Branch: refs/heads/master
Home: https://github.com/xrootd/xrootd
Commit: 5e31d97060dd0cbb7553a0f5f6c5b7d2981052d9
https://github.com/xrootd/xrootd/commit/5e31d97060dd0cbb7553a0f5f6c5b7d2981052d9
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-17 (Wed, 17 Mar 2021)
Changed paths:
M src/XrdCrypto/XrdCryptosslAux.cc
M src/XrdCrypto/XrdCryptosslAux.hh
M src/XrdTpc.cmake
M src/XrdTpc/XrdTpcConfigure.cc
A src/XrdTpc/XrdTpcNSSSupport.cc
A src/XrdTpc/XrdTpcNSSSupport.hh
M src/XrdTpc/XrdTpcTPC.cc
M src/XrdTpc/XrdTpcTPC.hh
Log Message:
-----------
Overhaul curl's usage of CAs.
For the NSS backend, this PR will periodically parse all CAs in
the CA directory and concatenate the unique CAs into a single file.
The result is:
- Drastically fewer memory leaks in the libnss backend for libcurl.
- Far faster parsing of CAs (1 file to read versus ~1200).
- Avoids a bug where NSS tries to parse CRLs as a CA.
Commit: 75f631e79fc32ae06c0d01f9b84df0cc658b976c
https://github.com/xrootd/xrootd/commit/75f631e79fc32ae06c0d01f9b84df0cc658b976c
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-18 (Thu, 18 Mar 2021)
Changed paths:
M src/XrdHttp/XrdHttpProtocol.cc
M src/XrdTpc/XrdTpcConfigure.cc
M src/XrdTpc/XrdTpcTPC.cc
M src/XrdTpc/XrdTpcTPC.hh
Log Message:
-----------
Add support for certfile directive for TPC handler.
Commit: c84668f14b6b078945208defec0671125fd85af9
https://github.com/xrootd/xrootd/commit/c84668f14b6b078945208defec0671125fd85af9
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-18 (Thu, 18 Mar 2021)
Changed paths:
M src/XrdTpc/XrdTpcConfigure.cc
Log Message:
-----------
Provide a pure-environment override for the XrdTpc cadir.
Commit: 399d5a7642b96d7e15ef60df8cd6c16124eedbe6
https://github.com/xrootd/xrootd/commit/399d5a7642b96d7e15ef60df8cd6c16124eedbe6
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-18 (Thu, 18 Mar 2021)
Changed paths:
M src/XrdTpc/XrdTpcNSSSupport.cc
M src/XrdTpc/XrdTpcNSSSupport.hh
Log Message:
-----------
XrdTpc: Switch update variables to std::atomics.
We just want atomic store / loads, not strict ordering (worst case
is a double-load); per C++11, we should use relaxed semantics.
Commit: 1fe8f5d76a18e2271aeaf4a237447636e2cfd595
https://github.com/xrootd/xrootd/commit/1fe8f5d76a18e2271aeaf4a237447636e2cfd595
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-18 (Thu, 18 Mar 2021)
Changed paths:
M src/XrdTpc/XrdTpcNSSSupport.cc
Log Message:
-----------
XrdTpc: Remove deprecated readdir_r.
readdir is good enough for glibc.
Commit: 5793ac74dbbd81bd94da1c7920dfe40ae391af03
https://github.com/xrootd/xrootd/commit/5793ac74dbbd81bd94da1c7920dfe40ae391af03
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-24 (Wed, 24 Mar 2021)
Changed paths:
M src/XrdTpc/XrdTpcNSSSupport.cc
Log Message:
-----------
Remove use of smart pointers.
Some versions of GCC apparently complain if C++ attributes are stripped
by use in templates (even if said attributes are completely useless
in the template context). Other than going through heroics to suppress
the invalid warning, it seems the best approach is to revert to raw pointers.
Commit: 97deb89ef7c937dd105000de441e2b67f3a2c897
https://github.com/xrootd/xrootd/commit/97deb89ef7c937dd105000de441e2b67f3a2c897
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdCrypto/XrdCryptosslAux.cc
M src/XrdCrypto/XrdCryptosslAux.hh
M src/XrdTpc/XrdTpcNSSSupport.cc
Log Message:
-----------
XrdTpc: Pass filename to parsing / exporting functions.
Allows these functions to produce more useful error messages in
the logs.
Commit: 2719b4b0d3a646252992c243ec7c370b0b706c99
https://github.com/xrootd/xrootd/commit/2719b4b0d3a646252992c243ec7c370b0b706c99
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdSys/XrdSysFD.hh
M src/XrdTpc/XrdTpcNSSSupport.cc
Log Message:
-----------
XrdTpc: Use XrdSysFD functions where possible for CLOEXEC protection.
This switches XrdTpc to use functions from XrdSysFD where possible
in order to add CLOEXEC protection. Note this necessitated the
addition of a new `XrdSysFD_Openat`, which was not previously
wrapped in the API.
Commit: 380f47618714796f47c3a40ea6aef44d3e07d11f
https://github.com/xrootd/xrootd/commit/380f47618714796f47c3a40ea6aef44d3e07d11f
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdTpc/XrdTpcConfigure.cc
M src/XrdTpc/XrdTpcNSSSupport.cc
Log Message:
-----------
XrdTpc: If NSS hack is needed and fails, do not startup server.
Commit: 5f49669f15adbd74a08945458cf5217b95038e98
https://github.com/xrootd/xrootd/commit/5f49669f15adbd74a08945458cf5217b95038e98
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
A src/XrdTls/XrdTlsTempCA.cc
A src/XrdTls/XrdTlsTempCA.hh
M src/XrdTpc/XrdTpcConfigure.cc
M src/XrdTpc/XrdTpcTPC.cc
M src/XrdTpc/XrdTpcTPC.hh
M src/XrdUtils.cmake
Log Message:
-----------
XrdTls: Move temp CA generator code into core XrdTls.
Adapt XrdTpc to use new XrdTls methods instead of the "NSS Hack".
Note this causes the hack to be used with OpenSSL curl backends as
well; it's seen as a useful performance improvement (versus NSS,
where this is needed for correctness).
Commit: ab5fad4a56c20d7e92cc917a0422b9ff09bc2037
https://github.com/xrootd/xrootd/commit/ab5fad4a56c20d7e92cc917a0422b9ff09bc2037
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdTpc.cmake
R src/XrdTpc/XrdTpcNSSSupport.cc
R src/XrdTpc/XrdTpcNSSSupport.hh
Log Message:
-----------
XrdTpc: Remove XrdTpcNSSSupport implementation.
This has been replaced by the XrdTlsTempCA class.
Commit: 1eb60a58ad070a2d4d06c2778f9190f288832863
https://github.com/xrootd/xrootd/commit/1eb60a58ad070a2d4d06c2778f9190f288832863
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdUtils.cmake
Log Message:
-----------
XrdTls: HACK - temporarily link crypto files into XrdUtils.
Until we make a decision on how to include the crypto files into
the process, this simply re-compiles them. Needs to be removed prior
to release.
Commit: c3dc4c10b06b8aa17f9a23190f1b60873df4b9fc
https://github.com/xrootd/xrootd/commit/c3dc4c10b06b8aa17f9a23190f1b60873df4b9fc
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdCrypto/XrdCryptosslX509Crl.cc
M src/XrdCrypto/XrdCryptosslX509Crl.hh
Log Message:
-----------
XrdTls: Extend XrdCryptosslX509Crl to load / write CRLs to a FILE*
This allows XrdCryptosslX509Crl object to initialize from a FILE*
and to dump the CRL back out to a FILE*; this will be needed for
XrdTls when we want to concatenate CRL files together.
Commit: 342ba6cebc2c37ad799901316c1f3c5e20807876
https://github.com/xrootd/xrootd/commit/342ba6cebc2c37ad799901316c1f3c5e20807876
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdUtils.cmake
Log Message:
-----------
XrdTls: HACK - add CRLs to XrdUtils. Revert when we understand linking problems.
Commit: 399fc03c5c1fbef5501d587712e759dff71fe048
https://github.com/xrootd/xrootd/commit/399fc03c5c1fbef5501d587712e759dff71fe048
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-28 (Sun, 28 Mar 2021)
Changed paths:
M src/XrdTls/XrdTlsTempCA.cc
M src/XrdTls/XrdTlsTempCA.hh
M src/XrdTpc/XrdTpcTPC.cc
Log Message:
-----------
XrdTls: Add CRL concatenation support to TempCA manager.
This adds support for CRL concatenation (and uses it in XrdTpc).
It takes largely the same approach as with CAs.
Commit: 7d3a823f3896dbc348770b856fb5438fdfc9bd01
https://github.com/xrootd/xrootd/commit/7d3a823f3896dbc348770b856fb5438fdfc9bd01
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-03-29 (Mon, 29 Mar 2021)
Changed paths:
M src/XrdTls/XrdTlsTempCA.cc
M src/XrdTls/XrdTlsTempCA.hh
M src/XrdTpc/XrdTpcConfigure.cc
M src/XrdTpc/XrdTpcTPC.cc
M src/XrdTpc/XrdTpcTPC.hh
Log Message:
-----------
XrdTls: Remove XrdTlsTempCA from its dedicated namespace.
Commit: 639e6e30d84aefb3549ba8537756d507c6aba8ec
https://github.com/xrootd/xrootd/commit/639e6e30d84aefb3549ba8537756d507c6aba8ec
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-04-04 (Sun, 04 Apr 2021)
Changed paths:
M src/XrdTls/XrdTlsTempCA.cc
M src/XrdTls/XrdTlsTempCA.hh
Log Message:
-----------
XrdTls: Convert TempCA loader to a separate thread.
This allows the update to happen asynchronously with any TPC use;
this way, even if the scan of the CA directory takes a minute, there's
no chance the activity stalls waiting for it.
Commit: 87b341ccfd2eda25321cd503c18217b62ce7ba56
https://github.com/xrootd/xrootd/commit/87b341ccfd2eda25321cd503c18217b62ce7ba56
Author: Brian Bockelman <[log in to unmask]>
Date: 2021-04-13 (Tue, 13 Apr 2021)
Changed paths:
M src/XrdTls/XrdTlsTempCA.cc
M src/XrdTls/XrdTlsTempCA.hh
M src/XrdTpc/XrdTpcConfigure.cc
M src/XrdTpc/XrdTpcTPC.cc
M src/XrdTpc/XrdTpcTPC.hh
Log Message:
-----------
XrdTls: Refactor temp CA code to use ADMINPATH directory.
This overhauls the temp CA code to use the XRDADMINPATH directory;
since we can assume XRootD "owns" the directory, we don't need to use
a temporary filename for the CA. Thus, we don't need to generate secure
filenames in /tmp and there's no longer a need to track CA file lifetime.
This simplifies the shared pointer to simply a coordination with the
maintenance thread; libcurl can reuse the same filename for as long as
possible.
Commit: 0e460d7a11702c9935ed9fc1c67f22cb998b6fa4
https://github.com/xrootd/xrootd/commit/0e460d7a11702c9935ed9fc1c67f22cb998b6fa4
Author: Andrew Hanushevsky <[log in to unmask]>
Date: 2021-04-14 (Wed, 14 Apr 2021)
Changed paths:
M src/XrdCrypto/XrdCryptosslAux.cc
M src/XrdCrypto/XrdCryptosslAux.hh
M src/XrdCrypto/XrdCryptosslX509Crl.cc
M src/XrdCrypto/XrdCryptosslX509Crl.hh
M src/XrdHttp/XrdHttpProtocol.cc
M src/XrdSys/XrdSysFD.hh
A src/XrdTls/XrdTlsTempCA.cc
A src/XrdTls/XrdTlsTempCA.hh
M src/XrdTpc/XrdTpcConfigure.cc
M src/XrdTpc/XrdTpcTPC.cc
M src/XrdTpc/XrdTpcTPC.hh
M src/XrdUtils.cmake
Log Message:
-----------
Merge pull request #1431 from bbockelm/overhaul_curl_ca
Overhaul curl's usage of CAs.
Compare: https://github.com/xrootd/xrootd/compare/cf1d4e53bd9e...0e460d7a1170
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|
