Added support for TLS

CMakeLists.txt

@@ -62,6 +62,20 @@ find_package(PythonLibs 3.4 REQUIRED)
 
 include(ConfigureCompiler)
 
+################################################################################
+# LibreSSL
+################################################################################
+
+set(LIBRESSL_USE_STATIC_LIBS TRUE)
+find_package(LibreSSL)
+if(LibreSSL_FOUND)
+  set(WITH_TLS TRUE)
+else()
+  message(STATUS "LibreSSL NOT Found - Will compile with TLS Support")
+  message(STATUS "You can set LibreSSL_ROOT to the LibreSSL install directory to help cmake find it")
+  set(WITH_TLS FALSE)
+endif()
+
 ################################################################################
 # Get repository information
 ################################################################################
@@ -200,6 +214,9 @@ set(SEED "0x${SEED_}" CACHE STRING "Random seed for testing")
 ################################################################################
 
 include(CompileBoost)
+if(WITH_TLS)
+  add_subdirectory(FDBLibTLS)
+endif()
 add_subdirectory(flow)
 add_subdirectory(fdbrpc)
 add_subdirectory(fdbclient)

FDBLibTLS/CMakeLists.txt

@@ -0,0 +1,13 @@
+set(SRCS
+  FDBLibTLSPlugin.cpp
+  FDBLibTLSPlugin.h
+  FDBLibTLSPolicy.cpp
+  FDBLibTLSPolicy.h
+  FDBLibTLSSession.cpp
+  FDBLibTLSSession.h
+  FDBLibTLSVerify.cpp
+  FDBLibTLSVerify.h
+  ReferenceCounted.h)
+
+add_library(FDBLibTLS ${SRCS})
+target_link_libraries(FDBLibTLS PRIVATE LibreSSL)

README.md

@@ -27,6 +27,31 @@ Developers interested in using the FoundationDB store for an application can get
 
 Developers on a OS for which there is no binary package, or who would like to start hacking on the code can get started by compiling from source.
 
+#### CMake (Experimental)
+
+FoundationDB is currently in the process of migrating the build system to cmake.
+The CMake build system is currently used by several developers. However, most of
+the testing and packaging infrastructure still uses the old VisualStudio+Make
+based build system.
+
+To build with CMake, generally the following is required (works on Linux and OS
+X - for Windows see below):
+1. git clone https://github.com/apple/foundationdb.git
+2. mkdir build
+3. cd build
+4. cmake ../foundationdb
+5. make
+
+CMake will try to find its dependencies. However, for LibreSSL this can be often
+problematic (especially if OpenSSL is installed as well). For that we recommend
+passing the argument `-DLibreSSL_ROOT` to cmake. So, for example, if you
+LibreSSL is installed under /usr/local/libressl-2.8.3, you should call cmake like
+this:
+
+```
+cmake -DLibreSSL_ROOT=/usr/local/libressl-2.8.3/ ../foundationdb
+```
+
 #### macOS
 
 1. Check out this repo on your Mac.

bindings/python/CMakeLists.txt

@@ -29,7 +29,6 @@ foreach(src ${SRCS})
     string(REPLACE "/" "\\" from_path "${from_path}")
     string(REPLACE "/" "\\" to_path "${to_path}")
   endif()
-  message(STATUS "COPY Command: ${copy_command} ${from_path} ${to_path}")
   add_custom_command(OUTPUT ${PROJECT_BINARY_DIR}/bindings/python/${src}
     COMMAND ${copy_command} ${from_path} ${to_path}
     DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${src}

cmake/FindLibreSSL.cmake

@@ -0,0 +1,62 @@
+# FindLibreSSL
+
+# Support preference of static libs by adjusting CMAKE_FIND_LIBRARY_SUFFIXES
+if(LIBRESSL_USE_STATIC_LIBS)
+  set(_libressl_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES})
+  if(WIN32)
+    set(CMAKE_FIND_LIBRARY_SUFFIXES .lib .a ${CMAKE_FIND_LIBRARY_SUFFIXES})
+  else()
+    set(CMAKE_FIND_LIBRARY_SUFFIXES .a )
+  endif()
+endif()
+
+find_path(LIBRESSL_INCLUDE_DIR
+  NAMES
+    tls.h
+  PATH_SUFFIXES
+    include
+)
+
+find_library(LIBRESSL_CRYPTO_LIBRARY
+  NAMES crypto
+  NAMES_PER_DIR ${_LIBRESSL_HINTS_AND_PATHS})
+
+find_library(LIBRESSL_SSL_LIBRARY
+  NAMES ssl
+  NAMES_PER_DIR ${_LIBRESSL_HINTS_AND_PATHS})
+
+find_library(LIBRESSL_TLS_LIBRARY
+  NAMES tls
+  NAMES_PER_DIR ${_LIBRESSL_HINTS_AND_PATHS})
+
+mark_as_advanced(LIBRESSL_CRYPTO_LIBRARY LIBRESSL_SSL_LIBRARY LIBRESSL_TLS_LIBRARY)
+
+message(STATUS "${LIBRESSL_CRYPTO_LIBRARY}")
+message(STATUS "${LIBRESSL_SSL_LIBRARY}")
+message(STATUS "${LIBRESSL_TLS_LIBRARY}")
+message(STATUS "${LIBRESSL_INCLUDE_DIR}")
+
+find_package_handle_standard_args(LibreSSL
+  REQUIRED_VARS
+    LIBRESSL_CRYPTO_LIBRARY
+    LIBRESSL_SSL_LIBRARY
+    LIBRESSL_TLS_LIBRARY
+    LIBRESSL_INCLUDE_DIR
+  FAIL_MESSAGE
+    "Could NOT find LibreSSL, try to set the path to LibreSSL root folder in the system variable LibreSSL_ROOT"
+)
+
+if(LIBRESSL_FOUND)
+  add_library(LibreSSL INTERFACE)
+  target_include_directories(LibreSSL INTERFACE "${LIBRESSL_INCLUDE_DIR}")
+  # in theory we could make those components. However there are good reasons not to do that:
+  # 1. FDB links against all of them anyways
+  # 2. The order in which we link them is important and the dependency graph would become kind of complex...
+  # So if this module should ever be reused to allow to only link against some of the libraries, this
+  # should probably be rewritten
+  target_link_libraries(LibreSSL INTERFACE "${LIBRESSL_TLS_LIBRARY}" "${LIBRESSL_SSL_LIBRARY}" "${LIBRESSL_CRYPTO_LIBRARY}")
+endif()
+
+if(LIBRESSL_USE_STATIC_LIBS)
+  set(CMAKE_FIND_LIBRARY_SUFFIXES ${_libressl_ORIG_CMAKE_FIND_LIBRARY_SUFFIXES})
+endif()

flow/CMakeLists.txt

@@ -89,7 +89,11 @@ elseif(WIN32)
 endif()
 target_link_libraries(flow PRIVATE ${FLOW_LIBS})
 target_link_libraries(flow PUBLIC boost_target Threads::Threads ${CMAKE_DL_LIBS})
-target_compile_definitions(flow PUBLIC TLS_DISABLED)
+if(NOT WITH_TLS)
+  target_compile_definitions(flow PUBLIC TLS_DISABLED)
+else()
+  target_link_libraries(flow PRIVATE FDBLibTLS)
+endif()
 
 if(APPLE)
   find_library(IO_KIT IOKit)