Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | some extra testing | Håvard Pettersen | 2019-01-09 | 1 | -0/+12 |
| | |||||
* | use dequoted path for dispatching | Håvard Pettersen | 2019-01-09 | 4 | -1/+70 |
| | | | | also expose query parameters through request proxy | ||||
* | add support for uri dequoting and query parameter parsing | Håvard Pettersen | 2019-01-09 | 3 | -3/+127 |
| | |||||
* | GC unused code and update includes | Henning Baldersheim | 2019-01-05 | 5 | -99/+8 |
| | |||||
* | Add TLS statistics to vespalib and expose as metrics via storageserver | Tor Brede Vekterli | 2018-12-18 | 12 | -32/+243 |
| | | | | Now without unused expiry time extraction. | ||||
* | Revert "Add TLS statistics to vespalib and expose as metrics via storageserver" | Harald Musum | 2018-12-18 | 12 | -266/+32 |
| | |||||
* | Merge pull request #7947 from ↵ | Tor Brede Vekterli | 2018-12-18 | 12 | -32/+266 |
|\ | | | | | | | | | vespa-engine/vekterli/add-low-level-connection-stats-and-metrics Add TLS statistics to vespalib and expose as metrics via storageserver | ||||
| * | Add TLS statistics to vespalib and expose as metrics via storageserver | Tor Brede Vekterli | 2018-12-17 | 12 | -32/+266 |
| | | | | | | | | | | Also add functionality for extracting "notAfter" expiration time from current certificate, which may later be added as an expiry metric. | ||||
* | | let GET callback be non-const | Håvard Pettersen | 2018-12-17 | 3 | -9/+9 |
|/ | |||||
* | Merge pull request #7919 from ↵ | Tor Brede Vekterli | 2018-12-11 | 17 | -41/+193 |
|\ | | | | | | | | | vespa-engine/vekterli/support-certificate-authorization-mode-env-var-in-cpp-impl Add support for authorization mode environment variable in C++ | ||||
| * | Rename `to_string` -> `enum_name` to better match semantics | Tor Brede Vekterli | 2018-12-11 | 2 | -3/+3 |
| | | |||||
| * | Add support for authorization mode environment variable in C++ | Tor Brede Vekterli | 2018-12-10 | 17 | -41/+193 |
| | | |||||
* | | Merge pull request #7922 from vespa-engine/havardpe/prepare-for-tls-state-server | Tor Brede Vekterli | 2018-12-11 | 4 | -6/+54 |
|\ \ | |/ |/| | Havardpe/prepare for tls state server | ||||
| * | expose fallback authority (mostly for testing) | Håvard Pettersen | 2018-12-10 | 1 | -0/+1 |
| | | |||||
| * | avoid zombie connections | Håvard Pettersen | 2018-12-07 | 1 | -0/+1 |
| | | |||||
| * | make authority available to GET handler | Håvard Pettersen | 2018-12-07 | 4 | -6/+52 |
| | | | | | | | | also test header inspection | ||||
* | | Introduce extra mutex to avoid need for unlock guard | Tor Brede Vekterli | 2018-12-10 | 3 | -29/+59 |
| | | | | | | | | Also add instructions on how to regenerate keys/certs for tests. | ||||
* | | Merge pull request #7898 from vespa-engine/balder/assert-first-time | Henning Baldersheim | 2018-12-07 | 4 | -5/+4 |
|\ \ | | | | | | | Allow asserts that rember if they have been triggered before. | ||||
| * | | Use a directory that the vespa user has control over. | Henning Baldersheim | 2018-12-07 | 4 | -5/+4 |
| |/ | | | | | | | Also add vespa version to the assert key file name. | ||||
* | | Merge pull request #7849 from ↵ | Tor Brede Vekterli | 2018-12-07 | 19 | -15/+322 |
|\ \ | |/ |/| | | | | | vespa-engine/vekterli/cpp-auto-reloading-of-tls-config Support auto-reloading of TLS config in C++ implementation | ||||
| * | Support auto-reloading of TLS config in C++ implementation | Tor Brede Vekterli | 2018-12-03 | 19 | -15/+322 |
| | | | | | | | | | | | | | | | | | | By default reloads every 60 minutes. This also reloads all peer authorization rules. Files referenced by the TLS config are reloaded transitively. If reloading fails a warning will be logged and the existing config will continue to be in effect until the next reload time. | ||||
* | | use latch instead of executor and improve timing testing | Håvard Pettersen | 2018-11-30 | 1 | -36/+48 |
| | | |||||
* | | added Latch utility | Håvard Pettersen | 2018-11-29 | 6 | -3/+178 |
|/ | |||||
* | Merge pull request #7786 from vespa-engine/havardpe/initial-portal-code | Tor Brede Vekterli | 2018-11-29 | 24 | -0/+2070 |
|\ | | | | | initial portal code | ||||
| * | initial portal code | Håvard Pettersen | 2018-11-27 | 24 | -0/+2070 |
| | | |||||
* | | Also test with hash_map | Henning Baldersheim | 2018-11-28 | 1 | -2/+34 |
| | | |||||
* | | Randomize keys | Henning Baldersheim | 2018-11-28 | 1 | -5/+9 |
| | | |||||
* | | =default | Henning Baldersheim | 2018-11-28 | 2 | -15/+4 |
|/ | |||||
* | Rename `allowed-peers` to `authorized-peers` | Tor Brede Vekterli | 2018-11-20 | 14 | -143/+123 |
| | |||||
* | Merge pull request #7608 from ↵ | Tor Brede Vekterli | 2018-11-13 | 22 | -37/+827 |
|\ | | | | | | | | | vespa-engine/vekterli/add-support-for-basic-certificate-verification-policies Add support for basic certificate verification policies in C++ | ||||
| * | `Cursor` -> `Inspector` for parsing | Tor Brede Vekterli | 2018-11-13 | 1 | -4/+4 |
| | | |||||
| * | Correct test name | Tor Brede Vekterli | 2018-11-13 | 1 | -1/+1 |
| | | |||||
| * | Use explicit `const` for `auto` | Tor Brede Vekterli | 2018-11-13 | 1 | -3/+3 |
| | | |||||
| * | Add support for basic certificate verification policies in C++ | Tor Brede Vekterli | 2018-11-08 | 22 | -36/+826 |
| | | | | | | | | | | | | | | | | Extends TLS config JSON file with an `allowed-peers` object, which if non-empty specifies a set of policies that a peer may match. If at least one policy exists a peer must match all requirements in any single policy to be allowed to connect. I.e. it's sufficient to match 1 policy out of many. | ||||
* | | = deafult and 0 -> nullptr | Henning Baldersheim | 2018-11-09 | 2 | -8/+8 |
|/ | |||||
* | Use template args for the class, not on the find method. | Henning Baldersheim | 2018-11-01 | 8 | -91/+46 |
| | |||||
* | Use a templated find() to enable lookup without object creation when objects ↵ | Henning Baldersheim | 2018-11-01 | 4 | -7/+40 |
| | | | | are comparable. | ||||
* | remove extra hug | Håvard Pettersen | 2018-10-19 | 1 | -2/+2 |
| | |||||
* | half_close for sync crypto sockets | Håvard Pettersen | 2018-10-19 | 3 | -0/+38 |
| | |||||
* | half_close for crypto sockets | Håvard Pettersen | 2018-10-19 | 9 | -4/+149 |
| | |||||
* | Add support for half-close to `CryptoCodec` and OpenSSL implementation | Tor Brede Vekterli | 2018-10-18 | 4 | -69/+163 |
| | |||||
* | Add support for custom certificate verification callbacks | Tor Brede Vekterli | 2018-10-15 | 21 | -45/+931 |
| | | | | | | | Specified as part of `TransportSecurityOptions` and will default to a callback accepting all pre-verified certificates if not given. Callback is provided with certificate subject Common Name and DNS Subject Alternate Name entries. | ||||
* | added sync crypto socket with test | Håvard Pettersen | 2018-10-09 | 7 | -3/+257 |
| | |||||
* | added simple test for various crypto sockets | Håvard Pettersen | 2018-10-09 | 3 | -0/+199 |
| | |||||
* | added SingleFdSelector utility | Håvard Pettersen | 2018-10-09 | 3 | -0/+152 |
| | |||||
* | test empty smart buffer | Håvard Pettersen | 2018-10-09 | 1 | -0/+6 |
| | |||||
* | Merge pull request #7160 from ↵ | Tor Brede Vekterli | 2018-10-01 | 1 | -0/+3 |
|\ | | | | | | | | | vespa-engine/vekterli/silently-handle-tls-client-graceful-shutdown Handle case where SSL_read fails when client has shutdown normally | ||||
| * | Handle case where SSL_read fails when client has shutdown normally | Tor Brede Vekterli | 2018-10-01 | 1 | -0/+3 |
| | | | | | | | | | | | | Break the connection silently when SSL_ERROR_ZERO_RETURN is returned from SSL_read, as this just implies the client has sent a shutdown alert frame. | ||||
* | | GC HashMap | Henning Baldersheim | 2018-09-28 | 16 | -236721/+50 |
|/ | |||||
* | Merge pull request #7132 from ↵ | Tor Brede Vekterli | 2018-09-28 | 4 | -79/+301 |
|\ | | | | | | | | | vespa-engine/vekterli/more-openssl-testing-and-improved-pem-error-reporting Improve OpenSSL codec tests and error detection for X509 PEM parsing |