Listeners — Remove fast_tls #4458
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## feature/listeners #4458 +/- ##
=====================================================
- Coverage 85.40% 85.15% -0.26%
=====================================================
Files 554 553 -1
Lines 34021 33910 -111
=====================================================
- Hits 29056 28875 -181
- Misses 4965 5035 +70 ☔ View full report in Codecov by Sentry. |
NelsonVides
force-pushed
the
listeners/ssl
branch
2 times, most recently
from
7f46cdd to
398ebce
Compare
This comment was marked as outdated.
This comment was marked as outdated.
NelsonVides
force-pushed
the
listeners/ssl
branch
2 times, most recently
from
bab9e06 to
59a9eb0
Compare
This comment was marked as outdated.
This comment was marked as outdated.
NelsonVides
force-pushed
the
listeners/ssl
branch
from
59a9eb0 to
a9747fa
Compare
This comment was marked as outdated.
This comment was marked as outdated.
NelsonVides
force-pushed
the
listeners/ssl
branch
from
a9747fa to
7c6aaf5
Compare
This comment was marked as outdated.
This comment was marked as outdated.
NelsonVides
force-pushed
the
listeners/ssl
branch
from
7c6aaf5 to
a949c1f
Compare
This comment was marked as outdated.
This comment was marked as outdated.
NelsonVides
force-pushed
the
listeners/ssl
branch
from
0089f95 to
a949c1f
Compare
This comment was marked as outdated.
This comment was marked as outdated.
NelsonVides
force-pushed
the
s2s/listeners
branch
from
4a99ce6 to
7ca81f8
Compare
NelsonVides
force-pushed
the
listeners/ssl
branch
from
a949c1f to
603a5ce
Compare
This comment was marked as outdated.
This comment was marked as outdated.
src/s2s/mongoose_transport.erl
Outdated
| {noreply, NewState, hibernate_or_timeout(NewState)}; | ||
| handle_info(TcpOrSslInfo, State) | ||
| when is_tuple(TcpOrSslInfo) andalso | ||
| tcp_closed =:= element(1, TcpOrSslInfo) orelse tcp_error =:= element(1, TcpOrSslInfo) orelse |
There was a problem hiding this comment.
element(1,X) kinda ugly, could use ; instead of orelse.
There was a problem hiding this comment.
We'll rework this anyway when we rework S2S so I wouldn't take it too serious, but more or less. element/2 is so that I can catch al the tcp|ssl_closed|error tuples in a single clause, these things are all treated the same way by the current implementation.
| -spec get_tls_last_message(socket()) -> {ok, binary()} | {error, term()}. | ||
| get_tls_last_message(_Socket) -> | ||
| -spec export_key_materials(socket(), _, _, _, _) -> {error, term()}. | ||
| export_key_materials(_Socket, _, _, _, _) -> |
There was a problem hiding this comment.
having names instead of _ is not a bad idea ;)
| do_setopts_and_receive_data(Socket, Buffer, RawData, State); | ||
| handle_info({tcp_closed, _Socket}, State) -> | ||
| handle_info({Tag, _Socket}, State) when Tag == tcp_closed; Tag == ssl_closed -> |
There was a problem hiding this comment.
here with explicit tuples is better, than with element(1, X)
There was a problem hiding this comment.
This is because this case is treating error from close differently, and the size of the tuples are different. Anyway, can fix the other one 👌🏽
|
elasticsearch_and_cassandra_27 / elasticsearch_and_cassandra_mnesia / 2a270c4 small_tests_26 / small_tests / 2a270c4 small_tests_27 / small_tests / 2a270c4 small_tests_27_arm64 / small_tests / 2a270c4 ldap_mnesia_26 / ldap_mnesia / 2a270c4 pubsub_SUITE:tree+basic:create_node_errors_test{error,{{badmatch,false},
[{pubsub_tools,check_response,2,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,444}]},
{pubsub_tools,receive_response,3,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,434}]},
{pubsub_tools,receive_and_check_response,4,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,424}]},
{escalus_story,story,4,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,72}]},
{test_server,ts_tc,3,[{file,"test_server.erl"},{line,1793}]},
{test_server,run_test_case_eval1,6,
[{file,"test_server.erl"},{line,1302}]},
{test_server,run_test_case_eval,9,
[{file,"test_server.erl"},{line,1234}]}]}}ldap_mnesia_27 / ldap_mnesia / 2a270c4 dynamic_domains_mysql_redis_27 / mysql_redis / 2a270c4 dynamic_domains_pgsql_mnesia_26 / pgsql_mnesia / 2a270c4 internal_mnesia_27 / internal_mnesia / 2a270c4 pubsub_SUITE:dag+basic:request_particular_item_test{error,{{badmatch,false},
[{pubsub_tools,check_response,2,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,444}]},
{pubsub_tools,receive_response,3,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,434}]},
{pubsub_tools,receive_and_check_response,4,
[{file,"/home/circleci/project/big_tests/tests/pubsub_tools.erl"},
{line,424}]},
{escalus_story,story,4,
[{file,"/home/circleci/project/big_tests/_build/default/lib/escalus/src/escalus_story.erl"},
{line,72}]},
{test_server,ts_tc,3,[{file,"test_server.erl"},{line,1794}]},
{test_server,run_test_case_eval1,6,
[{file,"test_server.erl"},{line,1303}]},
{test_server,run_test_case_eval,9,
[{file,"test_server.erl"},{line,1235}]}]}}dynamic_domains_pgsql_mnesia_27 / pgsql_mnesia / 2a270c4 pgsql_cets_27 / pgsql_cets / 2a270c4 pgsql_mnesia_26 / pgsql_mnesia / 2a270c4 dynamic_domains_mssql_mnesia_27 / odbc_mssql_mnesia / 2a270c4 mysql_redis_27 / mysql_redis / 2a270c4 cockroachdb_cets_27 / cockroachdb_cets / 2a270c4 mod_ping_SUITE:server_ping_kill:server_ping_pong{error,{test_case_failed,"Incorrect number of instrumentation events - matched: 0, expected: 1"}}pgsql_mnesia_27 / pgsql_mnesia / 2a270c4 mssql_mnesia_27 / odbc_mssql_mnesia / 2a270c4 internal_mnesia_27 / internal_mnesia / 2a270c4 cockroachdb_cets_27 / cockroachdb_cets / 2a270c4 ldap_mnesia_26 / ldap_mnesia / 2a270c4 |
With this, we unify the configuration for XMPP listeners, that is, c2s, s2s, and components, by a lot of keys. This also reworks the s2s section, where we were setting keys common to incoming and outgoing connections like
use_starttlsorcertfile. Now outgoing connections are configured in the[HostType.]s2ssection, and incoming connections in thelistener.s2ssection, and both set their TLS configuration independently in the same way c2s or components do. We also remove the possibility of configuring S2S without TLS nor starttls; rather, as C2S does, we only allow the configuration to have starttls as optional, that is enough to use plaintext if desired. However plaintext connections should probably never ever be used.just_tlsis still a wrapper around SSL connections because of theverify_funkey, which uses some adhoc message passing. It would be good to rework that some day in the future for further simplification. However nowmongoose_tlsis not needed and was merged intojust_tls.Global distribution was using
fast_tlsfor both incoming and outgoing connections too, so it needed as well some further rework.Also implement TLSv1.3 tls-exporter channel binding mech, this is also done in escalus in esl/escalus#274.