Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | | Use OS provided xxhash. | Henning Baldersheim | 2019-02-01 | 6 | -1105/+6 | |
| | | ||||||
* | | Adjust forward declarations in vespalib. | Tor Egge | 2019-02-01 | 8 | -8/+8 | |
|/ | ||||||
* | improve nix equality to match Java Slime | Håvard Pettersen | 2019-01-30 | 2 | -0/+10 | |
| | ||||||
* | More explicit constness | Tor Brede Vekterli | 2019-01-24 | 1 | -1/+1 | |
| | ||||||
* | Make naming more consistent and avoid const deduction | Tor Brede Vekterli | 2019-01-24 | 7 | -33/+33 | |
| | ||||||
* | Erase private key data after use | Tor Brede Vekterli | 2019-01-24 | 3 | -3/+17 | |
| | ||||||
* | Add support for default cipher suite and `accepted-ciphers` config in C++ | Tor Brede Vekterli | 2019-01-24 | 9 | -6/+168 | |
| | | | | | | | | | Since the TLS config file uses IANA cipher names but OpenSSL uses its own cipher spec format internally, we explicitly remap the provided names. We only support a modern subset of ciphers. The default cipher suite contains ciphers that work across both TLSv1.2 and TLSv1.3. | |||||
* | Merge pull request #8195 from ↵ | Tor Brede Vekterli | 2019-01-24 | 1 | -1/+2 | |
|\ | | | | | | | | | vespa-engine/vekterli/relax-client-tls-connection-stats-test-due-to-tls-13 Allow a client connection to be considered established in test [recheck merge] | |||||
| * | Allow a client connection to be considered established in test | Tor Brede Vekterli | 2019-01-21 | 1 | -1/+2 | |
| | | | | | | | | | | TLSv1.3 completes in fewer roundtrips and may therefore seemingly not observe that a server has rejected it as part of the handshake itself. | |||||
* | | Merge pull request #8191 from ↵ | Tor Brede Vekterli | 2019-01-24 | 1 | -4/+4 | |
|\ \ | | | | | | | | | | | | | vespa-engine/vekterli/explicit-disable-tls-mixed-mode-enum-support-in-cpp Support explicitly disabling TLS mixed mode via environment in C++ [recheck merge] | |||||
| * | | Support explicitly disabling TLS mixed mode via environment in C++ | Tor Brede Vekterli | 2019-01-18 | 1 | -4/+4 | |
| |/ | | | | | | | | | Specifying `tls_client_tls_server` has same effect as not specifying the environment variable at all. Mirrors behavior in Java implementation. | |||||
* | | Merge pull request #8194 from ↵ | Tor Brede Vekterli | 2019-01-24 | 1 | -2/+2 | |
|\ \ | | | | | | | | | | | | | vespa-engine/toregge/less-const-in-openssl-tls-context-impl Use less `const`, to allow compilation when using openssl 1.1.0g or 1.1.0i | |||||
| * | | Use less const, to allow compilation when using openssl 1.1.0g or 1.1.0i. | Tor Egge | 2019-01-21 | 1 | -2/+2 | |
| |/ | ||||||
* / | Ensure that asciistream moves and swaps have expected semantics | Tor Brede Vekterli | 2019-01-17 | 3 | -5/+49 | |
|/ | | | | | | | | | | | Defaulted move ctor and assignment will not have the expected behavior for the current _rbuf pointer when it points into a short-string optimized _wbuf buffer. I.e. it will be pointing into the buffer in the object that was just moved away from. Update swap() to give the correct semantics when either/both arguments point to a read-only buffer. Would previously reset _rbuf to _wbuf unconditionally, effectively forgetting the string that was referenced. | |||||
* | some extra testing | Håvard Pettersen | 2019-01-09 | 1 | -0/+12 | |
| | ||||||
* | use dequoted path for dispatching | Håvard Pettersen | 2019-01-09 | 4 | -1/+70 | |
| | | | | also expose query parameters through request proxy | |||||
* | add support for uri dequoting and query parameter parsing | Håvard Pettersen | 2019-01-09 | 3 | -3/+127 | |
| | ||||||
* | GC unused code and update includes | Henning Baldersheim | 2019-01-05 | 5 | -99/+8 | |
| | ||||||
* | Add TLS statistics to vespalib and expose as metrics via storageserver | Tor Brede Vekterli | 2018-12-18 | 12 | -32/+243 | |
| | | | | Now without unused expiry time extraction. | |||||
* | Revert "Add TLS statistics to vespalib and expose as metrics via storageserver" | Harald Musum | 2018-12-18 | 12 | -266/+32 | |
| | ||||||
* | Merge pull request #7947 from ↵ | Tor Brede Vekterli | 2018-12-18 | 12 | -32/+266 | |
|\ | | | | | | | | | vespa-engine/vekterli/add-low-level-connection-stats-and-metrics Add TLS statistics to vespalib and expose as metrics via storageserver | |||||
| * | Add TLS statistics to vespalib and expose as metrics via storageserver | Tor Brede Vekterli | 2018-12-17 | 12 | -32/+266 | |
| | | | | | | | | | | Also add functionality for extracting "notAfter" expiration time from current certificate, which may later be added as an expiry metric. | |||||
* | | let GET callback be non-const | Håvard Pettersen | 2018-12-17 | 3 | -9/+9 | |
|/ | ||||||
* | Merge pull request #7919 from ↵ | Tor Brede Vekterli | 2018-12-11 | 17 | -41/+193 | |
|\ | | | | | | | | | vespa-engine/vekterli/support-certificate-authorization-mode-env-var-in-cpp-impl Add support for authorization mode environment variable in C++ | |||||
| * | Rename `to_string` -> `enum_name` to better match semantics | Tor Brede Vekterli | 2018-12-11 | 2 | -3/+3 | |
| | | ||||||
| * | Add support for authorization mode environment variable in C++ | Tor Brede Vekterli | 2018-12-10 | 17 | -41/+193 | |
| | | ||||||
* | | Merge pull request #7922 from vespa-engine/havardpe/prepare-for-tls-state-server | Tor Brede Vekterli | 2018-12-11 | 4 | -6/+54 | |
|\ \ | |/ |/| | Havardpe/prepare for tls state server | |||||
| * | expose fallback authority (mostly for testing) | Håvard Pettersen | 2018-12-10 | 1 | -0/+1 | |
| | | ||||||
| * | avoid zombie connections | Håvard Pettersen | 2018-12-07 | 1 | -0/+1 | |
| | | ||||||
| * | make authority available to GET handler | Håvard Pettersen | 2018-12-07 | 4 | -6/+52 | |
| | | | | | | | | also test header inspection | |||||
* | | Introduce extra mutex to avoid need for unlock guard | Tor Brede Vekterli | 2018-12-10 | 3 | -29/+59 | |
| | | | | | | | | Also add instructions on how to regenerate keys/certs for tests. | |||||
* | | Merge pull request #7898 from vespa-engine/balder/assert-first-time | Henning Baldersheim | 2018-12-07 | 4 | -5/+4 | |
|\ \ | | | | | | | Allow asserts that rember if they have been triggered before. | |||||
| * | | Use a directory that the vespa user has control over. | Henning Baldersheim | 2018-12-07 | 4 | -5/+4 | |
| |/ | | | | | | | Also add vespa version to the assert key file name. | |||||
* | | Merge pull request #7849 from ↵ | Tor Brede Vekterli | 2018-12-07 | 19 | -15/+322 | |
|\ \ | |/ |/| | | | | | vespa-engine/vekterli/cpp-auto-reloading-of-tls-config Support auto-reloading of TLS config in C++ implementation | |||||
| * | Support auto-reloading of TLS config in C++ implementation | Tor Brede Vekterli | 2018-12-03 | 19 | -15/+322 | |
| | | | | | | | | | | | | | | | | | | By default reloads every 60 minutes. This also reloads all peer authorization rules. Files referenced by the TLS config are reloaded transitively. If reloading fails a warning will be logged and the existing config will continue to be in effect until the next reload time. | |||||
* | | use latch instead of executor and improve timing testing | Håvard Pettersen | 2018-11-30 | 1 | -36/+48 | |
| | | ||||||
* | | added Latch utility | Håvard Pettersen | 2018-11-29 | 6 | -3/+178 | |
|/ | ||||||
* | Merge pull request #7786 from vespa-engine/havardpe/initial-portal-code | Tor Brede Vekterli | 2018-11-29 | 24 | -0/+2070 | |
|\ | | | | | initial portal code | |||||
| * | initial portal code | Håvard Pettersen | 2018-11-27 | 24 | -0/+2070 | |
| | | ||||||
* | | Also test with hash_map | Henning Baldersheim | 2018-11-28 | 1 | -2/+34 | |
| | | ||||||
* | | Randomize keys | Henning Baldersheim | 2018-11-28 | 1 | -5/+9 | |
| | | ||||||
* | | =default | Henning Baldersheim | 2018-11-28 | 2 | -15/+4 | |
|/ | ||||||
* | Rename `allowed-peers` to `authorized-peers` | Tor Brede Vekterli | 2018-11-20 | 14 | -143/+123 | |
| | ||||||
* | Merge pull request #7608 from ↵ | Tor Brede Vekterli | 2018-11-13 | 22 | -37/+827 | |
|\ | | | | | | | | | vespa-engine/vekterli/add-support-for-basic-certificate-verification-policies Add support for basic certificate verification policies in C++ | |||||
| * | `Cursor` -> `Inspector` for parsing | Tor Brede Vekterli | 2018-11-13 | 1 | -4/+4 | |
| | | ||||||
| * | Correct test name | Tor Brede Vekterli | 2018-11-13 | 1 | -1/+1 | |
| | | ||||||
| * | Use explicit `const` for `auto` | Tor Brede Vekterli | 2018-11-13 | 1 | -3/+3 | |
| | | ||||||
| * | Add support for basic certificate verification policies in C++ | Tor Brede Vekterli | 2018-11-08 | 22 | -36/+826 | |
| | | | | | | | | | | | | | | | | Extends TLS config JSON file with an `allowed-peers` object, which if non-empty specifies a set of policies that a peer may match. If at least one policy exists a peer must match all requirements in any single policy to be allowed to connect. I.e. it's sufficient to match 1 policy out of many. | |||||
* | | = deafult and 0 -> nullptr | Henning Baldersheim | 2018-11-09 | 2 | -8/+8 | |
|/ | ||||||
* | Use template args for the class, not on the find method. | Henning Baldersheim | 2018-11-01 | 8 | -91/+46 | |
| |