diff --git a/docs/architecture.rst b/docs/architecture.rst index 71ad67305..989f2cd87 100644 --- a/docs/architecture.rst +++ b/docs/architecture.rst @@ -62,14 +62,12 @@ There are two supported protocols: * Foolscap, the only supported protocol in release before v1.19. * HTTPS, new in v1.19. -By default HTTPS is disabled (this will change in -https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). When HTTPS is enabled on -the server, the server transparently listens for both Foolscap and HTTPS on the -same port. Clients can use either; by default they will only use Foolscap, but -when configured appropriately they will use HTTPS when possible (this will -change in https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). At this time the -only limitations of HTTPS is that I2P is not supported, so any usage of I2P only -uses Foolscap. +By default HTTPS is enabled. When HTTPS is enabled on the server, the server +transparently listens for both Foolscap and HTTPS on the same port. When it is +disabled, the server only supports Foolscap. Clients can use either; by default +they will use HTTPS when possible, falling back to I2p, but when configured +appropriately they will only use Foolscap. At this time the only limitations of +HTTPS is that I2P is not supported, so any usage of I2P only uses Foolscap. Storage servers hold data in the form of "shares". Shares are encoded pieces of files. There are a configurable number of shares for each file, 10 by diff --git a/docs/configuration.rst b/docs/configuration.rst index feb29c0ca..7f038192e 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -684,8 +684,7 @@ Client Configuration If this is ``True``, the client will only connect to storage servers via Foolscap, regardless of whether they support HTTPS. If this is ``False``, the client will prefer HTTPS when it is available on the server. The default - value is ``True`` (this will change in - https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). + value is ``False``. In addition, see :doc:`accepting-donations` for a convention for donating to storage server operators. @@ -809,8 +808,7 @@ Storage Server Configuration If this is ``True``, the node will expose the storage server via Foolscap only, with no support for HTTPS. If this is ``False``, the server will support both Foolscap and HTTPS on the same port. The default value is - ``True`` (this will change in - https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). + ``False``. In addition, see :doc:`accepting-donations` for a convention encouraging donations to storage server operators. diff --git a/newsfragments/4041.feature b/newsfragments/4041.feature new file mode 100644 index 000000000..7d8df1a23 --- /dev/null +++ b/newsfragments/4041.feature @@ -0,0 +1 @@ +The storage server and client now support a new, HTTPS-based protocol. \ No newline at end of file diff --git a/src/allmydata/node.py b/src/allmydata/node.py index 6c3082b50..33e8fd260 100644 --- a/src/allmydata/node.py +++ b/src/allmydata/node.py @@ -959,11 +959,8 @@ def create_main_tub(config, tub_options, tub_options, default_connection_handlers, foolscap_connection_handlers, - # TODO eventually we will want the default to be False, but for now we - # don't want to enable HTTP by default. - # https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3934 force_foolscap=config.get_config( - "storage", "force_foolscap", default=True, boolean=True + "storage", "force_foolscap", default=False, boolean=True ), handler_overrides=handler_overrides, certFile=certfile, diff --git a/src/allmydata/storage_client.py b/src/allmydata/storage_client.py index d35cd788b..ae7ea7ca1 100644 --- a/src/allmydata/storage_client.py +++ b/src/allmydata/storage_client.py @@ -325,7 +325,7 @@ class StorageFarmBroker(service.MultiService): connect to storage server over HTTP. """ return not node_config.get_config( - "client", "force_foolscap", default=True, boolean=True, + "client", "force_foolscap", default=False, boolean=True, ) and len(announcement.get(ANONYMOUS_STORAGE_NURLS, [])) > 0 @log_call( diff --git a/src/allmydata/test/matchers.py b/src/allmydata/test/matchers.py index 3359a7ed5..cc8bf47be 100644 --- a/src/allmydata/test/matchers.py +++ b/src/allmydata/test/matchers.py @@ -13,6 +13,7 @@ if PY2: from future.builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, str, max, min # noqa: F401 import attr +from hyperlink import DecodedURL from testtools.matchers import ( Mismatch, @@ -95,6 +96,7 @@ def matches_storage_announcement(basedir, anonymous=True, options=None): } if anonymous: announcement[u"anonymous-storage-FURL"] = matches_furl() + announcement[u"anonymous-storage-NURLs"] = matches_nurls() if options: announcement[u"storage-options"] = MatchesListwise(options) return MatchesStructure( @@ -112,6 +114,16 @@ def matches_furl(): return AfterPreprocessing(decode_furl, Always()) +def matches_nurls(): + """ + Matches a sequence of NURLs. + """ + return AfterPreprocessing( + lambda nurls: [DecodedURL.from_text(u) for u in nurls], + Always() + ) + + def matches_base32(): """ Match any base32 encoded byte string. diff --git a/src/allmydata/test/test_storage_client.py b/src/allmydata/test/test_storage_client.py index 604884eba..6e73281f6 100644 --- a/src/allmydata/test/test_storage_client.py +++ b/src/allmydata/test/test_storage_client.py @@ -762,13 +762,14 @@ storage: self.assertTrue(done.called) def test_should_we_use_http_default(self): - """Default is to not use HTTP; this will change eventually""" + """Default is to use HTTP.""" basedir = self.mktemp() node_config = config_from_string(basedir, "", "") announcement = {ANONYMOUS_STORAGE_NURLS: ["pb://..."]} - self.assertFalse( + self.assertTrue( StorageFarmBroker._should_we_use_http(node_config, announcement) ) + # Lacking NURLs, we can't use HTTP: self.assertFalse( StorageFarmBroker._should_we_use_http(node_config, {}) )