Skip to content

Release 5.2 Build Branch Update #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AlvinMooreSr wants to merge 245 commits into
base: release-5.2-build
Choose a base branch
from
Open

Release 5.2 Build Branch Update #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
245 commits
Select commit Hold shift + click to select a range
a3e5242
actually pass along new versionstamp position in nested versionstamp
alecgrieser May 10, 2018
ee51ffe
Merge pull request #366 from alecgrieser/356-nested-incomplete-versio…
ajbeamon May 10, 2018
961e910
Merge pull request #367 from AlvinMooreSr/release-5.2-build
etschannen May 11, 2018
1fa1342
Merge pull request #368 from AlvinMooreSr/release-5.2-build
etschannen May 11, 2018
e4cb178
update api version to 520 in some flow tests
alecgrieser May 11, 2018
d693b36
Merge pull request #369 from alecgrieser/update-api-version-to-520
etschannen May 11, 2018
2ca01e5
update the release notes with some bindings fixes and clarification o…
alecgrieser May 11, 2018
16e85d5
Merge pull request #374 from alecgrieser/update-release-notes
etschannen May 11, 2018
9dc072d
Some documentation tweaks in the 4.0 release notes.
ajbeamon May 11, 2018
06fde3e
Merge pull request #381 from ajbeamon/release-5.2
alecgrieser May 11, 2018
3b3b2e3
run scripted test at range of API versions
alecgrieser May 15, 2018
a9f54e1
Compile on macOS 10.13.4: Use ASSERT_ABORT in destructors. Import fst…
Apr 23, 2018
dcc2c92
Use ASSERT_ABORT in destructor
Apr 23, 2018
d4d24ea
Merge pull request #389 from apkar/release-5.1
alexmiller-apple May 15, 2018
6d13271
add versionstamp compatibility test to VersionStampWorkload
alecgrieser May 16, 2018
e7fada1
Revert "run scripted test at range of API versions"
alecgrieser May 16, 2018
0c82ed3
update versions.target to 5.2.1
alecgrieser May 16, 2018
3360c35
add fix to #387 to release notes
alecgrieser May 16, 2018
40babc4
remove one unnecessary line ; fix else formatting
alecgrieser May 16, 2018
65e2ab8
pass in transformed keys to input validation with versionstamps
alecgrieser May 16, 2018
7104958
Merge pull request #388 from alecgrieser/000387-validate-old-versions…
ajbeamon May 16, 2018
29be22b
Removed Windows carriage returns
AlvinMooreSr May 16, 2018
d03fec8
Bump MSI GUID for 5.2.1
alexmiller-apple May 16, 2018
efc7548
Merge pull request #391 from AlvinMooreSr/release-5.1-remove-lineends
ajbeamon May 17, 2018
83c1754
Modified the groupId to org.foundationdb
AlvinMooreSr May 17, 2018
611c40f
TLS Plugin Changes.
bnamasivayam May 8, 2018
23335eb
Add FDBLibTLSVerify files to build system.
bnamasivayam May 8, 2018
488da10
Make changes to 5.1 to compile with new TLS Plugin.
bnamasivayam May 18, 2018
fd43124
Some changes to debugging print statements
ajbeamon May 18, 2018
b94fa1d
Add missing COMMIT instruction after logging directories.
ajbeamon May 18, 2018
82821d1
Have the two copies of the default directory layer share the same Dir…
ajbeamon May 18, 2018
7159dd5
DIRECTORY_MOVE_TO reuses the same DirListEntry rather than creating a…
ajbeamon May 18, 2018
9e9a81c
DIRECTORY_MOVE and DIRECTORY_OPEN use the existing DirListEntries, if…
ajbeamon May 18, 2018
ce36239
Merging children of DirListEntries now unifies the entries rather tha…
ajbeamon May 18, 2018
36a6f56
Merge pull request #393 from bnamasivayam/release-5.1
alexmiller-apple May 18, 2018
5db549c
Changes to print output
ajbeamon May 18, 2018
997d3ea
Rework how the directory hierarchy state is maintained, add tracking …
ajbeamon May 18, 2018
b6abd69
Fix server/client cert check
May 21, 2018
086700a
Plumb through TLS key password to CLI and from environment
May 21, 2018
84ed35b
Only log TLS verify failures if all verification fails; log failures …
May 21, 2018
a378b17
Update 5.2.0 -> 5.2.1 in documentation.
alexmiller-apple May 21, 2018
2288e44
Merge pull request #396 from richardalow/tls-fixes
May 21, 2018
9d19c48
Bump versions.target to 5.2.2
alexmiller-apple May 21, 2018
3bf52d6
Bump msi installer GUID
alexmiller-apple May 21, 2018
f96b95a
Ensure random prefixes for partitions and directory layer subspaces w…
ajbeamon May 22, 2018
fc69c34
Extract directory state tree, add some tests, and fix up a couple things
ajbeamon May 22, 2018
463a8cf
Fixed carriage return line endings
AlvinMooreSr May 23, 2018
addb822
Fix call to random.random()
ajbeamon May 23, 2018
1a39cd4
The directory state tree currently relies on some static members that…
ajbeamon May 23, 2018
f52da48
Don't merge directory state tree entries that have the same ID. When …
ajbeamon May 23, 2018
989a51e
Java tester was failing to create new transactions properly in some c…
ajbeamon May 23, 2018
377f253
Merge pull request #401 from AlvinMooreSr/release-5.2-fixws
ajbeamon May 23, 2018
0b1bd4f
Close transactions in ON_ERROR if the replace didn't succeed
ajbeamon May 23, 2018
ac8da95
Update TLS docs with new plugin options
May 23, 2018
29d365b
Merge remote-tracking branch 'apple/release-5.2' into tls-docs
May 23, 2018
48bf339
Add indirection in the directory state tree so that merged nodes woul…
ajbeamon May 23, 2018
e172a7f
Fix spacing in build file
ajbeamon May 23, 2018
cca8a93
Fix the docs build to follow redirect for python dependencies
May 23, 2018
6969605
Merge commit '377f253b449dd8c3d3f30ccd175ed7a645b45d12' into director…
ajbeamon May 23, 2018
7022066
Merge pull request #404 from ajbeamon/release-5.2
alecgrieser May 23, 2018
68c6231
Merge pull request #402 from richardalow/tls-docs
bnamasivayam May 24, 2018
ebdc2d7
Revert "Merge pull request #393 from bnamasivayam/release-5.1"
bnamasivayam May 29, 2018
6f34524
Merge pull request #415 from bnamasivayam/release-5.1
bnamasivayam May 29, 2018
d9c702a
Merge release-5.1 into release-5.2
ajbeamon May 30, 2018
526ecc5
Merge pull request #417 from ajbeamon/merge-release-5.1-into-release-5.2
bnamasivayam May 30, 2018
5cbad29
Merge branch 'release-5.1' of github.com:apple/foundationdb into merg…
ajbeamon May 30, 2018
586c094
Merge pull request #419 from ajbeamon/merge-release-5.1-into-release-5.2
ajbeamon May 30, 2018
90c5a63
Merge pull request #411 from AlvinMooreSr/release-5.1-jar-rename
alecgrieser May 30, 2018
0c2e801
Merge remote-tracking branch 'upstream/release-5.1' into merge-releas…
alecgrieser May 30, 2018
e42a74e
Merge pull request #421 from alecgrieser/merge-release-5.1
AlvinMooreSr May 30, 2018
cd64d6c
Update documentation for 5.2.2 release.
brownleej May 30, 2018
b6b6b88
Merge pull request #423 from brownleej/release-5.2.2
brownleej May 30, 2018
1dbe24a
In the Java directory layer, DirectoryLayer.exists returns true uncon…
ajbeamon May 30, 2018
aab2dbd
Fix docs wording
ajbeamon May 30, 2018
10bcba4
Bump versions.target
brownleej May 31, 2018
4ee34d8
Merge pull request #427 from brownleej/release-5.2.2
brownleej May 31, 2018
85804e9
Merge pull request #424 from ajbeamon/release-5.2
brownleej May 31, 2018
e4e0632
fix: Read-only transactions that get committed would fail if the read…
ajbeamon Jun 5, 2018
6fbb046
Merge pull request #437 from ajbeamon/fix-commit-readonly-transactions
etschannen Jun 5, 2018
eeb92fb
Add read-only commit fix and some PR links to release notes.
ajbeamon Jun 5, 2018
e659dc7
Merge pull request #438 from ajbeamon/release-5.2
etschannen Jun 5, 2018
7a84375
Better 5.2.2 release notes wording for TLS
Jun 5, 2018
4120062
fix: backup initialized its begin version at 1 instead of the read ve…
etschannen Jun 6, 2018
7c289c1
updated release notes
etschannen Jun 6, 2018
e82985a
fix: continue setting beginVersion so that versions between 5.2.0 and…
etschannen Jun 6, 2018
59caa96
Merge pull request #440 from etschannen/release-5.2
ajbeamon Jun 6, 2018
bd90cdb
Updates for release 5.2.3. This excludes required changes to administ…
ajbeamon Jun 6, 2018
b8efd4c
Merge pull request #441 from ajbeamon/release-5.2
ajbeamon Jun 6, 2018
cf7ab15
Update versions.target and MSI package for 5.2.4
ajbeamon Jun 6, 2018
b52681c
Merge pull request #442 from ajbeamon/release-5.2
ajbeamon Jun 6, 2018
f463245
Update version-specific upgrade notes
ajbeamon Jun 6, 2018
514b0e3
Having fixed limits for getRange results in continuously getting tran…
bnamasivayam Jun 7, 2018
c954379
Fix case of newSeverity detail in StderrSeverity trace event
ajbeamon Jun 8, 2018
12c45cc
Merge pull request #451 from ajbeamon/release-5.1
etschannen Jun 8, 2018
6461478
Merge pull request #452 from apple/release-5.1
ajbeamon Jun 8, 2018
c005560
Merge branch 'release-5.2' of github.com:apple/foundationdb into rele…
ajbeamon Jun 8, 2018
4e92141
Make wording consistent
ajbeamon Jun 8, 2018
42e6f2c
Merge pull request #444 from ajbeamon/release-5.2
alecgrieser Jun 8, 2018
20febf5
Address review comments.
bnamasivayam Jun 8, 2018
50779a1
Merge pull request #448 from bnamasivayam/fix-trprofile-test-bug
etschannen Jun 8, 2018
e67bf89
Merge pull request #439 from richardalow/release-notes
etschannen Jun 8, 2018
be9a131
bump supported python version to 3.6
alecgrieser Jun 11, 2018
69515e6
set_verify_peers now splits input based on the ‘|’ character
etschannen Jun 11, 2018
b071c5d
fix: incorrect parsing logic
etschannen Jun 11, 2018
08edc2b
Merge pull request #468 from etschannen/release-5.2
ajbeamon Jun 11, 2018
7db928c
Cluster file and its parent directory needs to be writable for operat…
bnamasivayam Jun 11, 2018
cfa7fe8
Identify processes with host:port regardless of if TLS is enabled or …
alexmiller-apple Jun 11, 2018
5090469
Merge pull request #471 from alexmiller-apple/tlsfixes-5.2
etschannen Jun 11, 2018
553bfec
Merge pull request #403 from richardalow/fix-docs-build
AlvinMooreSr Jun 11, 2018
a66194b
updated release notes for 5.2.4
etschannen Jun 12, 2018
62533da
Merge pull request #472 from etschannen/release-5.2
etschannen Jun 12, 2018
daea43b
Add administration and TLS sections to the site map.
brownleej Jun 11, 2018
6f0af73
Merge pull request #459 from alecgrieser/bump-python-version
brownleej Jun 12, 2018
c3beca3
Typo fixes using aspell
tirkarthi Jun 12, 2018
56e8355
Add docs about multiple verify peers strings
Jun 12, 2018
0d1c3f9
Merge pull request #476 from tirkarthi/doc-typo-fixes-release-5.2
ajbeamon Jun 12, 2018
67781e1
Merge pull request #477 from richardalow/additional-verify-peers-args
Jun 12, 2018
b8b69c3
Merge remote-tracking branch 'apple/release-5.1' into release-5.2
Jun 12, 2018
ea63a19
Merge pull request #478 from apple/release-5.1
ajbeamon Jun 12, 2018
5ec4aa4
Merge remote-tracking branch 'apple/release-5.2' into release-5.2
Jun 12, 2018
819929e
Address review comments.
bnamasivayam Jun 12, 2018
3a4c755
Merge pull request #470 from bnamasivayam/cluster-file-directory-writ…
ajbeamon Jun 12, 2018
0481928
Reduce backup parallel tasks to decrease memory usage.
Jun 12, 2018
75de22b
Merge pull request #482 from satherton/release-5.2
Jun 12, 2018
d1a0da9
Merge remote-tracking branch 'apple/release-5.2' into release-5.2
Jun 12, 2018
0bc629c
Update download links for 5.2.4 release
Jun 12, 2018
b46862f
Update MSI package for 5.2.4 release
Jun 12, 2018
6292d02
Merge pull request #484 from richardalow/release-5.2
richardalow Jun 12, 2018
a3ca220
Update MSI package after 5.2.4 release
Jun 13, 2018
a52430f
Bump versions.target
Jun 13, 2018
4970260
Merge pull request #486 from richardalow/release-5.2
richardalow Jun 13, 2018
6f941a8
Fix bug in actor compiler that would cause multi-line comments to be …
ajbeamon Jun 13, 2018
6a4965e
Merge pull request #488 from ajbeamon/actor-compiler-comment-line-num…
etschannen Jun 13, 2018
4a87a6c
Fix the indentation of the administration document
lingbin Jun 14, 2018
f1633c8
Merge pull request #490 from lingbin/release-5.2
alexmiller-apple Jun 14, 2018
209f96e
Merge pull request #473 from brownleej/site-map-fix-5.2
alecgrieser Jun 14, 2018
e0c72b3
Add UID and DC as additional subject fields for TLS peer validation
Jun 19, 2018
fff6a47
Validate certiicates by default
Jun 20, 2018
b161e25
Update relese notes
Jun 20, 2018
2f88414
Merge pull request #511 from richardalow/check-valid-default
Jun 20, 2018
7072171
Merge pull request #504 from richardalow/tls-additional-subject-field
Jun 20, 2018
361e335
Disable cert validation in simulation
Jun 20, 2018
e9e1e19
Added operation-specific rate controls to blob store interface.
Jun 21, 2018
d9f3eb0
Change default delete operations per second. Updated release notes.
Jun 21, 2018
f00e134
Merge pull request #513 from satherton/blob-operation-rate-limits
alecgrieser Jun 21, 2018
1a81dff
Merge pull request #512 from richardalow/check-valid-default
etschannen Jun 21, 2018
011f0ce
reordered the release notes
etschannen Jun 21, 2018
6eafe9e
Merge pull request #516 from etschannen/release-5.2
apkar Jun 21, 2018
ea5aa51
5.2.5 release related changes.
apkar Jun 21, 2018
4e48018
Merge pull request #517 from apkar/release-5.2
etschannen Jun 21, 2018
23245b0
Post release steps for 5.2.5
apkar Jun 21, 2018
c4a035c
Merge pull request #523 from apkar/release-5.2
etschannen Jun 21, 2018
2ed4523
Merge branch 'release-5.2' into directory-tester-cleanup
ajbeamon Jun 26, 2018
a7158f9
Address some review comments
ajbeamon Jun 26, 2018
de00994
Correct the default peer verification in the docs
Jun 27, 2018
d8ca7a7
Change tree node state to have references to parent nodes and update …
ajbeamon Jun 27, 2018
9a51dec
Add a documentation plugin for the formatting in our Ruby docs.
brownleej Jun 27, 2018
23b691b
Merge pull request #536 from brownleej/ruby-doc-fixes-52
alexmiller-apple Jun 27, 2018
ac9de81
Merge pull request #406 from ajbeamon/directory-tester-cleanup
alecgrieser Jun 27, 2018
0f70f04
Merge pull request #535 from richardalow/default-peer-verification-do…
alexmiller-apple Jun 30, 2018
7cb12c1
switch module name of ruby domain to sphinxcontrib.rubydomain
alecgrieser Jun 30, 2018
b506361
Merge pull request #546 from alecgrieser/fix-docs-build
Jun 30, 2018
3f57d02
Crash fix on MacOS. Aligned_alloc() would silently fail for alignmen…
Jul 1, 2018
3d32fc4
Reduced MacOS aligned_alloc fix to the most minimal change which fixe…
Jul 1, 2018
45c0f01
Merge pull request #547 from satherton/fix-macos-aligned-allocation-bug
alecgrieser Jul 1, 2018
cdafd54
fix: fixed a memory leak where leaderInfo notifications are not clear…
etschannen Jul 7, 2018
acee7ee
Merge branch 'release-5.2' of github.com:etschannen/foundationdb into…
Jul 7, 2018
fee4234
Bug fixes in memory activity logging.
Jul 7, 2018
a2f16e2
Memory waste fix, when a Peer disconnects an extra packet buffer bloc…
Jul 7, 2018
c5b5d02
Merge branch 'release-5.2' of github.com:apple/foundationdb into rele…
etschannen Jul 9, 2018
3b62fa5
Merge pull request #574 from satherton/release-5.2-leaks
etschannen Jul 9, 2018
d894f4c
Merge branch 'release-5.2' of github.com:apple/foundationdb into rele…
etschannen Jul 9, 2018
e503dc9
fix: destroy peers that are inactive
etschannen Jul 8, 2018
c6133ba
Merge pull request #579 from satherton/release-5.2-leaks
alexmiller-apple Jul 9, 2018
ef6ccc7
fix: consistency check was not checking for data inconsistencies
etschannen Jun 28, 2018
0e1c32e
fix: consistency check was broken when the key server key space is sh…
etschannen Jun 29, 2018
eb9114f
fixed a few problems with the consistency check
etschannen Jun 30, 2018
ad1816b
fix: consistency check could loop too long
etschannen Jul 2, 2018
f3f81e3
Remove usable regions on 5.2 as it is 6.0-only
alexmiller-apple Jul 9, 2018
ad08fba
Merge pull request #580 from alexmiller-apple/consistencycheck-5.2
etschannen Jul 9, 2018
3ce7c78
If an HTTP request fails due to a connection failure or a timeout, do…
Jul 10, 2018
6435e32
Merge pull request #581 from satherton/improve-blob-error-types
alexmiller-apple Jul 10, 2018
9f14db1
Add release notes for 5.2.6
alexmiller-apple Jul 10, 2018
c40f023
Change download links from 5.2.5 -> 5.2.6
alexmiller-apple Jul 10, 2018
1c4c7f3
Bump msi GUID
alexmiller-apple Jul 10, 2018
fddb3e8
Differentiate between a timeout in attempting to connect vs a timeout…
Jul 10, 2018
2b571f2
Updated release notes for 5.2.6.
Jul 10, 2018
d0d21c3
Merge pull request #583 from satherton/release-5.2-update-release-notes
alexmiller-apple Jul 10, 2018
54e4438
Merge pull request #582 from satherton/improve-blob-error-types
alecgrieser Jul 10, 2018
bc1098d
Changed python binding classifier to that on approved list: https://p…
AlvinMooreSr Jul 13, 2018
1c1d894
Reorganize release notes to separate 5.2.6 into its own section.
ajbeamon Jul 16, 2018
dae3132
Merge pull request #608 from ajbeamon/reorganize-release-notes
Jul 16, 2018
e101f95
Merge branch 'release-5.2' of github.com:apple/foundationdb into rele…
etschannen Jul 16, 2018
7f2f70f
fix: links in the release notes were incorrectly formatted
etschannen Jul 16, 2018
d53a0e2
fix: incorrect PR number
etschannen Jul 17, 2018
63f3d11
Merge pull request #613 from etschannen/release-5.2
etschannen Jul 17, 2018
e4ed2b7
make_public.py uses an underscore, not a hyphen.
ajbeamon Jul 17, 2018
023799e
Merge pull request #617 from ajbeamon/release-5.2
richardalow Jul 17, 2018
c593d1c
Bug fix causing clients to sometimes (rarely) not reconnect to upgrad…
Jul 28, 2018
6a3834c
Fixed memory leak when destroying a FlowTransport.
Jul 28, 2018
59e0054
Fixed bug where incompatible connection count was sometimes decrement…
Jul 28, 2018
4379a58
Suppress potentially spammy event and don't log cancellation errors.
Jul 28, 2018
7552a07
Merge pull request #637 from satherton/fix-upgrade-reconnect-failure
etschannen Jul 28, 2018
fa3b615
fix: do not increase numIncompatibleConnections if the connect was al…
etschannen Jul 28, 2018
ccf4384
Merge pull request #638 from etschannen/release-5.2
etschannen Jul 28, 2018
2d8a6d1
fix: cache databases by cluster file and DB name in golang bindings.
ajbeamon Jul 18, 2018
b4b002c
update release notes with go caching fix
alecgrieser Jul 30, 2018
4ac909e
Merge pull request #642 from alecgrieser/cherry-pick-golang-db-cache-fix
etschannen Jul 30, 2018
5ea1ceb
updated the release notes with the multi-version client fix
etschannen Jul 30, 2018
82bb2de
reworded the release note for clarity
etschannen Jul 30, 2018
23892d1
Merge pull request #643 from etschannen/release-5.2
etschannen Jul 30, 2018
a5a28c6
Bump version.
brownleej Jul 30, 2018
02cc2ad
Merge pull request #645 from brownleej/release-5.2.7
brownleej Jul 30, 2018
a2b3c71
thread custom executors through FDBDatabase::run and FDBDatabase::read
alecgrieser Jul 30, 2018
c768c2c
bump version to 5.2.8
alecgrieser Jul 30, 2018
d0fc944
Merge pull request #646 from alecgrieser/000640-pass-executor-in-fdbd…
apkar Jul 31, 2018
72ff32c
Version bump.
brownleej Jul 31, 2018
df69239
Merge pull request #647 from brownleej/release-5.2.7
brownleej Jul 31, 2018
a361a78
fix: clients which cannot talk to storage servers poll the proxy for …
etschannen Jul 31, 2018
922374b
merge 5.2
etschannen Aug 1, 2018
3b514aa
updated release notes for 5.2.8
etschannen Aug 1, 2018
2d7922d
Merge pull request #650 from etschannen/release-5.2
Aug 1, 2018
e93834f
Preparing for patch release 5.2.8.
Aug 1, 2018
ae899a1
Merge pull request #653 from satherton/release-5.2
Aug 1, 2018
b6fcb4a
Update GUID.
Aug 1, 2018
5b47dea
Merge pull request #654 from satherton/release-5.2
Aug 1, 2018
b668797
Update release notes to elaborate on the fix in 5.2.7
ajbeamon Aug 3, 2018
916ba36
Merge pull request #664 from ajbeamon/release-5.2
etschannen Aug 3, 2018
21fe6ad
fix: give time to do other work between accepting connections. It is …
etschannen Aug 3, 2018
501033c
fix: tlog spilling on a stopped log was only making one version durab…
etschannen Aug 3, 2018
a71a546
Merge branch 'release-5.2' of github.com:apple/foundationdb into rele…
etschannen Aug 3, 2018
cf3e0be
Merge pull request #666 from etschannen/release-5.2
ajbeamon Aug 3, 2018
66bcd67
Add missing release note.
ajbeamon Aug 9, 2018
a54e812
Merge pull request #683 from ajbeamon/release-5.2
ajbeamon Aug 9, 2018
4f9dd10
fix: as long as some leader was sending heartbeats we would keep the …
etschannen Aug 11, 2018
b8486d4
Merge pull request #700 from etschannen/release-5.2
ajbeamon Aug 13, 2018
f4b3299
Merge pull request #601 from AlvinMooreSr/python-setup
AlvinMooreSr Sep 4, 2018
ede7f90
Update API version in godocs example from 200 to 520.
ajbeamon Sep 19, 2018
5d71959
Merge pull request #776 from ajbeamon/fix-godocs-api-version
alecgrieser Sep 19, 2018
54c240c
Add release notes for 5.0.8 to old release notes
ajbeamon Oct 3, 2018
a91f592
Merge pull request #799 from ajbeamon/release-5.1
etschannen Oct 3, 2018
1b7aac6
Merge pull request #805 from apple/release-5.1
ajbeamon Oct 4, 2018
abaefbe
Fix typo
ajbeamon Oct 4, 2018
e771872
Merge pull request #808 from ajbeamon/release-5.1
ajbeamon Oct 4, 2018
b3912b3
Merge pull request #809 from apple/release-5.1
ajbeamon Oct 4, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion FDBLibTLS/FDBLibTLSPolicy.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,20 @@ bool FDBLibTLSPolicy::set_verify_peers(int count, const uint8_t* verify_peers[],

for (int i = 0; i < count; i++) {
try {
Reference<FDBLibTLSVerify> verify = Reference<FDBLibTLSVerify>(new FDBLibTLSVerify(std::string((const char*)verify_peers[i], verify_peers_len[i])));
std::string verifyString((const char*)verify_peers[i], verify_peers_len[i]);
int start = 0;
while(start < verifyString.size()) {
int split = verifyString.find('|', start);
if(split == std::string::npos) {
break;
}
if(split == start || verifyString[split-1] != '\\') {
Reference<FDBLibTLSVerify> verify = Reference<FDBLibTLSVerify>(new FDBLibTLSVerify(verifyString.substr(start,split-start)));
verify_rules.push_back(verify);
start = split+1;
}
}
Reference<FDBLibTLSVerify> verify = Reference<FDBLibTLSVerify>(new FDBLibTLSVerify(verifyString.substr(start)));
verify_rules.push_back(verify);
} catch ( const std::runtime_error& e ) {
verify_rules.clear();
Expand Down
44 changes: 31 additions & 13 deletions FDBLibTLS/FDBLibTLSSession.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@

#include <exception>

#include <set>
#include <string.h>
#include <limits.h>

Expand Down Expand Up @@ -138,67 +139,70 @@ bool match_criteria(X509_NAME *name, int nid, const char *value, size_t len) {
return rc;
}

bool FDBLibTLSSession::check_verify(Reference<FDBLibTLSVerify> verify, struct stack_st_X509 *certs) {
std::tuple<bool,std::string> FDBLibTLSSession::check_verify(Reference<FDBLibTLSVerify> verify, struct stack_st_X509 *certs) {
X509_STORE_CTX *store_ctx = NULL;
X509_NAME *subject, *issuer;
BIO *bio = NULL;
bool rc = false;
// if returning false, give a reason string
std::string reason = "";

// If certificate verification is disabled, there's nothing more to do.
if (!verify->verify_cert)
return true;
return std::make_tuple(true, reason);

// Verify the certificate.
if ((store_ctx = X509_STORE_CTX_new()) == NULL) {
policy->logf("FDBLibTLSOutOfMemory", uid, true, NULL);
reason = "FDBLibTLSOutOfMemory";
goto err;
}
if (!X509_STORE_CTX_init(store_ctx, NULL, sk_X509_value(certs, 0), certs)) {
policy->logf("FDBLibTLSStoreCtxInit", uid, true, NULL);
reason = "FDBLibTLSStoreCtxInit";
goto err;
}
X509_STORE_CTX_trusted_stack(store_ctx, policy->roots);
X509_STORE_CTX_set_default(store_ctx, is_client ? "ssl_client" : "ssl_server");
X509_STORE_CTX_set_default(store_ctx, is_client ? "ssl_server" : "ssl_client");
if (!verify->verify_time)
X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(store_ctx), X509_V_FLAG_NO_CHECK_TIME);
if (X509_verify_cert(store_ctx) <= 0) {
const char *errstr = X509_verify_cert_error_string(X509_STORE_CTX_get_error(store_ctx));
policy->logf("FDBLibTLSVerifyCert", uid, true, "VerifyError", errstr, NULL);
reason = "FDBLibTLSVerifyCert VerifyError " + std::string(errstr);
goto err;
}

// Check subject criteria.
if ((subject = X509_get_subject_name(sk_X509_value(store_ctx->chain, 0))) == NULL) {
policy->logf("FDBLibTLSCertSubjectError", uid, true, NULL);
reason = "FDBLibTLSCertSubjectError";
goto err;
}
for (auto &pair: verify->subject_criteria) {
if (!match_criteria(subject, pair.first, pair.second.c_str(), pair.second.size())) {
policy->logf("FDBLibTLSCertSubjectMatchFailure", uid, true, NULL);
reason = "FDBLibTLSCertSubjectMatchFailure";
goto err;
}
}

// Check issuer criteria.
if ((issuer = X509_get_issuer_name(sk_X509_value(store_ctx->chain, 0))) == NULL) {
policy->logf("FDBLibTLSCertIssuerError", uid, true, NULL);
reason = "FDBLibTLSCertIssuerError";
goto err;
}
for (auto &pair: verify->issuer_criteria) {
if (!match_criteria(issuer, pair.first, pair.second.c_str(), pair.second.size())) {
policy->logf("FDBLibTLSCertIssuerMatchFailure", uid, true, NULL);
reason = "FDBLibTLSCertIssuerMatchFailure";
goto err;
}
}

// Check root criteria - this is the subject of the final certificate in the stack.
if ((subject = X509_get_subject_name(sk_X509_value(store_ctx->chain, sk_X509_num(store_ctx->chain) - 1))) == NULL) {
policy->logf("FDBLibTLSRootSubjectError", uid, true, NULL);
reason = "FDBLibTLSRootSubjectError";
goto err;
}
for (auto &pair: verify->root_criteria) {
if (!match_criteria(subject, pair.first, pair.second.c_str(), pair.second.size())) {
policy->logf("FDBLibTLSRootSubjectMatchFailure", uid, true, NULL);
reason = "FDBLibTLSRootSubjectMatchFailure";
goto err;
}
}
Expand All @@ -209,14 +213,17 @@ bool FDBLibTLSSession::check_verify(Reference<FDBLibTLSVerify> verify, struct st
err:
X509_STORE_CTX_free(store_ctx);

return rc;
return std::make_tuple(rc, reason);
}

bool FDBLibTLSSession::verify_peer() {
struct stack_st_X509 *certs = NULL;
const uint8_t *cert_pem;
size_t cert_pem_len;
bool rc = false;
std::set<std::string> verify_failure_reasons;
bool verify_success;
std::string verify_failure_reason;

// If no verify peer rules have been set, we are relying on standard
// libtls verification.
Expand All @@ -232,9 +239,20 @@ bool FDBLibTLSSession::verify_peer() {

// Any matching rule is sufficient.
for (auto &verify_rule: policy->verify_rules) {
if (check_verify(verify_rule, certs)) {
std::tie(verify_success, verify_failure_reason) = check_verify(verify_rule, certs);
if (verify_success) {
rc = true;
break;
} else {
if (verify_failure_reason.length() > 0)
verify_failure_reasons.insert(verify_failure_reason);
}
}

if (!rc) {
// log the various failure reasons
for (std::string reason : verify_failure_reasons) {
policy->logf(reason.c_str(), uid, false, NULL);
}
}

Expand Down
2 changes: 1 addition & 1 deletion FDBLibTLS/FDBLibTLSSession.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ struct FDBLibTLSSession : ITLSSession, ReferenceCounted<FDBLibTLSSession> {
virtual void delref() { ReferenceCounted<FDBLibTLSSession>::delref(); }

bool verify_peer();
bool check_verify(Reference<FDBLibTLSVerify> verify, struct stack_st_X509 *certs);
std::tuple<bool,std::string> check_verify(Reference<FDBLibTLSVerify> verify, struct stack_st_X509 *certs);

virtual int handshake();
virtual int read(uint8_t* data, int length);
Expand Down
3 changes: 2 additions & 1 deletion FDBLibTLS/FDBLibTLSVerify.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ static std::string de4514(std::string const& input, int start, int& out_end) {
case '<':
case '=':
case '>':
case '|':
case '\\':
output += input[p+1];
p += 2;
Expand Down Expand Up @@ -135,7 +136,7 @@ static std::pair<std::string, std::string> splitPair(std::string const& input, c
static int abbrevToNID(std::string const& sn) {
int nid = NID_undef;

if (sn == "C" || sn == "CN" || sn == "L" || sn == "ST" || sn == "O" || sn == "OU")
if (sn == "C" || sn == "CN" || sn == "L" || sn == "ST" || sn == "O" || sn == "OU" || sn == "UID" || sn == "DC")
nid = OBJ_sn2nid(sn.c_str());
if (nid == NID_undef)
throw std::runtime_error("abbrevToNID");
Expand Down
Loading