Norelease+flush

[craff]

Two commits: exception in flush + functions that do not release the global loc in a separate module.

[craff]

There is a compilation problem in a test related to Thread.exit () versus raise Thread.Exit.

we have to choose between keeping a deprecated warning in Tests (which gives an error with warn as error) or abandoning older ocaml version.

Tell me what you prefer...

[craff]

I fixed the problem in Test/util.ml with local [@ warning -3]

[craff]

Here are some tests with nginx+ssl (as reference) and simple_http+ssl on a 50MB file

number of connection	nginx-ssl	simple-ssl without PR	simple-ssl with PR
5	50.30	36.56	59.33
10	54.95	32.43	60.96
15	54.63	33.81	61.60
20	53.06	33.08	61.57

This PR brings almost a factor 2 and allows to be better that nginx!

[craff]

No news ???

[anmonteiro]

No news ???

This project is maintained by (unpaid) volunteers. Please allow some time before we can review your changes (for free! Isn’t that beautiful?).

Given that, messages like this are a bit discouraging. Rest assured your changes will be reviewed in due time.

[craff]

Sorry for the mail showing impatience. Could you just allow the workflow build for all my PRs (or all PR?), I could check for problems myself. Cheers Le 13 avril 2023 12:51:07 GMT-10:00, Antonio Nuno Monteiro ***@***.***> a écrit :

…

> No news ??? This project I maintained by (unpaid) volunteers. Please allow some time before we can review your changes (for free! Isn’t that beautiful?). Given that, messages like this are a bit discouraging. Rest assured your changes will be reviewed in due time. -- Reply to this email directly or view it on GitHub: #106 (comment) You are receiving this because you authored the thread. Message ID: ***@***.***>

[craff]

The macos build seems to loop between the ssl_context (which ends successfully) and the ssl_cipher test that never starts.

[craff]

Apart from tests seems ok.

[craff]

I redid a build from my github, same thing, a loop on macos. Probably not related to this patch? Not sure.

[toots]

Just left some comments. I don't want to overstep since we delegated this module but I would personally really like to see this work merged.

I've been hoping that OCaml could have a backend server with speed comparable to nginx/node ever since the work on multi-thread started and since seems to finally be bridging that gap!

[anmonteiro]

Thanks, @toots. This is still on my list and I'll try to get to it over the weekend.

[craff]

Just left some comments. I don't want to overstep since we delegated this module but I would personally really like to see this work merged.

I've been hoping that OCaml could have a backend server with speed comparable to nginx/node ever since the work on multi-thread started and since seems to finally be bridging that gap!

Thanks for you review, I have commited the change. I guess you had a look at simple_httpd?

[toots]

Just left some comments. I don't want to overstep since we delegated this module but I would personally really like to see this work merged.
I've been hoping that OCaml could have a backend server with speed comparable to nginx/node ever since the work on multi-thread started and since seems to finally be bridging that gap!

Thanks for you review, I have commited the change. I guess you had a look at simple_httpd?

Not yet but I plan to.

[anmonteiro]

Here are some tests with nginx+ssl (as reference) and simple_http+ssl on a 50MB file

number of connection nginx-ssl simple-ssl without PR simple-ssl with PR
5 50.30 36.56 59.33
10 54.95 32.43 60.96
15 54.63 33.81 61.60
20 53.06 33.08 61.57
This PR brings almost a factor 2 and allows to be better that nginx!

What are the units here?

[anmonteiro]

what does SslReleaseExt, SslComExt etc mean?

I can probably guess SslReleaseExt means "not releasing the runtime lock", but what's SslComExt?

Could you add more descriptive names, even if they're longer?

[craff]

I addressed this by commit cb3cc1f

[anmonteiro]

we don't need to export the module type in the signature. Perhaps it'd be better to put it in a ssl_intf.ml and refer to it here.

[craff]

I like to have documlentation in the same .mli file as a .ml. This is not a big mater if it is duplicated in both ssl.ml and ssl.mli ?

[anmonteiro]

We're exposing a module type that has no use. I'd rather keep the API surface area as small as possible.

[craff]

The module is used, twice:

module SslRelease : SslCom
module SslNoRelease : SslCom

And is the only place that gives the type of the main ssl function like connect, read, ẁrite, .... They are available directly as before via the include of SslRelease, I do not see how to remove SslCom. Or maybe I don't get fully what you mean ?

[anmonteiro]

Right, but it doesn't need to be exposed as a module type, creating yet another item in the public API. you can put the module type in a ssl_intf.ml file and reference it in the signature, for example. I think this talks about it https://www.craigfe.io/posts/the-intf-trick

[anmonteiro]

I added some comments and suggestions that I'd like to see addressed before we move forward.

Additionally, I'd love to see a different PR for the flush error change (3d7445d) so it can be discussed separately. I did not review that part of the code.

[craff]

Here are some tests with nginx+ssl (as reference) and simple_http+ssl on a 50MB file
number of connection nginx-ssl simple-ssl without PR simple-ssl with PR
5 50.30 36.56 59.33
10 54.95 32.43 60.96
15 54.63 33.81 61.60
20 53.06 33.08 61.57
This PR brings almost a factor 2 and allows to be better that nginx!

What are the units here?

Request per seconds

[craff]

I added some comments and suggestions that I'd like to see addressed before we move forward.

Additionally, I'd love to see a different PR for the flush error change (3d7445d) so it can be discussed separately. I did not review that part of the code.

• I reopen PR Fix flush #104 for only fix_flush (and the warning/error for compilation of a test in 5.0)
• I rebased this PR on Norelease+flush #106 (meaning Fix flush #104 should be merged first)
• I rebased PR Deprecation old tlsv #107 on Norelease+flush #106.

You already reviewed #104 long ago and I just updated a comment.

[craff]

This is starting to shape up really nicely. Thanks for your continued work.

Thanks to you for the review!

[craff]

I needed 856a5c5 because of a recent merge in master ?

[craff]

About the PR for deprecation of old protocol: I will redo it, it is a very small change and the history is too messy for that now with the rebase (git is really messy for merge/rebase compared to darcs ;-). You can wait to review that I do the new one please.

[craff]

Many thanks for your work and latest commit.

[anmonteiro]

I hadn't noticed this before. Do we need a new embed socket function? We should preserve the old behavior for ocaml_ssl_embed_socket.

[craff]

I first duplicated this function, but looking at the documentation, I found that SSL_new and SSL_set_fd can not block and do not do any communication, so one function not acquiring the runtime is enough (or one acquiring it)

But you are right, a lot of function like ocaml_ssl_get_file_descr, should probably not release the runtime lock neither. But maybe you want this in another PR and we currently keep the previous one.

I just reverted (commit 606c1e5) and will submit an issue now.

[anmonteiro]

Thanks. I think this should be good to go now. I'll do a final check later today and merge it. Thanks!

[craff]

I just openned a new issue #113, if you could tell me what you think, I might propose a PR very quickly (or not at all if you don't like any of the two ideas ;-)

More generally, there is a lot of unanswered issues on ocaml-ssl, this is not a very good for the image of the project. May be some of them desserve to be closed, other to have at least a short answer. I could actually answer some of them maybe ?

[anmonteiro]

Good point. Some issue gardening is probably in order. Feel free to answer them, of course.

I like your idea for the latest one, I'll answer there.

[craff]

I will first fix issue #103 (and even output_char), I think this is a serious bug (but probably no one is using them ?). I might look at all the other occurrences of ignore while I am at it.

Many thanks again for your review.

[craff]

I commented a few issues (only one has no answer now) and probably #31 and #42 can be closed.

[craff]

I spotted a odoc problem in ssl.mli fixed by 606c1e5

[anmonteiro]

Thank you!

[craff]

Antonio Nuno Monteiro writes:

Thank you!

Thanks to you too!

…

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.

-- Christophe Raffalli tél: +689 87 23 11 48 web: http://raffalli.eu Ce mail est signé avec pgp (Pièce jointe signature.asc, clef sur https://raffalli.eu/pgp) This mail is signed pgp (Attachment signature.asc, clef on https://raffalli.eu/pgp)

[toots]

Awesome y'all, that looks like a great collaboration! Looking forward to testing it!

[craff]

I did more work and PRs ... and found/fixed more bugs (2 in my recent PRs, 2 in previous code, 1 in previous code which has already issue #103). When you have time, you should first review #116 (one bug fix) and #118 (4 bugs fixes). I may split #118 in four PRs if you prefer. Cheers, Christophe Antonio Nuno Monteiro writes:

…

Thank you! — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.

-- Christophe Raffalli tél: +689 87 23 11 48 web: http://raffalli.eu Ce mail est signé avec pgp (Pièce jointe signature.asc, clef sur https://raffalli.eu/pgp) This mail is signed pgp (Attachment signature.asc, clef on https://raffalli.eu/pgp)