[swift-server-dev] TLSService mini-release
Gelareh Taban
gtaban at us.ibm.com
Mon Jul 3 09:32:08 CDT 2017
Hi Brent!
Please see inline.
> A couple comments on the protocols:
>
> * `ConnectionDelegate`:
>
> * Given that the protocol has no methods, only properties, and that
`ConnectionType` is concrete,
> what behavior is `ConnectionDelegate` abstracting over? Or is it just a
placeholder design?
> (If it is a placeholder, a comment to that effect might be helpful.)
It is abstracting over different transport layers cross platform (right
now, Linux, but potentially in the future, also windows etc).
I agree that the defacto is BSD sockets but this type of abstraction can
allow support of other protocols such as STREAMS, etc.
The question I guess is do we think this support is necessary?
> * I'm very confused by `TLSServiceDelegate` and `ConnectionDelegate` both
having "delegate" in
> their names and (probably) both holding references to each other. The
relationship between these two types seems very jumbled.
TLSServiceDelegate is a delegate to the socket class.
ConnectionDelegate is misnamed and can have the delegate removed.
The relationship is based on:
https://raw.githubusercontent.com/gtaban/blogs/master/TLSServiceArchitecture.png
(where ConnectionDelegate = Transport Management)
How do you think we can make improve the relationship? The simpler the
better.
> * `TLSdelegate` should be `tlsDelegate` to meet the Swift API Guidelines.
yes... but then the acronym wont be capitalized! :-P We really need to
think of a good name here :-) Any suggestions?
> * The `-Type` suffix is reserved for generic parameters by the API
Guidelines, so `ConnectionType` is misnamed.
> I would suggest `Endpoint` or `ConnectionEndpoint`.
Good point.
> * `ConnectionType`'s `unknown` case seems rather useless. Why isn't the
`endpoint` property simply Optional instead?
I think all connections must have an endpoint so I don't think it makes
sense to have it optional. You're right that the unknown case
is probbably not useful and we can probably remove it.
> * `TLSServiceDelegate`:
> * The parameter labels in `didAccept(connection:)` and `willSend(data:)`
are inappropriate; they should be omitted.
Sorry, why are they inappropriate? I was trying to make it readable.
> * The buffer-based `willSend` and `willReceive` calls ought to use
`UnsafeRawBufferPointer` and
> `UnsafeMutableRawBufferPointer` instead of passing the pointer and size
as separate parameters.
> This `willSend` variant should also be unlabeled.
Makes sense but tbh I was intending to remove those APIs and only support
Data. The data type that these methods
support depend on the what the socket class will support, which as far as I
understand, have not been defined yet.
Do you think it still makes sense for us to include the Unsafe
[Mutable]RawBufferPointer versions of the APIs?
> * "Zero indicates TLS shutdown, less than zero indicates error." Why?
Shouldn't we be throwing errors, and either
> throwing or returning `nil` for shutdowns? I believe the implementation
actually showed some examples of negative
> returns indicating errors, which seems to indicate it wasn't accidentally
left in.
@Bill Abt can hopefully comment more on this.
> * I continue to be concerned by the `didCreateClient()` and
`didCreateServer()` calls. In the example implementation,
> they simply call into methods which, to my mind, ought to be part of
initialization. Large swaths of `TLSService` properties
> are mutable seemingly entirely to accommodate this half-initialized
state. I think splitting the static, shareable configuration
> from the dynamic, per-connection SSL delegate (by replacing these two
calls with `makeClientDelegate()` and
> `makeServerDelegate()` calls on a separate protocol) would substantially
clean up this design.
Interesting, can you give a bit more detail on this?
I think potentially what you are suggesting might mean that the socket
library needs to be split as well to client and server components. Is that
correct?
> * `TLSError`:
> * I have no idea why `success` should be an error case. `success` is the
lack of an error, not an error.
> * What is the purpose of the `fail` case's error code and string? They're
impossible to interpret without some kind of
> domain. And at that point...well, you've basically just reinvented
`NSError`.
> * In general, this type seems to fail to actually codify the errors a
TLSService could encounter, which limits its usefulness.
I'll let @Bill Abt reply to this one.
cheers,
Gelareh
From: Brent Royal-Gordon <brent at architechies.com>
To: Gelareh Taban <gtaban at us.ibm.com>
Cc: swift-server-dev at swift.org
Date: 06/29/2017 07:00 AM
Subject: Re: [swift-server-dev] TLSService mini-release
On Jun 28, 2017, at 11:30 AM, Gelareh Taban via swift-server-dev <
swift-server-dev at swift.org> wrote:
Hi all,
A quick update on TLS library update.
I have an implementation of the protocol proposed earlier:
https://lists.swift.org/pipermail/swift-server-dev/Week-of-Mon-20170320/000298.html
This is good work!
For now, I would like to throw this code out for public review.
Please review below and let's look at what needs to get done.
The protocols are defined in:
https://github.com/gtaban/security
A couple comments on the protocols:
* `ConnectionDelegate`:
* Given that the protocol has no methods, only properties, and that
`ConnectionType` is concrete, what behavior is `ConnectionDelegate`
abstracting over? Or is it just a placeholder design? (If it is a
placeholder, a comment to that effect might be helpful.)
* I'm very confused by `TLSServiceDelegate` and `ConnectionDelegate` both
having "delegate" in their names and (probably) both holding references to
each other. The relationship between these two types seems very jumbled.
* `TLSdelegate` should be `tlsDelegate` to meet the Swift API Guidelines.
* The `-Type` suffix is reserved for generic parameters by the API
Guidelines, so `ConnectionType` is misnamed. I would suggest `Endpoint` or
`ConnectionEndpoint`.
* `ConnectionType`'s `unknown` case seems rather useless. Why isn't the
`endpoint` property simply Optional instead?
* `TLSServiceDelegate`:
* The parameter labels in `didAccept(connection:)` and `willSend(data:)`
are inappropriate; they should be omitted.
* The buffer-based `willSend` and `willReceive` calls ought to use
`UnsafeRawBufferPointer` and `UnsafeMutableRawBufferPointer` instead of
passing the pointer and size as separate parameters. This `willSend`
variant should also be unlabeled.
* "Zero indicates TLS shutdown, less than zero indicates error." Why?
Shouldn't we be throwing errors, and either throwing or returning `nil` for
shutdowns? I believe the implementation actually showed some examples of
negative returns indicating errors, which seems to indicate it wasn't
accidentally left in.
* I continue to be concerned by the `didCreateClient()` and
`didCreateServer()` calls. In the example implementation, they simply call
into methods which, to my mind, ought to be part of initialization. Large
swaths of `TLSService` properties are mutable seemingly entirely to
accommodate this half-initialized state. I think splitting the static,
shareable configuration from the dynamic, per-connection SSL delegate (by
replacing these two calls with `makeClientDelegate()` and
`makeServerDelegate()` calls on a separate protocol) would substantially
clean up this design.
* `TLSError`:
* I have no idea why `success` should be an error case. `success` is the
lack of an error, not an error.
* What is the purpose of the `fail` case's error code and string? They're
impossible to interpret without some kind of domain. And at that
point...well, you've basically just reinvented `NSError`.
* In general, this type seems to fail to actually codify the errors a
TLSService could encounter, which limits its usefulness.
--
Brent Royal-Gordon
Architechies
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170703/c9ffd241/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <https://lists.swift.org/pipermail/swift-server-dev/attachments/20170703/c9ffd241/attachment.gif>
More information about the swift-server-dev
mailing list