hio_get_ssl / hio_set_ssl

CMakeLists.txt

@@ -137,10 +137,10 @@ if(ANDROID)
 endif()
 
 # see Makefile
-set(ALL_SRCDIRS . base event ssl util cpputil evpp protocol http http/client http/server)
+set(ALL_SRCDIRS . base ssl event util cpputil evpp protocol http http/client http/server)
 set(LIBHV_SRCDIRS . base ssl event util)
 set(LIBHV_HEADERS hv.h hconfig.h hexport.h)
-set(LIBHV_HEADERS ${LIBHV_HEADERS} ${BASE_HEADERS} ${SSL_HEADERS} ${EVENT_HEADERS} ${CPPUTIL_HEADERS})
+set(LIBHV_HEADERS ${LIBHV_HEADERS} ${BASE_HEADERS} ${SSL_HEADERS} ${EVENT_HEADERS} ${UTIL_HEADERS})
 
 if(WITH_PROTOCOL)
     set(LIBHV_HEADERS ${LIBHV_HEADERS} ${PROTOCOL_HEADERS})

event/hevent.c

@@ -116,6 +116,16 @@ int hio_enable_ssl(hio_t* io) {
     return 0;
 }
 
+hssl_t hio_get_ssl(hio_t* io) {
+    return io->ssl;
+}
+
+int hio_set_ssl(hio_t* io, hssl_t ssl) {
+    io->io_type = HIO_TYPE_SSL;
+    io->ssl = ssl;
+    return 0;
+}
+
 void hio_set_readbuf(hio_t* io, void* buf, size_t len) {
     if (buf == NULL || len == 0) {
         hloop_t* loop = io->loop;

event/hloop.h

@@ -4,6 +4,7 @@
 #include "hexport.h"
 #include "hplatform.h"
 #include "hdef.h"
+#include "hssl.h"
 
 typedef struct hloop_s      hloop_t;
 typedef struct hevent_s     hevent_t;
@@ -233,6 +234,8 @@ HV_EXPORT hclose_cb   hio_getcb_close(hio_t* io);
 // some useful settings
 // Enable SSL/TLS is so easy :)
 HV_EXPORT int  hio_enable_ssl(hio_t* io);
+HV_EXPORT hssl_t hio_get_ssl(hio_t* io);
+HV_EXPORT int  hio_set_ssl(hio_t* io, hssl_t ssl);
 // TODO: One loop per thread, one readbuf per loop.
 // But you can pass in your own readbuf instead of the default readbuf to avoid memcopy.
 HV_EXPORT void hio_set_readbuf(hio_t* io, void* buf, size_t len);

event/nio.c

@@ -199,16 +199,18 @@ accept:
     connio->userdata = io->userdata;
 
     if (io->io_type == HIO_TYPE_SSL) {
-        hssl_ctx_t ssl_ctx = hssl_ctx_instance();
-        if (ssl_ctx == NULL) {
-            goto accept_error;
-        }
-        hssl_t ssl = hssl_new(ssl_ctx, connfd);
-        if (ssl == NULL) {
-            goto accept_error;
+        if (connio->ssl == NULL) {
+            hssl_ctx_t ssl_ctx = hssl_ctx_instance();
+            if (ssl_ctx == NULL) {
+                goto accept_error;
+            }
+            hssl_t ssl = hssl_new(ssl_ctx, connfd);
+            if (ssl == NULL) {
+                goto accept_error;
+            }
+            connio->ssl = ssl;
         }
         hio_enable_ssl(connio);
-        connio->ssl = ssl;
         ssl_server_handshake(connio);
     }
     else {
@@ -236,15 +238,17 @@ static void nio_connect(hio_t* io) {
         getsockname(io->fd, io->localaddr, &addrlen);
 
         if (io->io_type == HIO_TYPE_SSL) {
-            hssl_ctx_t ssl_ctx = hssl_ctx_instance();
-            if (ssl_ctx == NULL) {
-                goto connect_failed;
-            }
-            hssl_t ssl = hssl_new(ssl_ctx, io->fd);
-            if (ssl == NULL) {
-                goto connect_failed;
+            if (io->ssl == NULL) {
+                hssl_ctx_t ssl_ctx = hssl_ctx_instance();
+                if (ssl_ctx == NULL) {
+                    goto connect_failed;
+                }
+                hssl_t ssl = hssl_new(ssl_ctx, io->fd);
+                if (ssl == NULL) {
+                    goto connect_failed;
+                }
+                io->ssl = ssl;
             }
-            io->ssl = ssl;
             ssl_client_handshake(io);
         }
         else {

ssl/gnutls.c

@@ -53,7 +53,7 @@ hssl_ctx_t hssl_ctx_init(hssl_ctx_init_param_t* param) {
         if (ca_path) {
             ret = gnutls_certificate_set_x509_trust_dir(ctx, ca_path, GNUTLS_X509_FMT_PEM);
             if (ret < 0) {
-                fprintf(stderr, "ssl ca_file failed!\n");
+                fprintf(stderr, "ssl ca_path failed!\n");
                 goto error;
             }
         }
@@ -193,7 +193,7 @@ int hssl_set_sni_hostname(hssl_t ssl, const char* hostname) {
     if (ssl == NULL) return HSSL_ERROR;
     gnutls_t* gnutls = (gnutls_t*)ssl;
     if (gnutls->session == NULL) {
-        hssl_init(ssl, GNUTLS_SERVER);
+        hssl_init(ssl, GNUTLS_CLIENT);
     }
     gnutls_server_name_set(gnutls->session, GNUTLS_NAME_DNS, hostname, strlen(hostname));
     return 0;