Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement STARTTLS #199

Closed
wants to merge 1 commit into from
Closed

Implement STARTTLS #199

wants to merge 1 commit into from

Conversation

ghost
Copy link

@ghost ghost commented Apr 10, 2019

This PR implements STARTTLS and exposes the connection stream in a non-BC way through a getter method. The added "extended" interfaces should be merged into the "regular" interfaces with the next major version.

Maybe some more documentation is needed in case of the usage/requirement of the extended connection interface instead of the regular interface (e.g. SecureConnector::connect).

Closes #89.

@clue clue changed the title Implement STARTTLS [WIP] Implement STARTTLS Apr 26, 2019
@jchook
Copy link

jchook commented May 19, 2019

Hey thanks a ton for doing this.

@ghost
Copy link
Author

ghost commented May 20, 2019

@clue @jsor @WyriHaximus I need some quick feedback.

Currently the only blocker for this PR is the failing unit test for disabling TLS and I don't see currently how I could test this. Does anyone have any insight how we have to test this?

If we can't test this, I see two ways:
a) Drop disabling TLS completely (however I don't see much sense into shipping a half feature)
b) Don't test it?

How do we want to proceed?

@kelunik
Copy link
Contributor

kelunik commented May 20, 2019

@CharlotteDunois Disabling TLS is kind of broken, it always returns immediately. However, TLS connections should still shutdown correctly, otherwise the other side might see it as truncation attack.

@WyriHaximus
Copy link
Member

@kelunik is it fixable? Or do we need to hope it succeeded?

@kelunik
Copy link
Contributor

kelunik commented May 20, 2019

@WyriHaximus We need to fix php-src, but I never bothered to do that. But yes, usually the implementation will be hope it succeeds.

@ghost
Copy link
Author

ghost commented May 20, 2019

@kelunik Is there a PHP bug report already? A quick search on bugs.php.net did not seem to reveal anything.

I think the way to go here would be to skip the relevant unit test, with a note to the bug report and open a tracking issue for this on this repository.

@kelunik
Copy link
Contributor

kelunik commented May 20, 2019

@CharlotteDunois I don't think so, sorry. If you have time, it'd be great if you can create one.

@ghost
Copy link
Author

ghost commented May 22, 2019

@kelunik @WyriHaximus @jsor @clue
Tracking at #200 and https://bugs.php.net/bug.php?id=78051!

@ghost
Copy link
Author

ghost commented May 22, 2019

This PR is ready for review.

The only remaining tasks are:

@ghost ghost marked this pull request as ready for review May 22, 2019 18:50
@ghost ghost changed the title [WIP] Implement STARTTLS Implement STARTTLS May 24, 2019
@ghost
Copy link
Author

ghost commented Jul 11, 2019

@clue @WyriHaximus How do we want to proceed here?

@WyriHaximus WyriHaximus requested review from clue, WyriHaximus and jsor July 15, 2019 20:47
@WyriHaximus
Copy link
Member

@CharlotteDunois will review it tomorrow or the day after. It's bigger then I thought and fell off my rader 🤐

src/LimitingServer.php Show resolved Hide resolved
* @param bool $flag
* @return void
*/
public function setTLSEnabledFlag($flag);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure how I feel about this interface. Have you considered splitting this into two different interfaces? ExtConnectionInterface feels rather general and we might need a ExtExtConnectionInterface later on if we'd decide to expand the interface again. /cc @clue

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could make two interfaces yes, and at this point we should also split Connection into two classes - one for TCP and one for UDS.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WyriHaximus RealExtConnectionInterface 😜

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kelunik DontDrinkTheCoolAidRealExtConnectionInterface 😎
@CharlotteDunois Didn't think that far ahead tbh. The thing that mainly bugs me is that I would hate to to see ExtExtExt interfaces down the line in a while

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WyriHaximus Well I did. We can certainly split this off and give better names. However we do need to split the implementation class too when we go that route. I'm willed to create a followup pr for this.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@CharlotteDunois I'd be up for that, you as well @clue and @jsor ?

@ghost ghost requested a review from WyriHaximus September 15, 2019 21:07
Copy link
Member

@clue clue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@CharlotteDunois Thanks for working on this high-quality PR and for your patience! 👍

I think you did an excellent job at working within the existing API constraints and providing this feature without introducing a BC break. That being said, the interface feels a bit heavy and adds some non-trivial complexity to the code base.

In particular, while I do understand the motivation, I do not feel comfortable with exposing the underlying socket resource through our interfaces because it could easily be changed in a way to break this package (e.g. think calling stream_set_blocking()).

I'm not sure what the best path to proceed here is, but I wonder if it makes sense to compare this with a different implementation approach (just thinking out loud here): How about providing some interfaces so we can write something like $connection->write(new TlsHandshake()) on a plaintext TCP/IP connection to then start the TLS negotiation internally and provide some APIs to wait for a successful event? I don't want to get this PR sidetracked, perhaps we should continue this discussion in the feature ticket #89 instead?

Either way, thank you for working on this and providing this high-quality changeset! I'm looking forward to discuss this further to get this feature in and can see a number of use cases for this! :shipit:

@ghost
Copy link
Author

ghost commented Oct 28, 2019

@clue

I'm not sure what the best path to proceed here is, but I wonder if it makes sense to compare this with a different implementation approach (just thinking out loud here): How about providing some interfaces so we can write something like $connection->write(new TlsHandshake()) on a plaintext TCP/IP connection to then start the TLS negotiation internally and provide some APIs to wait for a successful event?

While this does make to some extend sense, we will have new problems here: Either we need to expose the underlying stream resource anyway, so we can have the "tls handshake packet" do the handshake, or the connection implementations needs to know what it has to do with each packet. And then we are at the other problem: While we have a packet, the connection implementation still needs to contain all the necessary logic and code to do what the packet intends to do. That means code duplication and complexity, while gaining little to nothing with packets.

If we do not want to expose the stream resource at all (it does make sense in some way and the library shouldn't stand in the way of advanced users), the only alternative would be a native TCP connection class, which knows how to do a TLS handshake (merging StreamEncryption into the new connection implementation class). We would still get code duplication and complexity to some extend, but at least we don't have an unnecessary packet abstraction, which doesn't help in anyway.

@ghost ghost closed this Dec 5, 2019
@WyriHaximus WyriHaximus mentioned this pull request Nov 14, 2022
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support STARTTLS
4 participants