Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unbuffered process_tls_records does not mach usage scenario #1958

Open
pascaldekloe opened this issue May 19, 2024 · 2 comments
Open

Unbuffered process_tls_records does not mach usage scenario #1958

pascaldekloe opened this issue May 19, 2024 · 2 comments

Comments

@pascaldekloe
Copy link

pascaldekloe commented May 19, 2024
edited

The ConnectionState provided is no fit for the TLS use-case of: handshake first (possibly with early data) followed by reads and/or writes in any order until closed. Instead it makes users of the API handle both directions with newly created ReadTraffic and WriteTraffic instances on each invocation. Even the most simple request–response example boggles the mind.

Is there a way to extract a reader–writer pair from the unbuffered API? I'm happy to provide you with a pull request on agreement.
@ctz
Copy link
Member

ctz commented May 20, 2024

Instead it makes users of the API handle both directions with newly created ReadTraffic and WriteTraffic instances on each invocation.

Note that the caller is in control of providing received TLS data to the library. It therefore always has the option of providing an empty slice to obtain a WriteTraffic (which is the quiescent, state post-handshake with no data pending). This means the caller controls whether to write or read at any given time.

Is there a way to extract a reader–writer pair from the unbuffered API?

Note that a fully independent reader-writer pair continues to be very difficult. That is because reading TLS data can imply writing, so the reader needs to be able to prod the writer.

@pascaldekloe
Copy link
Author

reading TLS data can imply writing

Thanks for clearing things up @ctz. The setup starts to make more sense now.

The documentation states “A Handshake record is ready for encoding” on ConnectionState::EncodeTlsData, and “Previously encoded handshake records need to be transmitted” on ConnectionState::TransmitTlsData. Are you saying that both states may also occur after the handshake, @ctz?

Why not use an error for the occasion, as in unbuffered::ReadError::NeedsWriteFirst(unbuffered::EncodeTlsData)?

Also, I believe the ConnectionState separation in EncodeTlsData and TransmitTlsData was ment to allow for network fail-over, because of the presence of done(). In such case there is a need keep state on how many bytes were written, which makes the whole reliance on rustls(3) to resume an extra step rather than it being of any help. That is, if my assumption is correct, then rustls(3) users may be better off with out done() and the state separation to deal with.

always has the option of providing an empty slice to obtain a WriteTraffic

So we could provide a method to get the WriteTraffic directly then? That alone would fix many of the problems already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ctz @pascaldekloe