Add support for GnuTLS #663
Conversation
|
Related to issue #662 |
|
I have two suggestions
|
.github/workflows/gha.yml
Outdated
| @@ -66,6 +70,11 @@ jobs: | |||
| [ ${{ matrix.pattern }} == 5 ] && FLAGS="-DCMAKE_CXX_COMPILER=g++ -DMQTT_CODECOV=ON -DMQTT_TEST_1=OFF -DMQTT_TEST_2=OFF -DMQTT_TEST_3=ON -DMQTT_TEST_4=ON -DMQTT_TEST_5=OFF -DMQTT_TEST_6=OFF -DMQTT_TEST_7=OFF -DMQTT_BUILD_EXAMPLES=OFF -DMQTT_USE_TLS=OFF -DMQTT_USE_WS=ON -DMQTT_USE_STR_CHECK=ON -DMQTT_USE_LOG=OFF -DMQTT_STD_ANY=ON -DMQTT_STD_OPTIONAL=ON -DMQTT_STD_VARIANT=ON -DMQTT_STD_STRING_VIEW=ON -DMQTT_STD_SHARED_PTR_ARRAY=OFF" | |||
| [ ${{ matrix.pattern }} == 6 ] && FLAGS="-DCMAKE_CXX_COMPILER=g++ -DMQTT_CODECOV=ON -DMQTT_TEST_1=OFF -DMQTT_TEST_2=OFF -DMQTT_TEST_3=OFF -DMQTT_TEST_4=OFF -DMQTT_TEST_5=ON -DMQTT_TEST_6=ON -DMQTT_TEST_7=OFF -DMQTT_BUILD_EXAMPLES=OFF -DMQTT_USE_TLS=ON -DMQTT_USE_WS=ON -DMQTT_USE_STR_CHECK=ON -DMQTT_USE_LOG=OFF -DMQTT_STD_ANY=ON -DMQTT_STD_OPTIONAL=ON -DMQTT_STD_VARIANT=ON -DMQTT_STD_STRING_VIEW=ON -DMQTT_STD_SHARED_PTR_ARRAY=OFF" | |||
| [ ${{ matrix.pattern }} == 7 ] && FLAGS="-DCMAKE_CXX_COMPILER=g++ -DMQTT_CODECOV=ON -DMQTT_TEST_1=OFF -DMQTT_TEST_2=OFF -DMQTT_TEST_3=OFF -DMQTT_TEST_4=OFF -DMQTT_TEST_5=OFF -DMQTT_TEST_6=OFF -DMQTT_TEST_7=ON -DMQTT_BUILD_EXAMPLES=ON -DMQTT_USE_TLS=ON -DMQTT_USE_WS=OFF -DMQTT_USE_STR_CHECK=OFF -DMQTT_USE_LOG=ON -DMQTT_STD_ANY=OFF -DMQTT_STD_OPTIONAL=OFF -DMQTT_STD_VARIANT=OFF -DMQTT_STD_STRING_VIEW=OFF -DMQTT_STD_SHARED_PTR_ARRAY=OFF" | |||
| [ ${{ matrix.pattern }} == 1 ] && FLAGS="-DCMAKE_CXX_COMPILER=clang++ -DMQTT_TEST_1=ON -DMQTT_TEST_2=ON -DMQTT_TEST_3=ON -DMQTT_TEST_4=OFF -DMQTT_TEST_5=OFF -DMQTT_TEST_6=OFF -DMQTT_TEST_7=OFF -DMQTT_BUILD_EXAMPLES=OFF -DMQTT_USE_TLS=ON -DMQTT_USE_WS=ON -DMQTT_USE_STR_CHECK=ON -DMQTT_USE_LOG=OFF -DMQTT_STD_ANY=OFF -DMQTT_STD_OPTIONAL=OFF -DMQTT_STD_VARIANT=OFF -DMQTT_STD_STRING_VIEW=OFF -DMQTT_STD_SHARED_PTR_ARRAY=OFF -DMQTT_USE_GNU_TLS=ON" | |||
There was a problem hiding this comment.
This isn't right
You're overwriting the flags that are already selected for the "1" case.
If you want to add the GNUTLS implementation to the unit tests, you'll need to add more items to the list "matrix.pattern", and not reuse them.
There was a problem hiding this comment.
My recommendation is to shrink the text matrix a bit.
Right now we have "MQTT_TEST_1" through MQTT_TEST_7". Most likely these can be merged down into a smaller list, perhaps 1 though 5 or something. That'll keep the combinatorial explosion slightly under control.
There was a problem hiding this comment.
I can reduce the test list but I wasn't sure which ones are okay to remove. If you and @redboltz both agree to keep it 1-5 only, I can easily update it
There was a problem hiding this comment.
I think you might have misunderstood.
My recommendation was to re-arrange the MQTT_TEST_1 and so on binaries so that the code for each of them is preserved, and all the tests continue working, but there are fewer build varients.
There was a problem hiding this comment.
Sorry, not sure I'm fully following your recommendation.
Did you mean rearranging the patterns such that they are ordered in a way where all patterns that have MQTT_TEST_1
enabled are one after another?
There was a problem hiding this comment.
Specifically I meant changing text/CMakeLists.txt to have the different MQTT_TEST_# entries have different cpp files included in them.
I think this order of doing things makes sense, to me anyway,
|
Codecov Report
@@ Coverage Diff @@
## master #663 +/- ##
==========================================
+ Coverage 82.13% 82.68% +0.55%
==========================================
Files 45 46 +1
Lines 7012 7076 +64
==========================================
+ Hits 5759 5851 +92
+ Misses 1253 1225 -28 |
|
@shantanu1singh , I'm not sure the current situation. When you add new concurrent builds, you need to avoid queuing. Because it makes longer CI times. It depends on github actions. So please check the number of maximum concurrent tasks. I think that it is independently limited by osx, linux, and windows. So far, windows build is not used on github actions. It is implemented azure pipelines. The reason I use the azure pipelines, it is for faster CI times. I want to avoid queuing tasks. For gnutls, I think that the following tests are good enough. They are focused on connecting sequence. https://github.com/redboltz/mqtt_cpp/blob/master/test/connect.cpp I think that other part of the code, there is no difference between gnutls and openssl. The tests are grouped in MQTT_TEST_1. You need to add only one line that contains MQTT_TEST_1 and gnutls setting for each os. Other tests and example should be OFF. |
|
@redboltz, I'm a bit preoccupied with work. I'll get back to this PR sometime next week or the one after.
Sounds good, I'll use just those tests then for gnutls |
No problem. Take your time. As #663 (comment) commented, you can do that as follows: See "Compiler options:" textbox on the left side of the code.
|
|
@redboltz thanks for the tip! I'll use that I had one question - With respect to including the headers in boost-asio-gnutls, the PR in it's current state assumes that the headers in this repo have been placed under the I was wondering if it's a good idea to require consumers to mix default Something like:
|
Hey @redboltz , what do you think about the above? |
I think that it is a good idea. I think that |
| mkdir -p /usr/local/include/boost-asio-gnutls | ||
| git clone https://github.com/paullouisageneau/boost-asio-gnutls.git | ||
| sudo cp -R boost-asio-gnutls/include/. /usr/local/include/boost-asio-gnutls/ | ||
| rm -rf boost-asio-gnutls |
There was a problem hiding this comment.
There's no need to delete this. Github doesn't reuse virtual machines.
That being said, why bother with the copy? I'd rather you just clone the repository directly to the destination. https://stackoverflow.com/questions/600079/how-do-i-clone-a-subdirectory-only-of-a-git-repository
And you should make sure to specify --depth=1, to avoid large downloads.
Alternatively, if somehow doing a direct clone isn't possible, then I'd rather it be a move operation. You can just "mv" the entire "include" folder directly to /usr/local/include/boost-asio-gnutls.
Lastly, why does this even need to be moved to /usr/local ? Can't you just specify the full path ? -DMQTT_BOOST_ASIO_GNUTLS_INCLUDE=$(realpath boost-asio-gnutls/include)
| @@ -1 +1,7 @@ | |||
| CMakeLists.txt.user* | |||
|
|
|||
| # Build artifacts | |||
| build/ | |||
There was a problem hiding this comment.
No, don't add this. Builds should not happen inside the source tree.
There was a problem hiding this comment.
The repository's ReadMe suggests doing just that. I've seen several other projects follow the same format.
What's so wrong with adding the build/ directory to this file?
There was a problem hiding this comment.
At the very least, if it's going to be added to the repository, it needs to happen in it's own pull request.
There are a variety of reasons why builds should not be done inside the source directory, but one specific one that I'll share to help you research the topic, is that cmake natively understands multiple configurations. If you put the build inside the source directory, you pre-clude the ability to have multiple build configurations at the same time.
There was a problem hiding this comment.
I can remove it. It's just that it was making my life easier as I've always built libraries this way.
| IF (MQTT_USE_TLS) | ||
| MESSAGE (STATUS "TLS enabled") | ||
| IF (MQTT_USE_TLS STREQUAL ${MQTT_TLS_GNUTLS}) | ||
| MESSAGE (STATUS "Using GNUTLS") | ||
| IF (MQTT_BOOST_ASIO_GNUTLS_INCLUDE STREQUAL "") |
There was a problem hiding this comment.
Why namespace the include directory like this?
If you need the ability to insert additional include directories, just name it "MQTT_ADDITIONAL_INCLUDE" or something, and take list as the argument.
Are you sure CMake doesn't already have a specific feature for this built in?
There was a problem hiding this comment.
Couldn't find a native Cmake way of doing that.
As per this stack overflow post, the other option we have is to let consumers set CXX flags which doesn't seem too appealing.
I can change it to be MQTT_ADDITIONAL_INCLUDES and accept a list if that works
There was a problem hiding this comment.
Personally I don't see the benefit of making something that clearly applies in a generic way named in a feature specific way.
I think it'll cause more confusion to people to have it named MQTT_BOOST_ASIO_GNUTLS_INCLUDE.
@redboltz can you offer some guidance?
There was a problem hiding this comment.
I got confused. I don't understand what you want to do, so far.
Do you simply want to add include path of GNUTLS ?
If it does, -DCMAKE_CXX_FLAGS+="-I path_to_gnutls".
|
I ran into a problem with websocket based clients i.e., MQTT_USE_TLS combined with MQTT_USE_WS. The header I had to update two headers of boost/beast/websocket to use the 'boost-asio-gnutls' headers instead and the updated files can be found here Essentially, we'll include the following headers in OpenSSL GnuTLS |
|
Any chance of convincing boost beast to fix their header, instead of working around the problem in mqtt_cpp ? |
|
@jonesmz Not sure if they'd be accepting of that change so easily. They'd make the argument of updating |
|
Ok. Well, ultimately @redboltz makes the call. My advice is that before this change is accepted into mqtt_cpp, the appropriate PRs to get GNUTls integrated into boost asio and boost beast be created, so that there's a roadmap in place for when the integration patches inside of mqtt_cpp can be dropped. |
I think that it is better that boost asio and boost beast support gnutls directly. Because TLS support is very generic topic. If boost asio and beast users such as mqtt_cpp implements gnutls support individually, the situation would be confused (code duplication etc). Do someone or you already proposed to boost to support gnutls ? |
|
I have some question about TLS and WesSocket combination. Now I'm checking on #673 . Also I consider #663 (comment) comment. I'm looking for a good way. |
I was wrong. Due to very complected web socket and TLS tear down sequence, beast needs to care about TLS layer directly. |
|
@shantanu1singh , could you try #673 ? As I commented at #663 (comment), GnuTLS support is implemented by boost asio and boost beast, not mqtt_cpp. You can test and use as follows. cmake -DCMAKE_CXX_FLAGS="-DMQTT_TLS_INCLUDE=<boost/asio/gnutls.hpp> -DMQTT_TLS_WS_INCLUDE=<boost/beast/websocket/gnutls.hpp> -DMQTT_TLS_NS=boost::asio::gnutls" other_cmake_options... target_pathSo you don't need to add tests. Just use #673 by your responsibility. |
@redboltz No, I personally have not nor do I know of someone who did. The reason I started looking into it was just that we are using the mqtt_cpp library in our project and our customer doesn't wish to use OpenSSL. Getting support for GnuTLS incorporated into boost will likely be a bigger task I think. I might open a ticket on their repository to see how they feel about it |
@redboltz Could you possibly link me to some references that explain what you meant? Is there some teardown process that I would need to handle with GnuTLS if I use it with mqtt_cpp using #673 ? |
@redboltz Thank you for sharing that. I can try using it. Although, would you be merging that PR with master? |
Yes, if it works well on your environment. |
For example, boost beast directly use ssl feature as follows: https://github.com/boostorg/beast/blob/develop/include/boost/beast/websocket/ssl.hpp You might think why Unfortunately, I don't know what kind of special treatment is required. |
|
@shantanu1singh, does #673 work well ? |
|
@redboltz I haven't had the chance to test it yet. Will likely get to it today or tomorrow. I'll keep you posted here. |
|
This is the error just as a reference: |
|
Could you post a new PR to fix #673 ? The target branch is add_alt_tls_support. |
Add support for GnuTLS
The feature is controlled through the variable
MQTT_USE_GNU_TLS.MQTT_USE_TLSalso needs to be enabled for this feature to work.If
MQTT_USE_GNU_TLSis disabled andMQTT_USE_TLSis enabled,mqtt_cppwill use OpenSSL instead of GnuTLS