[web-devel] [Yesod] Initial SSL support for Warp

Greg Weber greg at gregweber.info
Sun Oct 23 02:05:34 CEST 2011


I tried to run and got this error from the pong application for every
request:

error received: Error_Packet_Parsing "Failed reading: invalid header type:
32\nFrom:\theader\n\n"

I think easy SSL support out of the box without more moving parts is
extremely valuable to get users up and running fast. However, the newer
haskell SSL implementation is going to be perceived as somewhat risky for a
while, so some users may still look for more established solutions.
Now that Yesod/Warp can serve static assets, Nginx can be overkill if we
just need https. I think our best solution may be pound [1], although I
personally haven't used it yet. Pound is designed to be a light-weight load
balancer but also has a specific use case as an SSL wrapper.

[1] http://www.apsis.ch/pound/

On Sat, Oct 22, 2011 at 1:02 PM, Michael Snoyman <michael at snoyman.com>wrote:

> Hi all,
>
> Thanks (once again) to Vincent's awesome tls package, I've just added
> experimental support to Warp for SSL connections. The basic idea is to
> create an abstraction within Warp called a Connection, which handles
> sending and receiving data. This abstraction provides for vectored and
> non-vectored I/O, as well as enumerator-based I/O. In other words, it
> supports all of the features Warp already uses. Then a separate
> package, warp-tls, provides an alternate way of creating a Connection
> that uses the tls package instead of a raw socket.
>
> I've put this code up in a separate branch[1]. The one piece of the
> puzzle most definitely not implemented yet is proper timeout support.
> I'm waiting till Kazu and I come up with some clarity on the recent
> slowloris discussion before implementing the timeout code for tls.
> Also, I'm sure some thing could be more efficient, but it's certainly
> working.
>
> I've included a pong.hs demo, as well as a self-signed private key and
> certificate, so in order to test this out, you should need to:
>
> 1. Clone the repo
> 2. "cabal install" warp
> 3. "runghc pong.hs" inside the warp-tls package
>
> Another change that likely makes sense is to improve the TLSSettings
> setup so it doesn't need to read the key and certificate from a file.
> I'm definitely open to other suggestions. Also, I don't have a
> particular use case for this right now, it was just something sitting
> on my TODO list and was relatively easy to implement, so I decided to
> take a crack at it.
>
> Michael
>
> [1] https://github.com/yesodweb/wai/tree/warp-tls
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/web-devel/attachments/20111022/93f42859/attachment.htm>


More information about the web-devel mailing list