em-synchrony icon indicating copy to clipboard operation
em-synchrony copied to clipboard

Published 20 hours ago verified publisher icon igrigorik

SSL doesn't work after setting TCPSocket = EventMachine::Synchrony::TCPSocket

Open tobowers opened this issue 13 years ago • 7 comments

minimum to reproduce:


EM.synchrony do
  TCPSocket = EventMachine::Synchrony::TCPSocket
  obj = Net::HTTP.new("google.com", 443)
  obj.use_ssl = true
  obj.verify_mode = OpenSSL::SSL::VERIFY_NONE
  obj.get("/")
  EM.stop
end

triggers:

ruby-1.9.2-p290/lib/ruby/1.9.1/net/http.rb:658:in `initialize': wrong argument type EventMachine::Synchrony::TCPSocket (expected File) (TypeError)
    from /Users/topper/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/net/http.rb:658:in `new'
    from /Users/topper/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/net/http.rb:658:in `connect'
    from /Users/topper/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/net/http.rb:637:in `do_start'
    from /Users/topper/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/net/http.rb:626:in `start'
    from /Users/topper/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/net/http.rb:1168:in `request'
    from /Users/topper/.rvm/rubies/ruby-1.9.2-p290/lib/ruby/1.9.1/net/http.rb:888:in `get'

tobowers avatar Nov 09 '11 18:11 tobowers

Unfortunately that's not surprising. Existing TCPSocket functionality is very basic, as in it only implements a few methods of the API. The SSL stuff specifically shouldn't be hard to add, but yeah.. I wouldn't even call it a bug, but rather a feature request.

(I should document that TCPSocket class more to be explicit about the minimal functionality)

igrigorik avatar Nov 09 '11 20:11 igrigorik

I dug into the Ruby C code and it looks like it's failing in SSLSocket because the passed socket isn't a File, i.e. "Check_Type(io, T_FILE)". I don't know how it can work with the original TCPSocket class (which is also not a File).

For whatever it's worth, it doesn't look like EM::TCPSocket is missing anything, it's just that SSL is unreasonably picky about the socket type.

CodeMonkeySteve avatar Nov 09 '11 21:11 CodeMonkeySteve

Well, I don't think we would want to try to wrap that, we need to use the built-in EM SSL primitives.. which is actually as simple as conn.start_tls(opts). Having said that, looking at net/http, this may mean that we would have to do some heavy patching of the connect method (ugh): https://github.com/ruby/ruby/blob/trunk/lib/net/http.rb#L760-810

igrigorik avatar Nov 10 '11 09:11 igrigorik

Is this still on the radar of getting worked on or just sitting in the backlog for now? Would really like this to be implemented. Thanks!

tnachen avatar May 08 '12 16:05 tnachen

It's definitely on the backlog, and to be honest.. unlikely to be resolved. I don't think we'll be able to match the SSL API's.

igrigorik avatar May 09 '12 05:05 igrigorik

Is it because there is no time for this or just technical impossible? From the comments it sounded like it's doable.

tnachen avatar May 09 '12 05:05 tnachen

EM's SSL layer and net/http SSL layer are two entirely different beasts.. Perhaps it come be made to work, but I'm not too hopeful. I have a strong feeling that even if we do get the basic case to work, we'll end up running into all kinds of edge cases.

igrigorik avatar May 09 '12 05:05 igrigorik