summaryrefslogtreecommitdiffstats
path: root/vespalib
Commit message (Collapse)AuthorAgeFilesLines
...
* | Use OS provided xxhash.Henning Baldersheim2019-02-016-1105/+6
| |
* | Adjust forward declarations in vespalib.Tor Egge2019-02-018-8/+8
|/
* improve nix equality to match Java SlimeHåvard Pettersen2019-01-302-0/+10
|
* More explicit constnessTor Brede Vekterli2019-01-241-1/+1
|
* Make naming more consistent and avoid const deductionTor Brede Vekterli2019-01-247-33/+33
|
* Erase private key data after useTor Brede Vekterli2019-01-243-3/+17
|
* Add support for default cipher suite and `accepted-ciphers` config in C++Tor Brede Vekterli2019-01-249-6/+168
| | | | | | | | | Since the TLS config file uses IANA cipher names but OpenSSL uses its own cipher spec format internally, we explicitly remap the provided names. We only support a modern subset of ciphers. The default cipher suite contains ciphers that work across both TLSv1.2 and TLSv1.3.
* Merge pull request #8195 from ↵Tor Brede Vekterli2019-01-241-1/+2
|\ | | | | | | | | vespa-engine/vekterli/relax-client-tls-connection-stats-test-due-to-tls-13 Allow a client connection to be considered established in test [recheck merge]
| * Allow a client connection to be considered established in testTor Brede Vekterli2019-01-211-1/+2
| | | | | | | | | | TLSv1.3 completes in fewer roundtrips and may therefore seemingly not observe that a server has rejected it as part of the handshake itself.
* | Merge pull request #8191 from ↵Tor Brede Vekterli2019-01-241-4/+4
|\ \ | | | | | | | | | | | | vespa-engine/vekterli/explicit-disable-tls-mixed-mode-enum-support-in-cpp Support explicitly disabling TLS mixed mode via environment in C++ [recheck merge]
| * | Support explicitly disabling TLS mixed mode via environment in C++Tor Brede Vekterli2019-01-181-4/+4
| |/ | | | | | | | | Specifying `tls_client_tls_server` has same effect as not specifying the environment variable at all. Mirrors behavior in Java implementation.
* | Merge pull request #8194 from ↵Tor Brede Vekterli2019-01-241-2/+2
|\ \ | | | | | | | | | | | | vespa-engine/toregge/less-const-in-openssl-tls-context-impl Use less `const`, to allow compilation when using openssl 1.1.0g or 1.1.0i
| * | Use less const, to allow compilation when using openssl 1.1.0g or 1.1.0i.Tor Egge2019-01-211-2/+2
| |/
* / Ensure that asciistream moves and swaps have expected semanticsTor Brede Vekterli2019-01-173-5/+49
|/ | | | | | | | | | | Defaulted move ctor and assignment will not have the expected behavior for the current _rbuf pointer when it points into a short-string optimized _wbuf buffer. I.e. it will be pointing into the buffer in the object that was just moved away from. Update swap() to give the correct semantics when either/both arguments point to a read-only buffer. Would previously reset _rbuf to _wbuf unconditionally, effectively forgetting the string that was referenced.
* some extra testingHåvard Pettersen2019-01-091-0/+12
|
* use dequoted path for dispatchingHåvard Pettersen2019-01-094-1/+70
| | | | also expose query parameters through request proxy
* add support for uri dequoting and query parameter parsingHåvard Pettersen2019-01-093-3/+127
|
* GC unused code and update includesHenning Baldersheim2019-01-055-99/+8
|
* Add TLS statistics to vespalib and expose as metrics via storageserverTor Brede Vekterli2018-12-1812-32/+243
| | | | Now without unused expiry time extraction.
* Revert "Add TLS statistics to vespalib and expose as metrics via storageserver"Harald Musum2018-12-1812-266/+32
|
* Merge pull request #7947 from ↵Tor Brede Vekterli2018-12-1812-32/+266
|\ | | | | | | | | vespa-engine/vekterli/add-low-level-connection-stats-and-metrics Add TLS statistics to vespalib and expose as metrics via storageserver
| * Add TLS statistics to vespalib and expose as metrics via storageserverTor Brede Vekterli2018-12-1712-32/+266
| | | | | | | | | | Also add functionality for extracting "notAfter" expiration time from current certificate, which may later be added as an expiry metric.
* | let GET callback be non-constHåvard Pettersen2018-12-173-9/+9
|/
* Merge pull request #7919 from ↵Tor Brede Vekterli2018-12-1117-41/+193
|\ | | | | | | | | vespa-engine/vekterli/support-certificate-authorization-mode-env-var-in-cpp-impl Add support for authorization mode environment variable in C++
| * Rename `to_string` -> `enum_name` to better match semanticsTor Brede Vekterli2018-12-112-3/+3
| |
| * Add support for authorization mode environment variable in C++Tor Brede Vekterli2018-12-1017-41/+193
| |
* | Merge pull request #7922 from vespa-engine/havardpe/prepare-for-tls-state-serverTor Brede Vekterli2018-12-114-6/+54
|\ \ | |/ |/| Havardpe/prepare for tls state server
| * expose fallback authority (mostly for testing)Håvard Pettersen2018-12-101-0/+1
| |
| * avoid zombie connectionsHåvard Pettersen2018-12-071-0/+1
| |
| * make authority available to GET handlerHåvard Pettersen2018-12-074-6/+52
| | | | | | | | also test header inspection
* | Introduce extra mutex to avoid need for unlock guardTor Brede Vekterli2018-12-103-29/+59
| | | | | | | | Also add instructions on how to regenerate keys/certs for tests.
* | Merge pull request #7898 from vespa-engine/balder/assert-first-timeHenning Baldersheim2018-12-074-5/+4
|\ \ | | | | | | Allow asserts that rember if they have been triggered before.
| * | Use a directory that the vespa user has control over.Henning Baldersheim2018-12-074-5/+4
| |/ | | | | | | Also add vespa version to the assert key file name.
* | Merge pull request #7849 from ↵Tor Brede Vekterli2018-12-0719-15/+322
|\ \ | |/ |/| | | | | vespa-engine/vekterli/cpp-auto-reloading-of-tls-config Support auto-reloading of TLS config in C++ implementation
| * Support auto-reloading of TLS config in C++ implementationTor Brede Vekterli2018-12-0319-15/+322
| | | | | | | | | | | | | | | | | | By default reloads every 60 minutes. This also reloads all peer authorization rules. Files referenced by the TLS config are reloaded transitively. If reloading fails a warning will be logged and the existing config will continue to be in effect until the next reload time.
* | use latch instead of executor and improve timing testingHåvard Pettersen2018-11-301-36/+48
| |
* | added Latch utilityHåvard Pettersen2018-11-296-3/+178
|/
* Merge pull request #7786 from vespa-engine/havardpe/initial-portal-codeTor Brede Vekterli2018-11-2924-0/+2070
|\ | | | | initial portal code
| * initial portal codeHåvard Pettersen2018-11-2724-0/+2070
| |
* | Also test with hash_mapHenning Baldersheim2018-11-281-2/+34
| |
* | Randomize keysHenning Baldersheim2018-11-281-5/+9
| |
* | =defaultHenning Baldersheim2018-11-282-15/+4
|/
* Rename `allowed-peers` to `authorized-peers`Tor Brede Vekterli2018-11-2014-143/+123
|
* Merge pull request #7608 from ↵Tor Brede Vekterli2018-11-1322-37/+827
|\ | | | | | | | | vespa-engine/vekterli/add-support-for-basic-certificate-verification-policies Add support for basic certificate verification policies in C++
| * `Cursor` -> `Inspector` for parsingTor Brede Vekterli2018-11-131-4/+4
| |
| * Correct test nameTor Brede Vekterli2018-11-131-1/+1
| |
| * Use explicit `const` for `auto`Tor Brede Vekterli2018-11-131-3/+3
| |
| * Add support for basic certificate verification policies in C++Tor Brede Vekterli2018-11-0822-36/+826
| | | | | | | | | | | | | | | | Extends TLS config JSON file with an `allowed-peers` object, which if non-empty specifies a set of policies that a peer may match. If at least one policy exists a peer must match all requirements in any single policy to be allowed to connect. I.e. it's sufficient to match 1 policy out of many.
* | = deafult and 0 -> nullptrHenning Baldersheim2018-11-092-8/+8
|/
* Use template args for the class, not on the find method.Henning Baldersheim2018-11-018-91/+46
|