Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A way to upgrade connections to TLS / support STARTTLS? #391

Open
brendanlong opened this issue Apr 29, 2021 · 3 comments
Open

A way to upgrade connections to TLS / support STARTTLS? #391

brendanlong opened this issue Apr 29, 2021 · 3 comments

Comments

@brendanlong
Copy link
Contributor

I'm trying to implement STARTTLS for Pgx and I was hoping I could use Conduit for this.

The PostgreSQL documentation says I need to send a few packets, check a response, and then:

To continue after S, perform an SSL startup handshake (not described here, part of the SSL specification) with the server.

The problem I'm having is that Conduit's interface seems to only let me select TLS at startup with no way upgrade a connection.

Looking through the code, I suspect I just need to call Ssl.connect with my already-open reader and writer and then use the result, but this is part of the private interface.

Could something like this be exposed in the public interface? The only change I would suggest is renaming Ssl.connect to Ssl.upgrade_existing_connection or something like that.

@brendanlong
Copy link
Contributor Author

Hm I just noticed this is exposed in V1: https://github.com/mirage/ocaml-conduit/blob/master/src/conduit-async/s.ml#L73 but it was removed in V2 and V3?

@brendanlong
Copy link
Contributor Author

I confirmed that I can make STARTTLS work using the V1 interface: arenadotio/pgx#108

I'm guessing I shouldn't rely on V1 though?

@brendanlong
Copy link
Contributor Author

I'm also not finding any way to do this in the Lwt versions of Conduit. Is it possible to expose an SSL upgrade function for Lwt?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant