On 2023-12-08 04:00, Chris Angelico wrote:
My best understanding of what's going on is that the opening needs to
be done in blocking mode, but sendcmd() assumes that it's already
nonblocking. This might be able to be solved by parameterizing it, or
possibly by not using sendcmd) in the "please use SSL" packet.
There's another small issue which is that the processloop needs to
wait until the SSL handshake completes, but that's easy enough (though
I think I ended up making that change in the same "debug hack" commit
since I wasn't sure), just needs a write callback to start the thread
rather than doing it unconditionally.
I'm pretty sure that SSL.File should be able to handshake in callback
mode. Shuffler however, is a complication that can break the facade that
SSL.File is just another Stdio.File object... I've definitely used
shuffler with SSL.File objects in webservers, but in those situations,
the shuffler isn't used until after the request has been parsed. The
handshake, in those cases is performed immediately on accept() from the
backend. I'm not familiar with how the pgsql module is set up, so there
may be some magic going on that needs to be worked around. If you're
trying to attempt some sort of conditional TLS ala STARTTLS, you might
find that handshaking doesn't work until the underlying file thinks
there's some data to read.
Bill
