-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support SSL #40
Comments
Libuv by itself does not implement ssl, however, there are few libuv-ssl packages using open ssl packages. They all have pros and cons, I have not quite decided what to port over yet. That been said, ssl definitely is going to come at some point. My development cycle at the moment is waiting for net core 2.0 first then go from there. |
I will give net core 2.0 ssl stream a shot before looking into other solutions. |
Ok. For client side is the a point I could inject it before the buffer?
Generally for a NNTP client you want to use SSL for connection. Server is
local so that is fine for now. I just need the SSL for connecting to
external servers from my server.
…On Sat, 3 Jun 2017 at 2:27 pm, Johnny Z ***@***.***> wrote:
I will give net core 2.0 ssl stream a shot before looking into other
solutions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYeceG2WEg85CmT5wm8JoRvrREu2nkMks5sAOCtgaJpZM4Nu7ZX>
.
|
You mean establishing connection in ssl, then let libuv take over? |
No more let libuv manage the connection but have a sslstream or buffer on
top between libuv and dotnet app using your library?
…On Sat, 3 Jun 2017 at 2:41 pm, Johnny Z ***@***.***> wrote:
You mean establishing connection in ssl, then let libuv take over?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecU0YwLlMliymdgSqojcdhqgYSiIfks5sAOPmgaJpZM4Nu7ZX>
.
|
The way you describing is exactly what .net core 2.0 pipeline is supposed to do. That was one the reasons I am waiting for it. Meanwhile, net core 2.0 also has the latest libuv 1.10. I suppose we just have to wait for a bit stable realease of net core 2.0. It is too early to do anything now, some of the spec are constantly changing at the moment. |
Is it really that hard in current core 1.1? I know they did it for the
dotnet core webserver but I guess that is server side SSL instead of client
side.
Once I finish the client I will test it connecting to non SSL server and
then see if there is a way I can make it work.
…On Sun, 4 Jun 2017 at 5:46 pm, Johnny Z ***@***.***> wrote:
The way you describing is exactly what .net core 2.0 pipeline is supposed
to do. That was one the reasons I am waiting for it. Meanwhile, net core
2.0 also has the latest libuv 1.10. I suppose we just have to wait for a
bit stable realease of net core 2.0. It is too early to do anything now,
some of the spec are constantly changing at the moment.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYeceWtgnosLVvPIlXAJ0W3t7Wda8nAks5sAmC4gaJpZM4Nu7ZX>
.
|
Put it this way, basically you have to give up buffer management to bring in ssl stream, which is kind of defeating the purpose of buffer pooling. It is doable now but not ideal. |
.net core 2.0 has pipeline which solves this problem in a much more elegant way. |
Ok. Since most of the core Libs are meant to not be tied to the version of
dotnet core and are open source I wonder if I can copy out just the code
needed for ssl.
Still got a few days to finish my client and then I will start looking.
Core 2 has no release date yet last time I checked. Does pipelines need net
standard 2.0?
…On Sun, 4 Jun 2017 at 7:29 pm, Johnny Z ***@***.***> wrote:
.net core 2.0 has pipeline which solves this problem in a much more
elegant way.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecY1GLAu5AWXRYNaVnnRGHJe5Glr-ks5sAnjpgaJpZM4Nu7ZX>
.
|
It is not that far away, it is preview2 now, release is in autumn, about 2 - 3 month. pipeline only available in 2.0. I have been watching that for months now. |
Can you point me to the parts of core2 we need? I see that libuv
v1.10.0-preview1 is out and works on core 1.0.1 and greater but i assume it
is some other package that is the issue.
…On Sun, Jun 4, 2017 at 7:35 PM, Johnny Z ***@***.***> wrote:
It is not that far away, it is preview2 now, release is no autumn, about 2
- 3 month.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecS6OmXNHQHrLpucwk9REo7a07dIfks5sAnptgaJpZM4Nu7ZX>
.
|
Think i found what you are waiting on. It is System.IO.Pipelines.Networking.Libuv right? https://github.com/dotnet/corefxlab/tree/master/src/System.IO.Pipelines.Networking.Libuv |
That one is experimental and internally used by kestrel server with libuv tcp handle. |
Is there another one somewhere else that you were talking about? Can you provide a link. In my case it is just a personal project for improving my systems at home but the client connections it makes out to the internet must be SSL so was thinking to keep the server using your lib as that works really well but maybe write the client to use what you were talking about in coming in core 2 so i could even use the preview version for now if i need to go that far as your libs will hopefully run on it. |
Mainly released version of https://github.com/dotnet/corefxlab/tree/master/src/System.IO.Pipelines |
ok but is it even a part of core2? I did find https://dotnet.myget.org/feed/dotnet-corefxlab/package/nuget/System.IO.Pipelines.Networking.Libuv and standard pipelines is there as well and they only seem to need .NETStandard 1.3 so i may just need to add a new nuget server. I would need to adjust my client code a little as well as work out how to connect up the ssl still in the client |
The corefxlab libuv pipeline does not support tls. |
You have to build everything from scratch. But with the pipelining, it is much easier. |
I think i get it. I would need to create a class that does basically the same thing as SSLStream but over an IPipeConnection and it needs to implement that interface as well so i can put it inline. Using a StreamPipeConnection may make it easier as well. Hopefully this will not be too hard but last time i had rip apart SSLStream to support selecting ssl certificate based on hostname it was a bit of a pain. |
Most of the implementations relying on new classes such as span, memory buffers. Too much of dependencies to pull over individually. |
they are all in separate nuget packages on that same nuget server and
adding the first nuget package should cause all the other required packages
to be pulled as well. That is the great thing about them separating the
run-time and the libraries. As long as nothing needs NetStandard 2 then it
should be fine and a quick check showed none needed netstandard 2. In fact
i did not see anything over netstandard 1.3.
If i get a chance i will give it a go tonight.
…On Wed, Jun 7, 2017 at 9:45 AM, Johnny Z ***@***.***> wrote:
Most of the implementations relying on new classes such as span, memory
buffers. Too much of dependencies to pull over individually.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecRHVob-yTxl8_kML1GlG7P-WwSWzks5sBeR_gaJpZM4Nu7ZX>
.
|
Please let me know how it goes. I plan to do this once net core 2 going into a reasonably stable state I can start over with new classes. |
sure!
…On Wed, Jun 7, 2017 at 9:54 AM, Johnny Z ***@***.***> wrote:
Please let me know how it goes. I plan to do this once net core 2 going
into a reasonably stable state I can start over with new classes.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecZMxN8CRv_vTEa2D06PpkI_HrRuxks5sBeahgaJpZM4Nu7ZX>
.
|
First tip if you want to use System.IO.Pipelines.Networking.Libuv you actually need to add 2 nuget repositories to get everything to install in current version of dotnet in netstandard 1.3 library. For piplines etc i will let you know how i go once i build my client with ssl |
pipelines are very similar to normal sockets but just a little harder to use. One of the major downsides i found at the minute is the nuget package published and the samples checked in wont work together. methods have changed so it may not be usable yet sadly. I thought they were just tweaking implementations but this is core things like reading the data that seems to have changed as far as i can tell. |
That one intensively use new io memory namespace and new span which is not available yet (only in net core 2.0). That is the reason I am waiting at the moment. The nightly packages tend to change a lot. Not something you can reliably code against. |
So that really leaves me with https://github.com/deleisha/evt-tls which I
have no idea of how to integrate or standard dotnet streams for clients
which may be the easiest.
I actually prefer you callback pattern over dotnet async and even pipeline
still needs a thread per client to read incoming.
…On Thu, 8 Jun 2017 at 12:54 pm, Johnny Z ***@***.***> wrote:
That one intensively use new io memory namespace and new span which is not
available yet (only in net core 2.0). That is the reason I am waiting at
the moment. The nightly packages tend to change a lot. Not something you
can reliably code against.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecViOrgaZqMYv_cZuIx9nBJpHI3i7ks5sB2JhgaJpZM4Nu7ZX>
.
|
tls is all about open connections and negotiate then encrypt. It has to happen in the beginning, that makes it very hard to do some 'just plug it in'. Why not wait a while for net core 2.0. I am going to do it one way or another. |
Ok. I will just use normal socket for the clients I need as there is one I
am using already that has ssl support but it was just a bit of a CPU and
performance hog. I will work on other things in the meantime
…On Thu, 8 Jun 2017 at 6:10 pm, Johnny Z ***@***.***> wrote:
tls is all about open connections and negotiate then encrypt. It has to
happen in the beginning, that makes it very hard to do some 'just plug it
in'. Why not wait a while for net core 2.0. I am going to do it one way or
another.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecebuQbOAGAJV1lJLIf4qC9Mp79mGks5sB6xpgaJpZM4Nu7ZX>
.
|
@StormHub Out of curiosity. Do you have a rough idea how to implement this now that .Net Core 2.0 is out? |
NetUV is going to stay on net standard 1.6 for quite some time. There are few options for ssl, for instance |
Another option will be managed ssl stream from .net. I haven't completely made my mind yet. |
I would still love to see ssl support added
…On 30 Aug. 2017 5:14 pm, "Johnny Z" ***@***.***> wrote:
Another option will be managed ssl stream from .net. I haven't completely
made my mind yet.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecfTGLR8wCOGkhdcKP6kL9aMuDrxcks5sdQu4gaJpZM4Nu7ZX>
.
|
Tls will be added for sure. The question is SslStream or openSsl at the moment. |
Ok. Anything cross platform would be great
…On 3 Sep. 2017 8:30 am, "Johnny Z" ***@***.***> wrote:
Tls will be added for sure. The question is SslStream or openSsl at the
moment.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYeccwEdfer6WK6kucbr0WQnLk9Wv1sks5sedcYgaJpZM4Nu7ZX>
.
|
SslStream is not quite there yet. |
@StormHub And update on this? I need to support TLS pretty soon and right now none the options discussed in this thread sound relatively painless. 😅 |
I plan to branch up and try plain ssl stream very soon. |
@StormHub Would be nice if you could keep us updated on this |
Any updates on this i know i still need this
…On 19 Sep. 2017 7:09 pm, "Oliver Weichhold" ***@***.***> wrote:
@StormHub <https://github.com/stormhub> Would be nice if you could keep
us updated on this
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#40 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAYecbYLxc4CxqisVjmprw8h95dDhvhlks5sj67egaJpZM4Nu7ZX>
.
|
Well, I will try sslstream first and see how it goes |
Is this still on the roadmap? :) |
@oliverw I am not sure when to jump on 2.0 at the moment :) |
Is there a recommended way for using the client when connecting to a server that uses ssl? Interested in being able to run ssl for the server as well but most important is the client at the minute.
The text was updated successfully, but these errors were encountered: