Add hssl.h

CMake/vars.cmake

@@ -15,10 +15,10 @@ set(BASE_HEADERS
     base/hmutex.h
     base/hthread.h
     base/hsocket.h
+    base/hssl.h
     base/hbuf.h
     base/hurl.h
     base/hgui.h
-    base/ssl_ctx.h
     base/hmap.h
     base/hstring.h
     base/hvar.h

Makefile.vars

@@ -20,10 +20,10 @@ BASE_HEADERS =  base/hplatform.h\
 				base/hmutex.h\
 				base/hthread.h\
 				base/hsocket.h\
+				base/hssl.h\
 				base/hbuf.h\
 				base/hurl.h\
 				base/hgui.h\
-				base/ssl_ctx.h\
 				\
 				base/hmap.h\
 				base/hstring.h\

README.md

@@ -192,8 +192,8 @@ bin/nc 127.0.0.1 10514
 libhv combines OpenSSL perfectly, something almost all asynchronous IO network libraries don't do.<br>
 And enable SSL in libhv is so easy, just only two apis:
 ```
-// init global SSL_CTX, see base/ssl_ctx.h
-int ssl_ctx_init(const char* crt_file, const char* key_file, const char* ca_file);
+// init ssl_ctx, see base/hssl.h
+hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param);
 
 // enable ssl, see event/hloop.h
 int hio_enable_ssl(hio_t* io);

base/hssl.c

@@ -0,0 +1,181 @@
+#include "hssl.h"
+
+static hssl_ctx_t s_ssl_ctx = 0;
+hssl_ctx_t hssl_ctx_instance() {
+    return s_ssl_ctx;
+}
+
+#ifdef WITH_OPENSSL
+
+#include "openssl/ssl.h"
+
+hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param) {
+    SSL_CTX* ctx = SSL_CTX_new(TLS_method());
+    if (ctx == NULL) return NULL;
+    int mode = SSL_VERIFY_NONE;
+    if (param) {
+        if (param->ca_file && *param->ca_file) {
+            if (!SSL_CTX_load_verify_locations(ctx, param->ca_file, NULL)) {
+                fprintf(stderr, "ssl ca_file verify failed!\n");
+                goto error;
+            }
+        }
+        if (param->crt_file && *param->crt_file) {
+            if (!SSL_CTX_use_certificate_file(ctx, param->crt_file, SSL_FILETYPE_PEM)) {
+                fprintf(stderr, "ssl crt_file error!\n");
+                goto error;
+            }
+        }
+        if (param->key_file && *param->key_file) {
+            if (!SSL_CTX_use_PrivateKey_file(ctx, param->key_file, SSL_FILETYPE_PEM)) {
+                fprintf(stderr, "ssl key_file error!\n");
+                goto error;
+            }
+            if (!SSL_CTX_check_private_key(ctx)) {
+                fprintf(stderr, "ssl key_file check failed!\n");
+                goto error;
+            }
+
+        }
+        if (param->verify_peer) {
+            mode = SSL_VERIFY_PEER;
+        }
+    }
+    SSL_CTX_set_verify(ctx, mode, NULL);
+    s_ssl_ctx = ctx;
+    return ctx;
+error:
+    SSL_CTX_free(ctx);
+    return NULL;
+}
+
+void hssl_ctx_destory(hssl_ctx_t ssl_ctx) {
+    if (ssl_ctx) {
+        if (ssl_ctx == s_ssl_ctx) {
+            s_ssl_ctx = NULL;
+        }
+        SSL_CTX_free((SSL_CTX*)ssl_ctx);
+        ssl_ctx = NULL;
+    }
+}
+
+hssl_t hssl_new(hssl_ctx_t ssl_ctx, int fd) {
+    SSL* ssl = SSL_new((SSL_CTX*)ssl_ctx);
+    if (ssl == NULL) return NULL;
+    SSL_set_fd(ssl, fd);
+    return ssl;
+}
+
+void hssl_free(hssl_t ssl) {
+    if (ssl) {
+        SSL_free((SSL*)ssl);
+        ssl = NULL;
+    }
+}
+
+int hssl_connect(hssl_t ssl) {
+    int ret = SSL_connect((SSL*)ssl);
+    if (ret == 1) return 0;
+
+    int err = SSL_get_error((SSL*)ssl, ret);
+    return err;
+}
+
+int hssl_accept(hssl_t ssl) {
+    int ret = SSL_accept((SSL*)ssl);
+    if (ret == 1) return 0;
+
+    int err = SSL_get_error((SSL*)ssl, ret);
+    return err;
+}
+
+int hssl_read(hssl_t ssl, void* buf, int len) {
+    return SSL_read((SSL*)ssl, buf, len);
+}
+
+int hssl_write(hssl_t ssl, const void* buf, int len) {
+    return SSL_write((SSL*)ssl, buf, len);
+}
+
+int hssl_close(hssl_t ssl) {
+    SSL_shutdown((SSL*)ssl);
+    return 0;
+}
+
+int hssl_set_accept_state(hssl_t ssl) {
+    SSL_set_accept_state((SSL*)ssl);
+    return 0;
+}
+
+int hssl_set_connect_state(hssl_t ssl) {
+    SSL_set_connect_state((SSL*)ssl);
+    return 0;
+}
+
+int hssl_do_handshark(hssl_t ssl) {
+    int ret = SSL_do_handshake((SSL*)ssl);
+    if (ret == 1) return 0;
+
+    int err = SSL_get_error((SSL*)ssl, ret);
+    if (err == SSL_ERROR_WANT_READ) {
+        return HSSL_WANT_READ;
+    }
+    else if (err == SSL_ERROR_WANT_WRITE) {
+        return HSSL_WANT_WRITE;
+    }
+    return err;
+}
+
+#else
+
+#include "hplatform.h"
+
+hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param) {
+    fprintf(stderr, "Please recompile WITH_SSL.\n");
+    return NULL;
+}
+
+void hssl_ctx_destory(hssl_ctx_t ssl_ctx) {
+}
+
+hssl_t hssl_new(hssl_ctx_t ssl_ctx, int fd) {
+    return (void*)(intptr_t)fd;
+}
+
+void hssl_free(hssl_t ssl) {
+}
+
+int hssl_connect(hssl_t ssl) {
+    return 0;
+}
+
+int hssl_accept(hssl_t ssl) {
+    return 0;
+}
+
+int hssl_read(hssl_t ssl, void* buf, int len) {
+    int fd = (intptr_t)ssl;
+    return read(fd, buf, len);
+}
+
+int hssl_write(hssl_t ssl, const void* buf, int len) {
+    int fd = (intptr_t)ssl;
+    return write(fd, buf, len);
+}
+
+int hssl_close(hssl_t ssl) {
+    return 0;
+}
+
+int hssl_set_accept_state(hssl_t ssl) {
+    return 0;
+}
+
+int hssl_set_connect_state(hssl_t ssl) {
+    return 0;
+}
+
+int hssl_do_handshark(hssl_t ssl) {
+    return 0;
+}
+#endif

base/hssl.h

@@ -0,0 +1,43 @@
+#ifndef HV_SSL_H_
+#define HV_SSL_H_
+
+#include "hexport.h"
+
+typedef void* hssl_ctx_t; ///> SSL_CTX
+typedef void* hssl_t; ///> SSL
+
+enum {
+    HSSL_OK = 0,
+    HSSL_WANT_READ = 2,
+    HSSL_WANT_WRITE = 3,
+};
+
+typedef struct {
+    const char* crt_file;
+    const char* key_file;
+    const char* ca_file;
+    int         verify_peer;
+} hssl_ctx_init_param_t;
+
+BEGIN_EXTERN_C
+
+HV_EXPORT hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param);
+HV_EXPORT void hssl_ctx_destory(hssl_ctx_t ssl_ctx);
+HV_EXPORT hssl_ctx_t hssl_ctx_instance();
+
+HV_EXPORT hssl_t hssl_new(hssl_ctx_t ssl_ctx, int fd);
+HV_EXPORT void hssl_free(hssl_t ssl);
+
+HV_EXPORT int hssl_connect(hssl_t ssl);
+HV_EXPORT int hssl_accept(hssl_t ssl);
+HV_EXPORT int hssl_read(hssl_t ssl, void* buf, int len);
+HV_EXPORT int hssl_write(hssl_t ssl, const void* buf, int len);
+HV_EXPORT int hssl_close(hssl_t ssl);
+
+HV_EXPORT int hssl_set_accept_state(hssl_t ssl);
+HV_EXPORT int hssl_set_connect_state(hssl_t ssl);
+HV_EXPORT int hssl_do_handshark(hssl_t ssl);
+
+END_EXTERN_C
+
+#endif // HV_SSL_H_

base/ssl_ctx.c

@@ -1,61 +0,0 @@
-#include "ssl_ctx.h"
-
-#include <stdio.h>
-
-#ifdef WITH_OPENSSL
-#include "openssl/ssl.h"
-#endif
-
-static void* s_ssl_ctx = 0;
-
-int ssl_ctx_init(const char* crt_file, const char* key_file, const char* ca_file) {
-#ifdef WITH_OPENSSL
-    if (s_ssl_ctx != NULL) {
-        return 0;
-    }
-    SSL_CTX* ctx = SSL_CTX_new(TLS_method());
-    if (ctx == NULL) return -10;
-    if (ca_file && *ca_file) {
-        if (!SSL_CTX_load_verify_locations(ctx, ca_file, NULL)) {
-            fprintf(stderr, "ssl ca_file verify failed!\n");
-            return -20;
-        }
-    }
-    if (crt_file && *crt_file) {
-        if (!SSL_CTX_use_certificate_file(ctx, crt_file, SSL_FILETYPE_PEM)) {
-            fprintf(stderr, "ssl crt_file error!\n");
-            return -20;
-        }
-    }
-    if (key_file && *key_file) {
-        if (!SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM)) {
-            fprintf(stderr, "ssl key_file error!\n");
-            return -30;
-        }
-        if (!SSL_CTX_check_private_key(ctx)) {
-            fprintf(stderr, "ssl key_file check failed!\n");
-            return -40;
-        }
-    }
-    SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-    s_ssl_ctx = ctx;
-    return 0;
-#else
-    fprintf(stderr, "Please recompile WITH_OPENSSL.\n");
-    return -1;
-#endif
-}
-
-int ssl_ctx_destory() {
-#ifdef WITH_OPENSSL
-    if (s_ssl_ctx) {
-        SSL_CTX_free((SSL_CTX*)s_ssl_ctx);
-        s_ssl_ctx = NULL;
-    }
-#endif
-    return 0;
-}
-
-void* ssl_ctx_instance() {
-    return s_ssl_ctx;
-}

base/ssl_ctx.h

@@ -1,14 +0,0 @@
-#ifndef HV_SSL_CTX_H
-#define HV_SSL_CTX_H
-
-#include "hexport.h"
-
-BEGIN_EXTERN_C
-
-HV_EXPORT void* ssl_ctx_instance();
-HV_EXPORT int ssl_ctx_init(const char* crt_file, const char* key_file, const char* ca_file);
-HV_EXPORT int ssl_ctx_destory();
-
-END_EXTERN_C
-
-#endif // HV_SSL_CTX_H

event/hloop.c

@@ -643,13 +643,16 @@ int hio_del(hio_t* io, int events) {
     // Windows iowatcher not work on stdio
     if (io->fd < 3) return 0;
 #endif
-    if (!io->active || !io->ready) return 0;
-    iowatcher_del_event(io->loop, io->fd, events);
-    io->events &= ~events;
-    if (io->events == 0) {
-        io->loop->nios--;
-        // NOTE: not EVENT_DEL, avoid free
-        EVENT_INACTIVE(io);
+    if (io->active) {
+        iowatcher_del_event(io->loop, io->fd, events);
+        io->events &= ~events;
+        if (io->events == 0) {
+            io->loop->nios--;
+            // NOTE: not EVENT_DEL, avoid free
+            EVENT_INACTIVE(io);
+        }
+    }
+    if (!io->active) {
         hio_done(io);
     }
     return 0;

event/nio.c

@@ -2,6 +2,7 @@
 #ifndef EVENT_IOCP
 #include "hevent.h"
 #include "hsocket.h"
+#include "hssl.h"
 #include "hlog.h"
 
 static void __connect_timeout_cb(htimer_t* timer) {
@@ -167,16 +168,10 @@ static void __close_cb(hio_t* io) {
     }
 }
 
-#ifdef WITH_OPENSSL
-#include "openssl/ssl.h"
-#include "openssl/err.h"
-#include "ssl_ctx.h"
-
 static void ssl_do_handshark(hio_t* io) {
-    SSL* ssl = (SSL*)io->ssl;
     printd("ssl handshark...\n");
-    int ret = SSL_do_handshake(ssl);
-    if (ret == 1) {
+    int ret = hssl_do_handshark(io->ssl);
+    if (ret == 0) {
         // handshark finish
         iowatcher_del_event(io->loop, io->fd, HV_READ);
         io->events &= ~HV_READ;
@@ -189,20 +184,16 @@ static void ssl_do_handshark(hio_t* io) {
             __connect_cb(io);
         }
     }
-    else {
-        int errcode = SSL_get_error(ssl, ret);
-        if (errcode == SSL_ERROR_WANT_READ) {
-            if ((io->events & HV_READ) == 0) {
-                hio_add(io, ssl_do_handshark, HV_READ);
-            }
-        }
-        else {
-            hloge("ssl handshake failed: %d", errcode);
-            hio_close(io);
+    else if (ret == HSSL_WANT_READ) {
+        if ((io->events & HV_READ) == 0) {
+            hio_add(io, ssl_do_handshark, HV_READ);
         }
     }
+    else {
+        hloge("ssl handshake failed: %d", ret);
+        hio_close(io);
+    }
 }
-#endif
 
 static void nio_accept(hio_t* io) {
     //printd("nio_accept listenfd=%d\n", io->fd);
@@ -229,26 +220,26 @@ accept:
     connio->accept_cb = io->accept_cb;
     connio->userdata = io->userdata;
 
-#ifdef WITH_OPENSSL
     if (io->io_type == HIO_TYPE_SSL) {
-        SSL_CTX* ssl_ctx = (SSL_CTX*)ssl_ctx_instance();
+        hssl_ctx_t ssl_ctx = hssl_ctx_instance();
         if (ssl_ctx == NULL) {
             goto accept_error;
         }
-        SSL* ssl = SSL_new(ssl_ctx);
-        SSL_set_fd(ssl, connfd);
-        connio->ssl = ssl;
+        hssl_t ssl = hssl_new(ssl_ctx, connfd);
+        if (ssl == NULL) {
+            goto accept_error;
+        }
         hio_enable_ssl(connio);
-        //int ret = SSL_accept(ssl);
-        SSL_set_accept_state(ssl);
+        connio->ssl = ssl;
+        // int ret = hssl_accept(ssl);
+        hssl_set_accept_state(ssl);
         ssl_do_handshark(connio);
     }
-#endif
-
-    if (connio->io_type != HIO_TYPE_SSL) {
+    else {
         // NOTE: SSL call accept_cb after handshark finished
         __accept_cb(connio);
     }
+
     goto accept;
 
 accept_error:
@@ -268,25 +259,25 @@ static void nio_connect(hio_t* io) {
         addrlen = sizeof(sockaddr_u);
         getsockname(io->fd, io->localaddr, &addrlen);
 
-#ifdef WITH_OPENSSL
         if (io->io_type == HIO_TYPE_SSL) {
-            SSL_CTX* ssl_ctx = (SSL_CTX*)ssl_ctx_instance();
+            hssl_ctx_t ssl_ctx = hssl_ctx_instance();
             if (ssl_ctx == NULL) {
                 goto connect_failed;
             }
-            SSL* ssl = SSL_new(ssl_ctx);
-            SSL_set_fd(ssl, io->fd);
+            hssl_t ssl = hssl_new(ssl_ctx, io->fd);
+            if (ssl == NULL) {
+                goto connect_failed;
+            }
             io->ssl = ssl;
-            //int ret = SSL_connect(ssl);
-            SSL_set_connect_state(ssl);
+            // int ret = hssl_connect(ssl);
+            hssl_set_connect_state(ssl);
             ssl_do_handshark(io);
         }
-#endif
-
-        if (io->io_type != HIO_TYPE_SSL) {
+        else {
             // NOTE: SSL call connect_cb after handshark finished
             __connect_cb(io);
         }
+
         return;
     }
 
@@ -297,11 +288,9 @@ connect_failed:
 static int __nio_read(hio_t* io, void* buf, int len) {
     int nread = 0;
     switch (io->io_type) {
-#ifdef WITH_OPENSSL
     case HIO_TYPE_SSL:
-        nread = SSL_read((SSL*)io->ssl, buf, len);
+        nread = hssl_read(io->ssl, buf, len);
         break;
-#endif
     case HIO_TYPE_TCP:
 #ifdef OS_UNIX
         nread = read(io->fd, buf, len);
@@ -326,11 +315,9 @@ static int __nio_read(hio_t* io, void* buf, int len) {
 static int __nio_write(hio_t* io, const void* buf, int len) {
     int nwrite = 0;
     switch (io->io_type) {
-#ifdef WITH_OPENSSL
     case HIO_TYPE_SSL:
-        nwrite = SSL_write((SSL*)io->ssl, buf, len);
+        nwrite = hssl_write(io->ssl, buf, len);
         break;
-#endif
     case HIO_TYPE_TCP:
 #ifdef OS_UNIX
         nwrite = write(io->fd, buf, len);
@@ -558,11 +545,10 @@ int hio_close (hio_t* io) {
         closesocket(io->fd);
 #endif
     }
-#ifdef WITH_OPENSSL
     if (io->ssl) {
-        SSL_free((SSL*)io->ssl);
+        hssl_free(io->ssl);
+        io->ssl = NULL;
     }
-#endif
     __close_cb(io);
     return 0;
 }

examples/httpd/httpd.cpp

@@ -3,7 +3,6 @@
 #include "iniparser.h"
 
 #include "HttpServer.h"
-#include "ssl_ctx.h"
 
 #include "router.h"
 
@@ -149,7 +148,12 @@ int parse_confile(const char* confile) {
         std::string crt_file = ini.GetValue("ssl_certificate");
         std::string key_file = ini.GetValue("ssl_privatekey");
         std::string ca_file = ini.GetValue("ssl_ca_certificate");
-        if (ssl_ctx_init(crt_file.c_str(), key_file.c_str(), ca_file.c_str()) != 0) {
+        hssl_ctx_init_param_t param;
+        memset(&param, 0, sizeof(param));
+        param.crt_file = crt_file.c_str();
+        param.key_file = key_file.c_str();
+        param.ca_file = ca_file.c_str();
+        if (hssl_ctx_init(&param) == NULL) {
             hloge("SSL certificate verify failed!");
             exit(0);
         }

http/client/http_client.cpp

@@ -9,18 +9,14 @@
 #else
 #include "herr.h"
 #include "hsocket.h"
+#include "hssl.h"
 #include "HttpParser.h"
-#include "ssl_ctx.h"
-#endif
-
-#ifdef WITH_OPENSSL
-#include "openssl/ssl.h"
 #endif
 
 struct http_client_s {
     std::string  host;
     int          port;
-    int          tls;
+    int          https;
     int          http_version;
     int          timeout; // s
     http_headers headers;
@@ -29,25 +25,21 @@ struct http_client_s {
     CURL* curl;
 #else
     int fd;
+    hssl_t ssl;
     HttpParser*  parser;
 #endif
-#ifdef WITH_OPENSSL
-    SSL* ssl;
-#endif
 
     http_client_s() {
         port = DEFAULT_HTTP_PORT;
-        tls = 0;
+        https = 0;
         http_version = 1;
         timeout = DEFAULT_HTTP_TIMEOUT;
 #ifdef WITH_CURL
         curl = NULL;
 #else
         fd = -1;
-        parser = NULL;
-#endif
-#ifdef WITH_OPENSSL
         ssl = NULL;
+        parser = NULL;
 #endif
     }
 
@@ -56,18 +48,16 @@ struct http_client_s {
     }
 
     void Close() {
-#ifdef WITH_OPENSSL
-        if (ssl) {
-            SSL_free(ssl);
-            ssl = NULL;
-        }
-#endif
 #ifdef WITH_CURL
         if (curl) {
             curl_easy_cleanup(curl);
             curl = NULL;
         }
 #else
+        if (ssl) {
+            hssl_free(ssl);
+            ssl = NULL;
+        }
         if (fd > 0) {
             closesocket(fd);
             fd = -1;
@@ -82,9 +72,9 @@ struct http_client_s {
 
 static int __http_client_send(http_client_t* cli, HttpRequest* req, HttpResponse* res);
 
-http_client_t* http_client_new(const char* host, int port, int tls) {
+http_client_t* http_client_new(const char* host, int port, int https) {
     http_client_t* cli = new http_client_t;
-    cli->tls = tls;
+    cli->https = https;
     cli->port = port;
     if (host) {
         cli->host = host;
@@ -320,26 +310,24 @@ static int __http_client_connect(http_client_t* cli) {
     }
     tcp_nodelay(connfd, 1);
 
-    if (cli->tls) {
-#ifdef WITH_OPENSSL
-        if (ssl_ctx_instance() == NULL) {
-            ssl_ctx_init(NULL, NULL, NULL);
+    if (cli->https) {
+        if (hssl_ctx_instance() == NULL) {
+            hssl_ctx_init(NULL);
         }
-        cli->ssl = SSL_new((SSL_CTX*)ssl_ctx_instance());
-        SSL_set_fd(cli->ssl, connfd);
-        if (SSL_connect(cli->ssl) != 1) {
-            int err = SSL_get_error(cli->ssl, -1);
-            fprintf(stderr, "SSL handshark failed: %d\n", err);
-            SSL_free(cli->ssl);
+        hssl_ctx_t ssl_ctx = hssl_ctx_instance();
+        if (ssl_ctx == NULL) {
+            closesocket(connfd);
+            return ERR_INVALID_PROTOCOL;
+        }
+        cli->ssl = hssl_new(ssl_ctx, connfd);
+        int ret = hssl_connect(cli->ssl);
+        if (ret != 0) {
+            fprintf(stderr, "SSL handshark failed: %d\n", ret);
+            hssl_free(cli->ssl);
             cli->ssl = NULL;
             closesocket(connfd);
-            return err;
+            return ret;
         }
-#else
-        fprintf(stderr, "Please recompile WITH_OPENSSL\n");
-        closesocket(connfd);
-        return ERR_INVALID_PROTOCOL;
-#endif
     }
 
     if (cli->parser == NULL) {
@@ -361,8 +349,8 @@ int __http_client_send(http_client_t* cli, HttpRequest* req, HttpResponse* res)
         cli->host = req->host;
         cli->port = req->port;
     }
-    if (cli->tls == 0) {
-        cli->tls = req->https;
+    if (cli->https == 0) {
+        cli->https = req->https;
     }
     cli->http_version = req->http_major;
 
@@ -395,12 +383,10 @@ send:
                 }
                 so_sndtimeo(connfd, (timeout-(cur_time-start_time)) * 1000);
             }
-#ifdef WITH_OPENSSL
-            if (cli->tls) {
-                nsend = SSL_write(cli->ssl, data+total_nsend, len-total_nsend);
+            if (cli->https) {
+                nsend = hssl_write(cli->ssl, data+total_nsend, len-total_nsend);
             }
-#endif
-            if (!cli->tls) {
+            else {
                 nsend = send(connfd, data+total_nsend, len-total_nsend, 0);
             }
             if (nsend <= 0) {
@@ -429,12 +415,10 @@ recv:
             }
             so_rcvtimeo(connfd, (timeout-(cur_time-start_time)) * 1000);
         }
-#ifdef WITH_OPENSSL
-        if (cli->tls) {
-            nrecv = SSL_read(cli->ssl, recvbuf, sizeof(recvbuf));
+        if (cli->https) {
+            nrecv = hssl_read(cli->ssl, recvbuf, sizeof(recvbuf));
         }
-#endif
-        if (!cli->tls) {
+        else {
             nrecv = recv(connfd, recvbuf, sizeof(recvbuf), 0);
         }
         if (nrecv <= 0) {

http/client/http_client.h

@@ -29,7 +29,7 @@ int main(int argc, char* argv[]) {
 #define DEFAULT_HTTP_TIMEOUT    10 // s
 typedef struct http_client_s http_client_t;
 
-HV_EXPORT http_client_t* http_client_new(const char* host = NULL, int port = DEFAULT_HTTP_PORT, int tls = 0);
+HV_EXPORT http_client_t* http_client_new(const char* host = NULL, int port = DEFAULT_HTTP_PORT, int https = 0);
 HV_EXPORT int http_client_del(http_client_t* cli);
 HV_EXPORT const char* http_client_strerror(int errcode);
 

hv.h

@@ -24,6 +24,7 @@
 #include "hthread.h"
 #include "hmutex.h"
 #include "hsocket.h"
+#include "hssl.h"
 
 #include "hlog.h"
 #include "hbuf.h"

readme_cn.md

@@ -191,8 +191,8 @@ bin/nc 127.0.0.1 10514
 libhv完美结合了OpenSSL库，这是几乎所有的异步IO库没有做的一点。
 在libhv中开启SSL非常简单，仅需要两个API接口：
 ```
-// init global SSL_CTX, see base/ssl_ctx.h
-int ssl_ctx_init(const char* crt_file, const char* key_file, const char* ca_file);
+// init ssl_ctx, see base/hssl.h
+hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param);
 
 // enable ssl, see event/hloop.h
 int hio_enable_ssl(hio_t* io);