Closed lukebakken closed 5 years ago
features/lrb/pb-separate-encrypted-port 92f4f74 | :arrow_right: | develop 8cecaba | :white_check_mark: completed |
> Started at: 2016-12-27 12:45 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 92f4f744246fdb0b5b56898a786784f884f46955 onto target branch: develop 8cecabaeeefa41ce6992a9b529fa8fe4e3b03ab4 > Exit Code: OK > :page_facing_up:
``` Updating 8cecaba..92f4f74 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 16 ++++ src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------- src/riak_api_pb_server.erl | 197 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------- test/riak_api_schema_tests.erl | 4 + 7 files changed, 155 insertions(+), 245 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port ca74074 | :arrow_right: | develop 8cecaba | :white_check_mark: completed |
> Started at: 2016-12-27 17:04 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port ca74074691d581fd65c388f704d0b08c858a915a onto target branch: develop 8cecabaeeefa41ce6992a9b529fa8fe4e3b03ab4 > Exit Code: OK > :page_facing_up:
``` Updating 8cecaba..ca74074 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 16 ++++ src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------ src/riak_api_pb_server.erl | 203 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------ test/riak_api_schema_tests.erl | 4 + 7 files changed, 159 insertions(+), 247 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port e99146d | :arrow_right: | develop 8cecaba | :white_check_mark: completed |
> Started at: 2016-12-27 17:22 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port e99146dc0ee4cb603ce05f9a519f40e3ea5f49b3 onto target branch: develop 8cecabaeeefa41ce6992a9b529fa8fe4e3b03ab4 > Exit Code: OK > :page_facing_up:
``` Updating 8cecaba..e99146d Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------ src/riak_api_pb_server.erl | 203 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------ test/riak_api_schema_tests.erl | 4 + 7 files changed, 161 insertions(+), 249 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port 9071e44 | :arrow_right: | develop 8cecaba | :white_check_mark: completed |
> Started at: 2016-12-27 17:44 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 9071e4487030a28b60e272d5f86b5feef824452d onto target branch: develop 8cecabaeeefa41ce6992a9b529fa8fe4e3b03ab4 > Exit Code: OK > :page_facing_up:
``` Updating 8cecaba..9071e44 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------ src/riak_api_pb_server.erl | 203 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------ test/riak_api_schema_tests.erl | 4 + 7 files changed, 161 insertions(+), 249 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port 8ae9785 | :arrow_right: | develop 8cecaba | :white_check_mark: completed |
> Started at: 2016-12-28 08:45 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 8ae978505838f3459de2c63d7003ec2d1541ab33 onto target branch: develop 8cecabaeeefa41ce6992a9b529fa8fe4e3b03ab4 > Exit Code: OK > :page_facing_up:
``` Updating 8cecaba..8ae9785 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------ src/riak_api_pb_server.erl | 203 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------ src/riak_api_web_security.erl | 37 +++----- test/riak_api_schema_tests.erl | 4 + 8 files changed, 175 insertions(+), 272 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port d6cd21f | :arrow_right: | develop 34a6cbd | :white_check_mark: completed |
> Started at: 2016-12-28 19:15 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port d6cd21fd16b594b89428069f04817d9abec23c3a onto target branch: develop 34a6cbd56f8958b0ed48e7177e33cd78c388a32b > Exit Code: OK > :page_facing_up:
``` Updating 34a6cbd..d6cd21f Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------ src/riak_api_pb_server.erl | 203 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------ src/riak_api_web_security.erl | 37 +++----- test/riak_api_schema_tests.erl | 4 + 8 files changed, 175 insertions(+), 272 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port 6516a35 | :arrow_right: | develop 34a6cbd | :white_check_mark: completed |
> Started at: 2016-12-29 08:13 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 6516a35a79339ea4313298678c57948bb14a74ab onto target branch: develop 34a6cbd56f8958b0ed48e7177e33cd78c388a32b > Exit Code: OK > :page_facing_up:
``` Updating 34a6cbd..6516a35 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------ src/riak_api_pb_server.erl | 203 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------ src/riak_api_web_security.erl | 37 +++----- test/riak_api_schema_tests.erl | 4 + 8 files changed, 175 insertions(+), 272 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port 1275fb3 | :arrow_right: | develop 34a6cbd | :white_check_mark: completed |
> Started at: 2017-01-05 12:25 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 1275fb341e070e5a7cba61d3de3e60a13ea0d002 onto target branch: develop 34a6cbd56f8958b0ed48e7177e33cd78c388a32b > Exit Code: OK > :page_facing_up:
``` Updating 34a6cbd..1275fb3 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++------------------ src/riak_api_pb_server.erl | 208 ++++++++++++++++++++--------------------- src/riak_api_pb_sup.erl | 22 ----- src/riak_api_sup.erl | 55 +++++------ src/riak_api_web_security.erl | 37 +++----- test/riak_api_schema_tests.erl | 4 + 8 files changed, 178 insertions(+), 274 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port bbe8fc5 | :arrow_right: | develop 34a6cbd | :white_check_mark: completed |
> Started at: 2017-01-06 09:23 > Duration: 2 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port bbe8fc5ff79b347418eefaacffc00d7b915bd78d onto target branch: develop 34a6cbd56f8958b0ed48e7177e33cd78c388a32b > Exit Code: OK > :page_facing_up:
``` Updating 34a6cbd..bbe8fc5 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++----------------- src/riak_api_pb_server.erl | 219 ++++++++++++++++++++++------------------- src/riak_api_pb_sup.erl | 32 +----- src/riak_api_sup.erl | 55 +++++------ src/riak_api_web_security.erl | 37 +++---- test/riak_api_schema_tests.erl | 4 + 8 files changed, 194 insertions(+), 279 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port 5e0b6e3 | :arrow_right: | develop 34a6cbd | :white_check_mark: completed |
> Started at: 2017-01-06 11:43 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 5e0b6e34f65187220b03e2b20cd0ece3565f8737 onto target branch: develop 34a6cbd56f8958b0ed48e7177e33cd78c388a32b > Exit Code: OK > :page_facing_up:
``` Updating 34a6cbd..5e0b6e3 Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 105 +++---------------- src/riak_api_pb_server.erl | 222 ++++++++++++++++++++++------------------- src/riak_api_pb_sup.erl | 32 +----- src/riak_api_ssl.erl | 31 ++---- src/riak_api_sup.erl | 55 +++++----- src/riak_api_web_security.erl | 37 +++---- test/riak_api_schema_tests.erl | 4 + 9 files changed, 204 insertions(+), 303 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port 6d26c5e | :arrow_right: | develop 34a6cbd | :white_check_mark: completed |
> Started at: 2017-01-06 14:28 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 6d26c5e4410d1cb298c21b2e0eb6dcc468c631c4 onto target branch: develop 34a6cbd56f8958b0ed48e7177e33cd78c388a32b > Exit Code: OK > :page_facing_up:
``` Updating 34a6cbd..6d26c5e Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 +++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 115 +++++----------------- src/riak_api_pb_server.erl | 217 +++++++++++++++++++++-------------------- src/riak_api_pb_sup.erl | 32 +----- src/riak_api_ssl.erl | 31 ++---- src/riak_api_sup.erl | 55 +++++------ src/riak_api_web_security.erl | 37 +++---- test/riak_api_schema_tests.erl | 4 + 9 files changed, 208 insertions(+), 304 deletions(-) ``` --------------------------------------------------features/lrb/pb-separate-encrypted-port 342f8bb | :arrow_right: | develop 34a6cbd | :white_check_mark: completed |
> Started at: 2017-01-10 09:26 > Duration: 1 seconds. > Result: OK > Message: Merge Success: features/lrb/pb-separate-encrypted-port 342f8bb68d4f387f17bbcfb6072358cb8069be1a onto target branch: develop 34a6cbd56f8958b0ed48e7177e33cd78c388a32b > Exit Code: OK > :page_facing_up:
``` Updating 34a6cbd..342f8bb Fast-forward (no commit created; -m option ignored) priv/riak_api.schema | 20 ++++- src/riak_api_app.erl | 1 - src/riak_api_pb_listener.erl | 95 +++++--------------- src/riak_api_pb_server.erl | 197 ++++++++++++++++++++++++----------------- src/riak_api_pb_sup.erl | 10 +-- src/riak_api_ssl.erl | 9 +- src/riak_api_sup.erl | 33 +++++-- src/riak_api_web_security.erl | 37 +++----- test/riak_api_schema_tests.erl | 4 + 9 files changed, 210 insertions(+), 196 deletions(-) ``` --------------------------------------------------
Status
2017-01-05
- ready for review.Overview
pb
andtls
listener use same supervisoreinval
error frompeername/1
Fixes
RIAK-2913
Overview of changes:
PB
This PR introduces a
tls
setting in theriak_api
environment that is a mirror ofpb
. When set, Riak will listen for TCP connections on these ports and will always assume SSL/TLS connections on the port(s) configured. TheRpbStartTls
message is unnecessary on these ports, and clients that connect to these ports will have to be modified to not send this message an instead send theRpbAuthReq
message if security is enabled. This means that if security is not enabled, clients can still connect to this port and have encrypted communications without authentication.I modified the code for the legacy pb ports to make the
RpbStartTls
message optional. If a client sends this message, TLS will be set up on the socket prior to authentication, preserving backwards compatibility. However, if the client does not sendRpbStartTls
and instead sendsRpbAuthReq
, Riak will continue to the authentication phase of the connection establishment. This allows clients to connect to Riak with security enabled but without encryption configured.If a Riak users wishes to enforce encrypted connections, then only
listener.tls...
should be configured inriak.conf
.HTTP
Removed check for
https
in theis_authorized
function. Auth credentials may be sent over HTTP or HTTPS now.