Closed lukebakken closed 3 years ago
I would like @whatyouhide's and @josevalim's thoughts on if exposing the socket is the best solution.
I donβt see an issue with exposing the socket as long as it comes with a gazillion disclaimers, especially about not changing the socket state in regards to the buffers.
I have only added a demo test for HTTP 1, but it appears the socket is indeed already available - #310. CI fails due to the fact that keylog
is only supported by OTP versions that aren't yet being tested via GH actions. I tested locally using 23.3.1
and it passes.
I'm happy to fix the existing test, add more tests, and document the use of the socket with a gazillion caveats π
I'm assuming that using code like that in ssl_version/0
would be the preferred way to only test :keylog
for version 10.2 and higher of the ssl
module.
The socket is available on the connection struct but all struct fields are private API. The proper way would be to add a function that returns the socked including documentation with the disclaimers Jose mentioned.
I am on the same page as @josevalim: we can expose it at the complete risk of the user. We can disclaim that the only somewhat "endorsed" way of using the socket is with read-only functions to get information out of the socket. :)
Thanks for the input everyone. I'll give implementing this a shot.
See #310. Turns out get_socket
was already available. I modified the documentation to clarify some of the risks. The test I added demonstrates how to retrieve information from the socket. Adding Erlang 23.3.1
to the GH workflow exposed some issues around TLS versions and ciphers that are resolved by enabling all supported ones π€· It must be specific to the version of openssl used on Ubuntu 16 since it worked fine on my machine.
Closing in favor of the PR. Thanks @lukebakken! π
Related PR - https://github.com/elixir-mint/mint/pull/308
Using the connection's socket allows users to retrieve information from the socket. In my case, I would like to use the following to get the TLS secrets to be used later in Wireshark:
Doing the above requires passing
keep_secrets: true
viatransport_opts
when the HTTP client is initialized.cc @ericmj