Skip IO.try_convert in ruby code for SSL Sockets #206
Conversation
When using SSL sockets, in the c extension code, monitor.io is an SSLSocket, but in Ruby code, monitor.io is a TCPSocket.
|
Just wondering about this - should we really be doing this in the library code? It seems odd to me that we shouldn't just expect the user to supply an |
|
IIRC, it was originally to deal with things like |
|
I kept the scope of the change narrow. I used: unless io.is_a? OpenSSL::SSL::SSLSocketMaybe a more general statement? unless io.is_a? IO or io.is_a? OpenSSL::Buffering
or
unless IO === io or OpenSSL::Buffering === io |
|
The way I think this should be solved is to use |
I believe the above accounts for all the cases in Ruby Core without trying |
|
The main issue is really just getting the file descriptor, which is not supported, but for which we could monkey patch. e.g. pry(main)> IO.pipe.first.fileno
=> 18
pry(main)> OpenSSL::SSL::SSLSocket.new(IO.pipe.first).fileno
NoMethodError: undefined method `fileno' for #<OpenSSL::SSL::SSLSocket:0x00007fafd9c41b30>The correct interface should be |
|
I did the PR to line up the Ruby code monitor.io object with the extension code object. The extension code returned the SSL socket, the Ruby code returned the TCP socket... |
|
Yeah, I know it's super confusing, it should obviously be the same. |
|
What I'm suggesting is that we remove all this crap and try to have a standard interface. It's not even so much that it's an IO object, it's just that it implements |
|
Possibly here: couldn't find the call anywhere in Ruby OpenSSL... |
|
BTW, speaking of OpenSSL, etc, Puma now has nio4r as a dependency, and they're using the own OpenSSL implementation... |
|
Is there some reason why they use their own OpenSSL implementation? |
|
Someone asked recently, don't recall if they really got an answer. It's called 'minissl'; I believe it dates to 2012. Probably "Don't fix what isn't broken" & limited resources... |
|
Honestly, my first reaction is that sounds kind of painful. |
|
I don't know why we should use |
Just to clarify, Puma does not use Ruby OpenSSL, but they are compiling with OpenSSL. Re I need to check the Puma tests tomorrow, as I'm not sure if the change to nio4r is being tested with SSL. Off topic: Speaking of YARD, see https://msp-greg.github.io/index.html. I modified the code to get nio4r to show the c source, but it messes with the repo links... |
|
For critical libraries, we can add external tests. If all specs, pass, we checkout external code, modify gem file a little bit to use this code, and then run their tests too. It's an option to ensure we don't break compatibility with upstream. What do you think? |
|
@MSP-Greg https://www.rubydoc.info/stdlib/core/IO.try_convert But it also checks the result is an So I guess it should work as long as the object has |
When using SSL sockets, in the c extension code, monitor.io is an SSLSocket, but in Ruby code, monitor.io is a TCPSocket.