I've implemented Capnp RPC over TLS-PSK, using Botan's TLS implementation. My solution is somewhat purpose specific, as it uses a blockchain instead of CAs, but it may be useful for referencing if anyone's interested. I make no promises as to the quality or correctness, but it does appear to work correctly.
It works using primarily two classes. The stream is the TlsPskAdaptor class, which implements kj::AsyncIoStream. These aren't instantiated directly, but are rather created by the TlsPskAdaptorFactory class, which helps with the PSK calculation, object lifetime management, and configuring Botan. This architecture could probably be simplified (especially if you're not allergic to CAs like I am), but it's what I came up with as an initial effort and it works well enough for now. :) I'm happy to answer questions if anyone has them. The code is available here: https://github.com/FollowMyVote/StakeWeightedVoting/tree/master/shared/BotanIntegration On Thursday, March 9, 2017 at 12:35:05 PM UTC-6, Tony Arcieri wrote: > > I've been deliberating switching one of my projects over from > protobufs/gRPC to capnp. My initial use case is mmaped struct-like data, > which capnp excels at, but I would also like to be able to serve that same > data to the wire, so I more or less want the full capnp-rpc package. > > Unfortunately, I'm back to the same sticking point which has prevented me > from using capnp in the past: TLS support. Has there been any movement on > first-class TLS support in capnp-rpc implementations? It's really a > showstopper for my use cases and I would like to avoid having to deal with > bespoke TLS support in every language I want to make a client library for. > > I know that TLS hasn't been very amenable to capnp-style flows (and talked > with Kenton about that a bit) but I think TLS 1.3 will address a lot of > these problems with 0-RTT support, and until then TLS will just add > additional roundtrips, something I'm fine with. > > Alternatively there's the Noise protocol, which may be a better fit for > capnp's messaging semantics: > > http://noiseprotocol.org/ > > Either way, I need encryption 😉 > > -- > Tony Arcieri > -- You received this message because you are subscribed to the Google Groups "Cap'n Proto" group. To unsubscribe from this group and stop receiving emails from it, send an email to capnproto+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/capnproto.
