Re: Better HTTPS support in (web client)
Le ven. 10 janv. 2020 à 16:56, Chris Vine a écrit : > > Is the new implementation usable with suspendable ports? When I last > looked the read-response-body procedure was not, which meant that > http-get and http-put were not, which meant that you could not really > use them with fibers. Is that because of get-bytevector-all is coded in C?
Re: Better HTTPS support in (web client)
Hi Andy, Andy Wingo skribis: > On Fri 10 Jan 2020 15:49, Ludovic Courtès writes: > >> Hello Guilers! >> >> I’ve pushed a ‘wip-https-client’ branch that contains improvements for >> HTTPS support in (web client) that I’d like to be part of Guile 3: >> >> https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client > > Looks nice, sounds like a great thing to merge in! Pushed with a ‘NEWS’ entry! Apologies for missing 2.9.9. Thanks, Ludo’.
Re: Better HTTPS support in (web client)
Hello! Chris Vine skribis: > Is the new implementation usable with suspendable ports? When I last > looked the read-response-body procedure was not, which meant that > http-get and http-put were not, which meant that you could not really > use them with fibers. It’s not a “new implementation”, rather additional (and IMO important) features that are added. So it works as before, meaning that data is passed through a GnuTLS “session record port”. And that, in turn, that means this is not suspendable, unfortunately. To address that, it should be possible to avoid the session record port and instead use the lower-level GnuTLS ‘record-receive!’ and ‘record-send’ procedures. This is left as an excercise to the reader. :-) Thanks, Ludo’.
Re: Better HTTPS support in (web client)
On Fri 10 Jan 2020 15:49, Ludovic Courtès writes: > Hello Guilers! > > I’ve pushed a ‘wip-https-client’ branch that contains improvements for > HTTPS support in (web client) that I’d like to be part of Guile 3: > > https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client Looks nice, sounds like a great thing to merge in! Andy
Re: Better HTTPS support in (web client)
On Fri, 10 Jan 2020 15:49:49 +0100 Ludovic Courtès wrote: > Hello Guilers! > > I’ve pushed a ‘wip-https-client’ branch that contains improvements for > HTTPS support in (web client) that I’d like to be part of Guile 3: > > https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client > > In a nutshell: > > • $https_proxy support and a ‘current-https-proxy’ parameter; > > • better TLS alert handling; > > • verification of server certificates (!). > > You can test it with a program as simple as: > > (use-modules (web client)) > > (call-with-values > (lambda () > (http-get "https://guix.gnu.org;)) > pk) > > You can test how expired certificates are handled with: > > guix environment --ad-hoc libfaketime -- \ > faketime 2022-01-01 ./meta/guile /tmp/https.scm > > To check whether $https_proxy is honored, try: > > https_proxy=http://localhost:8118 strace -e connect \ > ./meta/guile /tmp/https.scm > > (I have Privoxy running as a proxy on that port.) > > Feedback welcome! Is the new implementation usable with suspendable ports? When I last looked the read-response-body procedure was not, which meant that http-get and http-put were not, which meant that you could not really use them with fibers. Chris
Better HTTPS support in (web client)
Hello Guilers! I’ve pushed a ‘wip-https-client’ branch that contains improvements for HTTPS support in (web client) that I’d like to be part of Guile 3: https://git.savannah.gnu.org/cgit/guile.git/log/?h=wip-https-client In a nutshell: • $https_proxy support and a ‘current-https-proxy’ parameter; • better TLS alert handling; • verification of server certificates (!). You can test it with a program as simple as: (use-modules (web client)) (call-with-values (lambda () (http-get "https://guix.gnu.org;)) pk) You can test how expired certificates are handled with: guix environment --ad-hoc libfaketime -- \ faketime 2022-01-01 ./meta/guile /tmp/https.scm To check whether $https_proxy is honored, try: https_proxy=http://localhost:8118 strace -e connect \ ./meta/guile /tmp/https.scm (I have Privoxy running as a proxy on that port.) Feedback welcome! Ludo’.
