aboutsummaryrefslogtreecommitdiffstats
path: root/vespalib
Commit message (Collapse)AuthorAgeFilesLines
* Add TLS statistics to vespalib and expose as metrics via storageserverTor Brede Vekterli2018-12-1812-32/+243
| | | | Now without unused expiry time extraction.
* Revert "Add TLS statistics to vespalib and expose as metrics via storageserver"Harald Musum2018-12-1812-266/+32
|
* Merge pull request #7947 from ↵Tor Brede Vekterli2018-12-1812-32/+266
|\ | | | | | | | | vespa-engine/vekterli/add-low-level-connection-stats-and-metrics Add TLS statistics to vespalib and expose as metrics via storageserver
| * Add TLS statistics to vespalib and expose as metrics via storageserverTor Brede Vekterli2018-12-1712-32/+266
| | | | | | | | | | Also add functionality for extracting "notAfter" expiration time from current certificate, which may later be added as an expiry metric.
* | let GET callback be non-constHåvard Pettersen2018-12-173-9/+9
|/
* Merge pull request #7919 from ↵Tor Brede Vekterli2018-12-1117-41/+193
|\ | | | | | | | | vespa-engine/vekterli/support-certificate-authorization-mode-env-var-in-cpp-impl Add support for authorization mode environment variable in C++
| * Rename `to_string` -> `enum_name` to better match semanticsTor Brede Vekterli2018-12-112-3/+3
| |
| * Add support for authorization mode environment variable in C++Tor Brede Vekterli2018-12-1017-41/+193
| |
* | Merge pull request #7922 from vespa-engine/havardpe/prepare-for-tls-state-serverTor Brede Vekterli2018-12-114-6/+54
|\ \ | |/ |/| Havardpe/prepare for tls state server
| * expose fallback authority (mostly for testing)Håvard Pettersen2018-12-101-0/+1
| |
| * avoid zombie connectionsHåvard Pettersen2018-12-071-0/+1
| |
| * make authority available to GET handlerHåvard Pettersen2018-12-074-6/+52
| | | | | | | | also test header inspection
* | Introduce extra mutex to avoid need for unlock guardTor Brede Vekterli2018-12-103-29/+59
| | | | | | | | Also add instructions on how to regenerate keys/certs for tests.
* | Merge pull request #7898 from vespa-engine/balder/assert-first-timeHenning Baldersheim2018-12-074-5/+4
|\ \ | | | | | | Allow asserts that rember if they have been triggered before.
| * | Use a directory that the vespa user has control over.Henning Baldersheim2018-12-074-5/+4
| |/ | | | | | | Also add vespa version to the assert key file name.
* | Merge pull request #7849 from ↵Tor Brede Vekterli2018-12-0719-15/+322
|\ \ | |/ |/| | | | | vespa-engine/vekterli/cpp-auto-reloading-of-tls-config Support auto-reloading of TLS config in C++ implementation
| * Support auto-reloading of TLS config in C++ implementationTor Brede Vekterli2018-12-0319-15/+322
| | | | | | | | | | | | | | | | | | By default reloads every 60 minutes. This also reloads all peer authorization rules. Files referenced by the TLS config are reloaded transitively. If reloading fails a warning will be logged and the existing config will continue to be in effect until the next reload time.
* | use latch instead of executor and improve timing testingHåvard Pettersen2018-11-301-36/+48
| |
* | added Latch utilityHåvard Pettersen2018-11-296-3/+178
|/
* Merge pull request #7786 from vespa-engine/havardpe/initial-portal-codeTor Brede Vekterli2018-11-2924-0/+2070
|\ | | | | initial portal code
| * initial portal codeHåvard Pettersen2018-11-2724-0/+2070
| |
* | Also test with hash_mapHenning Baldersheim2018-11-281-2/+34
| |
* | Randomize keysHenning Baldersheim2018-11-281-5/+9
| |
* | =defaultHenning Baldersheim2018-11-282-15/+4
|/
* Rename `allowed-peers` to `authorized-peers`Tor Brede Vekterli2018-11-2014-143/+123
|
* Merge pull request #7608 from ↵Tor Brede Vekterli2018-11-1322-37/+827
|\ | | | | | | | | vespa-engine/vekterli/add-support-for-basic-certificate-verification-policies Add support for basic certificate verification policies in C++
| * `Cursor` -> `Inspector` for parsingTor Brede Vekterli2018-11-131-4/+4
| |
| * Correct test nameTor Brede Vekterli2018-11-131-1/+1
| |
| * Use explicit `const` for `auto`Tor Brede Vekterli2018-11-131-3/+3
| |
| * Add support for basic certificate verification policies in C++Tor Brede Vekterli2018-11-0822-36/+826
| | | | | | | | | | | | | | | | Extends TLS config JSON file with an `allowed-peers` object, which if non-empty specifies a set of policies that a peer may match. If at least one policy exists a peer must match all requirements in any single policy to be allowed to connect. I.e. it's sufficient to match 1 policy out of many.
* | = deafult and 0 -> nullptrHenning Baldersheim2018-11-092-8/+8
|/
* Use template args for the class, not on the find method.Henning Baldersheim2018-11-018-91/+46
|
* Use a templated find() to enable lookup without object creation when objects ↵Henning Baldersheim2018-11-014-7/+40
| | | | are comparable.
* remove extra hugHåvard Pettersen2018-10-191-2/+2
|
* half_close for sync crypto socketsHåvard Pettersen2018-10-193-0/+38
|
* half_close for crypto socketsHåvard Pettersen2018-10-199-4/+149
|
* Add support for half-close to `CryptoCodec` and OpenSSL implementationTor Brede Vekterli2018-10-184-69/+163
|
* Add support for custom certificate verification callbacksTor Brede Vekterli2018-10-1521-45/+931
| | | | | | | Specified as part of `TransportSecurityOptions` and will default to a callback accepting all pre-verified certificates if not given. Callback is provided with certificate subject Common Name and DNS Subject Alternate Name entries.
* added sync crypto socket with testHåvard Pettersen2018-10-097-3/+257
|
* added simple test for various crypto socketsHåvard Pettersen2018-10-093-0/+199
|
* added SingleFdSelector utilityHåvard Pettersen2018-10-093-0/+152
|
* test empty smart bufferHåvard Pettersen2018-10-091-0/+6
|
* Merge pull request #7160 from ↵Tor Brede Vekterli2018-10-011-0/+3
|\ | | | | | | | | vespa-engine/vekterli/silently-handle-tls-client-graceful-shutdown Handle case where SSL_read fails when client has shutdown normally
| * Handle case where SSL_read fails when client has shutdown normallyTor Brede Vekterli2018-10-011-0/+3
| | | | | | | | | | | | Break the connection silently when SSL_ERROR_ZERO_RETURN is returned from SSL_read, as this just implies the client has sent a shutdown alert frame.
* | GC HashMapHenning Baldersheim2018-09-2816-236721/+50
|/
* Merge pull request #7132 from ↵Tor Brede Vekterli2018-09-284-79/+301
|\ | | | | | | | | vespa-engine/vekterli/more-openssl-testing-and-improved-pem-error-reporting Improve OpenSSL codec tests and error detection for X509 PEM parsing
| * Improve OpenSSL codec tests and error detection for X509 PEM parsingTor Brede Vekterli2018-09-274-79/+301
| | | | | | | | | | Also support creating non-authenticated clients in case the codec will be used for non-RPC purposes at some point.
* | use static assertHåvard Pettersen2018-09-281-3/+1
| |
* | avoid dynamic castHåvard Pettersen2018-09-283-7/+9
| |
* | mixed mode tls support in fnetHåvard Pettersen2018-09-2710-4/+237
| |