Merge pull request #1322 from tahoe-lafs/4041

Enable GBS by default

docs/architecture.rst

@@ -62,14 +62,12 @@ There are two supported protocols:
 * Foolscap, the only supported protocol in release before v1.19.
 * HTTPS, new in v1.19.
 
-By default HTTPS is disabled (this will change in
-https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). When HTTPS is enabled on
-the server, the server transparently listens for both Foolscap and HTTPS on the
-same port. Clients can use either; by default they will only use Foolscap, but
-when configured appropriately they will use HTTPS when possible (this will
-change in https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). At this time the
-only limitations of HTTPS is that I2P is not supported, so any usage of I2P only
-uses Foolscap.
+By default HTTPS is enabled. When HTTPS is enabled on the server, the server
+transparently listens for both Foolscap and HTTPS on the same port. When it is
+disabled, the server only supports Foolscap. Clients can use either; by default
+they will use HTTPS when possible, falling back to I2p, but when configured
+appropriately they will only use Foolscap. At this time the only limitations of
+HTTPS is that I2P is not supported, so any usage of I2P only uses Foolscap.
 
 Storage servers hold data in the form of "shares". Shares are encoded pieces
 of files. There are a configurable number of shares for each file, 10 by

docs/configuration.rst

@@ -684,8 +684,7 @@ Client Configuration
     If this is ``True``, the client will only connect to storage servers via
     Foolscap, regardless of whether they support HTTPS. If this is ``False``,
     the client will prefer HTTPS when it is available on the server. The default
-    value is ``True`` (this will change in
-    https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041).
+    value is ``False``.
 
 In addition,
 see :doc:`accepting-donations` for a convention for donating to storage server operators.
@@ -809,8 +808,7 @@ Storage Server Configuration
     If this is ``True``, the node will expose the storage server via Foolscap
     only, with no support for HTTPS. If this is ``False``, the server will
     support both Foolscap and HTTPS on the same port. The default value is
-    ``True`` (this will change in
-    https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041).
+    ``False``.
 
 In addition,
 see :doc:`accepting-donations` for a convention encouraging donations to storage server operators.

newsfragments/4041.feature

@@ -0,0 +1 @@
+The storage server and client now support a new, HTTPS-based protocol.

src/allmydata/node.py

@@ -959,11 +959,8 @@ def create_main_tub(config, tub_options,
         tub_options,
         default_connection_handlers,
         foolscap_connection_handlers,
-        # TODO eventually we will want the default to be False, but for now we
-        # don't want to enable HTTP by default.
-        # https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3934
         force_foolscap=config.get_config(
-            "storage", "force_foolscap", default=True, boolean=True
+            "storage", "force_foolscap", default=False, boolean=True
         ),
         handler_overrides=handler_overrides,
         certFile=certfile,

src/allmydata/storage_client.py

@@ -325,7 +325,7 @@ class StorageFarmBroker(service.MultiService):
         connect to storage server over HTTP.
         """
         return not node_config.get_config(
-            "client", "force_foolscap", default=True, boolean=True,
+            "client", "force_foolscap", default=False, boolean=True,
         ) and len(announcement.get(ANONYMOUS_STORAGE_NURLS, [])) > 0
 
     @log_call(

src/allmydata/test/matchers.py

@@ -13,6 +13,7 @@ if PY2:
     from future.builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, str, max, min  # noqa: F401
 
 import attr
+from hyperlink import DecodedURL
 
 from testtools.matchers import (
     Mismatch,
@@ -95,6 +96,7 @@ def matches_storage_announcement(basedir, anonymous=True, options=None):
     }
     if anonymous:
         announcement[u"anonymous-storage-FURL"] = matches_furl()
+        announcement[u"anonymous-storage-NURLs"] = matches_nurls()
     if options:
         announcement[u"storage-options"] = MatchesListwise(options)
     return MatchesStructure(
@@ -112,6 +114,16 @@ def matches_furl():
     return AfterPreprocessing(decode_furl, Always())
 
 
+def matches_nurls():
+    """
+    Matches a sequence of NURLs.
+    """
+    return AfterPreprocessing(
+        lambda nurls: [DecodedURL.from_text(u) for u in nurls],
+        Always()
+    )
+
+
 def matches_base32():
     """
     Match any base32 encoded byte string.

src/allmydata/test/test_storage_client.py

@@ -762,13 +762,14 @@ storage:
         self.assertTrue(done.called)
 
     def test_should_we_use_http_default(self):
-        """Default is to not use HTTP; this will change eventually"""
+        """Default is to use HTTP."""
         basedir = self.mktemp()
         node_config = config_from_string(basedir, "", "")
         announcement = {ANONYMOUS_STORAGE_NURLS: ["pb://..."]}
-        self.assertFalse(
+        self.assertTrue(
             StorageFarmBroker._should_we_use_http(node_config, announcement)
         )
+        # Lacking NURLs, we can't use HTTP:
         self.assertFalse(
             StorageFarmBroker._should_we_use_http(node_config, {})
         )