cbb5f21112
New parser and comparison
2018-10-12 15:25:34 -07:00
b4a4b395e3
Introduce nvidia-plugin fingerprinting
...
- created go-nvml wrapper for fingerprinting
- added fingerprinting feature to nvidia-plugin
2018-10-03 15:11:56 -07:00
9971b3393f
yamux
2018-09-17 14:22:40 -07:00
7739ef51ce
agent + consul
2018-09-13 10:43:40 -07:00
401ed92847
config: accept CA PEM files with extra whitespace
...
Previously we did a validation pass over CA PEM files before calling
Go's CertPool.AppendCertsFromPEM to provide more detailed error messages
than the stdlib provides.
Unfortunately our validation was overly strict and rejected valid CA
files. This is actually the reason the stdlib PEM parser doesn't return
meaningful errors: PEM files are extremely permissive and it's difficult
to tell the difference between invalid data and valid metadata.
This PR removes our custom validation as it would reject valid data and
the extra error messages were not useful in diagnosing the error
encountered.
2018-09-06 11:38:56 -07:00
6def5bc4f9
client: set host name when migrating over tls
...
Not setting the host name led the Go HTTP client to expect a certificate
with a DNS-resolvable name. Since Nomad uses `${role}.${region}.nomad`
names ephemeral dir migrations were broken when TLS was enabled.
Added an e2e test to ensure this doesn't break again as it's very
difficult to test and the TLS configuration is very easy to get wrong.
2018-09-05 17:24:17 -07:00
c6576ddac1
Fix make check errors
2018-09-04 16:03:52 -07:00
f5e631886f
add signature algorithm to error message
2018-08-13 16:21:18 -04:00
ed21481ca1
rename signature algorithm type per code review feedback
2018-08-13 16:11:49 -04:00
16ffb2e412
extract functionality for determining signature algorithm per code review feedback
2018-08-13 16:08:23 -04:00
91edec5bf4
change string repr of signature algorithms to constants
2018-08-10 12:37:21 -04:00
4b228b1919
remove redundant nil check
2018-08-10 12:37:21 -04:00
3f1d54f628
add default case for empty TLS structs
2018-08-10 12:37:21 -04:00
4755a65978
add comments
2018-08-10 12:37:21 -04:00
86103d41d4
type safety for string keys
2018-08-10 12:37:21 -04:00
31d6d00381
add simple getter for certificate
2018-08-10 12:37:21 -04:00
568564f63f
refactor to use golang built in api for certs
2018-08-10 12:37:21 -04:00
bb6c30ee3c
add functionality to check if signature algorithm is supported in cipher suites
2018-08-10 12:37:21 -04:00
b92098fd08
change function signature to take entire tls config object
2018-08-10 12:37:21 -04:00
a3be46b5ee
vendor: remove unused github.com/kardianos/osext
2018-07-05 11:04:12 -04:00
1560d0b893
Extend timeout based on user feedback
...
Closes https://github.com/hashicorp/nomad/issues/4439 .
2018-06-21 15:27:56 -04:00
da712f4f47
fixup! more specific test assertion
2018-06-13 09:58:40 -04:00
dca7235ca5
add tests and improve should reload logic
2018-06-08 15:10:10 -04:00
de03ce8070
move logic to determine whether to reload tls configuration to tlsutil helper
2018-06-08 14:33:58 -04:00
914d2257ef
enable more tls 1.2 ciphers
2018-06-07 17:49:57 -04:00
de98774f2c
Add test and docs
2018-05-31 18:05:03 -07:00
446fc64850
Merge branch 'master' into f-tls-parse-certs
2018-05-30 17:25:50 +00:00
3edf309096
fixup! clearify docs and group similar TLS fields
2018-05-29 21:30:49 -04:00
498b57036d
refactor to remove duplication
2018-05-29 18:47:25 -04:00
1dc14d8e0d
handle parsing multiple certificates in a pem file
2018-05-29 18:25:43 -04:00
9156556555
remove unnecessary type conversation
2018-05-29 17:07:38 -04:00
521f8d3fb4
parse CA certificate to catch more specific errors
2018-05-25 18:14:32 -04:00
19e4a5489b
add support for tls PreferServerCipherSuites
...
add further tests for tls configuration
2018-05-25 13:20:00 -04:00
38f611a7f2
refactor NewTLSConfiguration to pass in verifyIncoming/verifyOutgoing
...
add missing fields to TLS merge method
2018-05-23 18:35:30 -04:00
687c26093c
Merge pull request #4269 from hashicorp/f-tls-remove-weak-standards
...
Configurable TLS cipher suites and versions; disallow weak ciphers
2018-05-11 08:11:46 -04:00
fd952eefbc
Added deferred cancel to prevent context leaks
2018-05-10 18:52:54 -04:00
44f536f18e
add support for configurable TLS minimum version
2018-05-09 18:07:12 -04:00
796bae6f1b
allow configurable cipher suites
...
disallow 3DES and RC4 ciphers
add documentation for tls_cipher_suites
2018-05-09 17:15:31 -04:00
6e58e1ff4b
Merge branch 'master' into b-extend-win-cpu-fingerprint-timeout
2018-05-09 16:23:14 -04:00
62f99cc629
Addressed review comments
2018-05-09 13:21:35 -04:00
d64b02f07d
Override 3 sec. WMI timeout in gopsutil
...
The default timeout is too short for some overburdened or resource
constrained machines to complete the WMI query before the context
deadline expires. This causes them to be unable to fingerprint the CPU
properly.
2018-05-08 17:00:31 -04:00
893b01158c
Fix the CPU Information error message
...
The new version of gopsutil introduces a 3 second timeout that could come up as an error here; however, we are outputting the wrong variable and eating the error.
2018-05-08 14:11:29 -04:00
df4fe7e76c
Set user-agent when talking to GCE metadata
2018-04-10 10:36:46 -04:00
187716944f
testlog: override testlogger with envvar
2018-03-21 16:49:48 -07:00
0790a58fb7
spelling: unknown
2018-03-11 19:07:31 +00:00
f9cf642436
Client tls
2018-02-15 15:22:57 -08:00
aa98f8ba7b
Enhance API pkg to utilize Server's Client Tunnel
...
This PR enhances the API package by having client only RPCs route
through the server when they are low cost and for filesystem access to
first attempt a direct connection to the node and then falling back to
a server routed request.
2018-02-15 13:59:03 -08:00
2c0ad26374
New RPC Modes and basic setup for streaming RPC handlers
2018-02-15 13:59:01 -08:00
6dd1c9f49d
Refactor
2018-02-15 13:59:00 -08:00
940a2df8a1
Pull inmem codec to helper
2018-02-15 13:59:00 -08:00
Alex Dadgar