StormHub
Support SSL
Is there a recommended way for using the client when connecting to a server that uses ssl? Interested in being able to run ssl for the server as well but most important is the client at the minute.
Libuv by itself does not implement ssl, however, there are few libuv-ssl packages using open ssl packages. They all have pros and cons, I have not quite decided what to port over yet. That been said, ssl definitely is going to come at some point. My development cycle at the moment is waiting for net core 2.0 first then go from there.
I will give net core 2.0 ssl stream a shot before looking into other solutions.
Ok. For client side is the a point I could inject it before the buffer?
Generally for a NNTP client you want to use SSL for connection. Server is local so that is fine for now. I just need the SSL for connecting to external servers from my server.
On Sat, 3 Jun 2017 at 2:27 pm, Johnny Z [email protected] wrote:
I will give net core 2.0 ssl stream a shot before looking into other solutions.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-305950213, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYeceG2WEg85CmT5wm8JoRvrREu2nkMks5sAOCtgaJpZM4Nu7ZX .
No more let libuv manage the connection but have a sslstream or buffer on top between libuv and dotnet app using your library?
On Sat, 3 Jun 2017 at 2:41 pm, Johnny Z [email protected] wrote:
You mean establishing connection in ssl, then let libuv take over?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-305950779, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecU0YwLlMliymdgSqojcdhqgYSiIfks5sAOPmgaJpZM4Nu7ZX .
The way you describing is exactly what .net core 2.0 pipeline is supposed to do. That was one the reasons I am waiting for it. Meanwhile, net core 2.0 also has the latest libuv 1.10. I suppose we just have to wait for a bit stable realease of net core 2.0. It is too early to do anything now, some of the spec are constantly changing at the moment.
Is it really that hard in current core 1.1? I know they did it for the dotnet core webserver but I guess that is server side SSL instead of client side.
Once I finish the client I will test it connecting to non SSL server and then see if there is a way I can make it work.
On Sun, 4 Jun 2017 at 5:46 pm, Johnny Z [email protected] wrote:
The way you describing is exactly what .net core 2.0 pipeline is supposed to do. That was one the reasons I am waiting for it. Meanwhile, net core 2.0 also has the latest libuv 1.10. I suppose we just have to wait for a bit stable realease of net core 2.0. It is too early to do anything now, some of the spec are constantly changing at the moment.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-306024450, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYeceWtgnosLVvPIlXAJ0W3t7Wda8nAks5sAmC4gaJpZM4Nu7ZX .
Put it this way, basically you have to give up buffer management to bring in ssl stream, which is kind of defeating the purpose of buffer pooling. It is doable now but not ideal.
.net core 2.0 has pipeline which solves this problem in a much more elegant way.
Ok. Since most of the core Libs are meant to not be tied to the version of dotnet core and are open source I wonder if I can copy out just the code needed for ssl.
Still got a few days to finish my client and then I will start looking. Core 2 has no release date yet last time I checked. Does pipelines need net standard 2.0?
On Sun, 4 Jun 2017 at 7:29 pm, Johnny Z [email protected] wrote:
.net core 2.0 has pipeline which solves this problem in a much more elegant way.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-306029067, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecY1GLAu5AWXRYNaVnnRGHJe5Glr-ks5sAnjpgaJpZM4Nu7ZX .
It is not that far away, it is preview2 now, release is in autumn, about 2 - 3 month. pipeline only available in 2.0. I have been watching that for months now.
Can you point me to the parts of core2 we need? I see that libuv v1.10.0-preview1 is out and works on core 1.0.1 and greater but i assume it is some other package that is the issue.
On Sun, Jun 4, 2017 at 7:35 PM, Johnny Z [email protected] wrote:
It is not that far away, it is preview2 now, release is no autumn, about 2
- 3 month.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-306029347, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecS6OmXNHQHrLpucwk9REo7a07dIfks5sAnptgaJpZM4Nu7ZX .
Think i found what you are waiting on. It is System.IO.Pipelines.Networking.Libuv right? https://github.com/dotnet/corefxlab/tree/master/src/System.IO.Pipelines.Networking.Libuv
That one is experimental and internally used by kestrel server with libuv tcp handle.
Is there another one somewhere else that you were talking about? Can you provide a link. In my case it is just a personal project for improving my systems at home but the client connections it makes out to the internet must be SSL so was thinking to keep the server using your lib as that works really well but maybe write the client to use what you were talking about in coming in core 2 so i could even use the preview version for now if i need to go that far as your libs will hopefully run on it.
Mainly released version of https://github.com/dotnet/corefxlab/tree/master/src/System.IO.Pipelines It is not that simple to convert, requires fair bit of work to fit in.
ok but is it even a part of core2? I did find https://dotnet.myget.org/feed/dotnet-corefxlab/package/nuget/System.IO.Pipelines.Networking.Libuv and standard pipelines is there as well and they only seem to need .NETStandard 1.3 so i may just need to add a new nuget server. I would need to adjust my client code a little as well as work out how to connect up the ssl still in the client
You have to build everything from scratch. But with the pipelining, it is much easier.
I think i get it. I would need to create a class that does basically the same thing as SSLStream but over an IPipeConnection and it needs to implement that interface as well so i can put it inline. Using a StreamPipeConnection may make it easier as well. Hopefully this will not be too hard but last time i had rip apart SSLStream to support selecting ssl certificate based on hostname it was a bit of a pain.
Most of the implementations relying on new classes such as span, memory buffers. Too much of dependencies to pull over individually.
they are all in separate nuget packages on that same nuget server and adding the first nuget package should cause all the other required packages to be pulled as well. That is the great thing about them separating the run-time and the libraries. As long as nothing needs NetStandard 2 then it should be fine and a quick check showed none needed netstandard 2. In fact i did not see anything over netstandard 1.3.
If i get a chance i will give it a go tonight.
On Wed, Jun 7, 2017 at 9:45 AM, Johnny Z [email protected] wrote:
Most of the implementations relying on new classes such as span, memory buffers. Too much of dependencies to pull over individually.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-306645233, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecRHVob-yTxl8_kML1GlG7P-WwSWzks5sBeR_gaJpZM4Nu7ZX .
Please let me know how it goes. I plan to do this once net core 2 going into a reasonably stable state I can start over with new classes.
sure!
On Wed, Jun 7, 2017 at 9:54 AM, Johnny Z [email protected] wrote:
Please let me know how it goes. I plan to do this once net core 2 going into a reasonably stable state I can start over with new classes.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-306646675, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecZMxN8CRv_vTEa2D06PpkI_HrRuxks5sBeahgaJpZM4Nu7ZX .
First tip if you want to use System.IO.Pipelines.Networking.Libuv you actually need to add 2 nuget repositories to get everything to install in current version of dotnet in netstandard 1.3 library.
For piplines etc https://dotnet.myget.org/F/dotnet-corefxlab/api/v3/index.json for dependancies https://dotnet.myget.org/F/dotnet-core/api/v3/index.json
i will let you know how i go once i build my client with ssl
pipelines are very similar to normal sockets but just a little harder to use. One of the major downsides i found at the minute is the nuget package published and the samples checked in wont work together. methods have changed so it may not be usable yet sadly. I thought they were just tweaking implementations but this is core things like reading the data that seems to have changed as far as i can tell.
That one intensively use new io memory namespace and new span which is not available yet (only in net core 2.0). That is the reason I am waiting at the moment. The nightly packages tend to change a lot. Not something you can reliably code against.
So that really leaves me with https://github.com/deleisha/evt-tls which I have no idea of how to integrate or standard dotnet streams for clients which may be the easiest.
I actually prefer you callback pattern over dotnet async and even pipeline still needs a thread per client to read incoming.
On Thu, 8 Jun 2017 at 12:54 pm, Johnny Z [email protected] wrote:
That one intensively use new io memory namespace and new span which is not available yet (only in net core 2.0). That is the reason I am waiting at the moment. The nightly packages tend to change a lot. Not something you can reliably code against.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-306984003, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecViOrgaZqMYv_cZuIx9nBJpHI3i7ks5sB2JhgaJpZM4Nu7ZX .
tls is all about open connections and negotiate then encrypt. It has to happen in the beginning, that makes it very hard to do some 'just plug it in'. Why not wait a while for net core 2.0. I am going to do it one way or another.
Ok. I will just use normal socket for the clients I need as there is one I am using already that has ssl support but it was just a bit of a CPU and performance hog. I will work on other things in the meantime
On Thu, 8 Jun 2017 at 6:10 pm, Johnny Z [email protected] wrote:
tls is all about open connections and negotiate then encrypt. It has to happen in the beginning, that makes it very hard to do some 'just plug it in'. Why not wait a while for net core 2.0. I am going to do it one way or another.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-307031493, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecebuQbOAGAJV1lJLIf4qC9Mp79mGks5sB6xpgaJpZM4Nu7ZX .
@StormHub Out of curiosity. Do you have a rough idea how to implement this now that .Net Core 2.0 is out?
NetUV is going to stay on net standard 1.6 for quite some time. There are few options for ssl, for instance https://github.com/Drawaes/Leto Or open to the libuv approach, see https://github.com/libuv/libuv/issues/1128
Another option will be managed ssl stream from .net. I haven't completely made my mind yet.
I would still love to see ssl support added
On 30 Aug. 2017 5:14 pm, "Johnny Z" [email protected] wrote:
Another option will be managed ssl stream from .net. I haven't completely made my mind yet.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-325903737, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecfTGLR8wCOGkhdcKP6kL9aMuDrxcks5sdQu4gaJpZM4Nu7ZX .
Tls will be added for sure. The question is SslStream or openSsl at the moment.
Ok. Anything cross platform would be great
On 3 Sep. 2017 8:30 am, "Johnny Z" [email protected] wrote:
Tls will be added for sure. The question is SslStream or openSsl at the moment.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-326772676, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYeccwEdfer6WK6kucbr0WQnLk9Wv1sks5sedcYgaJpZM4Nu7ZX .
SslStream is not quite there yet. see https://github.com/aspnet/KestrelHttpServer/tree/dev/src/Kestrel.Tls
@StormHub And update on this? I need to support TLS pretty soon and right now none the options discussed in this thread sound relatively painless. 😅
Any updates on this i know i still need this
On 19 Sep. 2017 7:09 pm, "Oliver Weichhold" [email protected] wrote:
@StormHub https://github.com/stormhub Would be nice if you could keep us updated on this
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/StormHub/NetUV/issues/40#issuecomment-330518937, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYecbYLxc4CxqisVjmprw8h95dDhvhlks5sj67egaJpZM4Nu7ZX .