[Security] Darwin compatibility?

Hi all,

Considered asking this on the call but thought it might be too out of scope for the kickoff.

Is Darwin compatibility necessary, or at least, is it necessary for the TLS components?

It seems to me that it's highly unlikely that anyone will deploy a web server on a Darwin kernel (i.e. a Mac) for any reasonable project. Why should we waste any time on Darwin compatibility?

This is more of a devil’s advocate position, but looking at it pragmatically it seems hard to justify. Can anyone provide a good reason for Darwin compatibility?

Tom

Hi Tom,

Sorry I saw your comment on the chat channel too late.

I think you raise a good point. For me having this compatibility is
important for:

- consistency of API
- allow development, debugging and testing on both platforms. Let's face
it, (as of right now) we're definitely in a better shape for Swift on macOS
than Linux.

Thoughts?

Gelareh

Since you are almost certainly going deploy on Linux it kinda doesn’t matter that Swift on macOS is in better shape. In fact it may be a bad idea to debug on macOS, but rather do that in a Linux container even on a Mac.
(yes, there is Mac Mini hosting and it has its place, but well)

I guess the question was: why do we need TLS during development. There are many reasons:

- While your own server may run w/o https, but you might still need to
  access other services using TLS (acting as a client, e.g. imap4s/smtps).

- Your own server may require client certificates for authentication and
  only work w/ TLS in the 1st place.

- Then of course having TLS I/O in the stack may change the dynamics of
  the I/O flow significantly.

- I know it sounds wicked, but you may want to actually use HTTP/2. That
  doesn’t require TLS per-se, but the real world clients do. No TLS, no
  HTTP/2 testing.

- TLS streams/sockets and protocol parsers running on top of that are not
  just a thing for a fat server. They are often useful for clients, and
  e.g. your iOS application may indeed embed a small server for plenty of
  reasons.

- Your assumption that ‘server side swift’ implies a 'a web server’ seems
  weak to me. Some of the best echod servers are written in Swift, and
  being able to do an echosd would be neat.

Presumably one can come up with many more reasons.

Is it such a big problem to support both, OpenSSL and Secure Transport? At the API level it shouldn’t really matter that much? Apart from async I/O the IBM stuff shows that it works?

BTW: "It seems to me that it's highly unlikely that anyone will deploy a web server on a Darwin kernel”. For sure it is more likely than deploying on Darwin :-), but it is neither *that* likely that many will deploy a Swift server as the public TLS endpoint. You’ll often have other TLS infrastructure before your app server (often nginx, but there is other stuff).

I guess another question is: Would it be acceptable to have the SSS dev to install OpenSSL via Homebrew or such on macOS. I’d say maybe, but it makes the setup experience worse and only makes sense if Secure Transport really is a no-go for some reason.

hh