Simple example that connects to github securely.

[groodt]

A simple example after discussions from here: #548

[NiteshKant]

Thanks @groodt !

I think it is not a good idea to refer to external sites from a test (even if it is netflix 😄 ).
I would prefer following the current model of having a server and a client for a test. I am also OK if you update the current secure example that uses unsafeSecure() and use your code instead.

[groodt]

@NiteshKant I do like the current way you have it setup with a server and a client, but I'm not sure there is a clean way to do this without talking to a public server.

The problem is as follows:
Some users of RxNetty might like to make secure API requests to public APIs from providers like GitHub, Google, Twitter and many others. These services are secured with certificates signed by the major certificate authorities and these public certificates get bundled with operating systems, browsers, JDKs etc. So when you use a browser or a tool like Postman or really anything, it uses these public certificates that you already have bundled. It is a very common use-case. Even within an organisation you might find certificates that are not-self signed for whatever reason.

So to have a test or example that demonstrates how to use secure SSL for this common use case, I'm not sure I can actually do this for an example against localhost.

It would probably be possible to create a server with a self-signed certificate on localhost and bundle this up in the examples project, but the setup of the SSLEngine for this use-case will look different to the use-case above.

Which gets us back into the same situation we started. That there isn't an example that demonstrates how to use RxNetty against an SSL secured API in the wild.

[groodt]

Any other ideas for this? I could point it to www.howsmyssl.com instead?

It might be that this example can't live in the project. I would understand it and perhaps I'd just create my own simple project that demonstrates one way to use RxNetty client against a server in the wild. Or a Stackoverflow question.

On the other hand, RxNetty is in the business of providing an HTTP Client, so perhaps an integration test against a server outside the RxNetty ecosystem is valuable so that you can confirm that RxNetty can work against non-RxNetty servers.

[jamesgorman2]

From the peanut gallery, a working example against a real CA certed site is good. And this give a good intro to how SSLEngine fits in. I'd be more worried about externalities if it was a real test, but setting up a dummy CA, as well as the dummy server strikes me as overkill. Thoughts on sites (in order):

• https://github.com - the source is hosted here, the issues link goes here and it's well known
• https://reactivex.io/ - since this is an RX project if you want to show a cert failure (looks like a signing issue with using github hosting, I have put an issue in)
• https://netty.io/ - since this is a netty adapter
• https://www.netflix.com - project sponser

[NiteshKant]

Thanks @jamesgorman2 for the input.

@groodt I understand the situation and I think this is a good addition to the examples, the only thing that it would miss is a unittest as I don't feel comfortable running tests connecting to an external site, it makes the test flaky.

Can you change the target host to github? I will pull this in after that.

[groodt]

Thanks for the input @jamesgorman2 and @NiteshKant

I've updated the example to make a request against github.com

I agree that making a real unit test that tests against a real server could lead to flaky tests and random failures. No easy way around it I think. This is the external boundary of the system where the client interacts with the 'dirty' real-world.

Let's leave it as a simple example then.

[NiteshKant]

Thanks @groodt for the contribution!