, Data), - io:format("Handshake finished Erts -> World ~p ~c~n",[size(Data), a]), - inet:setopts(World, [{packet, 4}]), - inet:setopts(Erts, [{packet, 4}]), + {tcp, Erts, Data = <<$a, _/binary>>} -> + ssl:send(World, Data), + io:format("Handshake finished Erts -> World ~p ~c~n",[size(Data), $a]), + ssl:setopts(World, [{packet,?PPOST}]), + inet:setopts(Erts, [{packet,?PPOST}]), loop_conn(World, Erts); - {tcp, World, Data = <<H, _/binary>>} -> + {ssl, World, Data = <<H, _/binary>>} -> gen_tcp:send(Erts, Data), io:format("Handshake World -> Erts ~p ~c~n",[size(Data), H]), loop_conn_setup(World, Erts); {tcp, Erts, Data = <<H, _/binary>>} -> - gen_tcp:send(World, Data), + ssl:send(World, Data), io:format("Handshake Erts -> World ~p ~c~n",[size(Data), H]), loop_conn_setup(World, Erts); - {tcp, World, Data} -> + {ssl, World, Data} -> gen_tcp:send(Erts, Data), io:format("World -> Erts ~p <<>>~n",[size(Data)]), - loop_conn(World, Erts); + loop_conn_setup(World, Erts); {tcp, Erts, Data} -> - gen_tcp:send(World, Data), + ssl:send(World, Data), io:format("Erts -> World ~p <<>>~n",[size(Data)]), - loop_conn(World, Erts); + loop_conn_setup(World, Erts); Other -> io:format("~p ~p~n",[?LINE, Other]) end. - loop_conn(World, Erts) -> receive - {tcp, World, Data = <<H, _/binary>>} -> + {ssl, World, Data = <<H, _/binary>>} -> gen_tcp:send(Erts, Data), io:format("World -> Erts ~p ~c~n",[size(Data), H]), loop_conn(World, Erts); {tcp, Erts, Data = <<H, _/binary>>} -> - gen_tcp:send(World, Data), + ssl:send(World, Data), io:format("Erts -> World ~p ~c~n",[size(Data), H]), loop_conn(World, Erts); - {tcp, World, Data} -> + {ssl, World, Data} -> gen_tcp:send(Erts, Data), io:format("World -> Erts ~p <<>>~n",[size(Data)]), loop_conn(World, Erts); {tcp, Erts, Data} -> - gen_tcp:send(World, Data), + ssl:send(World, Data), io:format("Erts -> World ~p <<>>~n",[size(Data)]), loop_conn(World, Erts); Other -> io:format("~p ~p~n",[?LINE, Other]) end. + +get_ssl_options(Type) -> + case init:get_argument(ssl_dist_opt) of + {ok, Args} -> + ssl_options(Type, Args); + _ -> + [] + end. + +ssl_options(_,[]) -> + []; +ssl_options(server, [["server_certfile", Value]|T]) -> + [{certfile, Value} | ssl_options(server,T)]; +ssl_options(client, [["client_certfile", Value]|T]) -> + [{certfile, Value} | ssl_options(client,T)]; +ssl_options(server, [["server_cacertfile", Value]|T]) -> + [{cacertfile, Value} | ssl_options(server,T)]; +ssl_options(server, [["server_keyfile", Value]|T]) -> + [{keyfile, Value} | ssl_options(server,T)]; +ssl_options(Type, [["client_certfile", _Value]|T]) -> + ssl_options(Type,T); +ssl_options(Type, [["server_certfile", _Value]|T]) -> + ssl_options(Type,T); +ssl_options(Type, [[Item, Value]|T]) -> + [{atomize(Item),fixup(Value)} | ssl_options(Type,T)]; +ssl_options(Type, [[Item,Value |T1]|T2]) -> + ssl_options(atomize(Type),[[Item,Value],T1|T2]); +ssl_options(_,_) -> + exit(malformed_ssl_dist_opt). + +fixup(Value) -> + case catch list_to_integer(Value) of + {'EXIT',_} -> + Value; + Int -> + Int + end. + +atomize(List) when is_list(List) -> + list_to_atom(List); +atomize(Atom) when is_atom(Atom) -> + Atom. diff --git a/lib/ssl/server.pem b/lib/ssl/server.pem new file mode 100644 index 0000000000..4e4aae5342 --- /dev/null +++ b/lib/ssl/server.pem @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIICezCCAeSgAwIBAgIFFX2Pz5EwDQYJKoZIhvcNAQEFBQAwczEcMBoGCSqGSIb3 +DQEJARYNQ0FAZXJsYW5nLm9yZzELMAkGA1UEAxMCQ0ExEjAQBgNVBAcTCVN0b2Nr +aG9sbTELMAkGA1UEBhMCU0UxDzANBgNVBAoTBmVybGFuZzEUMBIGA1UECxMLdGVz +dGluZyBkZXAwIhgPMjAxMDA4MjUwMDAwMDBaGA8yMDEwMDkwMTAwMDAwMFowdzEe +MBwGCSqGSIb3DQEJARYPZGd1ZEBlcmxhbmcub3JnMQ0wCwYDVQQDEwRkZ3VkMRIw +EAYDVQQHEwlTdG9ja2hvbG0xCzAJBgNVBAYTAlNFMQ8wDQYDVQQKEwZlcmxhbmcx +FDASBgNVBAsTC3Rlc3RpbmcgZGVwMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +gQDAu0FFOt/gZUz5DLBtqA/YUNrq+xXevXTsR1I/uxzNS+nYWkMN81W5oI2yXJ08 +LLdat6APru64DWRGQPMn6BTr4ti9l9Nq4jQEY96G2ee+YrB5SAduxkWwg2qyNMb3 +s4OIq56tp+pzty/v8VcapUTn3uKJv3SL0eYWxASD79WmdQIDAQABoxMwETAPBgNV +HRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAKaT0GL8gIlnPBJS+81CnQos +cMoZll7QdXLGxzSN1laxDrvHOHE9SAtrx1EJHcv8nh/jvhL715bVbnuaoAtgxQoW +KF3A7DziDEYhkZd20G80rC+i6rx3n/+9T51RPhzymNbgSQhuVBFs0JXL73HPEqeZ +wskDuSyiV8DCDjiwlgpq +-----END CERTIFICATE----- + +XXX Following key assumed not encrypted +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDAu0FFOt/gZUz5DLBtqA/YUNrq+xXevXTsR1I/uxzNS+nYWkMN +81W5oI2yXJ08LLdat6APru64DWRGQPMn6BTr4ti9l9Nq4jQEY96G2ee+YrB5SAdu +xkWwg2qyNMb3s4OIq56tp+pzty/v8VcapUTn3uKJv3SL0eYWxASD79WmdQIDAQAB +AoGAERwOjVDOsyMLFEj2GKYE0hVLefTUWjPDf35NZO79fZQxrE1HCqQBhjskmSLz +qnXlyR3oDbxf4OL/deUqMO6/fJHVOD7O9UQRK26f01IZoTq0WmBMFP2C7upafzgx +9gxddQ7j9B6rqz2agV/YUpvij7hfhXFmV/ogggeuVsyQ0AECQQDNSBH8WMVgky0I +QLa7MfBLsiHQ5FXmVYU6i9C/QUpL7SWu6eV3edAm7xbtcWnqXEMxeC7D9NIAxDhO +VaV21bR1AkEA8Flmsy/XRVPF2rmfz0o1Cc+9m6NZOQAUK9sHAXuL3HoTPcigS+f5 +fHbAGFPDBoolS9qRJs5AcL95majzpDnqAQJAJ/SjK47LvCRpW3XdG0p5DwK4+kO3 +RIHY0LBuDQvUPjsGXqk/9KVNEobu24B7sRYMLhDKaXG5flSy8OxSrHKkEQJBAKvg +ItMs+RK4r5qUd7Xy6S7VAlCUZa+fYM1j2gSzZvcJzUy3dfoSL5VUDlbXP3YjwDwY +VwibIfX+12SNL35XdAECQHLGnDKYLO3M7HCPf9Yp8tiOmD9mASKcXd3NdBg5mD/l +oOlKIQhdAQS0BLFhyASfb6hzY0Mj8B2Nq5Z3sq8yD1s= +-----END RSA PRIVATE KEY----- + |