Versions Compared

Old Version 4

changes.mady.by.user Dan Smith

Saved on

compared with

New Version 5

changes.mady.by.user Dan Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This setting ideally should be at a pool level, because different pools may need to use different proxies.

To make it as easy as possible for users to extend our proxy implementation logic or implement their own, we will introduce a more general pool setting which ; a custom SocketFactory.  This will allow the users to override the creation of client-server sockets with a custom SocketFactory. We will provide an implementation of this SocketFactory that will connect their client to an a SNI proxy.

The way to configure the SNI proxy will therefore look something like this:

...

package org.apache.geode.cache.client;

/**
 * A socket factory used to create sockets from a client to locators or servers.
 *
 *
 * Sockets returned by this factory will have the rest of the configuration options
 * specified on the this{@link poolPool} and on the {@link ClientCache} applied to them. In particular,
 * sockets returned by this factory will be wrapped with SSLSockets if ssl is enabled
 * for this client cache.
 * based on {@link ConfigurationProperties#SSL_ENABLED_COMPONENTS}. 
 * Sockets returnedreturn by this factory should not be in an unconnected state, similar toSSLSockets. For modifying SSL settings,
 * see {@link Socket#Socket()SSLParameterExtension}
 * 
 * Sockets returnreturned by this factory should not be SSLSockets, because they may be wrapped in
 *an SSLSockets
 * laterunconnected state, based on {@link similar toConfigurationProperties#SSL_ENABLED_COMPONENTS}. For modifying SSL
 * settings,
 * see {@link SSLParameterExtensionSocket#Socket()}
 *
 * This factory can be used for configuring a proxy, or overriding various socket settings.
 *
 *
 * @see PoolFactory#setSocketFactory(SocketFactory)
 */
public interface SocketFactory {
/**
 * Create an unconnected tcp socket for establishing a client.
 *
 * @return an unconnected socket
 */
 Socket createSocket() throws IOException;
}

...

This is a client side setting , so there should be no backwards compatibility or upgrade concerns.

One concern with this SocketFactory approach is that is including the use of blocking, Java 1.0 sockets in the API. If , in the future we try to upgrade the internals of the client to use SocketChannel or netty or rsocket, we will have a difficult time continuing to support this SocketFactory API and may break users' custom SocketFactory implementations.

...

Geode also added support to set the SNI field in the client hello as part of GEODE-7414. With those changes , a user can provide a SSLParameterExtension callback that can modify any of the SSLParameters , including the SNI server namefield. If a proxy of type SNI is set and the SSLParameterExtension is also set, the SSLParameterExtension will run after geode has set the SNI namefield, and can potential modify it.

...

What are minor adjustments that had to be made to the proposal since it was approved?


References

[1] Description of URL syntax from Wikipedia article on URLs https://en.wikipedia.org/wiki/URL#Syntax

...