Skip to content

Home

Jump to bottom Edit New page
Chris Maresca edited this page Jul 23, 2015 · 1 revision

From https://github.com/cloudflare/kyototycoon/commit/6ac18ed1ceef6f8b14e4654ee4e30f5076db91e8

(putting it here as it's a bit buried otherwise)

  1. Add code to support secure sockets to kyoto tycoon with openssl

This commit introduces secure communication inside kyoto tycoon.

The option '-sec' for ktserver enables the secure connection mode. Any incoming connection or outgoing replication from this server will be handled over a secure connection. Security is achieved by creating an SSL connection between the two endpoints. The internal format of the data is unchanged, only a layer of encryption is added. The default configuration of ktserver uses the regular unsecured http and binary tcp protocols.

The interface for this secure connection is in ktsocketsec.h and there is one implementation of this secure connection model in ktsocketopenssl.cc.

In order to upgrade KT modules in production to be able to listen on at least two different ports, one encrypted and one regular. This should be configurable with command line options. For this, KT server's secure mode requires the following options: -auxport: auxiliary port that kt will listen on, communication over this port will never use TLS and will be used as a backup when upgrading a network to using secure communication -sec: ktserver's main port should use a secure channel -pk : path to private key for SSL server -cert : path to certificate for SSL server -msec : the master server for replication is listening on a secure channel -rpk : path to private key for SSL replication client -rcert : path to certificate for SSL replication client

These changes required modifications to the KT RPC code in order to optionally run on the current thread (main kt server socket) or on a auxiliary thread (for the auxport server socket). This required making the kt::ThreadedServer class as a subclass of kc::Thread. Since there was already a "start" method in kt::ThreadedServer, this was renamed to start_listening and the start command from kc::Thread ends up calling it through run() if the server is intended to be started on a secondary thread.

Other changes include a cleanup of polymorphic functions and changes to only allocate initialize the SSL global context only once (using only pthreads for now).

Add ability to use client and server certificates signed by an ECC certificate authority. These certificates are included in this commit. There are a number of enhancements:

  • use the ciphersuite ECDHE-ECDSA-AES256-GCM-SHA384
  • enable mutual authentication
  • more detailed error transmission

Add support for the private cf-kdl library calls.

Use asn1-encoded key files, read from disk. This allows management of private keys to be handled outside of OpenSSL.

Use configure files to turn on encryption features independently. --have-sec-openssl : secure channels --have-cf-kdl : key decryption library

  1. Make backlog based on a macro

The backlog param of listen is usually set to a system-defined value (typically 128), instead set it to a value defined in this file (512).

  1. Misc changes
  • Allow KT to compile on GCC 4.7
  • Remove default -g0 option to enable symbols
  • Use a curve that is more broadly supported.
  • Add backwards-compatible Socket::open method

To allow older code to link against a KT .so which uses the old Socket::open signature added a Socket::open that accepts a single parameter (as before) and sets up an INSECURE connection.

This API should be considered deprecated and code should upgrade to secure Add new option for auxhost

This new optional CLI parameter -auxhost allows the optional secondary unencrypted port to be configured with a different host than the main host. If left out, this defaults to using the main host on auxport.

Update man pages

Add OpenSSL callbacks for thread-safety

OpenSSL can be used in a multi-threaded program but only if two callbacks (and an array of mutexes) is implemented. See

https://www.openssl.org/docs/crypto/threads.html

for complete details.

In the odd case where the SSL connection fails on either a bind, connect or accept, KT was leaking some OpenSSL structures and data.

Fix improperly separated change from ssl branch

Clean up for open source.

Add a custom footer
Add a custom sidebar
Clone this wiki locally