Refactor NIOHTTPServerConfiguration#67
Open
aryan-25 wants to merge 3 commits intoswift-server:mainfrom
Open
Conversation
Contributor
|
One configuration that this (and the current) configuration don't allow is to configure a single server with HTTP/1 over plaintext and then HTTP/2 over TLS for example. Not sure if we need to support it but might be worth thinking about if we need to allow a per-connection configuration somehow. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
Currently,
NIOHTTPServerConfiguration'stransportSecurityproperty implicitly determines the HTTP versions served byNIOHTTPServer:transportSecurityis.plaintext, an HTTP/1.1 channel handler (over plaintext) is set up.transportSecurityis.tlsor.mTLS(or their certificate-reloading variants), an ALPN channel handler configured with both HTTP/1.1 and HTTP/2 handlers is set up.As a consequence of this tight coupling, it is currently not possible to configure the server to only serve HTTP/1.1 over TLS.
Modifications:
Added a new
supportedHTTPVersionsfield (Set<HTTPVersion>) toNIOHTTPServerConfiguration. This, along with thetransportSecurityvalue, allows for the following configurations to be represented:transportSecuritysupportedHTTPVersions.plaintext[.http1_1].tls/.mTLS[.http1_1].tls/.mTLS[.http2(...)].tls/.mTLS[.http1_1, .http2(...)]Simplified
TransportSecurityto three options (plaintext,tls,mTLS):tlsandmTLScases in aTLSCredentialstype which hasinMemory,reloading, andpemFilebackings.MTLSTrustConfigurationtype which hassystemDefaults,inMemory,pemFile, andcustomCertificateVerificationCallbackbackings.Updated
NIOHTTPServerbased on the changes to the configuration type.Updated the
swift-configurationintegration to reflect the new structure.Result:
The HTTP versions supported by
NIOHTTPServercan now be configured explicitly through thesupportedHTTPVersionsproperty onNIOHTTPServerConfiguration, rather than being implicitly determined by the transport security configuration.