Support session with CPP conditional compilation for SSL. (#17080)

* Support session with CPP conditional compilation for SSL.

* remove unused asan

Author: hongzhi-gao

example/client-cpp-example/src/CMakeLists.txt

@@ -28,12 +28,23 @@ INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/thrift/include)
 # Add cpp-client include directory
 INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/client/include)
 
-FIND_PACKAGE(OpenSSL REQUIRED)
-IF(OpenSSL_FOUND)
-    MESSAGE(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
-    INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
+# =========================
+# SSL option (default OFF)
+# =========================
+option(WITH_SSL "Build with SSL support" OFF)
+
+IF(WITH_SSL)
+    FIND_PACKAGE(OpenSSL REQUIRED)
+    IF(OpenSSL_FOUND)
+        MESSAGE(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
+        INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
+        ADD_DEFINITIONS(-DWITH_SSL=1)
+    ELSE()
+        MESSAGE(FATAL_ERROR "OpenSSL not found, but WITH_SSL is enabled")
+    ENDIF()
 ELSE()
-    MESSAGE(FATAL_ERROR "OpenSSL not found")
+    MESSAGE(STATUS "Building without SSL support")
+    ADD_DEFINITIONS(-DWITH_SSL=0)
 ENDIF()
 
 FIND_PACKAGE(Boost REQUIRED)
@@ -50,53 +61,91 @@ ADD_EXECUTABLE(TableModelSessionExample TableModelSessionExample.cpp)
 ADD_EXECUTABLE(MultiSvrNodeClient MultiSvrNodeClient.cpp)
 
 IF(MSVC)
-    TARGET_LINK_LIBRARIES(SessionExample
-        iotdb_session
-        "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
-    TARGET_LINK_LIBRARIES(AlignedTimeseriesSessionExample
-        iotdb_session
-        "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
-    TARGET_LINK_LIBRARIES(TableModelSessionExample
-        iotdb_session
-        "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
-    TARGET_LINK_LIBRARIES(MultiSvrNodeClient
-        iotdb_session
-        "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
+    IF(WITH_SSL)
+        TARGET_LINK_LIBRARIES(SessionExample
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+        TARGET_LINK_LIBRARIES(AlignedTimeseriesSessionExample
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+        TARGET_LINK_LIBRARIES(TableModelSessionExample
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+        TARGET_LINK_LIBRARIES(MultiSvrNodeClient
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+    ELSE()
+        TARGET_LINK_LIBRARIES(SessionExample
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+        )
+        TARGET_LINK_LIBRARIES(AlignedTimeseriesSessionExample
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+        )
+        TARGET_LINK_LIBRARIES(TableModelSessionExample
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+        )
+        TARGET_LINK_LIBRARIES(MultiSvrNodeClient
+            iotdb_session
+            "${CMAKE_SOURCE_DIR}/thrift/lib/Release/thriftmd.lib"
+        )
+    ENDIF()
 ELSE()
-    TARGET_LINK_LIBRARIES(SessionExample
-        iotdb_session
-        pthread
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
-    TARGET_LINK_LIBRARIES(AlignedTimeseriesSessionExample
-        iotdb_session
-        pthread
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
-    TARGET_LINK_LIBRARIES(TableModelSessionExample
-        iotdb_session
-        pthread
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
-    TARGET_LINK_LIBRARIES(MultiSvrNodeClient
-        iotdb_session
-        pthread
-        OpenSSL::SSL
-        OpenSSL::Crypto
-    )
-ENDIF()
+    IF(WITH_SSL)
+        TARGET_LINK_LIBRARIES(SessionExample
+            iotdb_session
+            pthread
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+        TARGET_LINK_LIBRARIES(AlignedTimeseriesSessionExample
+            iotdb_session
+            pthread
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+        TARGET_LINK_LIBRARIES(TableModelSessionExample
+            iotdb_session
+            pthread
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+        TARGET_LINK_LIBRARIES(MultiSvrNodeClient
+            iotdb_session
+            pthread
+            OpenSSL::SSL
+            OpenSSL::Crypto
+        )
+    ELSE()
+        TARGET_LINK_LIBRARIES(SessionExample
+            iotdb_session
+            pthread
+        )
+        TARGET_LINK_LIBRARIES(AlignedTimeseriesSessionExample
+            iotdb_session
+            pthread
+        )
+        TARGET_LINK_LIBRARIES(TableModelSessionExample
+            iotdb_session
+            pthread
+        )
+        TARGET_LINK_LIBRARIES(MultiSvrNodeClient
+            iotdb_session
+            pthread
+        )
+    ENDIF()
+ENDIF()

iotdb-client/client-cpp/pom.xml

@@ -38,6 +38,7 @@
         <cmake.root.dir>${project.build.directory}/dependency/cmake/</cmake.root.dir>
         <thrift.exec.absolute.path>${project.build.directory}/thrift/bin/${thrift.executable}</thrift.exec.absolute.path>
         <maven.test.skip>${ctest.skip.tests}</maven.test.skip>
+        <with.ssl>false</with.ssl>
     </properties>
     <dependencies>
         <dependency>
@@ -217,6 +218,7 @@
                             <targetPath>${project.build.directory}/build/main</targetPath>
                             <options>
                                 <option>-DBOOST_INCLUDEDIR=${boost.include.dir}</option>
+                                <option>-DWITH_SSL=${with.ssl}</option>
                             </options>
                         </configuration>
                     </execution>
@@ -233,6 +235,7 @@
                             <targetPath>${project.build.directory}/build/test</targetPath>
                             <options>
                                 <option>-DBOOST_INCLUDEDIR=${boost.include.dir}</option>
+                                <option>-DWITH_SSL=${with.ssl}</option>
                             </options>
                         </configuration>
                     </execution>

iotdb-client/client-cpp/src/main/CMakeLists.txt

@@ -26,13 +26,23 @@ SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -g -O2 ")
 # Add Thrift include directory
 INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/../../thrift/include)
 
-# Find OpenSSL Library
-FIND_PACKAGE(OpenSSL REQUIRED)
-IF(OpenSSL_FOUND)
-    MESSAGE(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
-    INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
+# =========================
+# SSL option (default OFF)
+# =========================
+option(WITH_SSL "Build with SSL support" OFF)
+
+IF(WITH_SSL)
+    FIND_PACKAGE(OpenSSL REQUIRED)
+    IF(OpenSSL_FOUND)
+        MESSAGE(STATUS "OpenSSL found: ${OPENSSL_VERSION}")
+        INCLUDE_DIRECTORIES(${OPENSSL_INCLUDE_DIR})
+        ADD_DEFINITIONS(-DWITH_SSL=1)
+    ELSE()
+        MESSAGE(FATAL_ERROR "OpenSSL not found, but WITH_SSL is enabled")
+    ENDIF()
 ELSE()
-    MESSAGE(FATAL_ERROR "OpenSSL not found")
+    MESSAGE(STATUS "Building without SSL support")
+    ADD_DEFINITIONS(-DWITH_SSL=0)
 ENDIF()
 
 # Add Boost include path for MacOS
@@ -50,11 +60,6 @@ ELSE()
     SET(THRIFT_STATIC_LIB "${CMAKE_SOURCE_DIR}/../../thrift/lib/libthrift.a")
 ENDIF()
 
-IF(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang" AND NOT MSVC)
-    add_compile_options(-fsanitize=address -fno-omit-frame-pointer)
-    add_link_options(-fsanitize=address)
-ENDIF()
-
 # Add the generated source files to the sources for the library.
 AUX_SOURCE_DIRECTORY(./generated-sources-cpp SESSION_SRCS)
 IF(MSVC)
@@ -63,10 +68,20 @@ ELSE()
     ADD_LIBRARY(iotdb_session SHARED ${SESSION_SRCS})
 ENDIF()
 
-# Link with Thrift static library
-target_link_libraries(iotdb_session
-    PUBLIC
-        OpenSSL::SSL
-        OpenSSL::Crypto
-        ${THRIFT_STATIC_LIB}
-)
+# =========================
+# Link libraries (SSL optional)
+# =========================
+IF(WITH_SSL)
+    target_link_libraries(iotdb_session
+        PUBLIC
+            OpenSSL::SSL
+            OpenSSL::Crypto
+            ${THRIFT_STATIC_LIB}
+    )
+ELSE()
+    target_link_libraries(iotdb_session
+        PUBLIC
+            ${THRIFT_STATIC_LIB}
+    )
+ENDIF()
+

iotdb-client/client-cpp/src/main/SessionConnection.cpp

@@ -100,11 +100,17 @@ SessionConnection::~SessionConnection() {
 
 void SessionConnection::init(const TEndPoint& endpoint, bool useSSL, const std::string& trustCertFilePath) {
     if (useSSL) {
+#if WITH_SSL
         socketFactory_->loadTrustedCertificates(trustCertFilePath.c_str());
         socketFactory_->authenticate(false);
         auto sslSocket = socketFactory_->createSocket(endPoint.ip, endPoint.port);
         sslSocket->setConnTimeout(connectionTimeoutInMs);
         transport = std::make_shared<TFramedTransport>(sslSocket);
+#else
+        throw IoTDBException("SSL/TLS support is not enabled in this build. "
+                    "Please rebuild with -DWITH_SSL=ON flag "
+                    "or use non-SSL connection.");
+#endif
     } else {
         auto socket = std::make_shared<TSocket>(endPoint.ip, endPoint.port);
         socket->setConnTimeout(connectionTimeoutInMs);

iotdb-client/client-cpp/src/main/SessionConnection.h

@@ -23,7 +23,10 @@
 #include <vector>
 #include <string>
 #include <thrift/transport/TTransport.h>
+#if WITH_SSL
 #include <thrift/transport/TSSLSocket.h>
+#endif
+
 #include "IClientRPCService.h"
 #include "common_types.h"
 #include "NodesSupplier.h"
@@ -179,9 +182,10 @@ class SessionConnection : public std::enable_shared_from_this<SessionConnection>
     TSStatus insertTabletsInternal(TSInsertTabletsReq request);
 
     TSStatus deleteDataInternal(TSDeleteDataReq request);
-
+#if WITH_SSL
     std::shared_ptr<apache::thrift::transport::TSSLSocketFactory> socketFactory_ =
         std::make_shared<apache::thrift::transport::TSSLSocketFactory>();
+#endif
     std::shared_ptr<TTransport> transport;
     std::shared_ptr<IClientRPCServiceClient> client;
     Session* session;

iotdb-client/client-cpp/src/main/ThriftConnection.cpp

@@ -69,11 +69,17 @@ void ThriftConnection::init(const std::string& username,
                             const std::string& zoneId,
                             const std::string& version) {
     if (useSSL) {
+#if WITH_SSL
         socketFactory_->loadTrustedCertificates(trustCertFilePath.c_str());
         socketFactory_->authenticate(false);
         auto sslSocket = socketFactory_->createSocket(endPoint_.ip, endPoint_.port);
         sslSocket->setConnTimeout(connectionTimeoutInMs_);
         transport_ = std::make_shared<TFramedTransport>(sslSocket);
+#else
+        throw IoTDBException("SSL/TLS support is not enabled in this build. "
+                    "Please rebuild with -DWITH_SSL=ON flag "
+                    "or use non-SSL connection.");
+#endif
     } else {
         auto socket = std::make_shared<TSocket>(endPoint_.ip, endPoint_.port);
         socket->setConnTimeout(connectionTimeoutInMs_);

iotdb-client/client-cpp/src/main/ThriftConnection.h

@@ -20,7 +20,9 @@
 #define IOTDB_THRIFTCONNECTION_H
 
 #include <memory>
+#if WITH_SSL
 #include <thrift/transport/TSSLSocket.h>
+#endif
 #include "IClientRPCService.h"
 
 class SessionDataSet;
@@ -60,8 +62,10 @@ class ThriftConnection {
     int connectionTimeoutInMs_;
     int fetchSize_;
 
+#if WITH_SSL
     std::shared_ptr<apache::thrift::transport::TSSLSocketFactory> socketFactory_ =
         std::make_shared<apache::thrift::transport::TSSLSocketFactory>();
+#endif
     std::shared_ptr<apache::thrift::transport::TTransport> transport_;
     std::shared_ptr<IClientRPCServiceClient> client_;
     int64_t sessionId_{};