Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HPCC-30131 Cloud: Support HPCC Remote Trust via shared cert authority #17796

Merged
merged 1 commit into from Sep 22, 2023
Merged

HPCC-30131 Cloud: Support HPCC Remote Trust via shared cert authority #17796

merged 1 commit into from Sep 22, 2023

Conversation

afishbeck
Copy link
Member

@afishbeck afishbeck commented Sep 20, 2023
edited

Type of change:

  • This change is a bug fix (non-breaking change which fixes an issue).
  • This change is a new feature (non-breaking change which adds functionality).
  • This change improves the code (refactor or other change that does not change the functionality)
  • This change fixes warnings (the fix does not alter the functionality or the generated code)
  • This change is a breaking change (fix or feature that will cause existing behavior to change).
  • This change alters the query API (existing queries will have to be recompiled)

Checklist:

  • My code follows the code style of this project.
    • My code does not create any new warnings from compiler, build system, or lint.
  • The commit message is properly formatted and free of typos.
    • The commit message title makes sense in a changelog, by itself.
    • The commit is signed.
  • My change requires a change to the documentation.
    • I have updated the documentation accordingly, or...
    • I have created a JIRA ticket to update the documentation.
    • Any new interfaces or exported functions are appropriately commented.
  • I have read the CONTRIBUTORS document.
  • The change has been fully tested:
    • I have added tests to cover my changes.
    • All new and existing tests passed.
    • I have checked that this change does not introduce memory leaks.
    • I have used Valgrind or similar tools to check for potential issues.
  • I have given due consideration to all of the following potential concerns:
    • Scalability
    • Performance
    • Security
    • Thread-safety
    • Cloud-compatibility
    • Premature optimization
    • Existing deployed queries will not be broken
    • This change fixes the problem, not just the symptom
    • The target branch of this pull request is appropriate for such a change.
  • There are no similar instances of the same problem that should be addressed
    • I have addressed them here
    • I have raised JIRA issues to address them separately
  • This is a user interface / front-end modification
    • I have tested my changes in multiple modern browsers
    • The component(s) render as expected

Smoketest:

  • Send notifications about my Pull Request position in Smoketest queue.
  • Test my draft Pull Request.

Testing:

ghalliday
ghalliday reviewed Sep 21, 2023
View reviewed changes
Copy link
Member

@ghalliday ghalliday left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@afishbeck a couple of minor comments/questions. Please feel free to squash any changes into this PR to ease merging (but don't rebase).

roxie/ccd/ccdprotocol.cpp Outdated
@@ -228,10 +228,11 @@ class ProtocolSocketListener : public ProtocolListener
StringAttr keyFile;
StringAttr passPhrase;
Owned<ISecureSocketContext> secureContext;
Owned<IPropertyTree> tlsConfig;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't appear to be used.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed.

system/security/securesocket/securesocket.cpp Outdated
@@ -1974,6 +1974,7 @@ SECURESOCKET_API ISecureSocketContext* createSecureSocketContextEx2(const IPrope
if (config == NULL)
return createSecureSocketContext(sockettype);

dbglogXML(config);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tracing left in?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I'll remove it.

roxie/ccd/ccdprotocol.cpp Outdated
@@ -242,9 +243,16 @@ class ProtocolSocketListener : public ProtocolListener
keyFile.set(_keyFile);
passPhrase.set(_passPhrase);
isSSL = streq(protocol.str(), "ssl");
DBGLOG("ProtocolSocketListener port=%d, certFile=%s, keyFile=%s", port, _certFile, _keyFile);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Double checking that this is only logged once for the process.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, these should be instantiated (and log) at roxie startup time.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That being said, I don't think I meant to add this line, it doesn't even cover my change, I'll remove it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed.

@afishbeck
HPCC-30131 Cloud: Support HPCC Remote Trust via shared cert authority
a5ba772 
Signed-off-by: Anthony Fishbeck <anthony.fishbeck@lexisnexis.com>
@afishbeck
Copy link
Member Author

@ghalliday updated and squashed at the same time.

@ghalliday ghalliday merged commit 625e53d into hpcc-systems:candidate-9.4.x Sep 22, 2023
45 of 49 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghalliday ghalliday ghalliday approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@afishbeck @ghalliday