Pccs - sync cache get should do network fetch#63
Open
ameba23 wants to merge 3 commits into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently the PCCS implementation will avoid doing a network fetch during the sync cache getter. This is because it is called from the rustls certificate verifier trait method which is synchronous, and so should not block over a network call when run in an async runtime.
In practice this is quite an issue for usability - see #58
This PR is one possible solution to this problem. There is another solution i am also considering, and both have tradeoffs. Ideally both solutions should be reviewed together so we can choose the best.
We take advantage of the latest dcap-qvl
CollateralClientapi which lets us pass in a custom http client. This allows us to useureq(a synchronous http client) for collateral fetches whilst still using dcap-qvl's collateral fetching code (which by default usesreqwest).Here, we fetch collateral if it is not available in the cache, rather than bailing and starting a spawned task to fetch in the background.