Don't let crypton-connection resolve hostname #585
Conversation
Instead use the existing resolver.
| withConnection context params = bracketOnError (NC.connectTo context params) NC.connectionClose | ||
| withConnection :: NC.ConnectionContext -> NC.ConnectionParams -> Maybe HostAddress -> String -> Int -> (NC.Connection -> IO a) -> IO a | ||
| withConnection context params ha host port action = withSocket (const $ pure ()) ha host port $ \socket -> do | ||
| NC.connectFromSocket context socket params >>= action |
There was a problem hiding this comment.
@Yuras regarding your original comment:
-- We won't send TLS bye in case of exception, but that's OKThat relates to NC.connectionClose, I guess. So I assume we don't properly terminate the connection, but we close the socket, which is technically all we care about.
Comparing connectTo to withSocket, there seems to be a lot of things going on in connectTo, including things related to SOCKS. So I can't trivially convince myself that this won't break the proxy code path (+ apparently that code path is also not covered by the test suite). I'll either have to look at it again when I got more sleep, or somebody has to test it. 😅
|
Another question is, whether we would want to address this in |
This is true. Though one can argue we are relying on the current implementation of
Fair. Though |
It definitely should be fixed in |
3 participants
Instead use the existing resolver.
@Yuras said in #579:
Fixes #569
and #544(EDIT: no, it doesn't), likely fixes commercialhaskell/stack#5994The problems is that
crypton-connectiontries addresses one by one, so if the fist address returned bygetaddrinfo(3)is a misconfigured ipv6 address, it'll spend quite a bit of time trying to connect to ipv6 address, and only then try the next address.Note that
http-clienttries connections concurrently.I tested only
getTlsConnectionpart and notgetTlsProxyConnectionsince I don't actually have any proxy on hands. I let maintainer decide what to do next.