927cff3317
Report errors on TLS misconfigurations ... or at least try to.
2020-02-20 16:57:29 -08:00
f7a37077cc
handshake takes time in simulation
2020-02-20 15:26:56 -08:00
08c318d28a
re-added the connect lock in the fdbcli so that the timeout is not spent before a connection has been initiated (because of the handshake lock)
2020-02-20 10:43:34 -08:00
69b5a1fbe3
more priority improvements
2020-02-20 10:11:43 -08:00
3c4d551647
improve prioritization of connection monitor and listen given that listen is no longer expensive (because handshake is done separately)
2020-02-19 18:50:21 -08:00
fd8a58b035
re-added support for the TLS_DISABLED flag
2020-02-19 18:37:47 -08:00
761da5a059
code cleanup
2020-02-19 17:59:45 -08:00
3bcecea30b
Fix the cmake build when neither SSL library is found.
2020-02-19 17:03:57 -08:00
e06c3e2eb7
fix: checkForExcludedServer needs to check both the tls and non-tls address
2020-02-19 15:10:54 -08:00
9ab1a11dbe
Merge pull request #6 from alexmiller-apple/boost-ssl
...
Fix fdb_flow_tester linker error
2020-02-19 14:35:55 -08:00
3b9c38f40d
Fix fdb_flow_tester linker error
2020-02-19 14:32:20 -08:00
2a64aac110
Merge pull request #5 from alexmiller-apple/boost-ssl
...
Fix --tls_password and add better error logging
2020-02-19 11:12:27 -08:00
88d36af9c7
Fix --tls_password and add better error logging
...
This refactors all tls settings into a TLSParams object so that we can
set the password before loading any certificates.
It turns out that the FDBLibTLS code did really nice things with error
logging, but I just didn't understand openssl enough before to realize
what pieces I should be copying.
2020-02-19 00:57:05 -08:00
663d176fdb
fix: coordinators auto could added 0.0.0.0:0 as a coordinator
2020-02-14 16:50:55 -08:00
693e469003
Changed the handshake lock to a BoundedFlowLock, which will enforce that old handshakes complete before starting to initiate new handshakes
2020-02-14 16:49:52 -08:00
321dded7dd
rely on preverified to verify the certificate
2020-02-14 16:45:04 -08:00
9c471e8fe4
Merge pull request #4 from alexmiller-apple/boost-ssl
...
Current state of TLS changes
2020-02-14 10:34:52 -08:00
c859f859bc
Remove certBytes.
2020-02-13 21:34:23 -08:00
723a70b357
Call X509_verify_cert once and implement time checking by hand
2020-02-13 21:31:36 -08:00
d716c50000
Find OpenSSL or LibreSSL in CMake
2020-02-13 21:31:36 -08:00
f2d30a9954
comment out certBytes to fix cmake builds
2020-02-13 21:31:36 -08:00
8298fb3cb5
Remove spammy traceevent from testing
2020-02-13 21:31:36 -08:00
96eec756b3
more simulation fixes
2020-02-12 15:12:43 -08:00
38a5511b96
additional simulation fixes
2020-02-11 15:52:06 -08:00
dcbce3593e
fixed TLS in simulation
2020-02-10 14:00:21 -08:00
a640e113fb
Merge pull request #2 from alexmiller-apple/boost-ssl
...
Add verify peers support... probably
2020-02-07 11:06:57 -08:00
2a2bf945ef
Also remove FDBLibTLS from CMake
2020-02-06 21:55:13 -08:00
6b921ac900
Stop building FDBLibTLS and stop linking against libtls.so
...
Which now means OpenSSL and LibreSSL are equally acceptable.
2020-02-06 21:13:58 -08:00
e390dbd36c
Add a non-FDBLibTLS verify peers framework to new TLS impl
2020-02-06 21:06:52 -08:00
38d8d0d675
fixed simulation
2020-02-06 19:29:31 -08:00
69de430057
separate handshaking from connection to improve pipelining
2020-02-06 16:45:54 -08:00
53d0867a17
limit the number of connections a process can attempt to establish in parallel
2020-02-04 18:15:10 -08:00
c9738ab133
do not destroy an ssl connection until async_handshake has returned
2020-02-04 17:54:03 -08:00
c8c34333c1
increased connect parallelism
2020-02-04 14:59:20 -08:00
84853dd1fd
switched SSL implementation to use boost ssl
2020-02-04 14:56:40 -08:00
1ed3ba7170
establishing 20 TLS connections in parallel is too expensive
2020-01-25 10:59:20 -08:00
8972027f43
Merge pull request #2456 from ajbeamon/document-api-version-upgrade-guide
...
Add an API version upgrade guide
2020-01-24 18:30:53 -08:00
792e9ed85d
Merge pull request #2574 from ajbeamon/use-python3-in-docpreview
...
Use python3 in docpreview make target
2020-01-24 18:20:39 -08:00
453600aba5
Merge pull request #2577 from etschannen/post-release-cleanup-6.2.15
...
Post release cleanup 6.2.15
2020-01-21 21:34:46 -08:00
96837bed71
update installer WIX GUID following release
2020-01-21 21:33:56 -08:00
7924df1d5d
update version to 6.2.16
2020-01-21 21:33:56 -08:00
20566f2ff0
Merge pull request #2576 from etschannen/prepare-release-6.2.15
...
update installer WIX GUID following release
2020-01-21 19:10:16 -08:00
be4429afe0
update installer WIX GUID following release
2020-01-21 19:09:45 -08:00
a9eede7bc4
Merge pull request #2575 from etschannen/feature-wait-handshake
...
Wait for TLS handshake to return before accepting a connection
2020-01-21 19:07:26 -08:00
b6eb77c7ca
updated documentation for 6.2.15
2020-01-21 18:59:04 -08:00
afd3ec13ff
added knobs
2020-01-21 18:58:34 -08:00
4a716b85f6
we must still finish accept before the handshake completes
2020-01-21 16:55:34 -08:00
7a4b459f07
wait for a tls handshake to complete before returning a connection
...
wait for multiple tls errors before throttling
2020-01-21 16:45:15 -08:00
66f130a722
Use python3 in docpreview make target. The SimpleHTTPServer module is called http.server in python3, so if we don't explicitly choose a version it won't work if our python alias isn't the expected version.
2020-01-21 15:08:34 -08:00
535a6fa20d
Merge pull request #2572 from etschannen/post-release-cleanup-6.2.14
...
Post release cleanup 6.2.14
2020-01-20 18:50:55 -08:00
Alex Miller