kzemek / etls Goto Github PK

Hi there. Is there a way to work with SNI in a similar way that I can with the Erlang standard SSL module?. I particularly like the way you can use {sni_fun, SNIfun::fun()} in the standard SSL library. BoringSSL does seem to include the SNI capability. Thanks!

Hello,

We have some nagios script that's trying to see if our service still listen on the specified port.
It looks like network errors kill the etls NIF. For instance, the ping from nagios leads to :

terminate called after throwing an instance of 'std::system_error' what(): remote_endpoint: Transport endpoint is not connected

The phrase "Transport endpoint is not connected" corresponds to enotconn error in the erlang ssl/gen_tcp code.

Make sure you catch all errors sent by asio.

Silviu

Hello,

because the {backlog, nr} setting is not implemented you cannot tune the listen queue and it's timing out with a lot of concurrent connections.

Silviu

The README isn't very clear on all the dependencies. It mentions needing cmake, but not Ninja and Golang. The only way I could get etls to compile on macOS was to install cmake and ninja via Homebrew, and Golang via the asdf package manager.

I hope this helps anyone else who is having issues compiling etls on macOS.

P.S. I had to install the same three dependencies on Ubuntu to get etls to compile while using edeliver (ninja-build on Ubuntu 16.04, not the ninja package). It would be good to mention these dependencies in the README and how to install them for each OS.

I have installed all the dependencies and they are all accessible from the cmd.
I tried with different shells (cmd/Git-bash/Git-sh), cygwin, minGW, Visual Studio Tools, nothing seems to work.

Is it possible for someone to try and compile it under Windows 10 and if successful, please report what needs to be done?
Thank you!

C:\username\Elixir\test1>mix compile
==> etls (compile)
A subdirectory or file -p already exists.
Error occurred while processing: -p.
A subdirectory or file _build already exists.
Error occurred while processing: _build.
ERROR: Command [compile] failed!
** (Mix) Could not compile dependency :etls, "escript.exe "c:/Users/username/.mix/rebar" compile skip_deps=true deps_dir="c:/username/Elixir/test1/_build/dev/lib"" command failed. You can recompile this dependency
with "mix deps.compile etls", update it with "mix deps.update etls" or clean it with "mix deps.clean etls"

Hello I was wonder why instead using enif_get_string and enif_get_list_length why you are not doing something like :

// std::string
inline int get(ErlNifEnv *env, ERL_NIF_TERM term, std::string &var)
{
    ErlNifBinary bin;
    int ret

    if(enif_is_binary(env, term))
        ret = enif_inspect_binary(env, term, &bin);
    else
        ret = enif_inspect_iolist_as_binary(env, term, &bin);

    if(!ret)
        return 0;

    var = std::string((const char*)bin.data, bin.size);
    return ret;
}

Kind regards,
Silviu

It would be neat to have some documentation on how to use this for erlang distribution.

Hello,

Because etls doesn't support the cipher property where you can limit a client to a specific cipher the load test you did might not be accurate. You can't know if on both stacks erlang and etls was negotiated the same cipher. And some of them can be more cpu intensive and other less.

Silviu

Hi Konrad,
your benchmark for etls is very interesting!

Could you add Openssl 1.1.0 to that bench ?
As you can see, seems that 1.1.0 will not have CRYPTO_*_{un}lock in favor of CRYPTO_THREAD_*_{un}lock .

Thank you!

Hello,

Looking through the code I see when you play with atoms (at least for bool true and false) you are creating all the time them or extract the string in order to compare.

What you can do instead is:

You can declare a global struct with all atoms:

struct atoms
{
    ERL_NIF_TERM atomTrue;
    ERL_NIF_TERM atomFalse;
    //whatever else ...
};

In on_nif_load(ErlNifEnv* env, void** priv_data, ERL_NIF_TERM load_info) you can initialize them:

ATOMS.atomTrue = make(env, str_atom("true"));
ATOMS.atomFalse = make(env, str_atom("false"));

I will also changed the following functions like

inline TERM make(ErlNifEnv *env, const str_atom &var)
{
    if(enif_make_existing_atom(env, var.c_str(), &ret, ERL_NIF_LATIN1))
        return TERM(ret);

    return TERM(enif_make_atom(env, var.c_str()));
}

// bool
inline int get(ErlNifEnv *env, ERL_NIF_TERM term, bool &var)
{
      if(enif_is_identical(term, ATOMS.atomTrue)
      {
           var = true;
           return 1;
      }

      if(enif_is_identical(term, ATOMS.atomFalse)
      {
            var = false;
           return 1;
      }

     return 0; // some other atom, return error
}
inline TERM make(ErlNifEnv *env, const bool var)
{
     return TERM(var ? ATOMS.atomTrue: ATOMS.atomFalse);
}

Kind regards,
Silviu

Hi there - thank you for your work on ETLS. Can you please provide some hints about building etls in a Travis CI test environment? I just integrated ETLS in my project Bolt.Sips but am unable to pass a travis build due to missing dependencies doing lets build. I even tried using a variant of your travis.yml config file, with no success. Anybody having the same issue, and have a recipe to share? Many thanks, and Happy Holidays!