Comments on: R3 HTTP implementation docs posted

Carl Sassenrath, CTO
REBOL Technologies
3-Nov-2009 18:44 GMT

Article #0290
Main page || Index || Prior Article [0289] || Next Article [0291] || 10 Comments || Send feedback

When Gabriele implemented the R3 alpha HTTP protocol, he wrote it using his embedded document/code process. Although the R3 HTTP scheme source code has been published for a long time, the embedded comments were filtered out in the construction process, and as far as I know, never got published anywhere.

For those of you who want an inside peek at how this source code works, here's the actual REBOL 3 HTTP protocol scheme documentation (including inlined source code.)

Note that this is older code/comments, but I think it's still 99.9% accurate.



4-Nov-2009 18:02:17
What about the HTTPS protocol in R3 ?
5-Nov-2009 7:19:03
It's not there. You could either implement it and contribute it, or use STunnel to add SSL capability.
5-Nov-2009 11:17:13
It has to be added imo. Putty codebase was already suggested as a source base ...
5-Nov-2009 14:48:06
I take it that none of Holger's network protocol work is usable?
6-Nov-2009 10:40:02
Edoc, dunno if you mean low-level, but as for mezzanine schemes and protocols, the implementation of port model is all new with R3, so not sure Holger's prior work is usable.

As for https, I think it might be "just" a scheme, as http is, we just need SSL to be added into R3. At least that is how I understand the situation ...

Carl Sassenrath
7-Nov-2009 1:42:11
I think we need HTTPS and TLS/SSL... but it's huge, comparatively speaking. (It will double the size of R3.)

Part of the twisted irony here is that the same objective could be achieved with a few lines of REBOL encryption code, given the underlying encryption functions are implemented, but the result would be non-standard.

In addition, in order to get TLS into a reasonable form for inclusion in R2 took a guru (Holger) many weeks. Also, you should consider that the R2 TLS is an older implementation now.

The most reasonable path, if it's possible, is to call an existing operating system API for TLS/SSL. That way, we don't need to bundle the implementation itself within R3.

Of course, it's questionable if such an API exists, especially across all operating systems. That makes the irony even more bitter. Everyone uses the BSD socket model for TCP/IP and offers a standard API, yet I'm not so sure if the TLS extension is standardized in the same way.

Conclusion: if you want TLS/SSL, you better figure out how it can be integrated into the R3 Host. The first step is to figure out what OSes offer it as part of their standard APIs.

7-Nov-2009 4:37:44
OpenSSL is very standard in operating systems nowadays. Dunno if it's shipped with Windows, though. However, its shared library has been experimental until recently, so it's possible that a number of Linux distros and such haven't shipped the shared library.

There are longstanding licensing debates around OpenSSL that have cued GNU to implement their own TLS library, so that will also complicate the matter on some systems.

8-Nov-2009 20:11:04
In most languages I worked with, I had to isntall OpenSSL separately to get support for secure sockets (in a Python for example)
Brian Hawley
14-Nov-2009 16:07:09
Kaj, OpenSSL is not shipped with Windows. There is a good third-party installer of OpenSSL for Windows, but updates have to be done manually rather than through Windows Update. You are relying on end-users keeping their DLLs up with the (frequent) security updates, and we know how well that works with most users.

Windows might come with SSL APIs that are kept up to date with Windows Update, or not, or with something built into IE, or with many incompatible implementations. We should look into whether there is something available and built into all of the Windows versions that we support with R3 (which should be all of them that have Unicode).

Or we could borrow Putty's SSL code, which is purported to be tiny and fast. And not updated in many years, so we'll have to keep up with security updates ourselves. Basically the same situation as AGG. If it's small enough to be included and reasonably cross-platform it might be worth it though.

I expect that all of these approaches will be tried by different members of the community. May the best approach win (hopefully).

1-Dec-2009 11:33:55
Great news ! at least one part that's documented. documentation is the weakest link in Rebol in the eyes of every beginner.

It would be good if we have a COMPLETE CENTRALIZED reference manual for VID. It's a constant struggle to find out what is available and what it can do. we need CLEAR examples as well, as sometimes when you read the existing sparse information, it's very confusing.

Just take one example:-e.g for text-list

we can have text-list "hello" "how" "are"

then we can have a "data" option with text-list:-

text-list data [ "hello" "how" "are" ]

what other options are out there that we don't know about? How do I find them ? without having to go through line by line of the code, which is impossible if we are beginners.

if we don't know all those information, we risk doing things the wrong way or the long way.

This is not meant to be a criticism, it's more of a suggestion to allow people to ramp up fast when starting with rebol.

Post a Comment:

You can post a comment here. Keep it on-topic.


Blog id:



 Note: HTML tags allowed for: b i u li ol ul font span div a p br pre tt blockquote

This is a technical blog related to the above topic. We reserve the right to remove comments that are off-topic, irrelevant links, advertisements, spams, personal attacks, politics, religion, etc.

Updated 24-Mar-2017 - Edit - Copyright REBOL Technologies -