DeVault: Announcing the Hare programming language [LWN.net]

DeVault: Announcing the Hare programming language

Posted May 6, 2022 6:39 UTC (Fri) by flussence (guest, #85566)
In reply to: DeVault: Announcing the Hare programming language by ilammy
Parent article: DeVault: Announcing the Hare programming language

The safest way to handle OpenSSL with static linking is to keep all TLS stuff in a separate process, but that goes for dynamic linking too.

to post comments

DeVault: Announcing the Hare programming language

Posted May 6, 2022 18:46 UTC (Fri) by wtarreau (subscriber, #51152) [Link] (1 responses)

> The safest way to handle OpenSSL with static linking is to keep all TLS stuff in a separate process, but that goes for dynamic linking too.

That only moves the problem one point away, since it's that program that has to be rebuilt and upgraded all the time instead. Plus for plenty of situations, you're doing extra work due to this. Double-copy of the data between the processes, and extra latency if the process is used as a side-car instead of a proxy. This can only work when TLS is not at all the business of your program and you'd rather defer watching the library updates to another specialized process. That's what plenty of application servers do by deferring that work to a reverse-proxy. It just turns out that my main activity is to develop that reverse-proxy ;-)

DeVault: Announcing the Hare programming language

Posted May 13, 2022 23:56 UTC (Fri) by flussence (guest, #85566) [Link]

Alright, I'll give you the rest of that, but I don't think copying data between processes has been a hard problem for something like a decade now? (or else Linux would be absolutely awful for s/openssl/opengl/)