amethyst icon indicating copy to clipboard operation
amethyst copied to clipboard

Published 20 hours ago verified publisher icon amethyst-framework

SSL Support

Open bararchy opened this issue 9 years ago • 2 comments

Right now, the best OpenSSL lib is @datanoise repo at https://github.com/datanoise/openssl.cr . Crystals SSL binding are half finished until this will be PRed.

I know Amethyst is using Crystal's HTTP server, the question is what kind of SSL support does the server has ? maybe we should wait for openssl.cr to be merged before adding an SSL option ?

Anyway, SSL can be implemented in a few ways.

  1. As part of HTTP::Server, then you just need to allow the user to specify :ssl = true or something in the .serve method.

  2. You can bypass HTTP::Server and allow the user to pass down a SSLSocket for you to use (this means the user will need to get from you a TCPSocket and upgrade it using OpenSSL::Context etc...

  3. You can implement some kind of Middleware to handle the SSLSocket upgrade.

From those three, I guess 1 is the easiest, but not sure when this is going to happen, this also depends on a) @datanoise, b) @asterite, then you :)

bararchy avatar Jun 18 '15 22:06 bararchy

@bararchy Crystal HTTP::Server actually supports ssl

Codcore avatar Jun 20 '15 21:06 Codcore

@Codcore Yeha, but the SSLSocket is really low on options right now, the default settings are insecure.

Non the less, if you can start building the hooks it could be really nice :)

bararchy avatar Jun 21 '15 09:06 bararchy