Merge pull request #1322 from tahoe-lafs/4041

Enable GBS by default

docs/architecture.rst

@@ -62,14 +62,12 @@ There are two supported protocols:
 * Foolscap, the only supported protocol in release before v1.19.
 * HTTPS, new in v1.19.
 
-By default HTTPS is disabled (this will change in
+By default HTTPS is enabled. When HTTPS is enabled on the server, the server
-https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). When HTTPS is enabled on
+transparently listens for both Foolscap and HTTPS on the same port. When it is
-the server, the server transparently listens for both Foolscap and HTTPS on the
+disabled, the server only supports Foolscap. Clients can use either; by default
-same port. Clients can use either; by default they will only use Foolscap, but
+they will use HTTPS when possible, falling back to I2p, but when configured
-when configured appropriately they will use HTTPS when possible (this will
+appropriately they will only use Foolscap. At this time the only limitations of
-change in https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041). At this time the
+HTTPS is that I2P is not supported, so any usage of I2P only uses Foolscap.
-only limitations of HTTPS is that I2P is not supported, so any usage of I2P only
-uses Foolscap.
 
 Storage servers hold data in the form of "shares". Shares are encoded pieces
 of files. There are a configurable number of shares for each file, 10 by

docs/configuration.rst

@@ -684,8 +684,7 @@ Client Configuration
     If this is ``True``, the client will only connect to storage servers via
     Foolscap, regardless of whether they support HTTPS. If this is ``False``,
     the client will prefer HTTPS when it is available on the server. The default
-    value is ``True`` (this will change in
+    value is ``False``.
-    https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041).
 
 In addition,
 see :doc:`accepting-donations` for a convention for donating to storage server operators.
@@ -809,8 +808,7 @@ Storage Server Configuration
     If this is ``True``, the node will expose the storage server via Foolscap
     only, with no support for HTTPS. If this is ``False``, the server will
     support both Foolscap and HTTPS on the same port. The default value is
-    ``True`` (this will change in
+    ``False``.
-    https://tahoe-lafs.org/trac/tahoe-lafs/ticket/4041).
 
 In addition,
 see :doc:`accepting-donations` for a convention encouraging donations to storage server operators.

newsfragments/4041.feature

@@ -0,0 +1 @@
+The storage server and client now support a new, HTTPS-based protocol.

src/allmydata/node.py

@@ -959,11 +959,8 @@ def create_main_tub(config, tub_options,
         tub_options,
         default_connection_handlers,
         foolscap_connection_handlers,
-        # TODO eventually we will want the default to be False, but for now we
-        # don't want to enable HTTP by default.
-        # https://tahoe-lafs.org/trac/tahoe-lafs/ticket/3934
         force_foolscap=config.get_config(
-            "storage", "force_foolscap", default=True, boolean=True
+            "storage", "force_foolscap", default=False, boolean=True
         ),
         handler_overrides=handler_overrides,
         certFile=certfile,

src/allmydata/storage_client.py

@@ -325,7 +325,7 @@ class StorageFarmBroker(service.MultiService):
         connect to storage server over HTTP.
         """
         return not node_config.get_config(
-            "client", "force_foolscap", default=True, boolean=True,
+            "client", "force_foolscap", default=False, boolean=True,
         ) and len(announcement.get(ANONYMOUS_STORAGE_NURLS, [])) > 0
 
     @log_call(

src/allmydata/test/matchers.py

@@ -13,6 +13,7 @@ if PY2:
     from future.builtins import filter, map, zip, ascii, chr, hex, input, next, oct, open, pow, round, super, bytes, dict, list, object, range, str, max, min  # noqa: F401
 
 import attr
+from hyperlink import DecodedURL
 
 from testtools.matchers import (
     Mismatch,
@@ -95,6 +96,7 @@ def matches_storage_announcement(basedir, anonymous=True, options=None):
     }
     if anonymous:
         announcement[u"anonymous-storage-FURL"] = matches_furl()
+        announcement[u"anonymous-storage-NURLs"] = matches_nurls()
     if options:
         announcement[u"storage-options"] = MatchesListwise(options)
     return MatchesStructure(
@@ -112,6 +114,16 @@ def matches_furl():
     return AfterPreprocessing(decode_furl, Always())
 
 
+def matches_nurls():
+    """
+    Matches a sequence of NURLs.
+    """
+    return AfterPreprocessing(
+        lambda nurls: [DecodedURL.from_text(u) for u in nurls],
+        Always()
+    )
+
+
 def matches_base32():
     """
     Match any base32 encoded byte string.

src/allmydata/test/test_storage_client.py

@@ -762,13 +762,14 @@ storage:
         self.assertTrue(done.called)
 
     def test_should_we_use_http_default(self):
-        """Default is to not use HTTP; this will change eventually"""
+        """Default is to use HTTP."""
         basedir = self.mktemp()
         node_config = config_from_string(basedir, "", "")
         announcement = {ANONYMOUS_STORAGE_NURLS: ["pb://..."]}
-        self.assertFalse(
+        self.assertTrue(
             StorageFarmBroker._should_we_use_http(node_config, announcement)
         )
+        # Lacking NURLs, we can't use HTTP:
         self.assertFalse(
             StorageFarmBroker._should_we_use_http(node_config, {})
         )