Skip to content

Unstable IO::Socket::SSL

I'm working on a software (the Rakudo CI bot) that has HTTP::Tiny in its deps. I've been fixing bugs in all parts of the Rakudo stack and ecosystem to some day get that thing stable. Now I'm observing issues in IO::Socket::SSL / the OpenSSL module.

  • The segfaults caused by double closing. (The OpenSSL PR was merged, but it's not thread safe.)
  • 100% CPU busy loop on connection shutdown. Reading the OpenSSL docs for SSL_shutdown (link) I think this is sometimes an infinite loop.

My feel is that IO::Socket::SSL and the OpenSSL module are in need of a thorough cleanup to get them robust. Then there is IO::Socket::Async::SSL, which seems to be in a lot better state.

I'm reluctant to invest a lot of time to get IO::Socket::SSL to a good state. I keep thinking about recreating the IO::Socket::SSL API via IO::Socket::Async::SSL and effectively replace IO::Socket::SSL.

Now back to HTTP::Tiny. Alternatively, to get HTTP::Tiny stable, one could switch it over to use IO::Socket::Async::SSL directly. Which approach would you prefer?

  1. Fix up IO::Socket::SSL
  2. Reimplement IO::Socket::SSL via IO::Socket::Async::SSL, then switch HTTP::Tiny over to that alternative
  3. Make HTTP::Tiny use IO::Socket::Async::SSL directly