| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a typo that was incorrectly causing the ssl cipher
list not to be set properly on the test volume.
Change-Id: I7969988551aa0c76261e41ab2f6247b684dacd49
Signed-off-by: Deepak C Shetty <deepakcs@redhat.com>
Reviewed-on: http://review.gluster.org/10914
Tested-by: NetBSD Build System
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix two spurious failures in tests/features/ssl-authz.t
1) Wait for bricks to come online after starting a volume, so that
the mount is usable without "socket not connected" error
2) For a mount that must fail, we may get the situation where there
is no mount at all, which means creating a file will write to the
mount point instead of failing. To cover that case, write the
file and check it is absent from the brick.
BUG: 1129939
Change-Id: If95e1d65ab23d11123f778c20f8110a3177b0e7f
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/9483
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, enabling SSL authentication/encryption but not authorization
required explicitly setting ssl-allow=*. Now that same behavior is the
default (i.e. when ssl-allow is not set).
Also, there's no reason that a name used for *login* auth (typically a
UUID for internal purposes or a human name when using SSL) should
validate as an RFC-compliant host name or IP address. Therefore the
validation only occurs when the auth type is "addr" (not "login" or
anything else).
Change-Id: I01485ff4f0ab37de4b182858235a5fb0cf4c3c7d
BUG: 1179208
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/9397
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is related to CVE-2014-3566 a.k.a. POODLE.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
POODLE is specific to CBC cipher modes in SSLv3. Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes. The default cipher-mode specification in our code has been
changed accordingly. Users can still set their own cipher modes if they
wish. To support them, the ssl-authz.t test script provides an example
of how to combine the CBC exclusion with other criteria in a script.
Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5
BUG: 1155328
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8962
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
- /opt/local is not preferred anymore use /usr/local
Change-Id: I30cad4cbd28850063f26121cace05371e13bb314
BUG: 1129939
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/8872
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current code assumes /etc/ssl exists, which may not be the case.
Attempt to guess sane default for a few OS.
BUG: 1129939
Change-Id: I0f3168f79b8f4275636581041740dfcaf25f3edd
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8790
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use 'getfattr' properly avoid redundant options during xattr query
- Untabify certain parts of tests (remove tabs)
- Avoid backtick evaluation for certain values to make code more portable.
- Use awk on FreeBSD/Darwin, since 'wc' implementation is broken and adds
spurious spaces in its output.
Change-Id: I7dcc0b70874e43b4cda8c306ed18a31b7a3f990a
BUG: 1131713
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/8520
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Emmanuel Dreyfus <manu@netbsd.org>
Tested-by: Emmanuel Dreyfus <manu@netbsd.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- `wc -l` on OSX/FreeBSD adds spurious spaces, this clobbers
up TAP output parsers - fix it.
- `umount -l` doesn't exist on OSX/FreeBSD use 'umount -f' if
available.
- Add check for 'file' version, to handle mime type variations
across versions
- Converge 'glusterfs --attribute-timeout=0 --entry-timeout=0'
into '$GFS'
- Modify remaining 'mount -t nfs' to use 'mount_nfs'
- Update sha1sum for OSX to use 'openssl sha1'.
Change-Id: Id1012faa5d67a921513d220e7fa9cebafe830d34
BUG: 1131713
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/8501
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
|
|
Access to a volume is now controlled by the following options, based on
whether SSL is enabled or not.
* server.ssl-allow: get identity from certificate, no password needed
* auth.allow: get identity and matching password from command line
It is not possible to allow both simultaneously, since the connection
itself is either using SSL or it isn't.
Change-Id: I5a5be66520f56778563d62f4b3ab35c66cc41ac0
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/3695
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
|