Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
http_client_asio based on Botan's TLS implementation #1110
Conversation
|
|
hrantzsch
changed the title
|
It would be nice to have some thought applied to the future of the C++ REST SDK |
| @@ -128,9 +128,10 @@ endif() | |||
| if(CPPREST_HTTP_CLIENT_IMPL STREQUAL "asio") | |||
| cpprest_find_boost() | |||
| cpprest_find_openssl() | |||
| target_compile_definitions(cpprest PUBLIC -DCPPREST_FORCE_HTTP_CLIENT_ASIO) | |||
| cpprest_find_botan() | |||
| target_compile_definitions(cpprest PUBLIC -DCPPREST_BOTAN_SSL -DCPPREST_FORCE_HTTP_CLIENT_ASIO) | |||
BillyONeal
May 7, 2019
Member
Unconditionally switching customers to Botan from OpenSSL doesn't seem like a reasonable change. If you want this to be maintained I think you need to (1) add it as an option rather than unconditionally enable it, and (2) add a configuration verifying that it works to azure-pipelines.yaml. Otherwise maintainers who have never used Botan and have no idea how it works will break it on a regular basis.
Unconditionally switching customers to Botan from OpenSSL doesn't seem like a reasonable change. If you want this to be maintained I think you need to (1) add it as an option rather than unconditionally enable it, and (2) add a configuration verifying that it works to azure-pipelines.yaml. Otherwise maintainers who have never used Botan and have no idea how it works will break it on a regular basis.
|
|
||
| #if defined(CPPREST_BOTAN_SSL) | ||
| #include <botan/asio_stream.h> | ||
| #else |
BillyONeal
May 7, 2019
Member
Please comment else and endif:
#if defined(CPPREST_BOTAN_SSL)
#else // ^^^ CPPREST_BOTAN_SSL // !CPPREST_BOTAN_SSL vvv
#endif // CPPREST_BOTAN_SSL
Please comment else and endif:
#if defined(CPPREST_BOTAN_SSL)
#else // ^^^ CPPREST_BOTAN_SSL // !CPPREST_BOTAN_SSL vvv
#endif // CPPREST_BOTAN_SSL
BillyONeal
May 7, 2019
Member
Occurs elsewhere.
I know the existing codebase is somewhat bad about this, but that's led to several nasty bugs before. I'd like us to follow that convention for substantial new functionality being added like this.
Occurs elsewhere.
I know the existing codebase is somewhat bad about this, but that's led to several nasty bugs before. I'd like us to follow that convention for substantial new functionality being added like this.
| return() | ||
| endif() | ||
|
|
||
| # TODO: this does not make sure Botan is set and does not fail at configure time |
BillyONeal
May 7, 2019
Member
Either this todo is an actual todo in which case it should be fixed before we merge this, or it's not an actual todo in which case it should not be committted.
Either this todo is an actual todo in which case it should be fixed before we merge this, or it's not an actual todo in which case it should not be committted.
|
Hi Billy, thanks for the review. Of course all of these points are very valid--I guess I should have pointed out the draft status of this PR better, sorry about that. I take it you are generally interested in this? As of now, the client component can optionally be built with Botan instead of OpenSSL, OpenSSL remaining the default. |
Nah, it's fine! We don't check up on PRs here very often, so given that I was over here I wanted to give some feedback in case it'd be helpful.
Not particularly. The entire cpprestsdk project at this time is kinda in maintenance mode. The usual arrangement for PRs though is for people to contribute things that they care about that the original authors might not care about. That's why I'm specifically looking for an azure-pipelines.yaml change if you want us to accept this because we super don't know what we're doing when it comes to a different SSL backend.
The listener component basically exists to be the unit test harness for the client, so that sounds okay. |
Well that's a case in point where many users care about something the original authors don't. We're very much using Sorry for jumping on the Botan PR! |
Please be advised that it isn't suitable for use in production scenarios -- notably, it has not been security audited, fuzz tested, or otherwise hardened for reasonably safe use in environments wherein the whole internet is attacking you.
We would need to think it was safe to use as a production web server to do that, and we do not believe that is true at this time. (In fact much the opposite -- thread sanitizer has found a number of scary issues that likely require a rewrite of most / all of the listener if we wanted to harden it) |
Thanks, @BillyONeal, that's a sensible note of caution. We have done some regular pen testing, but I should have clarified we are not yet operating in internet environments.
Would it be worth throwing these up as an issue - even if it isn't actively being pursued - to allow users to see these results without having to develop these tests, or sharing the test set up, so that users can easily reproduce the results? So, what would be the interest/benchmark for adding |
All I did was run the unit tests under tsan. The most common error was assuming multiple threads could concurrently touch shared_ptrs. I fixed a few obvious ones as part of onboarding to Azure Pipelines because without that the tests were too flaky to be useful. |
|
Ok, thanks a lot to both of you for the feedback. With that, and with what we have learned from playing around with it more on our side, it has become clear that a larger change than I originally imagined would be required for a clean implementation that works on all platforms. It is probably not desirable for the cpprestsdk project to maintain these changes. Closing. |
Hi,
We are working on an extension for
http_client_asiothat is based on Botan's TLS implementation rather than openSSL. Would you be interested in integrating this in cpprestsdk?As Botan's TLS stream strives to be a drop-in replacement for
boost::asio::ssl::stream, the amount of required changes is not too big. However, the stream initialization usingBotan::TLS::Contextis specific to the Botan stream and not a drop-in replacement in that sense. Hence, TLS configurations like certificate validation inhttp_client_configare not easily transferable.Note that the TLS stream will probably be available starting from Botan 2.11.0 (see this PR)
We (neXenio) are using cpprestsdk already and will switch our TLS implementation to Botan::TLS::Stream soon. So we would really love to have this upstream.