On 2023-12-08 04:00, Chris Angelico wrote:
My best understanding of what's going on is that the opening needs to be done in blocking mode, but sendcmd() assumes that it's already nonblocking. This might be able to be solved by parameterizing it, or possibly by not using sendcmd) in the "please use SSL" packet.
There's another small issue which is that the processloop needs to wait until the SSL handshake completes, but that's easy enough (though I think I ended up making that change in the same "debug hack" commit since I wasn't sure), just needs a write callback to start the thread rather than doing it unconditionally.
I'm pretty sure that SSL.File should be able to handshake in callback mode. Shuffler however, is a complication that can break the facade that SSL.File is just another Stdio.File object... I've definitely used shuffler with SSL.File objects in webservers, but in those situations, the shuffler isn't used until after the request has been parsed. The handshake, in those cases is performed immediately on accept() from the backend. I'm not familiar with how the pgsql module is set up, so there may be some magic going on that needs to be worked around. If you're trying to attempt some sort of conditional TLS ala STARTTLS, you might find that handshaking doesn't work until the underlying file thinks there's some data to read.
Bill