Client: implement SSL connection

By default SSL is turned off.
Enable it with -DTNTCXX_ENABLE_SSL.

Closes #28

Author: alyapunov

CMakeLists.txt

@@ -9,10 +9,34 @@ ENDIF()
 MESSAGE(STATUS "Build type: ${CMAKE_BUILD_TYPE}")
 FIND_PACKAGE (benchmark QUIET)
 
+SET(COMMON_LIB ev)
+
+# OpenSSL
+IF (TNTCXX_ENABLE_SSL)
+FIND_PACKAGE(OpenSSL)
+IF (OPENSSL_FOUND)
+    MESSAGE(STATUS "OpenSSL ${OPENSSL_VERSION} found")
+    INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
+ELSE()
+    MESSAGE(FATAL_ERROR "Could NOT find OpenSSL development files (libssl-dev/openssl-devel package)")
+ENDIF()
+
+# OpenSSL can require Z library (depending on build time options), so we add
+# it to libraries list in case of static openssl linking.
+IF(OPENSSL_USE_STATIC_LIBS)
+    SET(OPENSSL_LIBRARIES ${OPENSSL_LIBRARIES} ${ZLIB_LIBRARIES})
+ENDIF()
+
+SET(COMMON_LIB ${COMMON_LIB} ${OPENSSL_LIBRARIES})
+
+ENDIF() # IF (TNTCXX_ENABLE_SSL)
+
 SET(CMAKE_CXX_STANDARD 17)
 SET(CMAKE_C_STANDARD 11)
 ADD_COMPILE_OPTIONS(-Wall -Wextra -Werror)
 CONFIGURE_FILE(./test/cfg.lua test_cfg.lua COPYONLY)
+CONFIGURE_FILE(./test/cfg_ssl.lua test_cfg_ssl.lua COPYONLY)
+CONFIGURE_FILE(./test/gen_ssl.sh test_gen_ssl.sh COPYONLY)
 
 INCLUDE_DIRECTORIES(.)
 INCLUDE_DIRECTORIES(./src)
@@ -36,9 +60,14 @@ ADD_EXECUTABLE(EncDecUnit.test src/mpp/mpp.hpp test/EncDecTest.cpp)
 ADD_EXECUTABLE(Client.test src/Client/Connector.hpp test/ClientTest.cpp)
 ADD_EXECUTABLE(ClientPerfTest.test src/Client/Connector.hpp test/ClientPerfTest.cpp)
 ADD_EXECUTABLE(SimpleExample examples/Simple.cpp)
-TARGET_LINK_LIBRARIES(SimpleExample ev)
-TARGET_LINK_LIBRARIES(ClientPerfTest.test ev)
-TARGET_LINK_LIBRARIES(Client.test ev)
+TARGET_LINK_LIBRARIES(SimpleExample ${COMMON_LIB})
+TARGET_LINK_LIBRARIES(ClientPerfTest.test ${COMMON_LIB})
+TARGET_LINK_LIBRARIES(Client.test ${COMMON_LIB})
+IF (TNTCXX_ENABLE_SSL)
+    ADD_EXECUTABLE(ClientSSL.test src/Client/Connector.hpp test/ClientTest.cpp)
+    TARGET_LINK_LIBRARIES(ClientSSL.test ${COMMON_LIB})
+    TARGET_COMPILE_DEFINITIONS(ClientSSL.test PUBLIC TNTCXX_ENABLE_SSL)
+ENDIF()
 
 IF (benchmark_FOUND)
     ADD_EXECUTABLE(BufferGPerf.test src/Buffer/Buffer.hpp test/BufferGPerfTest.cpp)
@@ -59,3 +88,6 @@ ADD_TEST(NAME ListUnit.test COMMAND ListUnit.test)
 ADD_TEST(NAME RulesUnit.test COMMAND RulesUnit.test)
 ADD_TEST(NAME EncDecUnit.test COMMAND EncDecUnit.test)
 ADD_TEST(NAME Client.test COMMAND Client.test)
+IF (TNTCXX_ENABLE_SSL)
+    ADD_TEST(NAME ClientSSL.test COMMAND ClientSSL.test)
+ENDIF()

examples/Simple.cpp

@@ -125,7 +125,9 @@ main()
 	 * exception free, so we rely only on return codes.
 	 */
 	//doclabel06-1
-	int rc = client.connect(conn, address, port);
+	int rc = client.connect(conn, {.address = address,
+				       .service = std::to_string(port),
+				       /* .transport = STREAM_SSL, */});
 	//doclabel06-2
 	if (rc != 0) {
 		//assert(conn.getError().saved_errno != 0);
@@ -217,7 +219,9 @@ main()
 	//doclabel11-3
 	/* Let's create another connection. */
 	Connection<Buf_t, Net_t> another(client);
-	if (client.connect(another, address, port) != 0) {
+	if (client.connect(another, {.address = address,
+				     .service = std::to_string(port),
+				     /* .transport = STREAM_SSL, */}) != 0) {
 		std::cerr << conn.getError().msg << std::endl;
 		return -1;
 	}

src/Client/Connector.hpp

@@ -30,12 +30,22 @@
  * SUCH DAMAGE.
  */
 #include "Connection.hpp"
+
+#ifdef TNTCXX_ENABLE_SSL
+#include "UnixSSLStream.hpp"
+#else
 #include "UnixPlainStream.hpp"
+#endif
+
 #include "../Utils/Timer.hpp"
 
 #include <set>
 
+#ifdef TNTCXX_ENABLE_SSL
+using DefaultStream = UnixSSLStream;
+#else
 using DefaultStream = UnixPlainStream;
+#endif
 
 /**
  * MacOS does not have epoll so let's use Libev as default network provider.
@@ -59,6 +69,8 @@ class Connector
 	Connector(const Connector& connector) = delete;
 	Connector& operator = (const Connector& connector) = delete;
 	//////////////////////////////Main API//////////////////////////////////
+	int connect(Connection<BUFFER, NetProvider> &conn,
+		    const ConnectOptions &opts);
 	int connect(Connection<BUFFER, NetProvider> &conn,
 		    const std::string& addr, unsigned port);
 
@@ -94,19 +106,33 @@ Connector<BUFFER, NetProvider>::~Connector()
 template<class BUFFER, class NetProvider>
 int
 Connector<BUFFER, NetProvider>::connect(Connection<BUFFER, NetProvider> &conn,
-					const std::string& addr,
-					unsigned port)
+					const ConnectOptions &opts)
 {
 	//Make sure that connection is not yet established.
 	assert(conn.get_strm().has_status(SS_DEAD));
-	if (m_NetProvider.connect(conn, addr, port) != 0) {
-		LOG_ERROR("Failed to connect to ", addr, ':', port);
+	if (m_NetProvider.connect(conn, opts) != 0) {
+		LOG_ERROR("Failed to connect to ",
+			  opts.address, ':', opts.service);
 		return -1;
 	}
-	LOG_DEBUG("Connection to ", addr, ':', port, " has been established");
+	LOG_DEBUG("Connection to ", opts.address, ':', opts.service,
+		  " has been established");
 	return 0;
 }
 
+template<class BUFFER, class NetProvider>
+int
+Connector<BUFFER, NetProvider>::connect(Connection<BUFFER, NetProvider> &conn,
+					const std::string& addr,
+					unsigned port)
+{
+	std::string service = port == 0 ? std::string{} : std::to_string(port);
+	return connect(conn, {
+		.address = addr,
+		.service = service,
+	});
+}
+
 template<class BUFFER, class NetProvider>
 void
 Connector<BUFFER, NetProvider>::close(Connection<BUFFER, NetProvider> &conn)

src/Client/EpollNetProvider.hpp

@@ -58,7 +58,7 @@ class EpollNetProvider {
 	using Connector_t = Connector<BUFFER, NetProvider_t >;
 	EpollNetProvider(Connector_t &connector);
 	~EpollNetProvider();
-	int connect(Conn_t &conn, const std::string& addr, uint16_t port);
+	int connect(Conn_t &conn, const ConnectOptions &opts);
 	void close(Conn_t &conn);
 	/** Read and write to sockets; polling using epoll. */
 	int wait(int timeout);
@@ -135,21 +135,16 @@ EpollNetProvider<BUFFER, Stream>::setPollSetting(Conn_t &conn, int setting) {
 
 template<class BUFFER, class Stream>
 int
-EpollNetProvider<BUFFER, Stream>::connect(Conn_t &conn, const std::string &addr,
-					  uint16_t port)
+EpollNetProvider<BUFFER, Stream>::connect(Conn_t &conn,
+					  const ConnectOptions &opts)
 {
 	auto &strm = conn.get_strm();
-	std::string service = port == 0 ? std::string{} : std::to_string(port);
-	if (strm.connect({
-				 .address = addr,
-				 .service = service,
-			 }) < 0) {
-		conn.setError(
-			std::string("Failed to establish connection to ") +
-			std::string(addr));
+	if (strm.connect(opts) < 0) {
+		conn.setError("Failed to establish connection to " +
+			      opts.address);
 		return -1;
 	}
-	LOG_DEBUG("Connected to ", addr, ", socket is ", strm.get_fd());
+	LOG_DEBUG("Connected to ", opts.address, ", socket is ", strm.get_fd());
 	conn.getImpl()->is_greeting_received = false;
 
 	registerEpoll(conn);

src/Client/LibevNetProvider.hpp

@@ -90,7 +90,7 @@ class LibevNetProvider {
 	using Connector_t = Connector<BUFFER, NetProvider_t >;
 
 	LibevNetProvider(Connector_t &connector, struct ev_loop *loop = nullptr);
-	int connect(Conn_t &conn, const std::string& addr, uint16_t port);
+	int connect(Conn_t &conn, const ConnectOptions &opts);
 	void close(Conn_t &conn);
 	int wait(int timeout);
 
@@ -285,21 +285,16 @@ LibevNetProvider<BUFFER, Stream>::registerWatchers(Conn_t &conn, int fd)
 
 template<class BUFFER, class Stream>
 int
-LibevNetProvider<BUFFER, Stream>::connect(Conn_t &conn, const std::string &addr,
-					  uint16_t port)
+LibevNetProvider<BUFFER, Stream>::connect(Conn_t &conn,
+					  const ConnectOptions &opts)
 {
 	auto &strm = conn.get_strm();
-	std::string service = port == 0 ? std::string{} : std::to_string(port);
-	if (strm.connect({
-				 .address = addr,
-				 .service = service,
-			 }) < 0) {
-		conn.setError(
-			std::string("Failed to establish connection to ") +
-			std::string(addr));
+	if (strm.connect(opts) < 0) {
+		conn.setError("Failed to establish connection to " +
+			      opts.address);
 		return -1;
 	}
-	LOG_DEBUG("Connected to ", addr, ", socket is ", strm.get_fd());
+	LOG_DEBUG("Connected to ", opts.address, ", socket is ", strm.get_fd());
 	conn.getImpl()->is_greeting_received = false;
 
 	registerWatchers(conn, strm.get_fd());

src/Client/Stream.hpp

@@ -98,6 +98,14 @@ struct ConnectOptions {
 	/** Time span limit for connection establishment. */
 	size_t connect_timeout = DEFAULT_CONNECT_TIMEOUT;
 
+	/** SSL settings. */
+	std::string ssl_cert_file{};
+	std::string ssl_key_file{};
+	std::string ssl_ca_file{};
+	std::string ssl_ciphers{};
+	std::string ssl_passwd{};
+	std::string ssl_passwd_file{};
+
 	/** Standard output. */
 	friend inline std::ostream &
 	operator<<(std::ostream &strm, const ConnectOptions &opts);