[go-nuts] Status of crypto/tls?
78 views
Skip to first unread message
Daniel Smith
Apr 21, 2010, 1:46:40 AM4/21/10
to golang-nuts
I tried to run the website I'm working on through the TLS server in crypto/tls. I'm using the code given in this thread (with inconsequential modifications): http://groups.google.com/group/golang-nuts/browse_thread/thread/fd557b11893aad28
It sorta works; it starts to display my page, but it seems to get bogged down and never loads more than four or five of the page's resources (css, images, etc.). Sometimes it takes 6-8 seconds for even those files to transfer. (Changing GOMAXPROCS has no effect.)
For one page, firefox tells me: "SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)"
I understand the package isn't done yet, so I'm just asking if these problems are expected or not, and if the package will be done soon-ish or not.
The design of the package, btw, makes it very convenient!
--
Daniel Smith
http://www.schaumburggoclub.org/
It sorta works; it starts to display my page, but it seems to get bogged down and never loads more than four or five of the page's resources (css, images, etc.). Sometimes it takes 6-8 seconds for even those files to transfer. (Changing GOMAXPROCS has no effect.)
For one page, firefox tells me: "SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)"
I understand the package isn't done yet, so I'm just asking if these problems are expected or not, and if the package will be done soon-ish or not.
The design of the package, btw, makes it very convenient!
--
Daniel Smith
http://www.schaumburggoclub.org/
Russ Cox
Apr 21, 2010, 1:51:18 AM4/21/10
to dan...@lukenine45.net, golang-nuts
On Tue, Apr 20, 2010 at 22:46, Daniel Smith <dan...@lukenine45.net> wrote:
> I tried to run the website I'm working on through the TLS server in
> crypto/tls. I'm using the code given in this thread (with inconsequential
> modifications):
> http://groups.google.com/group/golang-nuts/browse_thread/thread/fd557b11893aad28
You might be able to simplify this boilerplate
> I tried to run the website I'm working on through the TLS server in
> crypto/tls. I'm using the code given in this thread (with inconsequential
> modifications):
> http://groups.google.com/group/golang-nuts/browse_thread/thread/fd557b11893aad28
down to just using tls.NewListener with a nil config.
> It sorta works; it starts to display my page, but it seems to get bogged
> down and never loads more than four or five of the page's resources (css,
> images, etc.). Sometimes it takes 6-8 seconds for even those files to
> transfer. (Changing GOMAXPROCS has no effect.)
>
> For one page, firefox tells me: "SSL received a record with an incorrect
> Message Authentication Code. (Error code: ssl_error_bad_mac_read)"
>
> I understand the package isn't done yet, so I'm just asking if these
> problems are expected or not, and if the package will be done soon-ish or
> not.
I don't believe the package will be done soon-ish,
unless someone steps up to finish it.
Russ
Russ Cox
Apr 21, 2010, 2:05:17 AM4/21/10
to dan...@lukenine45.net, golang-nuts, Adam Langley
> SIGSEGV: segmentation violation
> Faulting address: 0x10
Does your copy of the source have the if statement in this listing?
$ godoc -src crypto/tls NewListener
// NewListener creates a Listener which accepts connections from an inner
// Listener and wraps each connection with Server.
func NewListener(listener net.Listener, config *Config) (l *Listener) {
if config == nil {
config = defaultConfig()
}
l = new(Listener)
l.listener = listener
l.config = config
return
}
$
If not, please update.
> Is there a task list or anything? The issue just says it's "not finished";
> Hard to gage how much effort is required off of that. It's kind of an
> important package for a language so ideally suited for writing servers...
I'm not sure. Adam may be able to say more, but it sounds
like it's mostly a matter of debugging and handling error
conditions.
Russ
--
Subscription settings: http://groups.google.com/group/golang-nuts/subscribe?hl=en
> Faulting address: 0x10
Does your copy of the source have the if statement in this listing?
$ godoc -src crypto/tls NewListener
// NewListener creates a Listener which accepts connections from an inner
// Listener and wraps each connection with Server.
func NewListener(listener net.Listener, config *Config) (l *Listener) {
if config == nil {
config = defaultConfig()
}
l = new(Listener)
l.listener = listener
l.config = config
return
}
$
If not, please update.
> Is there a task list or anything? The issue just says it's "not finished";
> Hard to gage how much effort is required off of that. It's kind of an
> important package for a language so ideally suited for writing servers...
I'm not sure. Adam may be able to say more, but it sounds
like it's mostly a matter of debugging and handling error
conditions.
Russ
--
Subscription settings: http://groups.google.com/group/golang-nuts/subscribe?hl=en
Daniel Smith
Apr 21, 2010, 2:01:41 AM4/21/10
to r...@golang.org, golang-nuts
On Wed, Apr 21, 2010 at 12:51 AM, Russ Cox <r...@golang.org> wrote:
You might be able to simplify this boilerplate
down to just using tls.NewListener with a nil config.
It didn't like that very much:
SIGSEGV: segmentation violation
Faulting address: 0x10
PC=0x48d324
crypto/tls.*serverHandshake·loop+0x381 /home/daniel/go/src/pkg/crypto/tls/handshake_server.go:99
crypto/tls.*serverHandshake·loop(0x7fb700000010, 0x7fb7194123d0, 0x7fb71b4a8400, 0x7fb718aff780, 0x7fb71b4a83c0, ...)
goexit /home/daniel/go/src/pkg/runtime/proc.c:143
goexit()
crypto/tls.*serverHandshake·loop+0x381 /home/daniel/go/src/pkg/crypto/tls/handshake_server.go:99
crypto/tls.*serverHandshake·loop(0x7fb700000010, 0x7fb7194123d0, 0x7fb71b4a8400, 0x7fb718aff780, 0x7fb71b4a83c0, ...)
goexit /home/daniel/go/src/pkg/runtime/proc.c:143
goexit()
I don't believe the package will be done soon-ish,
unless someone steps up to finish it.
Is there a task list or anything? The issue just says it's "not finished"; Hard to gage how much effort is required off of that. It's kind of an important package for a language so ideally suited for writing servers...
Daniel Smith
Apr 21, 2010, 2:19:48 AM4/21/10
to r...@golang.org, golang-nuts, Adam Langley
On Wed, Apr 21, 2010 at 1:05 AM, Russ Cox <r...@golang.org> wrote:
You're right, I was out of date (bad me). It doesn't crash now. It also no longer works at all, with or without a config. The page never loads.
Thanks for your help, I may try debugging it.
If not, please update.
You're right, I was out of date (bad me). It doesn't crash now. It also no longer works at all, with or without a config. The page never loads.
Thanks for your help, I may try debugging it.
Adam Langley
Apr 21, 2010, 10:38:00 AM4/21/10
to dan...@lukenine45.net, r...@golang.org, golang-nuts
On Wed, Apr 21, 2010 at 2:19 AM, Daniel Smith <dan...@lukenine45.net> wrote:
> You're right, I was out of date (bad me). It doesn't crash now. It also no
> longer works at all, with or without a config. The page never loads.
>
> Thanks for your help, I may try debugging it.
It's not a complete disaster, but it does need a rewrite to be solid
> You're right, I was out of date (bad me). It doesn't crash now. It also no
> longer works at all, with or without a config. The page never loads.
>
> Thanks for your help, I may try debugging it.
enough to use in anger. (The use of goroutines was neat, but a mistake
in hindsight.)
Try:
% openssl genrsa 1024 > key.pem
% openssl req -new -key key.pem -days 365 -nodes -x509 -out cert.pem
% 6g server.go && 6l server.6 && ./6.out
(in a different terminal)
% openssl s_client -tls1 -connect 127.0.0.1:10443
The connection state bits were, more or less, never hooked up I'm
afraid. The rewrite has been on the cards for a while, but I've so
much else to do I'm afraid.
AGL
Reply all
Reply to author
Forward
0 new messages