Skip to content

Commit

Permalink
Add TLS Server.
Browse files Browse the repository at this point in the history 
The TLS server is an alternative to using SSH for protocol connections to remote hosts.

This command is currently experimental and intended only for trial and testing. As such, the new commands and options will not show up in the command-line help unless directly requested.
  • Loading branch information
@dwsteele
dwsteele committed Oct 18, 2021
1 parent 09fb939 commit ccc255d
Show file tree
Hide file tree
Showing 90 changed files with 4,608 additions and 836 deletions.
15 changes: 15 additions & 0 deletions doc/xml/release.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,21 @@
<p>Add hints to standby replay timeout message.</p>
</release-item>
</release-improvement-list>

<release-development-list>
<release-item>
<github-pull-request id="1504"/>

<release-item-contributor-list>
<release-item-contributor id="david.steele"/>
<release-item-reviewer id="stephen.frost"/>
<!-- Actually tester, but we don't have a tag for that yet -->
<release-item-reviewer id="andrew.lecuyer"/>
</release-item-contributor-list>

<p><proper>Add TLS</proper> server.</p>
</release-item>
</release-development-list>
</release-core-list>
</release>

Expand Down
6 changes: 6 additions & 0 deletions src/Makefile.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ SRCS = \
command/restore/protocol.c \
command/restore/restore.c \
command/remote/remote.c \
command/server/ping.c \
command/server/server.c \
command/stanza/common.c \
command/stanza/create.c \
command/stanza/delete.c \
Expand Down Expand Up @@ -116,11 +118,15 @@ SRCS = \
common/io/http/response.c \
common/io/http/session.c \
common/io/http/url.c \
common/io/server.c \
common/io/session.c \
common/io/socket/client.c \
common/io/socket/common.c \
common/io/socket/server.c \
common/io/socket/session.c \
common/io/tls/client.c \
common/io/tls/common.c \
common/io/tls/server.c \
common/io/tls/session.c \
common/lock.c \
common/stat.c \
Expand Down
158 changes: 156 additions & 2 deletions src/build/config/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,14 @@ command:
local: {}
remote: {}

server-ping:
internal: true
log-file: false
parameter-allowed: true

server-start:
internal: true

stanza-create:
command-role:
remote: {}
Expand Down Expand Up @@ -599,6 +607,8 @@ option:
repo-put: {}
repo-rm: {}
restore: {}
server-ping: {}
server-start: {}
stanza-create: {}
stanza-delete: {}
stanza-upgrade: {}
Expand Down Expand Up @@ -822,6 +832,7 @@ option:
repo-put: {}
repo-rm: {}
restore: {}
server-start: {}
stanza-create: {}
stanza-delete: {}
stanza-upgrade: {}
Expand Down Expand Up @@ -889,6 +900,61 @@ option:
command: buffer-size
depend: tcp-keep-alive-count

tls-server-ca-file:
internal: true
section: global
type: path
command:
server-start:
internal: false

tls-server-cert-file:
internal: true
section: global
type: path
command:
server-start:
internal: false

tls-server-key-file:
internal: true
section: global
type: path
command:
server-start:
internal: false

tls-server-auth:
internal: true
section: global
type: hash
command:
server-start:
internal: false

tls-server-address:
internal: true
section: global
type: string
default: localhost
command:
server-ping:
internal: false
server-start:
internal: false

tls-server-port:
internal: true
section: global
type: integer
default: 8432
allow-range: [1, 65535]
command:
server-ping:
internal: false
server-start:
internal: false

# Logging options
#---------------------------------------------------------------------------------------------------------------------------------
log-level-console:
Expand Down Expand Up @@ -1265,6 +1331,32 @@ option:
db-host: {}
db?-host: {}

pg-host-cert-file:
internal: true
section: global
group: pg
type: string
command: pg-local
command-role:
async: {}
main: {}
local: {}
depend:
option: pg-host-type
list:
- tls

pg-host-key-file:
inherit: pg-host-cert-file

pg-host-ca-file:
inherit: pg-host-cert-file
required: false

pg-host-ca-path:
inherit: pg-host-cert-file
required: false

pg-host-cmd:
section: stanza
group: pg
Expand Down Expand Up @@ -1324,6 +1416,25 @@ option:
db-user: {}
db?-user: {}

pg-host-type:
internal: true
section: global
group: pg
type: string
default: ssh
allow-list:
- ssh
- tls
command: pg-local
command-role:
async: {}
main: {}
local: {}
depend:
option: pg-local
list:
- false

pg-path:
section: stanza
group: pg
Expand Down Expand Up @@ -1699,11 +1810,15 @@ option:
deprecate:
hardlink: {}

repo-host:
repo-host-type:
internal: true
section: global
group: repo
type: string
required: false
default: ssh
allow-list:
- ssh
- tls
command: repo-local
command-role:
async: {}
Expand All @@ -1713,9 +1828,47 @@ option:
option: repo-local
list:
- false

repo-host:
section: global
group: repo
type: string
required: false
command: repo-local
command-role:
async: {}
main: {}
local: {}
depend: repo-host-type
deprecate:
backup-host: {}

repo-host-cert-file:
internal: true
section: global
group: repo
type: string
command: repo-local
command-role:
async: {}
main: {}
local: {}
depend:
option: repo-host-type
list:
- tls

repo-host-key-file:
inherit: repo-host-cert-file

repo-host-ca-file:
inherit: repo-host-cert-file
required: false

repo-host-ca-path:
inherit: repo-host-cert-file
required: false

repo-host-cmd:
section: global
group: repo
Expand All @@ -1724,6 +1877,7 @@ option:
command:
archive-get: {}
archive-push: {}
backup: {}
check: {}
info: {}
repo-create: {}
Expand Down
3 changes: 3 additions & 0 deletions src/build/error/error.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,9 @@ repo-invalid: 103
# The command encountered one or more errors
command: 104

# Unable to authenticate or authorize
access: 105

# This error should not be thrown directly -- it serves as a parent for the C errors
runtime: 122

Expand Down
Loading

0 comments on commit ccc255d

Please sign in to comment.