You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by rd...@apache.org on 2018/09/04 17:16:58 UTC

[8/8] tinkerpop git commit: merge TINKERPOP-2023

merge TINKERPOP-2023


Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/e937a3a5
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/e937a3a5
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/e937a3a5

Branch: refs/heads/tp32
Commit: e937a3a50a45d23dac114529c5062391f940fbcd
Parents: 3afc576 b77c0c7
Author: Robert Dale <ro...@gmail.com>
Authored: Tue Sep 4 07:26:23 2018 -0400
Committer: Robert Dale <ro...@gmail.com>
Committed: Tue Sep 4 07:26:23 2018 -0400

----------------------------------------------------------------------
 CHANGELOG.asciidoc                              |   1 +
 .../src/reference/gremlin-applications.asciidoc |  82 +++++--
 .../upgrade/release-3.2.x-incubating.asciidoc   |  26 +++
 gremlin-console/conf/remote-secure.yaml         |   5 +-
 .../tinkerpop/gremlin/driver/Cluster.java       | 180 ++++++++++++++-
 .../tinkerpop/gremlin/driver/Settings.java      |  83 +++++++
 .../tinkerpop/gremlin/driver/SettingsTest.java  |  17 ++
 .../conf/gremlin-server-rest-secure.yaml        |   7 +-
 gremlin-server/conf/gremlin-server-secure.yaml  |   7 +-
 .../gremlin/server/AbstractChannelizer.java     |  90 ++++++--
 .../tinkerpop/gremlin/server/Settings.java      |  66 +++++-
 .../AbstractGremlinServerIntegrationTest.java   |  13 ++
 .../server/GremlinServerAuthIntegrateTest.java  |   4 +-
 .../GremlinServerAuthOldIntegrateTest.java      |   4 +-
 .../server/GremlinServerIntegrateTest.java      | 223 ++++++++++++++++---
 ...ctGremlinServerChannelizerIntegrateTest.java |  12 +-
 .../src/test/resources/client-key.jks           | Bin 0 -> 2241 bytes
 .../src/test/resources/client-key.p12           | Bin 0 -> 2583 bytes
 .../src/test/resources/client-trust.jks         | Bin 0 -> 969 bytes
 .../src/test/resources/client-trust.p12         | Bin 0 -> 1202 bytes
 .../src/test/resources/server-key.jks           | Bin 0 -> 2258 bytes
 .../src/test/resources/server-key.p12           | Bin 0 -> 2613 bytes
 .../src/test/resources/server-trust.jks         | Bin 0 -> 952 bytes
 .../src/test/resources/server-trust.p12         | Bin 0 -> 1186 bytes
 24 files changed, 723 insertions(+), 97 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e937a3a5/CHANGELOG.asciidoc
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e937a3a5/docs/src/upgrade/release-3.2.x-incubating.asciidoc
----------------------------------------------------------------------
diff --cc docs/src/upgrade/release-3.2.x-incubating.asciidoc
index c7ae1e2,ec973de..5cc52c8
--- a/docs/src/upgrade/release-3.2.x-incubating.asciidoc
+++ b/docs/src/upgrade/release-3.2.x-incubating.asciidoc
@@@ -29,13 -29,32 +29,39 @@@ Please see the link:https://github.com/
  
  === Upgrading for Users
  
 +==== SASL in Gremlin.Net
 +
 +The Gremlin Javascript Driver now supports SASL Plain Text authentication against a Gremlin Server.
 +
 +See: link:https://issues.apache.org/jira/browse/TINKERPOP-1977[TINKERPOP-1977],
 +link:http://tinkerpop.apache.org/docs/3.2.10/reference#gremlin-javascript[Reference Documentation - Gremlin Javascript]
 +
+ ==== SSL Security
+ 
+ TinkerPop improves its security posture by removing insecure defaults and adding forward-looking standards support.
+ 
+ Gremlin Server no longer supports automatically creating self-signed certificates.
+ Self-signed certificates can still be created manually outside of Gremlin Server.
+ If ssl is enabled, a key store must be configured.
+ 
+ Cluster client no longer trusts all certs by default as this is an insecure configuration.
+ Instead, if no trust store is configured, Cluster will use the default CA certs.
+ To revert to the previous behavior and accept all certs, it must be explicitly configured.
+ 
+ This release introduces JKS and PKCS12 support. JKS is the legacy Java Key Store. PKCS12 has better cross-platform support and is gaining in adoption.
+ Be aware that JKS is the default on Java 8.  Java 9 and higher use PKCS12 as the default. Both Java keytool and OpenSSL tools can create, read, update PKCS12 files.
+ 
+ Other new features include specifying SSL protocols and cipher suites.
+ The packaged `*-secure.yaml` files now restrict the protocol to `TLSv1.2` by default.
+ 
+ PEM-based configurations are deprecated and may be removed in a future release.
+ 
+ See also http://tinkerpop.apache.org/docs/current/reference/#_configuration[Connecting via Java Configuration],
+ http://tinkerpop.apache.org/docs/current/reference/#_configuring_2[Gremlin Server Configuration].
+ 
+ link:https://issues.apache.org/jira/browse/TINKERPOP-2022[TINKERPOP-2022]
+ link:https://issues.apache.org/jira/browse/TINKERPOP-2023[TINKERPOP-2023]
+ 
  ==== Bulk Import and Export
  
  TinkerPop has provided some general methods for importing and exporting data, but more and more graph providers are

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e937a3a5/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
----------------------------------------------------------------------