Support SSL connections to gearmand #43
Comments
|
yeah, might be nice to look into. Trying to knock out some logistics about location of this repo first though before adding features (even those 2 years old :P) |
|
Is ssl working nowadays? :) |
@narrowway - A quick look at the gearmand indicates to me, "most likely not" due to the large number of open issues related to SSL:
I've never seen the need for SSL as operating behind a firewall works for me. Curious, what's your use-case/need for SSL? |
|
Gearmand SSL works just great, thank you very much. Most of those referenced issues are related to testing or likely due to multiple bugs in the SSL implementation in the client code. Haven't seen any errors in over a year. The libgearman patch to enable SSL in the PHP library still hasn't been committed to the gearmand repo, unfortunately, but it works just fine. Sorry, it's still on my to-do list. I have working SSL forks of the Gearman PHP library for both the new and old versions of the PHP extension API. We've been using one such fork for almost a year and have had no problems. It's been so stable that we actually recently went into production with our whole system. If you need SSL for your project, then it is certainly feasible. It will take a fair amount of effort, but it can be done. Let me know if you have any questions. As for a use-case, we have very strict security requirements for our systems. Suffice to say we cannot rely only on firewalls to prevent our many systems and networks from being compromised. |
|
Hi All, Any updates on the SSL patch for the php client ? Thanks |
|
Nothing has changed since my previous post. The original patch for libgearman and a pointer to an old, forked gearmand repo (alas, unmerged) with the patch applied can be found here: Knowing someone is interested should result in me doing something about the PHP patch soon. Give me a couple weeks and then remind me again. |
|
Hi esabol, Thanks for the link. Best regards |
|
I just opened PR #72 with my SSL changes. These changes are based on [email protected]'s patch. I heavily modified the code to work with PHP 7.x. If you use the libgearman.so from the old gearmand fork, I think it doesn't support exception handling the way the current version does. Or at least I encountered various errors with the exception handling code when compiling the PECL with that old version of libgearman.so. So, since I was too lazy to recompile libgearman.so, I just commented out all support for exception handling in the code for this project (since we don't use any exception handling in our PHP code). That version of the code is what we use in production. It can be found in my "ssl" branch here: I've never actually tested any of this with a PHP SSL worker. We only use PHP SSL on the client side here.... |
|
For anyone who is interested in making SSL connections to gearmand from PHP, gearmand 1.1.19 was just released today with support for the If someone takes over development of this Gearman PHP extension and is interested in supporting this feature going forward, feel free to post here or contact me. |
There's a patch to support SSL connections here:
https://bugs.php.net/bug.php?id=67623
It's relies on some API changes to libgearman, however. That issue is currently being tracked here:
gearman/gearmand#63
Assuming we can get that resolved, what do you think about the above patch to the PHP library? It looks fairly straightforward, but I'm not clear on the PHP 7 changes and such.
The text was updated successfully, but these errors were encountered: