[swift-server-dev] TLSService mini-release
Brent Royal-Gordon
brent at architechies.com
Thu Jun 29 08:00:23 CDT 2017
> On Jun 28, 2017, at 11:30 AM, Gelareh Taban via swift-server-dev <swift-server-dev at swift.org> wrote:
>
> Hi all,
>
> A quick update on TLS library update.
>
> I have an implementation of the protocol proposed earlier: https://lists.swift.org/pipermail/swift-server-dev/Week-of-Mon-20170320/000298.html <https://lists.swift.org/pipermail/swift-server-dev/Week-of-Mon-20170320/000298.html>
This is good work!
> For now, I would like to throw this code out for public review. Please review below and let's look at what needs to get done.
>
> The protocols are defined in:
> https://github.com/gtaban/security <https://github.com/gtaban/security>A couple comments on the protocols:
* `ConnectionDelegate`:
* Given that the protocol has no methods, only properties, and that `ConnectionType` is concrete, what behavior is `ConnectionDelegate` abstracting over? Or is it just a placeholder design? (If it is a placeholder, a comment to that effect might be helpful.)
* I'm very confused by `TLSServiceDelegate` and `ConnectionDelegate` both having "delegate" in their names and (probably) both holding references to each other. The relationship between these two types seems very jumbled.
* `TLSdelegate` should be `tlsDelegate` to meet the Swift API Guidelines.
* The `-Type` suffix is reserved for generic parameters by the API Guidelines, so `ConnectionType` is misnamed. I would suggest `Endpoint` or `ConnectionEndpoint`.
* `ConnectionType`'s `unknown` case seems rather useless. Why isn't the `endpoint` property simply Optional instead?
* `TLSServiceDelegate`:
* The parameter labels in `didAccept(connection:)` and `willSend(data:)` are inappropriate; they should be omitted.
* The buffer-based `willSend` and `willReceive` calls ought to use `UnsafeRawBufferPointer` and `UnsafeMutableRawBufferPointer` instead of passing the pointer and size as separate parameters. This `willSend` variant should also be unlabeled.
* "Zero indicates TLS shutdown, less than zero indicates error." Why? Shouldn't we be throwing errors, and either throwing or returning `nil` for shutdowns? I believe the implementation actually showed some examples of negative returns indicating errors, which seems to indicate it wasn't accidentally left in.
* I continue to be concerned by the `didCreateClient()` and `didCreateServer()` calls. In the example implementation, they simply call into methods which, to my mind, ought to be part of initialization. Large swaths of `TLSService` properties are mutable seemingly entirely to accommodate this half-initialized state. I think splitting the static, shareable configuration from the dynamic, per-connection SSL delegate (by replacing these two calls with `makeClientDelegate()` and `makeServerDelegate()` calls on a separate protocol) would substantially clean up this design.
* `TLSError`:
* I have no idea why `success` should be an error case. `success` is the lack of an error, not an error.
* What is the purpose of the `fail` case's error code and string? They're impossible to interpret without some kind of domain. And at that point...well, you've basically just reinvented `NSError`.
* In general, this type seems to fail to actually codify the errors a TLSService could encounter, which limits its usefulness.
--
Brent Royal-Gordon
Architechies
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170629/9cdfa43c/attachment.html>
More information about the swift-server-dev
mailing list