unofficial mirror of guile-devel@gnu.org 
 help / color / mirror / Atom feed
* Better HTTPS support in (web client)
@ 2020-01-10 14:49 Ludovic Courtès
  2020-01-10 15:55 ` Chris Vine
  2020-01-10 16:43 ` Andy Wingo
  0 siblings, 2 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-01-10 14:49 UTC (permalink / raw)
  To: Guile Devel; +Cc: Andy Wingo

Hello Guilers!

I’ve pushed a ‘wip-https-client’ branch that contains improvements for
HTTPS support in (web client) that I’d like to be part of Guile 3:

  https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client

In a nutshell:

  • $https_proxy support and a ‘current-https-proxy’ parameter;

  • better TLS alert handling;

  • verification of server certificates (!).

You can test it with a program as simple as:

  (use-modules (web client))

  (call-with-values
      (lambda ()
        (http-get "https://guix.gnu.org"))
    pk)

You can test how expired certificates are handled with:

  guix environment --ad-hoc libfaketime -- \
     faketime 2022-01-01 ./meta/guile /tmp/https.scm

To check whether $https_proxy is honored, try:

  https_proxy=http://localhost:8118 strace -e connect \
    ./meta/guile /tmp/https.scm

(I have Privoxy running as a proxy on that port.)

Feedback welcome!

Ludo’.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Better HTTPS support in (web client)
  2020-01-10 14:49 Better HTTPS support in (web client) Ludovic Courtès
@ 2020-01-10 15:55 ` Chris Vine
  2020-01-13 10:05   ` Ludovic Courtès
  2020-01-18 15:13   ` Amirouche Boubekki
  2020-01-10 16:43 ` Andy Wingo
  1 sibling, 2 replies; 6+ messages in thread
From: Chris Vine @ 2020-01-10 15:55 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Andy Wingo, Guile Devel

On Fri, 10 Jan 2020 15:49:49 +0100
Ludovic Courtès <ludo@gnu.org> wrote:
> Hello Guilers!
> 
> I’ve pushed a ‘wip-https-client’ branch that contains improvements for
> HTTPS support in (web client) that I’d like to be part of Guile 3:
> 
>   https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client
> 
> In a nutshell:
> 
>   • $https_proxy support and a ‘current-https-proxy’ parameter;
> 
>   • better TLS alert handling;
> 
>   • verification of server certificates (!).
> 
> You can test it with a program as simple as:
> 
>   (use-modules (web client))
> 
>   (call-with-values
>       (lambda ()
>         (http-get "https://guix.gnu.org"))
>     pk)
> 
> You can test how expired certificates are handled with:
> 
>   guix environment --ad-hoc libfaketime -- \
>      faketime 2022-01-01 ./meta/guile /tmp/https.scm
> 
> To check whether $https_proxy is honored, try:
> 
>   https_proxy=http://localhost:8118 strace -e connect \
>     ./meta/guile /tmp/https.scm
> 
> (I have Privoxy running as a proxy on that port.)
> 
> Feedback welcome!

Is the new implementation usable with suspendable ports?  When I last
looked the read-response-body procedure was not, which meant that
http-get and http-put were not, which meant that you could not really
use them with fibers.

Chris



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Better HTTPS support in (web client)
  2020-01-10 14:49 Better HTTPS support in (web client) Ludovic Courtès
  2020-01-10 15:55 ` Chris Vine
@ 2020-01-10 16:43 ` Andy Wingo
  2020-01-13 10:55   ` Ludovic Courtès
  1 sibling, 1 reply; 6+ messages in thread
From: Andy Wingo @ 2020-01-10 16:43 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: Guile Devel

On Fri 10 Jan 2020 15:49, Ludovic Courtès <ludo@gnu.org> writes:

> Hello Guilers!
>
> I’ve pushed a ‘wip-https-client’ branch that contains improvements for
> HTTPS support in (web client) that I’d like to be part of Guile 3:
>
>   https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client

Looks nice, sounds like a great thing to merge in!

Andy



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Better HTTPS support in (web client)
  2020-01-10 15:55 ` Chris Vine
@ 2020-01-13 10:05   ` Ludovic Courtès
  2020-01-18 15:13   ` Amirouche Boubekki
  1 sibling, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-01-13 10:05 UTC (permalink / raw)
  To: Chris Vine; +Cc: Andy Wingo, Guile Devel

Hello!

Chris Vine <vine35792468@gmail.com> skribis:

> Is the new implementation usable with suspendable ports?  When I last
> looked the read-response-body procedure was not, which meant that
> http-get and http-put were not, which meant that you could not really
> use them with fibers.

It’s not a “new implementation”, rather additional (and IMO important)
features that are added.

So it works as before, meaning that data is passed through a GnuTLS
“session record port”.  And that, in turn, that means this is not
suspendable, unfortunately.

To address that, it should be possible to avoid the session record port
and instead use the lower-level GnuTLS ‘record-receive!’ and
‘record-send’ procedures.  This is left as an excercise to the reader.
:-)

Thanks,
Ludo’.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Better HTTPS support in (web client)
  2020-01-10 16:43 ` Andy Wingo
@ 2020-01-13 10:55   ` Ludovic Courtès
  0 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2020-01-13 10:55 UTC (permalink / raw)
  To: Andy Wingo; +Cc: Guile Devel

Hi Andy,

Andy Wingo <wingo@igalia.com> skribis:

> On Fri 10 Jan 2020 15:49, Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hello Guilers!
>>
>> I’ve pushed a ‘wip-https-client’ branch that contains improvements for
>> HTTPS support in (web client) that I’d like to be part of Guile 3:
>>
>>   https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client
>
> Looks nice, sounds like a great thing to merge in!

Pushed with a ‘NEWS’ entry!

Apologies for missing 2.9.9.

Thanks,
Ludo’.



^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Better HTTPS support in (web client)
  2020-01-10 15:55 ` Chris Vine
  2020-01-13 10:05   ` Ludovic Courtès
@ 2020-01-18 15:13   ` Amirouche Boubekki
  1 sibling, 0 replies; 6+ messages in thread
From: Amirouche Boubekki @ 2020-01-18 15:13 UTC (permalink / raw)
  To: Chris Vine; +Cc: Andy Wingo, Ludovic Courtès, Guile Devel

Le ven. 10 janv. 2020 à 16:56, Chris Vine <vine35792468@gmail.com> a écrit :
>
> Is the new implementation usable with suspendable ports?  When I last
> looked the read-response-body procedure was not, which meant that
> http-get and http-put were not, which meant that you could not really
> use them with fibers.

Is that because of get-bytevector-all is coded in C?



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2020-01-18 15:13 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-10 14:49 Better HTTPS support in (web client) Ludovic Courtès
2020-01-10 15:55 ` Chris Vine
2020-01-13 10:05   ` Ludovic Courtès
2020-01-18 15:13   ` Amirouche Boubekki
2020-01-10 16:43 ` Andy Wingo
2020-01-13 10:55   ` Ludovic Courtès

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).