Better HTTPS support in (web client)

2020-01-10 Thread Ludovic Courtès
Hello Guilers!

I’ve pushed a ‘wip-https-client’ branch that contains improvements for
HTTPS support in (web client) that I’d like to be part of Guile 3:

  https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client

In a nutshell:

  • $https_proxy support and a ‘current-https-proxy’ parameter;

  • better TLS alert handling;

  • verification of server certificates (!).

You can test it with a program as simple as:

  (use-modules (web client))

  (call-with-values
  (lambda ()
(http-get "https://guix.gnu.org;))
pk)

You can test how expired certificates are handled with:

  guix environment --ad-hoc libfaketime -- \
 faketime 2022-01-01 ./meta/guile /tmp/https.scm

To check whether $https_proxy is honored, try:

  https_proxy=http://localhost:8118 strace -e connect \
./meta/guile /tmp/https.scm

(I have Privoxy running as a proxy on that port.)

Feedback welcome!

Ludo’.



Re: Better HTTPS support in (web client)

2020-01-10 Thread Chris Vine
On Fri, 10 Jan 2020 15:49:49 +0100
Ludovic Courtès  wrote:
> Hello Guilers!
> 
> I’ve pushed a ‘wip-https-client’ branch that contains improvements for
> HTTPS support in (web client) that I’d like to be part of Guile 3:
> 
>   https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client
> 
> In a nutshell:
> 
>   • $https_proxy support and a ‘current-https-proxy’ parameter;
> 
>   • better TLS alert handling;
> 
>   • verification of server certificates (!).
> 
> You can test it with a program as simple as:
> 
>   (use-modules (web client))
> 
>   (call-with-values
>   (lambda ()
> (http-get "https://guix.gnu.org;))
> pk)
> 
> You can test how expired certificates are handled with:
> 
>   guix environment --ad-hoc libfaketime -- \
>  faketime 2022-01-01 ./meta/guile /tmp/https.scm
> 
> To check whether $https_proxy is honored, try:
> 
>   https_proxy=http://localhost:8118 strace -e connect \
> ./meta/guile /tmp/https.scm
> 
> (I have Privoxy running as a proxy on that port.)
> 
> Feedback welcome!

Is the new implementation usable with suspendable ports?  When I last
looked the read-response-body procedure was not, which meant that
http-get and http-put were not, which meant that you could not really
use them with fibers.

Chris



Re: Better HTTPS support in (web client)

2020-01-10 Thread Andy Wingo
On Fri 10 Jan 2020 15:49, Ludovic Courtès  writes:

> Hello Guilers!
>
> I’ve pushed a ‘wip-https-client’ branch that contains improvements for
> HTTPS support in (web client) that I’d like to be part of Guile 3:
>
>   https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client

Looks nice, sounds like a great thing to merge in!

Andy