added zap.Tls, updated https example

2025-10-20 23:24:09 +00:00 · 2023-12-30 03:13:36 +01:00 · 2023-12-30 03:13:36 +01:00 · c38856d0e1
commit c38856d0e1
parent 8f82a692b1
7 changed files with 36 additions and 23 deletions
--- a/build.zig
+++ b/build.zig
@ -232,6 +232,7 @@ pub fn build(b: *std.build.Builder) !void {
    const docserver_run_step = b.step("run-docserver", "run the docserver");
    const docserver_run = b.addRunArtifact(docserver_exe);
    docserver_run_step.dependOn(&docserver_run.step);
+    docserver_run_step.dependOn(docserver_step);

    all_step.dependOn(&docserver_build_step.step);

--- a/examples/https/https.zig
+++ b/examples/https/https.zig
@ -44,12 +44,13 @@ pub fn main() !void {
        help_and_exit(KEY_FILE, err);
    };

-    const tls = zap.fio_tls_new(
+    const tls = try zap.Tls.init(
        "localhost:4443",
        CERT_FILE,
        KEY_FILE,
        null, // key file is not password-protected
    );
+    defer tls.deinit();

    var listener = zap.SimpleHttpListener.init(.{
        .port = 4443,
--- a/facil.io/lib/facil/tls/fio_tls.h
+++ b/facil.io/lib/facil/tls/fio_tls.h
@ -42,7 +42,7 @@ fio_tls_s *fio_tls_new(const char *server_name, const char *public_cert_file,
 *                            "public_key.pem",
 *                            "private_key.pem", NULL );
 */
-void fio_tls_cert_add(fio_tls_s *, const char *server_name,
+int fio_tls_cert_add(fio_tls_s *, const char *server_name,
                      const char *public_cert_file,
                      const char *private_key_file, const char *pk_password);

@ -87,7 +87,7 @@ uintptr_t fio_tls_alpn_count(fio_tls_s *tls);
 *
 *      fio_tls_trust(tls, "google-ca.pem" );
 */
-void fio_tls_trust(fio_tls_s *, const char *public_cert_file);
+int fio_tls_trust(fio_tls_s *, const char *public_cert_file);

 /**
 * Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified
--- a/facil.io/lib/facil/tls/fio_tls_missing.c
+++ b/facil.io/lib/facil/tls/fio_tls_missing.c
@ -480,14 +480,18 @@ fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name, const char *cert,
  REQUIRE_LIBRARY();
  fio_tls_s *tls = calloc(sizeof(*tls), 1);
  tls->ref = 1;
-  fio_tls_cert_add(tls, server_name, key, cert, pk_password);
+  if(fio_tls_cert_add(tls, server_name, key, cert, pk_password) != 0) {
+      // file not found error
+      free(tls);
+      return NULL;
+  }
  return tls;
 }

 /**
 * Adds a certificate  a new SSL/TLS context / settings object.
 */
-void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
+int FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
                                   const char *cert, const char *key,
                                   const char *pk_password) {
  REQUIRE_LIBRARY();
@ -510,11 +514,11 @@ void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
  }
  fio_tls_cert_destroy(&c);
  fio_tls_build_context(tls);
-  return;
+  return 0;
 file_missing:
  FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.",
                key, cert);
-  exit(203);   // CoalNova's suggestion. Was: -1
+  return -1;   // rene
 }

 /**
@ -560,22 +564,22 @@ uintptr_t FIO_TLS_WEAK fio_tls_alpn_count(fio_tls_s *tls) {
 *
 *      fio_tls_trust(tls, "google-ca.pem" );
 */
-void FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
+int FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
  REQUIRE_LIBRARY();
  trust_s c = {
      .pem = FIO_STR_INIT,
  };
  if (!public_cert_file)
-    return;
+    return 0;
  if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL)
    goto file_missing;
  trust_ary_push(&tls->trust, c);
  fio_tls_trust_destroy(&c);
  fio_tls_build_context(tls);
-  return;
+  return 0;
 file_missing:
  FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file);
-  exit(204);   // CoalNova's suggestion. was: -1.
+  return -1; // rene
 }

 /**
--- a/facil.io/lib/facil/tls/fio_tls_openssl.c
+++ b/facil.io/lib/facil/tls/fio_tls_openssl.c
@ -855,14 +855,18 @@ fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name, const char *cert,
  REQUIRE_LIBRARY();
  fio_tls_s *tls = calloc(sizeof(*tls), 1);
  tls->ref = 1;
-  fio_tls_cert_add(tls, server_name, key, cert, pk_password);
+  if(fio_tls_cert_add(tls, server_name, key, cert, pk_password) != 0) {
+      // file not found error
+      free(tls);
+      return NULL;
+  }
  return tls;
 }

 /**
 * Adds a certificate  a new SSL/TLS context / settings object.
 */
-void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
+int FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
                                   const char *cert, const char *key,
                                   const char *pk_password) {
  REQUIRE_LIBRARY();
@ -885,11 +889,11 @@ void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
  }
  fio_tls_cert_destroy(&c);
  fio_tls_build_context(tls);
-  return;
+  return 0;
 file_missing:
  FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.",
                key, cert);
-  exit(200);   // CoalNova's suggestion. Was: -1
+  return -1;
 }

 /**
@ -937,22 +941,22 @@ uintptr_t FIO_TLS_WEAK fio_tls_alpn_count(fio_tls_s *tls) {
 *
 *      fio_tls_trust(tls, "google-ca.pem" );
 */
-void FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
+int FIO_TLS_WEAK fio_tls_trust(fio_tls_s *tls, const char *public_cert_file) {
  REQUIRE_LIBRARY();
  trust_s c = {
      .pem = FIO_STR_INIT,
  };
  if (!public_cert_file)
-    return;
+    return 0;
  if (fio_str_readfile(&c.pem, public_cert_file, 0, 0).data == NULL)
    goto file_missing;
  trust_ary_push(&tls->trust, c);
  fio_tls_trust_destroy(&c);
  fio_tls_build_context(tls);
-  return;
+  return 0;
 file_missing:
  FIO_LOG_FATAL("TLS certificate file missing for %s ", public_cert_file);
-  exit(201);   // CoalNova's suggestion. Was: -1
+  return -1;   // CoalNova's suggestion. Was: -1
 }

 /**
--- a/src/fio.zig
+++ b/src/fio.zig
@ -195,12 +195,12 @@ pub extern fn fio_tls_cert_add(
    public_certificate_file: ?[*:0]const u8,
    private_key_file: ?[*:0]const u8,
    private_key_password: ?[*:0]const u8,
-) void;
+) c_int;

 /// Adds a certificate to the "trust" list, which automatically adds a peer verification requirement.
 /// Note: when the fio_tls_s object is used for server connections, this will limit connections to
 /// clients that connect using a trusted certificate.
-pub extern fn fio_tls_trust(tls: ?*anyopaque, public_cert_file: ?[*:0]const u8) void;
+pub extern fn fio_tls_trust(tls: ?*anyopaque, public_cert_file: ?[*:0]const u8) c_int;

 /// Establishes an SSL/TLS connection as an SSL/TLS Server, using the specified context / settings object.
 /// The uuid should be a socket UUID that is already connected to a peer (i.e., the result of fio_accept).
--- a/src/zap.zig
+++ b/src/zap.zig
@ -4,6 +4,9 @@
 const std = @import("std");
 const fio = @import("fio.zig");

+/// Server-Side TLS function wrapper
+pub const Tls = @import("tls.zig");
+
 pub usingnamespace @import("fio.zig");
 pub usingnamespace @import("endpoint.zig");
 pub usingnamespace @import("util.zig");
@ -770,7 +773,7 @@ pub const SimpleHttpListenerSettings = struct {
    log: bool = false,
    ws_timeout: u8 = 40,
    ws_max_msg_size: usize = 262144,
-    tls: ?*anyopaque = null,
+    tls: ?Tls = null,
 };

 pub const SimpleHttpListener = struct {
@ -884,7 +887,7 @@ pub const SimpleHttpListener = struct {
            .max_body_size = self.settings.max_body_size orelse 50 * 1024 * 1024,
            // fio provides good default:
            .max_clients = self.settings.max_clients orelse 0,
-            .tls = self.settings.tls,
+            .tls = if (self.settings.tls) |tls| tls.fio_tls else null,
            .reserved1 = 0,
            .reserved2 = 0,
            .reserved3 = 0,