New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Native Sockets TLS Client/Server support for linux #2939
base: main
Are you sure you want to change the base?
Conversation
TODO: test failed - HttpServerCommonTestSuite.testProxyHeaders
handleResult(result) | ||
if (result.status == SSLEngineResult.Status.CLOSED) break@loop | ||
} | ||
} catch (cause: Throwable) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TooGenericExceptionCaught: Caught exception is too generic. Prefer catching specific exceptions to the case that is currently handled.
(at-me in a reply with help
or ignore
)
if (unwrapDestination !== initialUnwrapDestination) updateUnwrapDestination(unwrapDestination) | ||
resumeUnwrapContinuation(result) | ||
return result | ||
} catch (cause: Throwable) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TooGenericExceptionCaught: Caught exception is too generic. Prefer catching specific exceptions to the case that is currently handled.
(at-me in a reply with help
or ignore
)
} | ||
|
||
return result | ||
} catch (cause: Throwable) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TooGenericExceptionCaught: Caught exception is too generic. Prefer catching specific exceptions to the case that is currently handled.
(at-me in a reply with help
or ignore
)
"Failed to parse PKCS12 file" | ||
} | ||
return PKCS12Certificate(privateKey.value!!, x509Certificate.value!!) | ||
} catch (cause: Throwable) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TooGenericExceptionCaught: Caught exception is too generic. Prefer catching specific exceptions to the case that is currently handled.
(at-me in a reply with help
or ignore
)
this.channel.flush() | ||
//println("[$debugString] READING STEP RESULT: $result") | ||
} while (result > 0) | ||
} catch (cause: Throwable) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TooGenericExceptionCaught: Caught exception is too generic. Prefer catching specific exceptions to the case that is currently handled.
(at-me in a reply with help
or ignore
)
api(project(":ktor-network")) | ||
api(project(":ktor-utils")) | ||
kotlin { | ||
linuxX64 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could we try adding other platofrms?
|
||
package io.ktor.network.tls | ||
|
||
public class PKCS12Certificate( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kdocs are missing
|
||
public class PKCS12Certificate( | ||
public val path: String, | ||
public val password: (() -> CharArray)? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
consider adding default if password really can be null
public actual val verification: TLSVerificationConfig?, | ||
) : Closeable { | ||
override fun close() { | ||
//NOOP |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
obsolete
import io.ktor.utils.io.core.* | ||
|
||
//TODO: make it closeable | ||
public expect class TLSConfig: Closeable { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you tell me why the config is closeable?
writeStringUtf8("Connection: close\r\n\r\n") | ||
flush() | ||
} | ||
println(socket.openReadChannel().readRemaining().readText()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please consider dropping println
@olme04 are you still working on this? EDIT: ah, zero contributions the past year, on any github repo :( |
@Tiebe just in case, while using openssl here could be a good idea, the main problem with this approach is how to distribute it. I mean, we can do or dynamic or static linking to openssl or 2 separate artefacts for each, but it will be not so straightforward for end-users and library developers what to choose. Also there could be issues with how cinterop for |
@whyoleg Fair enough. Would just really love to have a websocket client with TLS support in Kotlin Native. Would you have any recommendations? |
@Tiebe I think, that for Apple platforms you can use |
Based on: #2929
Subsystem
Network, CIO
Motivation
partially fixes https://youtrack.jetbrains.com/issue/KTOR-1181 (no darwin support yet)
Solution
Note:
TODO:
tls-certificates
moduleExperimentalTLSApi
annotation, because of possible bugs, and get more feedback on cases, where it can have unexpected behavior?brew
location, because, at least on my machine, if to use same paths as in curl, it will fail too link binary because of GLIBC issues (related: https://youtrack.jetbrains.com/issue/KT-43501, https://youtrack.jetbrains.com/issue/KT-47061#focus=Comments-27-4947040.0-0)