[swift-server-dev] [Security] Darwin compatibility?

Helge Heß me at helgehess.eu
Mon Feb 6 14:49:57 CST 2017 

On 6 Feb 2017, at 21:13, Gelareh Taban via swift-server-dev <swift-server-dev at swift.org> wrote:
> - allow development, debugging and testing on both platforms. Let's face it, (as of right now) we're definitely in a better shape for Swift on macOS than Linux.

Since you are almost certainly going deploy on Linux it kinda doesn’t matter that Swift on macOS is in better shape. In fact it may be a bad idea to debug on macOS, but rather do that in a Linux container even on a Mac.
(yes, there is Mac Mini hosting and it has its place, but well)


I guess the question was: why do we need TLS during development. There are many reasons:

- While your own server may run w/o https, but you might still need to 
  access other services using TLS (acting as a client, e.g. imap4s/smtps).

- Your own server may require client certificates for authentication and
  only work w/ TLS in the 1st place.

- Then of course having TLS I/O in the stack may change the dynamics of
  the I/O flow significantly.

- I know it sounds wicked, but you may want to actually use HTTP/2. That
  doesn’t require TLS per-se, but the real world clients do. No TLS, no
  HTTP/2 testing.

- TLS streams/sockets and protocol parsers running on top of that are not
  just a thing for a fat server. They are often useful for clients, and
  e.g. your iOS application may indeed embed a small server for plenty of 
  reasons.

- Your assumption that ‘server side swift’ implies a 'a web server’ seems
  weak to me. Some of the best echod servers are written in Swift, and
  being able to do an echosd would be neat.

Presumably one can come up with many more reasons.


Is it such a big problem to support both, OpenSSL and Secure Transport? At the API level it shouldn’t really matter that much? Apart from async I/O the IBM stuff shows that it works?


BTW: "It seems to me that it's highly unlikely that anyone will deploy a web server on a Darwin kernel”. For sure it is more likely than deploying on Darwin :-), but it is neither *that* likely that many will deploy a Swift server as the public TLS endpoint. You’ll often have other TLS infrastructure before your app server (often nginx, but there is other stuff).


I guess another question is: Would it be acceptable to have the SSS dev to install OpenSSL via Homebrew or such on macOS. I’d say maybe, but it makes the setup experience worse and only makes sense if Secure Transport really is a no-go for some reason.

hh

More information about the swift-server-dev mailing list