[root] / trunk / net / net / src / TSSLSocket.cxx Repository:
ViewVC logotype

Log of /trunk/net/net/src/TSSLSocket.cxx

Parent Directory Parent Directory

Links to HEAD: (view) (download) (as text) (annotate)
Sticky Revision:
Revision 48397 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Wed Jan 23 17:00:50 2013 UTC (2 years ago) by rdm
File length: 8429 byte(s)
Diff to previous 44246 
From Fabio Hernandez:
The enclosed patch includes a new class and some modifications to existing
classes. The new class TS3WebFile is an extension of TWebFile and belongs
to the net module. I deliberately did not modify the existing TAS3File.
I think that the name TS3WebFile reflects better the fact that this solution
is intended to be generic to several S3 servers and not limited to Amazon's,
in addition to the fact that it actually extends the capabilities of TWebFile.

Compared to the current support of S3 in ROOT (basically the class TAS3File),
the modifications in this patch include the improvements below:

 - add support for using HTTPS : you can use different schemas for specifying
   the underlying transport protocol to use "s3:", "s3http:", "s3https:" 
   ["s3" uses HTTPS]. The current schema, namely "as3:", is supported for
   backwards compatibility.
 - extend support for other S3 service providers that do not offer the
   virtual hosting functionality (currently only Amazon offers this)
 - support the possibility of specifying user credentials on a per-file
   basis or for all S3 files via environment variables
 - honor the "NOPROXY" option when specified in the constructor
 - exploit the capability of the S3 file server to provide partial
   content responses to multi-range HTTP requests

Here are some examples of usages from the end user perspective:

   TFile* f = TFile::Open("s3://s3.amazonaws.com/mybucket/path/to/my/file", "AUTH=<accessKey>:<secretKey> NOPROXY")
   TFile* f = TFile::Open("s3://s3.amazonaws.com/mybucket/path/to/my/file")   // Uses environmental variables for retrieving credentials

Limitations:

 - we cannot efficiently detect that a S3 server is able to respond to
   multi-range HTTP GET requests. Some servers, such as Amazon's, respond
   to such kind of requests with the whole file contents. Other servers,
   such as Huawei's, respond with the exact partial content requested.
   Therefore, I added the possibility of configuring the behavior via the
   ROOT configuration file: the identity of the servers known to correctly
   support multi-range requests is configurable. If the server is known to
   support this feature, ROOT will send multi-range requests, otherwise it
   will issue multiple single-range GET requests, which is also the default
   behavior. 
 - currently the virtual host syntax
      "s3://mybucket.s3.amazonaws.com/path/to/my/file"
   is not supported but can be added if this is considered useful
Revision 44246 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Tue May 15 09:10:37 2012 UTC (2 years, 8 months ago) by rdm
File length: 7933 byte(s)
Diff to previous 42270 
From Alejandro Alvarez:
- TWebFile: checks the real read size
- TSSLSocket: iterates and calls SSL_read/SSL_peek as many times as needed
  until the requested size is read
Revision 42270 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Mon Nov 28 11:54:17 2011 UTC (3 years, 1 month ago) by rdm
File length: 7730 byte(s)
Diff to previous 41644 
From Rainer Toebbicke:
fix two problems:

1. when the remote socket goes away violently, the SSL_peak would not return
   SSL_ERROR_ZERO_RETURN as in the case of a orderly shutdown but more
   likely SSL_ERROR_SYSCALL. Failure to notice this will result in the
   read() always returning zero length but the socket never closed (and
   hence the connection never recovered but the program sent into a loop).

2. a normal shutdown of an SSL connection results in a "close notify"
   being sent. I don't think that it's standard what happens if ever
   the socket is already no longer connected at this moment, however
   on Linux you get SIGPIPE which kills the process. I suggest to set
   SSL_set_quiet_shutdown in that case as the socket is going to be
   closed on both sides anyway and there isn't anything to recover.
Revision 41644 - (view) (download) (as text) (annotate) - [select for diffs]
Modified Sat Oct 29 22:38:37 2011 UTC (3 years, 2 months ago) by rdm
File length: 7589 byte(s)
Diff to previous 41327 
fix coverity issues.
Revision 41327 - (view) (download) (as text) (annotate) - [select for diffs]
Added Tue Oct 11 10:40:18 2011 UTC (3 years, 3 months ago) by rdm
File length: 7589 byte(s) 
From Alejandro Alvarez Ayllon:
I asked some time ago about HTTPS support in ROOT, and there is none.
So after finding some time, I have written a TSSLSocket class that is
used by TWebFile to access files through HTTPS.

We want this feature to be available as we are developing - actually it 
is in a quite advanced state already - a WebDAV endpoint for DPM servers.
And proxy/user certificates are needed to authenticate the client.

This form allows you to request diffs between any two revisions of this file. For each of the two "sides" of the diff, enter a numeric revision.

  Diffs between and
  Type of Diff should be a
Sort log by:
Subversion Admin
 ViewVC Help
Powered by ViewVC 1.0.9