zio-http
zio-http copied to clipboard
zio
Redesign SSL for Server
Is your feature request related to a problem? Please describe. The current SSL API isn't inline with the rest of ZIO Http. It's a bit awkward to use, specially if you are a beginner.
Describe the solution you'd like Re-look at how HTTPs server is created. There should just be a one line configuration to enable SSL, which starts with some default certificates / keys etc. Customization should be allowed but not necessary.
Additional context Design of SSL module isn't such that it can be tested easily and the existing tests are also a bit flaky.
I suggest pure data as a representation for the SSL configuration, having both options to load the SSL key / certs from resources (local file, resource, etc.), as well as options to pass it directly ("in memory", having already been loaded from, e.g., a secret server), and options to generate fresh keys & self-certify (for testing / developer-mode).
Something like:
sealed trait SSLConfig
object SSLConfig {
sealed trait SSLProvider
object SSLProvider { .. }
/** A new public/private key pair will be generated and self-signed: */
case object Generate extends SSLConfig
final case class FromFile(certPath: String, keyPath: String) extends SSLConfig
final case class FromResource(certPath: String, keyPath: String) extends SSLConfig
...
}
Then this pure data which is independent of JVM / Netty can be placed into ServerConfig as Option[SSLConfig], and SSL will be turned on if and only if such SSL Config is present.
@ghidei Thank you!
Generating a key pair and self-signing (for SSLConfig.Generate) is a bit painful due to API design and best searching on Stack Overflow or elsewhere for pre-canned answers.
Refactorings done/in progress: https://github.com/zio/zio-http/pull/1513 https://github.com/zio/zio-http/pull/1536 https://github.com/zio/zio-http/pull/1544
Todo: Fix the flaky tests.
