Function originally called kr_cache_sync() was in fact responsible
for calling mdb_txn_commit() and not mdb_env_sync() which was confusing.

Cache cleaning needs to be done using separate mechanism
because cleaning it from worker process does not fit well into our
processing model. It is going to be a separate daemon.

... by setting FILE* properties and replace the explicit flushes.
Explicit flushing couldn't be well done e.g. for lua's error() function.
In particular, we had problems with journald not getting logs timely.

It should be fixed in quite old libuv versions already:
https://github.com/libuv/libuv/issues/883

and deduplicate the parsing logic.

After 83539eb7 it was a bit complicated.  It allowed to save a memcpy
of the address in case no port was specified, but we only need to do the
split when changing configuration, so it was overzealous optimization.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

It's mainly about the way we parse and validate them.

Almost all of the parts of validation that were being done
in modules/policy/policy.lua and daemon/tls.c got moved
to daemon/bindings/net.c, so it's easier to follow that.
Also more checks are being done now, e.g. contents of .pin_sha256
and .hostname strings.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

In https world it's standard to do that, and it's relied on.
Real-life example: 8.8.8.8#853 over TLSv1.3 won't send a certificate
if we don't send SNI (no idea why; also they do send it with TLSv1.2).

As a consequence, we no longer allow multiple hostnames per
address-port tuple, but that didn't seem useful.

Tomas Krizek authored 6 years ago and Vladimír Čunát committed 6 years ago

Make sure gcc doesn't produce unused func/var warnings when using
optional compilation. This fixes three such issues on CentOS 7.

We use a function that's not in lua 5.1,
but it's been present in luajit since 2.0.0:
https://github.com/LuaJIT/LuaJIT/commit/fcddd5a3a

It's often a bit shorter, and it provides us with location.

Now we don't rewrite the port-splitters in command line by zero bytes.
That was confusing the output of some SW showing the command-line
of running kresd.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

It's now a directory, one C file for each lua table of functions.
We get more total lines due to per-file copyright headers,
but the original file was just too long (nearing 2k lines).
The layout was inspired by the lib/cache/ split.

Disadvantage: git operations (e.g. blame) will stumble on this commit.

During the move, rename the "str" and "xstr" macros, too.
Otherwise there are no real changes, as they would be hard to spot.

Tomas Krizek authored 6 years ago and Vladimír Čunát committed 6 years ago

Related #445

Our CI environment requires a longer timeout during
high-load.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

We don't need the trustanchor() lua function for root bootstrap
anymore, so let's get rid of it.  It was undocumented (internal).

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

These keys will now be more uniformly represented and thus also
shown by .summary().  It's still not perfectly synchronized when
that function fails, but that seems acceptable.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

- allow accepting a string instead of file
- move some checks inside

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

It could've been confusing otherwise, e.g. revoked or otherwise
untrusted keys were shown without any annotation in some cases.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

This also implies that non-verbose logs won't contain any lines about
the TAs if they are unmanaged (by default), but that seems OK.

Petr Špaček authored 6 years ago and Vladimír Čunát committed 6 years ago

Previous logging was a bit confusing because it logged also intermediate
states during TA changes.

This is an attempt to avoid conflicts when executing tests in parallel.

Formerly keys with invalid public key data were accepted, leading to
negative keytag values in RFC 5011 metadata.

At the moment tests are quite dumb and test only basic HTTPS certificate
validation and XML parsing/error detection.

We need to refactor code first to allow more detailed testing.

FIXME: webserv.lua is not terminated when tests are finished