@@ -19,54 +19,102 @@ Successfully migrated `libsql-server` from Hyper 0.14 to Hyper 1.0 ecosystem. Th
1919- ** hyper-tungstenite** : 0.13 → 0.19
2020- ** tokio-tungstenite** : 0.24 → 0.28
2121
22- ### Critical Fixes Applied
22+ ---
23+
24+ ## Critical Fixes Applied
2325
24- #### 1. Build Error Fix - ` http2_only() ` API ✅
26+ ### 1. Build Error Fix - ` http2_only() ` API ✅
2527- ** File** : ` libsql-server/src/http/user/mod.rs:473 `
2628- ** Issue** : ` http2_only(false) ` - method takes 0 arguments, not 1
2729- ** Fix** : Removed the boolean argument
2830- ** Status** : ✅ RESOLVED
2931
30- #### 2. TLS Handshake Race Condition Fix ✅
32+ ### 2. HTTP Version Mismatch Fix ✅
33+ - ** File** : ` bindings/c/Cargo.toml:20 `
34+ - ** Issue** : Used ` http = "1.1.0" ` while workspace uses ` http = "1.0" `
35+ - ** Fix** : Changed to ` http = "1.0" ` for version consistency
36+ - ** Status** : ✅ RESOLVED
37+
38+ ### 3. TLS Handshake Race Condition Fix ✅
3139- ** File** : ` libsql-server/src/rpc/mod.rs `
3240- ** Issue** : ` TlsIncomingStream ` had race condition where pending handshakes could stall
3341- ** Fix** : Rewrote using ` FuturesUnordered<JoinHandle<...>> ` for proper concurrent TLS handshake management
3442- ** Status** : ✅ RESOLVED
3543
36- #### 3 . HTTP/2 Support for gRPC ✅
44+ ### 4 . HTTP/2 Support for gRPC ✅
3745- ** Files** : ` libsql/src/database.rs ` , ` bindings/c/src/lib.rs `
3846- ** Issue** : gRPC requires HTTP/2, connectors only enabled HTTP/1.1
3947- ** Fix** : Added ` .enable_http2() ` to hyper-rustls connector builders
4048- ** Status** : ✅ RESOLVED
4149
42- #### 4 . CI golang-bindings Port Fix ✅
50+ ### 5 . CI golang-bindings Port Fix ✅
4351- ** File** : ` .github/workflows/golang-bindings.yml `
4452- ** Issue** : ` LIBSQL_PRIMARY_URL ` used port 8080 (HTTP/Hrana) but embedded replicas need port 5001 (gRPC)
4553- ** Fix** : Changed URL from ` http://127.0.0.1:8080 ` to ` http://127.0.0.1:5001 `
4654- ** Status** : ✅ READY FOR TESTING
4755
48- #### 5 . SQLEAN Extensions Build Fix ✅
56+ ### 6 . SQLEAN Extensions Build Fix ✅
4957- ** File** : ` libsql-ffi/build.rs `
5058- ** Issue** : ` pcre2_internal.h ` incorrectly included as source file
5159- ** Fix** : Removed header from source patterns
5260- ** Status** : ✅ RESOLVED
5361
54- ### Current CI Status (Expected After Fixes)
62+ ### 7. Async File I/O Consistency ✅
63+ - ** File** : ` libsql-server/src/rpc/mod.rs:73 `
64+ - ** Issue** : CA cert reading used blocking ` std::fs ` in async context
65+ - ** Fix** : Changed to ` tokio::fs::read_to_string `
66+ - ** Status** : ✅ RESOLVED
67+
68+ ---
69+
70+ ## Comprehensive CI Workflow Analysis
71+
72+ ### Workflow Risk Assessment
73+
74+ | Workflow | Risk Level | Reason |
75+ | ----------| ------------| --------|
76+ | ** rust.yml** | 🔴 HIGH | Full test suite, tokio_unstable, compilation + tests |
77+ | ** golang-bindings.yml** | 🔴 HIGH | Direct server startup, gRPC on port 5001, HTTP on 8080 |
78+ | ** libsql-server-release.yml** | 🟡 MEDIUM | Cross-platform builds with tokio_unstable |
79+ | ** publish-server.yml** | 🟡 MEDIUM | Docker image builds |
80+ | ** server-pr-images.yml** | 🟡 MEDIUM | PR Docker builds |
81+ | ** nemesis.yml** | 🟡 MEDIUM | Integration tests with sqld |
82+ | ** c-bindings.yml** | 🟢 LOW | Pure compilation, no server runtime |
83+ | ** extensions-test.yml** | 🟢 LOW | Extension testing only |
84+ | ** brew-test.yml** | 🟢 LOW | CLI installation only |
85+ | ** publish-crsqlite.yml** | 🟢 LOW | C extension build |
86+ | ** release-drafter.yml** | 🟢 LOW | Release notes only |
87+ | ** release-libsql.yml** | 🟢 LOW | C library build |
88+ | ** sqlite3.yml** | 🟢 LOW | C/SQLite with Wasm |
89+
90+ ### Port Usage in CI
91+
92+ | Port | Used By | Protocol | Purpose |
93+ | ------| ---------| ----------| ---------|
94+ | ** 5001** | golang-bindings.yml | gRPC | Embedded replica replication |
95+ | ** 8080** | golang-bindings.yml | HTTP/Hrana | Health checks, HTTP API |
96+
97+ ---
98+
99+ ## Current CI Status (Expected After Fixes)
100+
55101| Workflow | Status | Notes |
56102| ----------| --------| -------|
57- | Run Checks | ✅ PASS | Format, check, clippy |
103+ | Run Checks | ✅ PASS | Format, check, clippy - build error fixed |
58104| c-bindings | ✅ PASS | C library build |
59105| c-bundle-validate | ✅ PASS | Bundle up-to-date check |
60106| CR SQLite C Tests | ✅ PASS | CR SQLite tests |
61107| CR SQLite Rust Tests | ✅ PASS | CR SQLite Rust tests |
62108| Extensions Tests | ✅ PASS | SQL extensions |
63109| Windows checks | ✅ PASS | Windows build |
64- | golang-bindings | 🧪 READY | Port fix applied, needs testing |
110+ | golang-bindings | 🧪 READY | Port 5001 fix applied, needs testing |
65111| cargo-udeps | ⚠️ LIKELY FAIL | False positives for hyper deps |
66112
67- ### Known Issues
113+ ---
114+
115+ ## Known Issues
68116
69- #### cargo-udeps False Positives
117+ ### cargo-udeps False Positives
70118The ` cargo-udeps ` check reports unused dependencies for:
71119- ` hyper-rustls ` - Used in ` libsql/src/database.rs `
72120- ` http-body-util ` - Used throughout the codebase
@@ -76,58 +124,99 @@ These are false positives due to how the dependencies are used (through re-expor
76124
77125** Workaround** : These can be ignored or the check can be modified to use ` --all-features ` instead.
78126
79- ### Security Hardening Applied
127+ ---
128+
129+ ## Security Hardening Applied
80130
81- #### Critical Issues Addressed
131+ ### Critical Issues Addressed
821321 . ✅ TLS handshake race condition fixed (FuturesUnordered rewrite)
831332 . ✅ HTTP/2 properly enabled for gRPC
841343 . ✅ Build errors resolved
85- 4 . ✅ ** NEW: TLS handshake timeout** (30 seconds)
86- 5 . ✅ ** NEW: Concurrent handshake limit** (1000 max, with backpressure)
87- 6 . ✅ ** NEW: Async file I/O consistency** (CA cert reading now async)
135+ 4 . ✅ ** TLS handshake timeout** (30 seconds)
136+ 5 . ✅ ** Concurrent handshake limit** (1000 max, with backpressure)
137+ 6 . ✅ ** Async file I/O consistency** (CA cert reading now async)
88138
89- #### Security Features
139+ ### Security Features
90140- ** TLS Handshake Timeout** : 30 second timeout prevents slowloris attacks
91141- ** Handshake Limit** : Maximum 1000 concurrent TLS handshakes with backpressure
92142- ** Proper Async I/O** : All file operations are now non-blocking
93143- ** ALPN Configuration** : Proper HTTP/2 and HTTP/1.1 protocol negotiation
94144
95- #### Future Hardening (Optional)
96- 1 . Consider strict CA cert parsing instead of ` add_parsable_certificates `
97- 2 . Add rate limiting per IP for handshake attempts
98- 3 . Add metrics for TLS handshake failures/timeouts
145+ ### Security Review Summary
146+
147+ | File | Rating | Notes |
148+ | ------| --------| -------|
149+ | ` rpc/mod.rs ` | 🟡 NEEDS_IMPROVEMENT | Handshake limit added, but no global connection limits |
150+ | ` http/user/mod.rs ` | 🟡 NEEDS_IMPROVEMENT | No HTTP timeouts configured yet |
151+ | ` net.rs ` | 🟢 SECURE | Clean abstraction, delegates security |
152+ | ` database.rs ` | 🟡 NEEDS_IMPROVEMENT | No cert validation control |
153+
154+ ### Future Hardening (Optional)
155+ 1 . Add global connection limits (semaphore-based)
156+ 2 . Add per-IP rate limiting
157+ 3 . Add HTTP request/idle timeouts
158+ 4 . Consider strict CA cert parsing instead of ` add_parsable_certificates `
159+ 5 . Add metrics for TLS handshake failures/timeouts
99160
100- ### Key API Changes
161+ ---
162+
163+ ## Key API Changes
101164- ` hyper::Body ` → ` hyper::body::Incoming `
102165- ` hyper::Client ` → ` hyper_util::client::legacy::Client `
103166- ` hyper::Server ` → ` hyper_util::server::conn::auto::Builder `
104167- ` hyper::body::to_bytes ` → ` http_body_util::BodyExt::collect().await?.to_bytes() `
105168- ` hyper::rt::Read/Write ` are new traits distinct from ` tokio::io::AsyncRead/AsyncWrite `
106169
107- ### Files Modified (25+ files)
170+ ---
171+
172+ ## Files Modified (25+ files)
173+
174+ ### Core Server
108175- ` libsql-server/Cargo.toml ` - Updated dependencies
109176- ` libsql-server/src/lib.rs ` - Server struct simplification
110177- ` libsql-server/src/net.rs ` - HyperStream wrapper for Hyper 1.0 traits
111- - ` libsql-server/src/rpc/mod.rs ` - Tonic 0.12 migration, custom incoming streams
178+ - ` libsql-server/src/rpc/mod.rs ` - Tonic 0.12 migration, TLS stream fixes
112179- ` libsql-server/src/http/admin/mod.rs ` - Axum 0.7 migration
113- - ` libsql-server/src/http/user/mod.rs ` - Body type conversions
180+ - ` libsql-server/src/http/user/mod.rs ` - Body type conversions, http2_only fix
114181- ` libsql-server/src/hrana/http/mod.rs ` - Request body type changes
115182- ` libsql-server/src/hrana/ws/handshake.rs ` - WebSocketConfig updates
116183- ` libsql-server/src/test/bottomless.rs ` - S3 mock server updates
184+
185+ ### Client Libraries
117186- ` libsql/src/database.rs ` - HTTP/2 connector support
118187- ` libsql/src/sync.rs ` - Fixed private_interfaces warning
119188- ` libsql/src/hrana/hyper.rs ` - Removed unused imports
120- - ` bindings/c/Cargo.toml ` - hyper-rustls 0.25 → 0.27
189+
190+ ### C Bindings
191+ - ` bindings/c/Cargo.toml ` - hyper-rustls 0.25 → 0.27, http 1.1.0 → 1.0
121192- ` bindings/c/src/lib.rs ` - HTTP/2 connector support
122- - ` .github/workflows/golang-bindings.yml ` - Port configuration fix
193+
194+ ### CI/CD
195+ - ` .github/workflows/golang-bindings.yml ` - Port configuration fix (8080 → 5001)
196+
197+ ### Build System
198+ - ` libsql-ffi/build.rs ` - Fixed SQLEAN extensions build
199+
200+ ### Integration Tests
123201- All integration test files migrated to hyper 1.0
124202
125- ### Known Limitations
203+ ---
204+
205+ ## Known Limitations
126206- H2C (HTTP/2 Cleartext) upgrade support disabled - uses Hyper 0.14 APIs
127207- Admin dump from URL disabled - connector trait complexity
128208- 2 bottomless S3 tests ignored - need full S3 protocol mock
129209
130- ### Next Steps
210+ ---
211+
212+ ## Test Results
213+ ```
214+ test result: ok. 99 passed; 0 failed; 3 ignored
215+ ```
216+
217+ ---
218+
219+ ## Next Steps
1312201 . Push changes to PR branch (requires workflow scope token)
1322212 . Monitor golang-bindings CI result
1332223 . Address cargo-udeps false positives if needed
0 commit comments