From 7c4944de8331a10adaa8f85919020189a7f26ff5 Mon Sep 17 00:00:00 2001 From: Jan Steemann Date: Fri, 13 Dec 2013 17:53:51 +0100 Subject: [PATCH] added --server.ssl-protocol option for client tools Conflicts: arangosh/Benchmark/BenchmarkThread.h lib/GeneralServer/SslAsyncCommTask.h --- CHANGELOG | 6 +++ arangod/Replication/Syncer.cpp | 7 ++-- .../RestHandler/RestReplicationHandler.cpp | 5 ++- arangod/Utils/Transaction.h | 3 +- arangod/V8Server/v8-vocbase.cpp | 6 +++ arangod/VocBase/document-collection.c | 12 ++++-- arangod/VocBase/key-generator.c | 10 +++-- arangod/VocBase/key-generator.h | 2 +- arangod/VocBase/primary-collection.h | 2 +- arangod/VocBase/replication-applier.c | 13 ++++++ arangod/VocBase/replication-applier.h | 1 + arangod/VocBase/replication-logger.c | 3 +- arangod/VocBase/transaction.c | 1 + arangoirb/MRClient/MRubyClientConnection.cpp | 3 +- arangosh/ArangoShell/ArangoClient.cpp | 12 +++++- arangosh/ArangoShell/ArangoClient.h | 12 ++++++ arangosh/Benchmark/BenchmarkThread.h | 10 ++++- arangosh/Benchmark/arangob.cpp | 1 + arangosh/V8Client/V8ClientConnection.cpp | 3 +- arangosh/V8Client/V8ClientConnection.h | 1 + arangosh/V8Client/arangodump.cpp | 3 +- arangosh/V8Client/arangoimp.cpp | 1 + arangosh/V8Client/arangorestore.cpp | 3 +- arangosh/V8Client/arangosh.cpp | 1 + arangosh/V8Client/check-server.cpp | 3 +- js/server/tests/dump-setup.js | 3 ++ js/server/tests/dump.js | 10 ++++- lib/GeneralServer/SslAsyncCommTask.h | 2 +- .../GeneralClientConnection.cpp | 5 ++- .../GeneralClientConnection.h | 6 ++- lib/SimpleHttpClient/SslClientConnection.cpp | 40 +++++++++++++++++-- lib/SimpleHttpClient/SslClientConnection.h | 3 +- lib/V8/v8-utils.cpp | 2 +- 33 files changed, 161 insertions(+), 34 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 8cae372a2d..2167047530 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -101,6 +101,12 @@ v1.5.x (XXXX-XX-XX) v1.4.x (XXXX-XX-XX) ------------------- +* added `--server.ssl-protocol` option for client tools + this allows connecting from arangosh, arangoimp, arangoimp etc. to an ArangoDB + server that uses a non-default value for `--server.ssl-protocol`. The default + value for the SSL protocol is 4 (TLSv1). If the server is configured to use a + different protocol, it was not possible to connect to it with the client tools. + * added more detailed request statistics This adds the number of async-executed HTTP requests plus the number of HTTP diff --git a/arangod/Replication/Syncer.cpp b/arangod/Replication/Syncer.cpp index 72c32cd26c..e1bb5e7aa9 100644 --- a/arangod/Replication/Syncer.cpp +++ b/arangod/Replication/Syncer.cpp @@ -120,7 +120,8 @@ Syncer::Syncer (TRI_vocbase_t* vocbase, _connection = GeneralClientConnection::factory(_endpoint, _configuration._requestTimeout, _configuration._connectTimeout, - (size_t) _configuration._maxConnectRetries); + (size_t) _configuration._maxConnectRetries, + (uint32_t) _configuration._sslProtocol); if (_connection != 0) { _client = new SimpleHttpClient(_connection, _configuration._requestTimeout, false); @@ -303,7 +304,7 @@ int Syncer::applyCollectionDumpMarker (TRI_transaction_collection_t* trxCollecti } if (res == TRI_ERROR_NO_ERROR) { - res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_EDGE, shaped, &edge, false, false); + res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_EDGE, shaped, &edge, false, false, true); } } else { @@ -312,7 +313,7 @@ int Syncer::applyCollectionDumpMarker (TRI_transaction_collection_t* trxCollecti res = TRI_ERROR_ARANGO_COLLECTION_TYPE_INVALID; } else { - res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_DOCUMENT, shaped, 0, false, false); + res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_DOCUMENT, shaped, 0, false, false, true); } } } diff --git a/arangod/RestHandler/RestReplicationHandler.cpp b/arangod/RestHandler/RestReplicationHandler.cpp index a989eb5321..8f948dcfd4 100644 --- a/arangod/RestHandler/RestReplicationHandler.cpp +++ b/arangod/RestHandler/RestReplicationHandler.cpp @@ -1962,7 +1962,7 @@ int RestReplicationHandler::applyCollectionDumpMarker (CollectionNameResolver co } if (res == TRI_ERROR_NO_ERROR) { - res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_EDGE, shaped, &edge, false, false); + res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_EDGE, shaped, &edge, false, false, true); } } else { @@ -1971,7 +1971,7 @@ int RestReplicationHandler::applyCollectionDumpMarker (CollectionNameResolver co res = TRI_ERROR_ARANGO_COLLECTION_TYPE_INVALID; } else { - res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_DOCUMENT, shaped, 0, false, false); + res = primary->insert(trxCollection, key, rid, &mptr, TRI_DOC_MARKER_KEY_DOCUMENT, shaped, 0, false, false, true); } } } @@ -2959,6 +2959,7 @@ void RestReplicationHandler::handleCommandApplierSetConfig () { config._connectTimeout = JsonHelper::getNumericValue(json, "connectTimeout", config._connectTimeout); config._ignoreErrors = JsonHelper::getNumericValue(json, "ignoreErrors", config._ignoreErrors); config._maxConnectRetries = JsonHelper::getNumericValue(json, "maxConnectRetries", config._maxConnectRetries); + config._sslProtocol = JsonHelper::getNumericValue(json, "sslProtocol", config._sslProtocol); config._chunkSize = JsonHelper::getNumericValue(json, "chunkSize", config._chunkSize); config._autoStart = JsonHelper::getBooleanValue(json, "autoStart", config._autoStart); config._adaptivePolling = JsonHelper::getBooleanValue(json, "adaptivePolling", config._adaptivePolling); diff --git a/arangod/Utils/Transaction.h b/arangod/Utils/Transaction.h index de8af7fade..3f569423d3 100644 --- a/arangod/Utils/Transaction.h +++ b/arangod/Utils/Transaction.h @@ -848,7 +848,8 @@ namespace triagens { shaped, data, ! isLocked(trxCollection, TRI_TRANSACTION_WRITE), - forceSync); + forceSync, + false); return res; } diff --git a/arangod/V8Server/v8-vocbase.cpp b/arangod/V8Server/v8-vocbase.cpp index 59f64c682d..49cb960818 100644 --- a/arangod/V8Server/v8-vocbase.cpp +++ b/arangod/V8Server/v8-vocbase.cpp @@ -3593,6 +3593,12 @@ static v8::Handle JS_ConfigureApplierReplication (v8::Arguments const } } + if (object->Has(TRI_V8_SYMBOL("sslProtocol"))) { + if (object->Get(TRI_V8_SYMBOL("sslProtocol"))->IsNumber()) { + config._sslProtocol = (uint32_t) TRI_ObjectToUInt64(object->Get(TRI_V8_SYMBOL("sslProtocol")), false); + } + } + if (object->Has(TRI_V8_SYMBOL("chunkSize"))) { if (object->Get(TRI_V8_SYMBOL("chunkSize"))->IsNumber()) { config._chunkSize = TRI_ObjectToUInt64(object->Get(TRI_V8_SYMBOL("chunkSize")), true); diff --git a/arangod/VocBase/document-collection.c b/arangod/VocBase/document-collection.c index 6817c2780d..1cc6f5dd20 100644 --- a/arangod/VocBase/document-collection.c +++ b/arangod/VocBase/document-collection.c @@ -439,7 +439,8 @@ static int CreateDocumentMarker (TRI_primary_collection_t* primary, const TRI_df_marker_type_e markerType, TRI_voc_key_t key, TRI_shaped_json_t const* shaped, - void const* data) { + void const* data, + bool isRestore) { char* mem; TRI_doc_document_key_marker_t* marker; TRI_key_generator_t* keyGenerator; @@ -468,7 +469,8 @@ static int CreateDocumentMarker (TRI_primary_collection_t* primary, tick, key, (char*) &keyBuffer, - &keySize); + &keySize, + isRestore); if (res != TRI_ERROR_NO_ERROR) { // key generation failed @@ -1583,7 +1585,8 @@ static int InsertShapedJson (TRI_transaction_collection_t* trxCollection, TRI_shaped_json_t const* shaped, void const* data, const bool lock, - const bool forceSync) { + const bool forceSync, + const bool isRestore) { TRI_primary_collection_t* primary; TRI_doc_document_key_marker_t* marker; @@ -1611,7 +1614,8 @@ static int InsertShapedJson (TRI_transaction_collection_t* trxCollection, markerType, key, shaped, - data); + data, + isRestore); if (res != TRI_ERROR_NO_ERROR) { return res; diff --git a/arangod/VocBase/key-generator.c b/arangod/VocBase/key-generator.c index 47c4f570dc..a7300c276d 100644 --- a/arangod/VocBase/key-generator.c +++ b/arangod/VocBase/key-generator.c @@ -232,7 +232,8 @@ static int TraditionalGenerate (TRI_key_generator_t* const generator, const TRI_voc_tick_t tick, const char* const userKey, char* const outBuffer, - size_t* const outLength) { + size_t* const outLength, + bool isRestore) { traditional_keygen_t* data; char* current; @@ -245,7 +246,7 @@ static int TraditionalGenerate (TRI_key_generator_t* const generator, size_t userKeyLength; // user has specified a key - if (! data->_allowUserKeys) { + if (! data->_allowUserKeys && ! isRestore) { // we do not allow user-generated keys return TRI_ERROR_ARANGO_DOCUMENT_KEY_UNEXPECTED; } @@ -475,7 +476,8 @@ static int AutoIncrementGenerate (TRI_key_generator_t* const generator, const TRI_voc_tick_t tick, const char* const userKey, char* const outBuffer, - size_t* const outLength) { + size_t* const outLength, + bool isRestore) { autoincrement_keygen_t* data; char* current; @@ -489,7 +491,7 @@ static int AutoIncrementGenerate (TRI_key_generator_t* const generator, size_t userKeyLength; // user has specified a key - if (! data->_allowUserKeys) { + if (! data->_allowUserKeys && ! isRestore) { // we do not allow user-generated keys return TRI_ERROR_ARANGO_DOCUMENT_KEY_UNEXPECTED; } diff --git a/arangod/VocBase/key-generator.h b/arangod/VocBase/key-generator.h index 08c7deac2e..4177861669 100644 --- a/arangod/VocBase/key-generator.h +++ b/arangod/VocBase/key-generator.h @@ -78,7 +78,7 @@ typedef struct TRI_key_generator_s { void* _data; int (*init)(struct TRI_key_generator_s* const, const struct TRI_json_s* const); - int (*generate)(struct TRI_key_generator_s* const, const size_t, const TRI_voc_tick_t, const char* const, char* const, size_t* const); + int (*generate)(struct TRI_key_generator_s* const, const size_t, const TRI_voc_tick_t, const char* const, char* const, size_t* const, bool); void (*track)(struct TRI_key_generator_s* const, const TRI_voc_key_t); void (*free)(struct TRI_key_generator_s* const); struct TRI_json_s* (*toJson)(const struct TRI_key_generator_s* const); diff --git a/arangod/VocBase/primary-collection.h b/arangod/VocBase/primary-collection.h index dea5334fe7..0cd8c04438 100644 --- a/arangod/VocBase/primary-collection.h +++ b/arangod/VocBase/primary-collection.h @@ -326,7 +326,7 @@ typedef struct TRI_primary_collection_s { #endif int (*notifyTransaction) (struct TRI_primary_collection_s*, TRI_transaction_status_e); - int (*insert) (struct TRI_transaction_collection_s*, const TRI_voc_key_t, TRI_voc_rid_t, TRI_doc_mptr_t*, TRI_df_marker_type_e, TRI_shaped_json_t const*, void const*, const bool, const bool); + int (*insert) (struct TRI_transaction_collection_s*, const TRI_voc_key_t, TRI_voc_rid_t, TRI_doc_mptr_t*, TRI_df_marker_type_e, TRI_shaped_json_t const*, void const*, const bool, const bool, const bool); int (*read) (struct TRI_transaction_collection_s*, const TRI_voc_key_t, TRI_doc_mptr_t*, const bool); diff --git a/arangod/VocBase/replication-applier.c b/arangod/VocBase/replication-applier.c index ea097b9503..3317fd6043 100644 --- a/arangod/VocBase/replication-applier.c +++ b/arangod/VocBase/replication-applier.c @@ -173,6 +173,11 @@ static TRI_json_t* JsonConfiguration (TRI_replication_applier_configuration_t co json, "maxConnectRetries", TRI_CreateNumberJson(TRI_CORE_MEM_ZONE, (double) config->_maxConnectRetries)); + + TRI_Insert3ArrayJson(TRI_CORE_MEM_ZONE, + json, + "sslProtocol", + TRI_CreateNumberJson(TRI_CORE_MEM_ZONE, (double) config->_sslProtocol)); TRI_Insert3ArrayJson(TRI_CORE_MEM_ZONE, json, @@ -304,6 +309,12 @@ static int LoadConfiguration (TRI_vocbase_t* vocbase, config->_maxConnectRetries = (uint64_t) value->_value._number; } + value = TRI_LookupArrayJson(json, "sslProtocol"); + + if (TRI_IsNumberJson(value)) { + config->_sslProtocol = (uint32_t) value->_value._number; + } + value = TRI_LookupArrayJson(json, "chunkSize"); if (TRI_IsNumberJson(value)) { @@ -1184,6 +1195,7 @@ void TRI_InitConfigurationReplicationApplier (TRI_replication_applier_configurat config->_requestTimeout = 300.0; config->_connectTimeout = 10.0; config->_maxConnectRetries = 100; + config->_sslProtocol = 0; config->_autoStart = false; config->_chunkSize = 0; config->_adaptivePolling = true; @@ -1253,6 +1265,7 @@ void TRI_CopyConfigurationReplicationApplier (TRI_replication_applier_configurat dst->_connectTimeout = src->_connectTimeout; dst->_ignoreErrors = src->_ignoreErrors; dst->_maxConnectRetries = src->_maxConnectRetries; + dst->_sslProtocol = src->_sslProtocol; dst->_chunkSize = src->_chunkSize; dst->_autoStart = src->_autoStart; dst->_adaptivePolling = src->_adaptivePolling; diff --git a/arangod/VocBase/replication-applier.h b/arangod/VocBase/replication-applier.h index 7dfee43dcb..2c02adc7cc 100644 --- a/arangod/VocBase/replication-applier.h +++ b/arangod/VocBase/replication-applier.h @@ -74,6 +74,7 @@ typedef struct TRI_replication_applier_configuration_s { uint64_t _ignoreErrors; uint64_t _maxConnectRetries; uint64_t _chunkSize; + uint32_t _sslProtocol; bool _autoStart; bool _adaptivePolling; } diff --git a/arangod/VocBase/replication-logger.c b/arangod/VocBase/replication-logger.c index 5a9c06a124..d4f772f8c6 100644 --- a/arangod/VocBase/replication-logger.c +++ b/arangod/VocBase/replication-logger.c @@ -525,7 +525,8 @@ static int LogEvent (TRI_replication_logger_t* logger, shaped, NULL, isStandaloneOperation, - forceSync); + forceSync, + false); TRI_FreeShapedJson(zone, shaped); diff --git a/arangod/VocBase/transaction.c b/arangod/VocBase/transaction.c index 1b8c4b9a9c..05a952ed1b 100644 --- a/arangod/VocBase/transaction.c +++ b/arangod/VocBase/transaction.c @@ -440,6 +440,7 @@ static int InsertTrxCallback (TRI_transaction_collection_t* trxCollection, shaped, NULL, false, + false, false); TRI_FreeShapedJson(zone, shaped); diff --git a/arangoirb/MRClient/MRubyClientConnection.cpp b/arangoirb/MRClient/MRubyClientConnection.cpp index 9733497e5c..2bab765a9f 100644 --- a/arangoirb/MRClient/MRubyClientConnection.cpp +++ b/arangoirb/MRClient/MRubyClientConnection.cpp @@ -78,7 +78,8 @@ MRubyClientConnection::MRubyClientConnection (mrb_state* mrb, _client(0), _httpResult(0) { - _connection = GeneralClientConnection::factory(endpoint, connectionTimeout, requestTimeout, numRetries); + _connection = GeneralClientConnection::factory(endpoint, connectionTimeout, requestTimeout, numRetries, 0); + if (_connection == 0) { throw "out of memory"; } diff --git a/arangosh/ArangoShell/ArangoClient.cpp b/arangosh/ArangoShell/ArangoClient.cpp index 9fe8a7832f..307d56cf8c 100644 --- a/arangosh/ArangoShell/ArangoClient.cpp +++ b/arangosh/ArangoShell/ArangoClient.cpp @@ -110,7 +110,8 @@ ArangoClient::ArangoClient () _password(""), _hasPassword(false), _connectTimeout(DEFAULT_CONNECTION_TIMEOUT), - _requestTimeout(DEFAULT_REQUEST_TIMEOUT) { + _requestTimeout(DEFAULT_REQUEST_TIMEOUT), + _sslProtocol(4) { char* p = TRI_GetTempPath(); @@ -241,6 +242,7 @@ void ArangoClient::setupServer (ProgramOptionsDescription& description) { ("server.password", &_password, "password to use when connecting. Don't specify this option to get a password prompt") ("server.connect-timeout", &_connectTimeout, "connect timeout in seconds") ("server.request-timeout", &_requestTimeout, "request timeout in seconds") + ("server.ssl-protocol", &_sslProtocol, "1 = SSLv2, 2 = SSLv23, 3 = SSLv3, 4 = TLSv1") ; description(clientOptions, false); @@ -827,6 +829,14 @@ double ArangoClient::requestTimeout () const { return _requestTimeout; } +//////////////////////////////////////////////////////////////////////////////// +/// @brief ssl protocol +//////////////////////////////////////////////////////////////////////////////// + +uint32_t ArangoClient::sslProtocol () const { + return _sslProtocol; +} + // ----------------------------------------------------------------------------- // --SECTION-- END-OF-FILE // ----------------------------------------------------------------------------- diff --git a/arangosh/ArangoShell/ArangoClient.h b/arangosh/ArangoShell/ArangoClient.h index cb2816d0a2..823c662baf 100644 --- a/arangosh/ArangoShell/ArangoClient.h +++ b/arangosh/ArangoShell/ArangoClient.h @@ -415,6 +415,12 @@ namespace triagens { double requestTimeout () const; +//////////////////////////////////////////////////////////////////////////////// +/// @brief ssl protocol +//////////////////////////////////////////////////////////////////////////////// + + uint32_t sslProtocol () const; + //////////////////////////////////////////////////////////////////////////////// /// @} //////////////////////////////////////////////////////////////////////////////// @@ -589,6 +595,12 @@ namespace triagens { //////////////////////////////////////////////////////////////////////////////// double _requestTimeout; + +//////////////////////////////////////////////////////////////////////////////// +/// @brief ssl protocol +//////////////////////////////////////////////////////////////////////////////// + + uint32_t _sslProtocol; }; } } diff --git a/arangosh/Benchmark/BenchmarkThread.h b/arangosh/Benchmark/BenchmarkThread.h index 86da068e67..bdecba3fcd 100644 --- a/arangosh/Benchmark/BenchmarkThread.h +++ b/arangosh/Benchmark/BenchmarkThread.h @@ -83,6 +83,7 @@ namespace triagens { const string& password, double requestTimeout, double connectTimeout, + uint32_t sslProtocol, bool keepAlive, bool async) : Thread("arangob"), @@ -100,6 +101,7 @@ namespace triagens { _password(password), _requestTimeout(requestTimeout), _connectTimeout(connectTimeout), + _sslProtocol(sslProtocol), _keepAlive(keepAlive), _async(async), _client(0), @@ -145,7 +147,7 @@ namespace triagens { //////////////////////////////////////////////////////////////////////////////// virtual void run () { - _connection = GeneralClientConnection::factory(_endpoint, _requestTimeout, _connectTimeout, 3); + _connection = GeneralClientConnection::factory(_endpoint, _requestTimeout, _connectTimeout, 3, _sslProtocol); if (_connection == 0) { LOG_FATAL_AND_EXIT("out of memory"); @@ -527,6 +529,12 @@ namespace triagens { double _connectTimeout; +//////////////////////////////////////////////////////////////////////////////// +/// @brief ssl protocol +//////////////////////////////////////////////////////////////////////////////// + + uint32_t _sslProtocol; + //////////////////////////////////////////////////////////////////////////////// /// @brief use HTTP keep-alive //////////////////////////////////////////////////////////////////////////////// diff --git a/arangosh/Benchmark/arangob.cpp b/arangosh/Benchmark/arangob.cpp index b4b73551b7..f305d61cf0 100644 --- a/arangosh/Benchmark/arangob.cpp +++ b/arangosh/Benchmark/arangob.cpp @@ -379,6 +379,7 @@ int main (int argc, char* argv[]) { BaseClient.password(), BaseClient.requestTimeout(), BaseClient.connectTimeout(), + BaseClient.sslProtocol(), KeepAlive, Async); diff --git a/arangosh/V8Client/V8ClientConnection.cpp b/arangosh/V8Client/V8ClientConnection.cpp index 31d858cfd3..277c8c7de6 100644 --- a/arangosh/V8Client/V8ClientConnection.cpp +++ b/arangosh/V8Client/V8ClientConnection.cpp @@ -62,6 +62,7 @@ V8ClientConnection::V8ClientConnection (Endpoint* endpoint, double requestTimeout, double connectTimeout, size_t numRetries, + uint32_t sslProtocol, bool warn) : _connection(0), _databaseName(databaseName), @@ -71,7 +72,7 @@ V8ClientConnection::V8ClientConnection (Endpoint* endpoint, _httpResult(0) { - _connection = GeneralClientConnection::factory(endpoint, requestTimeout, connectTimeout, numRetries); + _connection = GeneralClientConnection::factory(endpoint, requestTimeout, connectTimeout, numRetries, sslProtocol); if (_connection == 0) { throw "out of memory"; diff --git a/arangosh/V8Client/V8ClientConnection.h b/arangosh/V8Client/V8ClientConnection.h index 58cc232487..b9da50c7f3 100644 --- a/arangosh/V8Client/V8ClientConnection.h +++ b/arangosh/V8Client/V8ClientConnection.h @@ -83,6 +83,7 @@ namespace triagens { double, double, size_t, + uint32_t, bool); //////////////////////////////////////////////////////////////////////////////// diff --git a/arangosh/V8Client/arangodump.cpp b/arangosh/V8Client/arangodump.cpp index 0866ba77fb..2546de91c8 100644 --- a/arangosh/V8Client/arangodump.cpp +++ b/arangosh/V8Client/arangodump.cpp @@ -890,7 +890,8 @@ int main (int argc, char* argv[]) { Connection = GeneralClientConnection::factory(BaseClient.endpointServer(), BaseClient.requestTimeout(), BaseClient.connectTimeout(), - ArangoClient::DEFAULT_RETRIES); + ArangoClient::DEFAULT_RETRIES, + BaseClient.sslProtocol()); if (Connection == 0) { cerr << "out of memory" << endl; diff --git a/arangosh/V8Client/arangoimp.cpp b/arangosh/V8Client/arangoimp.cpp index 2b4915201f..2e2b49dd7e 100644 --- a/arangosh/V8Client/arangoimp.cpp +++ b/arangosh/V8Client/arangoimp.cpp @@ -300,6 +300,7 @@ int main (int argc, char* argv[]) { BaseClient.requestTimeout(), BaseClient.connectTimeout(), ArangoClient::DEFAULT_RETRIES, + BaseClient.sslProtocol(), false); if (! ClientConnection->isConnected() || ClientConnection->getLastHttpReturnCode() != HttpResponse::OK) { diff --git a/arangosh/V8Client/arangorestore.cpp b/arangosh/V8Client/arangorestore.cpp index 672b69fcdb..5c39094083 100644 --- a/arangosh/V8Client/arangorestore.cpp +++ b/arangosh/V8Client/arangorestore.cpp @@ -884,7 +884,8 @@ int main (int argc, char* argv[]) { Connection = GeneralClientConnection::factory(BaseClient.endpointServer(), BaseClient.requestTimeout(), BaseClient.connectTimeout(), - ArangoClient::DEFAULT_RETRIES); + ArangoClient::DEFAULT_RETRIES, + BaseClient.sslProtocol()); if (Connection == 0) { cerr << "out of memory" << endl; diff --git a/arangosh/V8Client/arangosh.cpp b/arangosh/V8Client/arangosh.cpp index 3126b0390e..e6bf4a8a06 100644 --- a/arangosh/V8Client/arangosh.cpp +++ b/arangosh/V8Client/arangosh.cpp @@ -424,6 +424,7 @@ static V8ClientConnection* CreateConnection () { BaseClient.requestTimeout(), BaseClient.connectTimeout(), ArangoClient::DEFAULT_RETRIES, + BaseClient.sslProtocol(), false); } diff --git a/arangosh/V8Client/check-server.cpp b/arangosh/V8Client/check-server.cpp index 49400f11d9..2de1243023 100644 --- a/arangosh/V8Client/check-server.cpp +++ b/arangosh/V8Client/check-server.cpp @@ -131,7 +131,8 @@ static V8ClientConnection* CreateConnection (Endpoint* endpoint) { 300, // request timeout 3, // connection timeout 3, // retries - false); + false, + 0); } // ----------------------------------------------------------------------------- diff --git a/js/server/tests/dump-setup.js b/js/server/tests/dump-setup.js index 36a508f6f9..dd50dff692 100644 --- a/js/server/tests/dump-setup.js +++ b/js/server/tests/dump-setup.js @@ -119,6 +119,9 @@ increment: 42 } }); + for (i = 0; i < 1000; ++i) { + c.save({ value: i, more: { value: [ i, i ] } }); + } // strings c = db._create("UnitTestsDumpStrings"); diff --git a/js/server/tests/dump.js b/js/server/tests/dump.js index c9b7ceb91f..b725064067 100644 --- a/js/server/tests/dump.js +++ b/js/server/tests/dump.js @@ -284,7 +284,15 @@ function dumpTestSuite () { assertEqual(1, c.getIndexes().length); // just primary index assertEqual("primary", c.getIndexes()[0].type); - assertEqual(0, c.count()); + assertEqual(1000, c.count()); + + for (var i = 0; i < 1000; ++i) { + var doc = c.document(String(7 + (i * 42))); + + assertEqual(String(7 + (i * 42)), doc._key); + assertEqual(i, doc.value); + assertEqual({ value: [ i, i ] }, doc.more); + } }, //////////////////////////////////////////////////////////////////////////////// diff --git a/lib/GeneralServer/SslAsyncCommTask.h b/lib/GeneralServer/SslAsyncCommTask.h index a163abdb76..c4fa6ccd45 100644 --- a/lib/GeneralServer/SslAsyncCommTask.h +++ b/lib/GeneralServer/SslAsyncCommTask.h @@ -195,7 +195,7 @@ namespace triagens { return true; } else { - LOG_WARNING("error in SSL handshake: %s", triagens::basics::lastSSLError().c_str()); + LOG_TRACE("error in SSL handshake: %s", triagens::basics::lastSSLError().c_str()); return false; } } diff --git a/lib/SimpleHttpClient/GeneralClientConnection.cpp b/lib/SimpleHttpClient/GeneralClientConnection.cpp index 31f87ddaf7..12de57e0e3 100644 --- a/lib/SimpleHttpClient/GeneralClientConnection.cpp +++ b/lib/SimpleHttpClient/GeneralClientConnection.cpp @@ -87,12 +87,13 @@ GeneralClientConnection::~GeneralClientConnection () { GeneralClientConnection* GeneralClientConnection::factory (Endpoint* endpoint, double requestTimeout, double connectTimeout, - size_t numRetries) { + size_t numRetries, + uint32_t sslProtocol) { if (endpoint->getEncryption() == Endpoint::ENCRYPTION_NONE) { return new ClientConnection(endpoint, requestTimeout, connectTimeout, numRetries); } else if (endpoint->getEncryption() == Endpoint::ENCRYPTION_SSL) { - return new SslClientConnection(endpoint, requestTimeout, connectTimeout, numRetries); + return new SslClientConnection(endpoint, requestTimeout, connectTimeout, numRetries, sslProtocol); } else { return 0; diff --git a/lib/SimpleHttpClient/GeneralClientConnection.h b/lib/SimpleHttpClient/GeneralClientConnection.h index 6e7227494b..6991405388 100644 --- a/lib/SimpleHttpClient/GeneralClientConnection.h +++ b/lib/SimpleHttpClient/GeneralClientConnection.h @@ -117,7 +117,11 @@ namespace triagens { /// @brief create a new connection from an endpoint //////////////////////////////////////////////////////////////////////////////// - static GeneralClientConnection* factory (triagens::rest::Endpoint*, double, double, size_t); + static GeneralClientConnection* factory (triagens::rest::Endpoint*, + double, + double, + size_t, + uint32_t); //////////////////////////////////////////////////////////////////////////////// /// @brief return the endpoint diff --git a/lib/SimpleHttpClient/SslClientConnection.cpp b/lib/SimpleHttpClient/SslClientConnection.cpp index 7c434d2465..54979b3db5 100644 --- a/lib/SimpleHttpClient/SslClientConnection.cpp +++ b/lib/SimpleHttpClient/SslClientConnection.cpp @@ -29,6 +29,8 @@ #include "Basics/ssl-helper.h" #include "BasicsC/socket-utils.h" +#include "GeneralServer/GeneralSslServer.h" +#include "HttpServer/HttpsServer.h" #ifdef TRI_HAVE_LINUX_SOCKETS #include @@ -45,7 +47,7 @@ #include - +#include @@ -70,15 +72,47 @@ using namespace std; SslClientConnection::SslClientConnection (Endpoint* endpoint, double requestTimeout, double connectTimeout, - size_t connectRetries) : + size_t connectRetries, + uint32_t sslProtocol) : GeneralClientConnection(endpoint, requestTimeout, connectTimeout, connectRetries), _ssl(0), _ctx(0) { + _socket.fileHandle = 0; _socket.fileDescriptor = 0; - _ctx = SSL_CTX_new(TLSv1_method()); + + SSL_METHOD SSL_CONST* meth = 0; + + switch (HttpsServer::protocol_e(sslProtocol)) { +#ifndef OPENSSL_NO_SSL2 + case HttpsServer::SSL_V2: + meth = SSLv2_method(); + break; +#endif + case HttpsServer::SSL_V3: + meth = SSLv3_method(); + break; + + case HttpsServer::SSL_V23: + meth = SSLv23_method(); + break; + + case HttpsServer::TLS_V1: + meth = TLSv1_method(); + break; + + default: + // fallback is to use tlsv1 + meth = TLSv1_method(); + } + + _ctx = SSL_CTX_new(meth); + if (_ctx) { SSL_CTX_set_cipher_list(_ctx, "ALL"); + + const bool sslCache = true; + SSL_CTX_set_session_cache_mode(_ctx, sslCache ? SSL_SESS_CACHE_SERVER : SSL_SESS_CACHE_OFF); } } diff --git a/lib/SimpleHttpClient/SslClientConnection.h b/lib/SimpleHttpClient/SslClientConnection.h index 815d3180db..00dec2dce9 100644 --- a/lib/SimpleHttpClient/SslClientConnection.h +++ b/lib/SimpleHttpClient/SslClientConnection.h @@ -71,7 +71,8 @@ namespace triagens { SslClientConnection (triagens::rest::Endpoint* endpoint, double, double, - size_t); + size_t, + uint32_t); //////////////////////////////////////////////////////////////////////////////// /// @brief destroys a client connection diff --git a/lib/V8/v8-utils.cpp b/lib/V8/v8-utils.cpp index 14fa71bd74..e141c461f5 100644 --- a/lib/V8/v8-utils.cpp +++ b/lib/V8/v8-utils.cpp @@ -577,7 +577,7 @@ static v8::Handle JS_Download (v8::Arguments const& argv) { TRI_V8_EXCEPTION_MESSAGE(scope, TRI_ERROR_BAD_PARAMETER, "invalid URL"); } - GeneralClientConnection* connection = GeneralClientConnection::factory(ep, timeout, timeout, 3); + GeneralClientConnection* connection = GeneralClientConnection::factory(ep, timeout, timeout, 3, 0); if (connection == 0) { delete ep;