Initial interface #1
Conversation
| subscribe: func() -> pollable; | ||
|
|
||
| @unstable(feature = tls) | ||
| get: func() -> option<result<result<tuple<client-connection, input-stream, output-stream>>>>; |
There was a problem hiding this comment.
I imagine we'll want to define a variant error type with cases covering at least the most common failure cases (e.g. expired certificate, hostname mismatch, etc.) and use it here, eventually.
There was a problem hiding this comment.
Yup, definitely. 👍
I wasn't in the mood to do a full inventory of all the ways a TLS connection may fail just yet, so I lazily wrote it off as a problem for future me 😅
| } | ||
|
|
||
| @unstable(feature = tls) | ||
| resource client-connection { |
There was a problem hiding this comment.
one thing we will need eventually for dotnet is the server-identity: func() -> option<public-identity>;. After accepting the connection dotnet SSL client runs through a second round of server certificate validation.
|
Another thing that we are using the .net implementation is the Should that live here or |
|
@jsturtevant Replying to your
Ideally we shouldn't need this at all. Second choice: add it to wasi-io. But lets discuss further.
Yes, this is v0.2-only. |
Aside from the boilerplate, this adds types.wit.
This should be the bare minimum interface to set up client TLS connections within a WASI guest.
Compared to the PR over at the wasi-sockets repo, this PR:
client-connection::constructorandclient-connection::connectmethods into theclient-handshake::constructor, andclient-connectionis now returned asynchronously by theclient-handshake::finishmethod.This decreases the API surface area and removes a chance of user-error thanks to the introduced typestate.
The general process now looks like:
client-handshake::constructorclient-handshake::finishclient-connectionas usual.Next steps, for future PRs: