[swift-server-dev] Draft proposal for TLS Service APIs(pleasereview)

Gelareh Taban gtaban at us.ibm.com
Tue Mar 28 14:44:23 CDT 2017 





On 28. Mar 2017, at 12:03, Johannes Weiß <johannesweiss at apple.com> wrote:
> Hi Helge and Gelareh,
>
>> [...]
>>> If you are talking about non-blocking by any chance, we have an
implementation of this in BlueSSLService (
https://github.com/IBM-Swift/BlueSSLService) which interfaces with a socket
management layer (BlueSocket - https://github.com/IBM-Swift/BlueSocket).
>>
>> Sounds good. Do you have an example demonstrating the use of BlueSocket
in NIO mode? Like a simple client which just opens a socket connection to a
TLS server and reads with NIO configured.
>
> as far as I understand the source code BlueSocket is blocking IO only.
But its API basically breaks the abstraction by giving you (publically!)
direct access to the the file descriptor.
>
> 		 public internal(set) var socketfd: Int32 =
SOCKET_INVALID_DESCRIPTOR
>
> (from:
https://github.com/IBM-Swift/BlueSocket/blob/master/Sources/Socket.swift#L772
 )
>
> so what you could do is
>
> fcntl(someBlueSocket.socketFD, O_NONBLOCK, 1)
>
> and then put in in a kqueue/epoll/DispatchSource . I personally don't
think that counts as non-blocking API but it's possible :)

I think that this would actually be fine for a low level object.

But I’d like to see this working in the real world :-) The key part being
that the TLS layer needs to buffer already read data until the TLS frames
are complete. I know that this is possible with OpenSSL, and it was said
that it should be possible with the low level macOS stuff, but I’d like to
see this actually working. No offence, lets just make sure we don’t miss
something in here as this is IMO very important.



[gelareh]

@hh: Kitura (which uses Kitura-net) uses non-blocking sockets so that code
path is exercised everytime we run Kitura-net on both mac and Linux.
https://github.com/IBM-Swift/Kitura-net/blob/34176a224a3317be14d0b5f038a690b969095726/Sources/KituraNet/IncomingSocketManager.swift#L111

I think that covers all the possibilities, but let me know if I'm missing
something.

@Johannes: in BlueSocket, go to
https://github.com/IBM-Swift/BlueSocket/blob/master/Sources/Socket.swift
and search for isBlocking. That should give a bunch of places where we test
for blocking and where the EAGAIN percolation is managed.

g.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170328/06045653/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170328/06045653/attachment.gif>

More information about the swift-server-dev mailing list