WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] Re: Re: [RFC][PATCH] Secure XML-RPC for Xend

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Re: Re: [RFC][PATCH] Secure XML-RPC for Xend
From: Anthony Liguori <aliguori@xxxxxxxxxx>
Date: Fri, 09 Jun 2006 10:57:59 -0500
Delivery-date: Fri, 09 Jun 2006 08:59:12 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <4488D93D.7070303@xxxxxxxxxx> <20060609083434.GA19035@xxxxxxxxxxxxxxx> <20060609084147.GH31509@xxxxxxxxxx> <20060609085443.GA28541@xxxxxxxxxxxxxxx> <pan.2006.06.09.14.57.24.87401@xxxxxxxxxx> <20060609154546.GK31509@xxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.)
On Fri, 09 Jun 2006 11:45:46 -0400, Daniel Veillard wrote:
>> I think Daniel is suggesting that we use HTTP Keep-Alive which I also
>> think is a really good idea.  I think this will come in handy regardless
>> of whether we use SSH.
> 
>   Activating Keep-Alive would be a really good idea in any case,
> local or remote, direct auth or tunnelling ! IIRC the main question
> was about activating it at the Python level, that's something we
> discussed on IRC but never formally I guess :-)

I've got Keep-Alive working.  I'll post the patches in a few hours when I
get home and have a real email client.

The Python BaseHTTPServer code supports Keep-Alive quite nicely but the
XML-RPC has an ugly bug where it always shutdowns the connection
explicitly after a POST.  After overriding the offending method, and
subclassing the RequestHandler to enabled HTTP/1.1 as the default
protocol, it appears to Just Work.

I'll do an xm-test run this afternoon and hopefully have a well-tested
patch (for keep-alive) by the evening.

>> This makes my patch a lot nicer though.  I just would make sure the
>> client uses Keep-Alive and then you get the same 1-time auth without
>> any of the SSH trickery.
> 
>   Is that just client side ?

I'm showing my ignorance a bit.  Defaulting to HTTP/1.1, Keep-Alive is
enabled by default.  I just have to cleanup the SSH transport now to
actually make use of it.

I don't think it's worth having the httpu/http protocols use Keep-Alive by
default but I'm sure we'd want to make use of it force https.

Regards,

Anthony Liguori

>> I'm investigating this right now.  I seem to recall the HTTP server in
>> python providing support for Keep-Alive...
> 
>   Okay, maybe I'm off base :-)
> 
>> > 
>> > As Ian says, stunnel/SSL is probably easier from the client's point
>> > of view (although I do like the easier SSH key management this patch
>> > allows).
>> 
>> There doesn't have to be one solution.  The only real code that's needed
>> here is xm serve which is not more than 100 lines.  The client code is
>> more of an example.  I see no reason why we couldn't support all of these
>> protocols (httpu, http, https, ssh).
> 
>   Agreed, those are layered features, they should not have to conflict.
> 
> Daniel



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel