Update SSL logic/docs

docs/gearmand/ssl.rst

@@ -5,7 +5,8 @@ Having Gearman work with SSL.
 
 If you are not paying for a certificate authority to generate a certificate for you, you will first need to generated a CA for gearmand:
 
-   openssl req -config /etc/pki/tls/openssl.cnf -new -x509 -keyout gearmand-ca-key.pem -out gearmand-ca.pem -days 3650 
+   openssl req -config /etc/pki/tls/openssl.cnf -new -x509 -keyout gearmand-ca.key -out gearmand-ca.pem -days 3650 
+
    echo "00" > gearmand.srl
 
 You will need to place your ca certificate into the directory you want the server to read it from.
@@ -13,11 +14,15 @@ You will need to place your ca certificate into the directory you want the serve
 Generate a server certificate for the server to use:
 
    openssl genrsa -out gearmand.key 1024 
+
    openssl req -key gearmand.key -new -out gearmand.req
-   openssl x509 -req -in gearmand.req -CA gearmand-ca.pem -CAkey gearmand-ca-key.pem -CAserial gearmand.srl -out gearmand.pem 
+
+   openssl x509 -req -in gearmand.req -CA gearmand-ca.pem -CAkey gearmand-ca.key -CAserial gearmand.srl -out gearmand.pem 
 
 Generate a client certificate for client/workers to use:
 
   openssl genrsa -out gearman.key 1024 
+
   openssl req -key gearman.key -new -out gearman.req 
-  openssl x509 -req -in client.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out client.pem 
+
+  openssl x509 -req -in gearman.req -CA gearmand-ca.pem -CAkey gearmand-ca.key -CAserial gearmand.srl  -out gearman.pem

libgearman-server/plugins/protocol/gear/protocol.cc

@@ -459,8 +459,24 @@ gearmand_error_t Gear::start(gearmand_st *gearmand)
   gearmand_log_info(GEARMAN_DEFAULT_LOG_PARAM, "Initializing Gear on port %s with SSL: %s", _port.c_str(), opt_ssl ? "true" : "false");
 
 #if defined(HAVE_SSL) && HAVE_SSL
+
   if (opt_ssl)
   {
+    if (getenv("GEARMAND_CA_CERTIFICATE"))
+    {
+      _ssl_ca_file= getenv("GEARMAND_CA_CERTIFICATE");
+    }
+
+    if (getenv("GEARMAND_SERVER_PEM"))
+    {
+      _ssl_certificate= getenv("GEARMAND_SERVER_PEM");
+    }
+
+    if (getenv("GEARMAND_SERVER_KEY"))
+    {
+      _ssl_key= getenv("GEARMAND_SERVER_KEY");
+    }
+
     gearmand->init_ssl();
 
     if (SSL_CTX_load_verify_locations(gearmand->ctx_ssl(), _ssl_ca_file.c_str(), 0) != SSL_SUCCESS)

libgearman/connection.cc

@@ -982,6 +982,7 @@ gearman_packet_st *gearman_connection_st::receiving(gearman_packet_st& packet_ar
       // If we have data, see if it is a complete packet
       if (recv_buffer_size > 0)
       {
+        assert(recv_packet());
         size_t recv_size= gearman_packet_unpack(*(recv_packet()),
                                                 recv_buffer_ptr,
                                                 recv_buffer_size, ret);

libgearman/worker.cc

@@ -824,6 +824,7 @@ gearman_job_st *gearman_worker_grab_job(gearman_worker_st *worker_shell,
               case GEARMAN_WORKER_STATE_GRAB_JOB_RECV:
                 assert(worker);
                 assert(worker->job());
+                assert(worker->job()->impl());
                 (void)worker->con->receiving(worker->job()->impl()->assigned, *ret_ptr, true);
 
                 if (gearman_failed(*ret_ptr))

libtest/client.cc

@@ -205,8 +205,11 @@ SimpleClient::~SimpleClient()
   close_socket();
 #if defined(HAVE_SSL) && HAVE_SSL
   {
-    SSL_CTX_free(_ctx_ssl);
-    _ctx_ssl= NULL;
+    if (_ctx_ssl)
+    {
+      SSL_CTX_free(_ctx_ssl);
+      _ctx_ssl= NULL;
+    }
 # if defined(HAVE_OPENSSL) && HAVE_OPENSSL
     ERR_free_strings();
 # endif
@@ -219,9 +222,12 @@ void SimpleClient::close_socket()
   if (sock_fd != INVALID_SOCKET)
   {
 #if defined(HAVE_SSL) && HAVE_SSL
-    SSL_shutdown(_ssl); 
-    SSL_free(_ssl); 
-    _ssl= NULL;
+    if (_ssl)
+    {
+      SSL_shutdown(_ssl); 
+      SSL_free(_ssl); 
+      _ssl= NULL;
+    }
 #endif // defined(HAVE_SSL)
     close(sock_fd);
     sock_fd= INVALID_SOCKET;