Boost logo

Boost :

From: Vinnie Falco (vinnie.falco_at_[hidden])
Date: 2019-09-11 01:38:14

On Tue, Sep 10, 2019 at 6:04 PM Alex Christensen via Boost
<boost_at_[hidden]> wrote:
> At <>
> I’ve attached a proof-of-concept which explores making ASIO secure by default.

This looks like nonsense to me.

`asio::ssl::stream` is a layered stream [1] which is implemented in
terms of operations on an instance of the NextLayer type. For example,

    asio::ssl::stream<tcp::socket> ss{...};

the next layer type is tcp::socket, which meets the requirements of
SyncReadStream, SyncWriteStream, AsyncReadStream, and
AsyncWriteStream. Asio's ssl::stream can work with any type which
meets the requirements. Here's an example that uses Beast's test
stream [2]:

    asio::ssl::stream<beast::test::stream> ss{...};

What you have done is ignore the elegant concept-driven design of
Asio, and instead invest energy to pursue some religious agenda
("secure by default"). The result is a less functional networking
component. Here's are two more examples which cannot be implemented
with your design:

This one provides real-time counts of encrypted bytes read and written [3]
    asio::ssl::stream<beast::counted_stream<tcp::socket>> ss{...};

This one supports inline timeouts, delivered as the error code
beast::error::timeout [4]:
    asio::ssl::stream<beast::tcp_stream> ss{...};

You should have come to me first so I could spare you the wasted
effort by explaining that your design is crippled out of the box. It
isn't too late, I am more than happy to help you find more productive
uses of your time.


[1] <>

[2] <>

[3] <>

[4] <>

Boost list run by bdawes at, gregod at, cpdaniel at, john at