Giters

sony / nmos-cpp

An NMOS (Networked Media Open Specifications) Registry and Node in C++ (IS-04, IS-05)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Consider overloading load_server_certificates_handler etc. to read files immediately

garethsb opened this issue · comments

commented

The documentation in nmos/certificate_handlers.h for load_server_certificates_handler and load_dh_param_handler both say "this callback is executed when opening the HTTP or WebSocket listener".

In fact these handlers are called whenever a connection is accepted by the HTTP or WebSocket listener.

At the moment, the default implementation of these handlers, as returned from e.g. make_load_server_certificates_handler, cache the certificate details including the filenames, but not the certificate data itself, so you can't update settings to change which file, but you could change the content of those files outside the app, as they are being read every time a connection is accepted.

An application is of course already free to use a more intelligent implementation e.g. that caches the file contents in memory which is updated when necessary. Even working with files in the filesystem, the implementation could be more efficient if for example it tracked file modification time (shame std::filesystem::last_write_time is C++17).

However, for the example apps, it would seem reasonably to read the file contents once upfront. That could be supported in the library by adding overloads to the existing functions that immediately read the file contents, something like:

    // construct callback to load certification authorities from file based on settings, see nmos/certificate_settings.h
    load_ca_certificates_handler make_load_ca_certificates_handler(const nmos::settings& settings, bool load_immediately, slog::base_gate& gate);

    // construct callback to load server certificates from files based on settings, see nmos/certificate_settings.h
    load_server_certificates_handler make_load_server_certificates_handler(const nmos::settings& settings, bool load_immediately, slog::base_gate& gate);

    // construct callback to load Diffie-Hellman parameters for ephemeral key exchange support from file based on settings, see nmos/certificate_settings.h
    load_dh_param_handler make_load_dh_param_handler(const nmos::settings& settings, bool load_immediately, slog::base_gate& gate);