-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Norelease+flush #106
Norelease+flush #106
Conversation
There is a compilation problem in a test related to Thread.exit () versus raise Thread.Exit. we have to choose between keeping a deprecated warning in Tests (which gives an error with warn as error) or abandoning older ocaml version. Tell me what you prefer... |
I fixed the problem in Test/util.ml with local [@ warning -3] |
Here are some tests with nginx+ssl (as reference) and simple_http+ssl on a 50MB file
This PR brings almost a factor 2 and allows to be better that nginx! |
No news ??? |
This project is maintained by (unpaid) volunteers. Please allow some time before we can review your changes (for free! Isn’t that beautiful?). Given that, messages like this are a bit discouraging. Rest assured your changes will be reviewed in due time. |
Sorry for the mail showing impatience. Could you just allow the workflow build for all my PRs (or all PR?), I could check for problems myself.
Cheers
Le 13 avril 2023 12:51:07 GMT-10:00, Antonio Nuno Monteiro ***@***.***> a écrit :
…> No news ???
This project I maintained by (unpaid) volunteers. Please allow some time before we can review your changes (for free! Isn’t that beautiful?).
Given that, messages like this are a bit discouraging. Rest assured your changes will be reviewed in due time.
--
Reply to this email directly or view it on GitHub:
#106 (comment)
You are receiving this because you authored the thread.
Message ID: ***@***.***>
|
The macos build seems to loop between the ssl_context (which ends successfully) and the ssl_cipher test that never starts. |
Apart from tests seems ok. |
I redid a build from my github, same thing, a loop on macos. Probably not related to this patch? Not sure. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just left some comments. I don't want to overstep since we delegated this module but I would personally really like to see this work merged.
I've been hoping that OCaml could have a backend server with speed comparable to nginx/node ever since the work on multi-thread started and since seems to finally be bridging that gap!
Thanks, @toots. This is still on my list and I'll try to get to it over the weekend. |
Thanks for you review, I have commited the change. I guess you had a look at simple_httpd? |
Not yet but I plan to. |
What are the units here? |
src/ssl.ml
Outdated
let domain = Unix.domain_of_sockaddr sockaddr in | ||
let sock = | ||
Unix.socket domain Unix.SOCK_STREAM 0 in | ||
module SslReleaseExt = struct |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does SslReleaseExt
, SslComExt
etc mean?
I can probably guess SslReleaseExt
means "not releasing the runtime lock", but what's SslComExt
?
Could you add more descriptive names, even if they're longer?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I addressed this by commit cb3cc1f
src/ssl.mli
Outdated
capture all exception that requires you to retry later the same operation. | ||
*) | ||
|
||
module type SslCom = sig |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't need to export the module type in the signature. Perhaps it'd be better to put it in a ssl_intf.ml
and refer to it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like to have documlentation in the same .mli file as a .ml. This is not a big mater if it is duplicated in both ssl.ml and ssl.mli ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We're exposing a module type that has no use. I'd rather keep the API surface area as small as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The module is used, twice:
module SslRelease : SslCom
module SslNoRelease : SslCom
And is the only place that gives the type of the main ssl function like connect
, read
, ẁrite
, .... They are available directly as before via the include of SslRelease, I do not see how to remove SslCom
. Or maybe I don't get fully what you mean ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, but it doesn't need to be exposed as a module type
, creating yet another item in the public API. you can put the module type in a ssl_intf.ml
file and reference it in the signature, for example. I think this talks about it https://www.craigfe.io/posts/the-intf-trick
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added some comments and suggestions that I'd like to see addressed before we move forward.
Additionally, I'd love to see a different PR for the flush error change (3d7445d) so it can be discussed separately. I did not review that part of the code.
Request per seconds |
You already reviewed #104 long ago and I just updated a comment. |
Co-authored-by: Antonio Nuno Monteiro <anmonteiro@gmail.com>
Thanks to you for the review! |
Co-authored-by: Antonio Nuno Monteiro <anmonteiro@gmail.com>
I needed 856a5c5 because of a recent merge in master ? |
About the PR for deprecation of old protocol: I will redo it, it is a very small change and the history is too messy for that now with the rebase (git is really messy for merge/rebase compared to darcs ;-). You can wait to review that I do the new one please. |
Many thanks for your work and latest commit. |
src/ssl_stubs.c
Outdated
@@ -1377,15 +1377,12 @@ CAMLprim value ocaml_ssl_embed_socket(value socket_, value context) | |||
|
|||
if (socket < 0) | |||
caml_raise_constant(*caml_named_value("ssl_exn_invalid_socket")); | |||
caml_release_runtime_system(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hadn't noticed this before. Do we need a new embed socket function? We should preserve the old behavior for ocaml_ssl_embed_socket
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I first duplicated this function, but looking at the documentation, I found that SSL_new and SSL_set_fd can not block and do not do any communication, so one function not acquiring the runtime is enough (or one acquiring it)
But you are right, a lot of function like ocaml_ssl_get_file_descr, should probably not release the runtime lock neither. But maybe you want this in another PR and we currently keep the previous one.
I just reverted (commit 606c1e5) and will submit an issue now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I think this should be good to go now. I'll do a final check later today and merge it. Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just openned a new issue #113, if you could tell me what you think, I might propose a PR very quickly (or not at all if you don't like any of the two ideas ;-)
More generally, there is a lot of unanswered issues on ocaml-ssl, this is not a very good for the image of the project. May be some of them desserve to be closed, other to have at least a short answer. I could actually answer some of them maybe ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. Some issue gardening is probably in order. Feel free to answer them, of course.
I like your idea for the latest one, I'll answer there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will first fix issue #103 (and even output_char), I think this is a serious bug (but probably no one is using them ?). I might look at all the other occurrences of ignore
while I am at it.
Many thanks again for your review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I spotted a odoc problem in ssl.mli fixed by 606c1e5 |
Thank you! |
Antonio Nuno Monteiro writes:
Thank you!
Thanks to you too!
… —
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.
--
Christophe Raffalli
tél: +689 87 23 11 48
web: http://raffalli.eu
Ce mail est signé avec pgp (Pièce jointe signature.asc, clef sur https://raffalli.eu/pgp)
This mail is signed pgp (Attachment signature.asc, clef on https://raffalli.eu/pgp)
|
Awesome y'all, that looks like a great collaboration! Looking forward to testing it! |
I did more work and PRs ... and found/fixed more bugs (2 in my recent PRs, 2 in
previous code, 1 in previous code which has already issue #103).
When you have time, you should first review #116 (one bug fix) and #118
(4 bugs fixes).
I may split #118 in four PRs if you prefer.
Cheers,
Christophe
Antonio Nuno Monteiro writes:
… Thank you!
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.
--
Christophe Raffalli
tél: +689 87 23 11 48
web: http://raffalli.eu
Ce mail est signé avec pgp (Pièce jointe signature.asc, clef sur https://raffalli.eu/pgp)
This mail is signed pgp (Attachment signature.asc, clef on https://raffalli.eu/pgp)
|
CHANGES: - Raise an error when `Ssl.flush` isn't successful (savonet/ocaml-ssl#104, savonet/ocaml-ssl#120) - Add an API-compatible `Ssl.Runtime_lock` module. The functions in this module don't release the OCaml runtime lock. While they don't allow other OCaml threads to run concurrently, they don't perform any copying in the underlying data, leading certain workloads to be faster than their counterparts that release the lock. (savonet/ocaml-ssl#106) - Guarantee `Ssl.output_string` writes the whole string by retrying the operation with unwritten bytes (savonet/ocaml-ssl#103, savonet/ocaml-ssl#116) - Fix calls in C stubs that need to call `ERR_clear_error` before the underlying OpenSSL call (savonet/ocaml-ssl#118) - Add a module `Ssl.Error` to retrieve OpenSSL errors in a structured way (savonet/ocaml-ssl#119) - Deprecate Ssl.{SSLv23,SSLv3,TLSv1,TLSv1_1}, which were were formally deprecated in March 2021 and earlier (savonet/ocaml-ssl#115).
CHANGES: - Raise an error when `Ssl.flush` isn't successful (savonet/ocaml-ssl#104, savonet/ocaml-ssl#120) - Add an API-compatible `Ssl.Runtime_lock` module. The functions in this module don't release the OCaml runtime lock. While they don't allow other OCaml threads to run concurrently, they don't perform any copying in the underlying data, leading certain workloads to be faster than their counterparts that release the lock. (savonet/ocaml-ssl#106) - Guarantee `Ssl.output_string` writes the whole string by retrying the operation with unwritten bytes (savonet/ocaml-ssl#103, savonet/ocaml-ssl#116) - Fix calls in C stubs that need to call `ERR_clear_error` before the underlying OpenSSL call (savonet/ocaml-ssl#118) - Add a module `Ssl.Error` to retrieve OpenSSL errors in a structured way (savonet/ocaml-ssl#119) - Deprecate Ssl.{SSLv23,SSLv3,TLSv1,TLSv1_1}, which were were formally deprecated in March 2021 and earlier (savonet/ocaml-ssl#115).
Two commits: exception in flush + functions that do not release the global loc in a separate module.