Skip to content

Use openssl instead of tls in federator http2 client#3154

Merged
akshaymankar merged 5 commits intodevelopfrom
openssl-attempt-2
Mar 21, 2023
Merged

Use openssl instead of tls in federator http2 client#3154
akshaymankar merged 5 commits intodevelopfrom
openssl-attempt-2

Conversation

@akshaymankar
Copy link
Member

@akshaymankar akshaymankar commented Mar 15, 2023

In #3051 it was assumed that SSL.read ssl n would always return n bytes. But unfortunately this is not true. A proposal to change upstream docs is here: haskell-cryptography/HsOpenSSL#81

Checklist

  • Add a new entry in an appropriate subdirectory of changelog.d
  • Read and follow the PR guidelines

@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Mar 15, 2023
`SSL.read ssl n` doesn't always return `n` bytes, so reading data multiple times
is necessary. Upstream PR has been made to warn future users:
haskell-cryptography/HsOpenSSL#81
@akshaymankar akshaymankar changed the title Openssl attempt 2 Use openssl instead of tls in federator http2 client Mar 21, 2023
@akshaymankar akshaymankar requested a review from pcapriotti March 21, 2023 11:52
@akshaymankar akshaymankar marked this pull request as ready for review March 21, 2023 11:52
Copy link
Contributor

@pcapriotti pcapriotti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Minor comment below.

readData 0 = pure ""
readData n = SSL.read ssl n `catch` \(_ :: SSL.ConnectionAbruptlyTerminated) -> pure mempty
ref <- newIORef mempty
let readData n = do
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like now we're also handling the case where SSL.read returns more than n bytes. Is that necessary? If not, we can get rid of the IORef, and simply have a tail-recursive loop that calls SSL.read until it reaches n bytes or EOF.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds great! I made another commit, can you please look at it?

@akshaymankar akshaymankar requested a review from pcapriotti March 21, 2023 14:48
| chunkLen > n ->
error "openssl: SSL.read returned more bytes than asked for, this is probably a bug"
| otherwise ->
mappend chunk <$> readData (n - chunkLen)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not tail-recursive, but probably it doesn't matter too much. To make it tail-recursive, you can make an inner loop with an accumulator argument.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah right, totally forgot about tail recursion, thanks! How about now?

Copy link
Contributor

@pcapriotti pcapriotti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@jschaul jschaul mentioned this pull request Mar 21, 2023
2 tasks
@akshaymankar akshaymankar merged commit 2106a61 into develop Mar 21, 2023
@akshaymankar akshaymankar deleted the openssl-attempt-2 branch March 21, 2023 16:01
akshaymankar added a commit that referenced this pull request Mar 29, 2023
This reverts commit 02ba744.

The real issue was resolved in #3154
akshaymankar added a commit that referenced this pull request Mar 29, 2023
This reverts commit 02ba744.

The real issue was resolved in #3154
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants

Comments