Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SSL #40

Open
seertenedos opened this issue Jun 3, 2017 · 44 comments
Open

Support SSL #40

seertenedos opened this issue Jun 3, 2017 · 44 comments
Milestone

Comments

@seertenedos
Copy link

Is there a recommended way for using the client when connecting to a server that uses ssl? Interested in being able to run ssl for the server as well but most important is the client at the minute.

@StormHub
Copy link
Owner

StormHub commented Jun 3, 2017

Libuv by itself does not implement ssl, however, there are few libuv-ssl packages using open ssl packages. They all have pros and cons, I have not quite decided what to port over yet. That been said, ssl definitely is going to come at some point. My development cycle at the moment is waiting for net core 2.0 first then go from there.

@StormHub
Copy link
Owner

StormHub commented Jun 3, 2017

I will give net core 2.0 ssl stream a shot before looking into other solutions.

@seertenedos
Copy link
Author

seertenedos commented Jun 3, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Jun 3, 2017

You mean establishing connection in ssl, then let libuv take over?

@seertenedos
Copy link
Author

seertenedos commented Jun 3, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Jun 4, 2017

The way you describing is exactly what .net core 2.0 pipeline is supposed to do. That was one the reasons I am waiting for it. Meanwhile, net core 2.0 also has the latest libuv 1.10. I suppose we just have to wait for a bit stable realease of net core 2.0. It is too early to do anything now, some of the spec are constantly changing at the moment.

@seertenedos
Copy link
Author

seertenedos commented Jun 4, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Jun 4, 2017

Put it this way, basically you have to give up buffer management to bring in ssl stream, which is kind of defeating the purpose of buffer pooling. It is doable now but not ideal.

@StormHub
Copy link
Owner

StormHub commented Jun 4, 2017

.net core 2.0 has pipeline which solves this problem in a much more elegant way.

@seertenedos
Copy link
Author

seertenedos commented Jun 4, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Jun 4, 2017

It is not that far away, it is preview2 now, release is in autumn, about 2 - 3 month. pipeline only available in 2.0. I have been watching that for months now.

@seertenedos
Copy link
Author

seertenedos commented Jun 5, 2017 via email

@seertenedos
Copy link
Author

Think i found what you are waiting on. It is System.IO.Pipelines.Networking.Libuv right? https://github.com/dotnet/corefxlab/tree/master/src/System.IO.Pipelines.Networking.Libuv

@StormHub
Copy link
Owner

StormHub commented Jun 6, 2017

That one is experimental and internally used by kestrel server with libuv tcp handle.

@seertenedos
Copy link
Author

Is there another one somewhere else that you were talking about? Can you provide a link. In my case it is just a personal project for improving my systems at home but the client connections it makes out to the internet must be SSL so was thinking to keep the server using your lib as that works really well but maybe write the client to use what you were talking about in coming in core 2 so i could even use the preview version for now if i need to go that far as your libs will hopefully run on it.

@StormHub
Copy link
Owner

StormHub commented Jun 6, 2017

Mainly released version of https://github.com/dotnet/corefxlab/tree/master/src/System.IO.Pipelines
It is not that simple to convert, requires fair bit of work to fit in.

@StormHub StormHub added this to the 2.0 milestone Jun 6, 2017
@seertenedos
Copy link
Author

ok but is it even a part of core2? I did find https://dotnet.myget.org/feed/dotnet-corefxlab/package/nuget/System.IO.Pipelines.Networking.Libuv and standard pipelines is there as well and they only seem to need .NETStandard 1.3 so i may just need to add a new nuget server. I would need to adjust my client code a little as well as work out how to connect up the ssl still in the client

@StormHub
Copy link
Owner

StormHub commented Jun 6, 2017

The corefxlab libuv pipeline does not support tls.

@StormHub
Copy link
Owner

StormHub commented Jun 6, 2017

You have to build everything from scratch. But with the pipelining, it is much easier.

@seertenedos
Copy link
Author

I think i get it. I would need to create a class that does basically the same thing as SSLStream but over an IPipeConnection and it needs to implement that interface as well so i can put it inline. Using a StreamPipeConnection may make it easier as well. Hopefully this will not be too hard but last time i had rip apart SSLStream to support selecting ssl certificate based on hostname it was a bit of a pain.

@StormHub
Copy link
Owner

StormHub commented Jun 6, 2017

Most of the implementations relying on new classes such as span, memory buffers. Too much of dependencies to pull over individually.

@seertenedos
Copy link
Author

seertenedos commented Jun 6, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Jun 6, 2017

Please let me know how it goes. I plan to do this once net core 2 going into a reasonably stable state I can start over with new classes.

@seertenedos
Copy link
Author

seertenedos commented Jun 7, 2017 via email

@seertenedos
Copy link
Author

First tip if you want to use System.IO.Pipelines.Networking.Libuv you actually need to add 2 nuget repositories to get everything to install in current version of dotnet in netstandard 1.3 library.

For piplines etc
https://dotnet.myget.org/F/dotnet-corefxlab/api/v3/index.json
for dependancies
https://dotnet.myget.org/F/dotnet-core/api/v3/index.json

i will let you know how i go once i build my client with ssl

@seertenedos
Copy link
Author

pipelines are very similar to normal sockets but just a little harder to use. One of the major downsides i found at the minute is the nuget package published and the samples checked in wont work together. methods have changed so it may not be usable yet sadly. I thought they were just tweaking implementations but this is core things like reading the data that seems to have changed as far as i can tell.

@StormHub
Copy link
Owner

StormHub commented Jun 8, 2017

That one intensively use new io memory namespace and new span which is not available yet (only in net core 2.0). That is the reason I am waiting at the moment. The nightly packages tend to change a lot. Not something you can reliably code against.

@seertenedos
Copy link
Author

seertenedos commented Jun 8, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Jun 8, 2017

tls is all about open connections and negotiate then encrypt. It has to happen in the beginning, that makes it very hard to do some 'just plug it in'. Why not wait a while for net core 2.0. I am going to do it one way or another.

@seertenedos
Copy link
Author

seertenedos commented Jun 8, 2017 via email

@oliverw
Copy link

oliverw commented Aug 29, 2017

@StormHub Out of curiosity. Do you have a rough idea how to implement this now that .Net Core 2.0 is out?

@StormHub
Copy link
Owner

NetUV is going to stay on net standard 1.6 for quite some time. There are few options for ssl, for instance
https://github.com/Drawaes/Leto
Or open to the libuv approach, see
libuv/libuv#1128

@StormHub
Copy link
Owner

Another option will be managed ssl stream from .net. I haven't completely made my mind yet.

@seertenedos
Copy link
Author

seertenedos commented Sep 2, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Sep 2, 2017

Tls will be added for sure. The question is SslStream or openSsl at the moment.

@seertenedos
Copy link
Author

seertenedos commented Sep 4, 2017 via email

@StormHub
Copy link
Owner

StormHub commented Sep 4, 2017

SslStream is not quite there yet.
see https://github.com/aspnet/KestrelHttpServer/tree/dev/src/Kestrel.Tls

@oliverw
Copy link

oliverw commented Sep 19, 2017

@StormHub And update on this? I need to support TLS pretty soon and right now none the options discussed in this thread sound relatively painless. 😅

@StormHub
Copy link
Owner

I plan to branch up and try plain ssl stream very soon.

@oliverw
Copy link

oliverw commented Sep 19, 2017

@StormHub Would be nice if you could keep us updated on this

@seertenedos
Copy link
Author

seertenedos commented Oct 10, 2017 via email

@StormHub
Copy link
Owner

Well, I will try sslstream first and see how it goes

@oliverw
Copy link

oliverw commented Jan 25, 2018

Is this still on the roadmap? :)

@StormHub
Copy link
Owner

@oliverw I am not sure when to jump on 2.0 at the moment :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants