[swift-server-dev] Draft proposal for TLS Service APIs(pleasereview)

Michael Chiu hatsuneyuji at icloud.com
Tue Mar 28 05:22:01 CDT 2017


Just a random thought. How about an eventfd or kqueue EVFILT_USER event that simulates the behavior of a socket? Such that the TLS side can trigger the event and write the data size through evenfd or kevent.udata. The implementation can be done by protocol abstraction that socket and TLSService confirms to:

protocol Pollable {
var ident: Int32 { get }
}

protocol Readable {
func read(…) 
}

Michael


> On Mar 28, 2017, at 3:09 AM, Helge Heß via swift-server-dev <swift-server-dev at swift.org> wrote:
> 
> On 28. Mar 2017, at 12:03, Johannes Weiß <johannesweiss at apple.com> wrote:
>> Hi Helge and Gelareh,
>> 
>>> [...]
>>>> If you are talking about non-blocking by any chance, we have an implementation of this in BlueSSLService (https://github.com/IBM-Swift/BlueSSLService) which interfaces with a socket management layer (BlueSocket - https://github.com/IBM-Swift/BlueSocket).
>>> 
>>> Sounds good. Do you have an example demonstrating the use of BlueSocket in NIO mode? Like a simple client which just opens a socket connection to a TLS server and reads with NIO configured.
>> 
>> as far as I understand the source code BlueSocket is blocking IO only. But its API basically breaks the abstraction by giving you (publically!) direct access to the the file descriptor.
>> 
>> 	public internal(set) var socketfd: Int32 = SOCKET_INVALID_DESCRIPTOR
>> 
>> (from: https://github.com/IBM-Swift/BlueSocket/blob/master/Sources/Socket.swift#L772 )
>> 
>> so what you could do is
>> 
>> fcntl(someBlueSocket.socketFD, O_NONBLOCK, 1)
>> 
>> and then put in in a kqueue/epoll/DispatchSource . I personally don't think that counts as non-blocking API but it's possible :)
> 
> I think that this would actually be fine for a low level object.
> 
> But I’d like to see this working in the real world :-) The key part being that the TLS layer needs to buffer already read data until the TLS frames are complete. I know that this is possible with OpenSSL, and it was said that it should be possible with the low level macOS stuff, but I’d like to see this actually working. No offence, lets just make sure we don’t miss something in here as this is IMO very important.
> 
> hh
> 
> _______________________________________________
> swift-server-dev mailing list
> swift-server-dev at swift.org
> https://lists.swift.org/mailman/listinfo/swift-server-dev



More information about the swift-server-dev mailing list