summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-07-14[refactor] remove heuristic to check for usable platformRootKali Kaneko
the rationale here is that, in debian, certifi will always return a working platform trust, since the package points to the system certificates. in osx and windows, certifi will load an usable trustRoot that is kept up to date. another detail we didn't like about the heuristic is that the bundled certificate for testing will eventually expire, so that introduces the duty of keeping it up-to-date.
2017-07-11[feat] add fallback on trust sources for ssl verificationKali Kaneko
With the merge of platformTrust in twisted, the situation for cert chain verification in linux improved a lot. This patch implements fallbacks to do the following: - Try to use whatever trust sources are found in the system. This means that if ca-certificates is installed, pyopenssl will have a valid set of root certificates and verification will likely work (twisted uses platformTrust for this). - If that fails, try to use certifi. We could/should depend on that from now on, *but* it's not packaged before stretch. - So, I'm not deprecating its usage right now, but this one should be the last cacert.pem bundle that we ship with leap.common. - If the cacert.pem from leap.common fails to be found, well, there's nothing you can do. Your TOFU attempt with a cert coming from the CArtel will fail. Most of this MR should be sent as a patch upstream, see https://twistedmatrix.com/trac/ticket/6934 Also related: https://twistedmatrix.com/trac/ticket/9209 I think proper testing will depend on merging https://github.com/pyca/pyopenssl/pull/473 - Resolves: #8958 - Release: 0.6.0
2017-07-08[feat] update the certificate bundleKali Kaneko
2017-04-20[feature] add bonafide auth event0.5.5Kali Kaneko
2017-03-17[feat] add VPN_STATUS_CHANGED eventRuben Pollan
2017-03-15[refactor] Improve python3 compatibilityefkin
This commit is required for `soledad` tests re-collection. Signed-off-by: Ruben Pollan <meskio@sindominio.net>
2017-03-13[feat] add MAIL_STATUS_CHANGED eventRuben Pollan
2016-07-11[pkg] remove dependency on dirspecdrebs
This commit removes the dep introduced in 5e12233 by just importing some tiny bit of dirspec code. The previous change was introduced because: * pyxdg did not account for Mac OS specifics, i.e. using ~/Library/ directory structure instead of .config (see: https://leap.se/code/issues/3574). * dirspec does the correct thing for xdg on Mac OS. * u1db depends on dirspec anyway. The problem is that dirspec is not maintained and published on pypi, what forces us to download it from an URL and add exceptions to be able to pip install it. As we are removing dependence on u1db on other modules, we can also remove it here. To workaround the Mac OS problem, we just add some code from dirspec to ensure we get the correct directory on Mac OS.
2016-07-11[test] toxify testsdrebs
2016-05-16[style] move import to topKali Kaneko
2016-04-01[pkg] update to versioneer 0.16Kali Kaneko
2016-03-24[doc] update event annotationKali Kaneko
2016-03-16[bug] close TxAuthenticator properlyChristoph Kluenter
otherwise the context.term() does not return
2016-03-11[feature] HookableServiceKali Kaneko
ad-hoc register/trigger mechanism used for service composition. to be used in bitmask.core and bitmask.bonafide in the first place.
2016-03-09[style] pep8Kali Kaneko
2016-02-29[tests] adapt events tests to recent changesKali Kaneko
2016-02-29[feature] reactor-based authenticatorKali Kaneko
We don't really need a thread to make use of the ZAP authenticator. Document bug fix after authenticator thread is gone
2016-02-23[bug] avoid the events server to block twistd daemonKali Kaneko
1. refactor the zmq_connect/bind methods to use the txzmq addEndpoints mechanism, which cleans up the code a bit. it uses the underlying bindOrConnect method. 2. wrap the addEndpoints call in a helper function that ensures that doRead is called afterward. I'm not fully comfortable with us still using the AuthenticatorThread, I believe we could go witha txzmq-based authenticator for curve.
2016-02-22[feature] optional flag to disable curve authenticationKali Kaneko
2016-02-18[feat] Get events working on windowsmeskio on windows
Always use tcp channels and disable curve encryption on the zmq connections. - Closes: #7899, #7239 - Related: #7919
2015-12-07[refactor] reorder and comment eventsKali Kaneko
Reorder blocks of events, and comment about which user-specific info it's being emitted with them.
2015-11-12[style] fix pep8Ruben Pollan
2015-11-11[feature] add variable to skip twisted versionKali Kaneko
2015-10-21Workaround for deadlock problem in zmq authFolker Bernitt
- See https://leap.se/code/issues/7536 - Actual root cause not identified yet
2015-10-13[bug] fix typo on dirname usageIvan Alejandro
2015-10-09[bug] fix wrong ca_cert path inside bundleKali Kaneko
-Resolves: #7524
2015-10-07[bug] consider STANDALONE for the pathsIvan Alejandro
Since we need to write a file we have to consider whether we are running in 'standalone' mode or not to use the right path prefix. - Related: #7512
2015-09-16[refactor] move checking flag to main moduleKali Kaneko
2015-09-16[tests] Make txclient honor flags.EVENTS_ENABLEDFolker Bernitt
- Breaks tests in dependent repos like soledad otherwise, because server.key could not be found
2015-09-15[feat] expose async events in apiKali Kaneko
to make simpler the import of the tx client - Related: #7274
2015-08-17[style] pep8 fixKali Kaneko
2015-08-17[feature] allow passing callback to http clientdrebs
2015-08-04[bug] HTTP timeout was not being cleared on abortBruno Wagner
In case the http client loses connection, it has to clear it's timeout or the reactor will be left in a dirty state Fixing this solves a problem with some of the tests in Soledad that were trying to run on a dirty reactor
2015-07-29[bug] register and unregister controlled by flagVictor Shyba
Since register and unregister cant be used without full zmq initialization, it should make sense to also check flag for them.
2015-07-29[refactor] Extract flags check to callerVictor Shyba
Checking was done inside of emit method. Doing on emit function at a module level makes it cleaner with less lines inside of check.
2015-07-28[test] set flag before starting clientVictor Shyba
Test client will only start with flag set to True. Change EventsGenericClientTestCase to set the flag on the first line of setUp.
2015-07-28[bug] Consider events flag when ensuring clientVictor Shyba
Change EventsClientThread behavior so it won't start anymore if the events flag is set to False
2015-07-28[style] more pep8 cleanupKali Kaneko
2015-07-23[tests] fix initialization of basetest caseKali Kaneko
2015-07-23[style] fixed pep8 warnings on http and test eventsBruno Wagner
2015-07-23[tests] fixed events testsBruno Wagner
The events tests check for register and emit signals, but because the flag set_events_enabled was False by default in the tests, no signals were being emitted. I added the flag to the setUp and tearDown of the tests, they are still very slow but at least they are passing now
2015-07-23[tests] implemented http feature according to testBruno Wagner
Two test cases were broken and were implemented here: The first was that HTTPClient should share the connection between clients if a pool was not passed explicitly. If you initialize an HTTPClient without a pool, it will reuse a pool created on the class. The second was that you should be able to pass to the HTTPCLient a pool on initialization. Added that possibility and fixed the tests accordingly
2015-07-23[tests] set environment for certs testBruno Wagner
2015-07-23[style] Fixed pep8 warningsBruno Wagner
2015-07-23[bug] fix events ioloop client testsdrebs
The events ioloop client is not completelly thread safe, so we have to use reactor.callFromThread whenever we need it to be thread-safe. Examples of this behaviour are the events ioloop client tests that depend on the firing of deferreds, which are not thread safe. This commit fixes tese tests.
2015-07-22[bug] add http request timeoutdrebs
The connectTimeout parameter of twisted.web.client.Agent only acts on the connection setup, and the Agent will wait forever for incoming data after the connection has been established. This commit adds a timeout for the connection, and will cancel the deferred if the result has not been received after a certain number of seconds.
2015-07-22[feat] add close method for http agentdrebs
The ability to close cached connections is needed in order to have a clean reactor when the program ends.
2015-07-21[feature] add global flag for disabling the events frameworkKali Kaneko
this will be used to allow the unittests to disable the events framework. this way, emit() will become a passthrough. note that, until now, the basetest class is making use of the threaded version of the client, which launches a zmq tornado-based ioloop. this is wrong, and will have to be addressed in a future commit. we'll have to make use of the global EVENTS_ENABLED flag in the txclient version when those changes are made. Related: #7259 Relases: 0.4.2
2015-07-20[bug] do not add a port string to non-tcp addressesKali Kaneko
this, together with the events server registration, was breaking the events signalling on the client whenever it used ipc:// sockets.
2015-07-20[refactor] remove use of reactor in threaded version of events clientKali Kaneko
the idea is that we'll be able to use the threaded version of the client, which makes use of the tornado ioloop, in a non-twisted module, like the main graphical client probably will be in the near future.