agoo 2.10.0 → 2.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0e446f82a7209a72954bdf44c5f345fd9c5e13384dc75d6ce8faa7149d52f023
-  data.tar.gz: dea80f2d75d1f4affce64efece36dae4f7753e243d085faf8b7f0b2746aea2db
+  metadata.gz: 158117188fe96c69828c60595d0a38afe61bd10923f15236613ca7efbd323623
+  data.tar.gz: da8bea92f370d7e8d66c39c8ff693611e971e1805b11ccf8ecaaa8d9a01eabc3
 SHA512:
-  metadata.gz: 6167c0841ed2f05935998cb861632949b9d437e1c590820477add9d0ef067abd0c1ea1db377279c8f82fd4d58efb6491daf198f979e0fa6dc3f989ba4cd217ef
-  data.tar.gz: da0c4b54ee8f4db509e5e657bd2a919d0df4a314b7c6663d0e2afd0b4e89730fbaad7693f3888cefe984f8ca00d9e04237c5c51218e5d96e0278cc91eb483f5d
+  metadata.gz: 3387636bc61cd62a24ac7b71f1678c74c8e564c857e580acff1f93144868cd5fe614d49607c3a150f9486b779d4e3b925d8f52c391b02685054bf7a862420256
+  data.tar.gz: 781c95aad1a5161b6d0c069051a748e2b83a5c00d1f44ac7d14a37f897bdec02fc792a1e694db1acb8b4d124b53cdb9758237b1206aece31810b7c6513858b0e

data/CHANGELOG.md

@@ -4,6 +4,13 @@ All changes to the Agoo gem are documented here. Releases follow semantic versio
 
 ## [Unreleased]
 
+## [2.11.0] - [2019-09-15]
+
+TLS using OpenSSL
+
+### Added
+- TLS (SSL) support added.
+
 ## [2.10.0] - 2019-08-29
 
 GraphQL subscriptions

data/README.md

@@ -88,6 +88,11 @@ Agoo is not available on Windows.
 
 ## News
 
+- Version 2.11.0 supports GraphQL subscriptions. TLS (SSL,HTTPS)
+  support added. Examples for both. Related, the
+  [graphql-benchmark](https://github.com/the-benchmarker/graphql-benchmarks)
+  repo was given to [the-benchmarker](https://github.com/the-benchmarker).
+
 - Agoo has a new GraphQL module with a simple, easy to use
   API. Checkout the [hello](example/graphql/hello.rb) or
   [song](example/graphql/song.rb) examples.

data/ext/agoo/bind.c

@@ -12,6 +12,7 @@
 #include "bind.h"
 #include "debug.h"
 #include "log.h"
+#include "server.h"
 
 agooBind
 agoo_bind_port(agooErr err, int port) {
@@ -19,11 +20,10 @@ agoo_bind_port(agooErr err, int port) {
 
     if (NULL != b) {
 	char	id[1024];
-	
+
 	b->port = port;
 	b->family = AF_INET;
 	snprintf(id, sizeof(id) - 1, "http://:%d", port);
-	strcpy(b->scheme, "http");
 	if (NULL == (b->id = AGOO_STRDUP(id))) {
 	    AGOO_ERR_MEM(err, "strdup()");
 	    AGOO_FREE(b);
@@ -43,7 +43,7 @@ url_tcp(agooErr err, const char *url, const char *scheme) {
     struct in_addr	addr = { .s_addr = 0 };
     int			port;
     agooBind		b;
-    
+
     if (NULL == colon) {
 	port = 80;
     } else if (15 < colon - url) {
@@ -74,8 +74,6 @@ url_tcp(agooErr err, const char *url, const char *scheme) {
 	    AGOO_FREE(b);
 	    return NULL;
 	}
-	strncpy(b->scheme, scheme, sizeof(b->scheme));
-	b->scheme[sizeof(b->scheme) - 1] = '\0';
 	b->kind = AGOO_CON_HTTP;
 	b->read = NULL;
 	b->write = NULL;
@@ -84,7 +82,7 @@ url_tcp(agooErr err, const char *url, const char *scheme) {
 	return b;
     }
     AGOO_ERR_MEM(err, "Bind");
-    
+
     return b;
 }
 
@@ -95,7 +93,7 @@ url_tcp6(agooErr err, const char *url, const char *scheme) {
     int			port = 80;
     char		buf[256];
     agooBind		b;
-    
+
     if (':' == *(end + 1)) {
 	port = atoi(end + 2);
     }
@@ -117,9 +115,7 @@ url_tcp6(agooErr err, const char *url, const char *scheme) {
 	    AGOO_ERR_MEM(err, "strdup()");
 	    AGOO_FREE(b);
 	    return NULL;
-	}	    
-	strncpy(b->scheme, scheme, sizeof(b->scheme));
-	b->scheme[sizeof(b->scheme) - 1] = '\0';
+	}
 	b->kind = AGOO_CON_HTTP;
 	b->read = NULL;
 	b->write = NULL;
@@ -128,7 +124,7 @@ url_tcp6(agooErr err, const char *url, const char *scheme) {
 	return b;
     }
     AGOO_ERR_MEM(err, "Bind");
-    
+
     return b;
 }
 
@@ -143,7 +139,7 @@ url_named(agooErr err, const char *url) {
 	if (NULL != b) {
 	    const char	*fmt = "unix://%s";
 	    char	id[1024];
-	
+
 	    if (NULL == (b->name = AGOO_STRDUP(url))) {
 		AGOO_ERR_MEM(err, "strdup()");
 		AGOO_FREE(b);
@@ -155,7 +151,6 @@ url_named(agooErr err, const char *url) {
 		AGOO_FREE(b);
 		return NULL;
 	    }
-	    strcpy(b->scheme, "unix");
 	    b->kind = AGOO_CON_HTTP;
 	    b->read = NULL;
 	    b->write = NULL;
@@ -170,8 +165,60 @@ url_named(agooErr err, const char *url) {
 
 static agooBind
 url_ssl(agooErr err, const char *url) {
-    // TBD
+    char		*colon = index(url, ':');
+    struct in_addr	addr = { .s_addr = 0 };
+    int			port;
+    agooBind		b;
+
+#ifdef HAVE_OPENSSL_SSL_H
+    if (NULL == agoo_server.ssl_ctx) {
+	agoo_err_set(err, AGOO_ERR_ARG, "https requires an SSL certificate and private key. (%s)", url);
+	return NULL;
+    }
+#else
+    agoo_err_set(err, AGOO_ERR_ARG, "https requires OpenSSL. Rebuild with OpenSSL. (%s)", url);
     return NULL;
+#endif
+    if (NULL == colon) {
+	port = 443;
+    } else if (15 < colon - url) {
+	agoo_err_set(err, AGOO_ERR_ARG, "https bind address is not valid, too long. (%s)", url);
+	return NULL;
+    } else if (':' == *url) {
+	port = atoi(colon + 1);
+    } else {
+	char	buf[32];
+
+	strncpy(buf, url, colon - url);
+	buf[colon - url] = '\0';
+	if (0 == inet_aton(buf, &addr)) {
+	    agoo_err_set(err, AGOO_ERR_ARG, "https bind address is not valid. (%s)", url);
+	    return NULL;
+	}
+	port = atoi(colon + 1);
+    }
+    if (NULL != (b = (agooBind)AGOO_CALLOC(1, sizeof(struct _agooBind)))) {
+	char	id[64];
+
+	b->port = port;
+	b->addr4 = addr;
+	b->family = AF_INET;
+	snprintf(id, sizeof(id), "https://%s:%d", inet_ntoa(addr), port);
+	if (NULL == (b->id = AGOO_STRDUP(id))) {
+	    AGOO_ERR_MEM(err, "strdup()");
+	    AGOO_FREE(b);
+	    return NULL;
+	}
+	b->kind = AGOO_CON_HTTPS;
+	b->read = NULL;
+	b->write = NULL;
+	b->events = NULL;
+
+	return b;
+    }
+    AGOO_ERR_MEM(err, "Bind");
+
+    return b;
 }
 
 agooBind
@@ -197,7 +244,7 @@ agoo_bind_url(agooErr err, const char *url) {
     if (0 == strncmp("ssl://", url, 6)) {
 	return url_ssl(err, url + 6);
     }
-    // All others assume
+    // All others assume http
     {
 	char	*colon = index(url, ':');
 	char	scheme[8];
@@ -220,9 +267,6 @@ void
 agoo_bind_destroy(agooBind b) {
     AGOO_FREE(b->id);
     AGOO_FREE(b->name);
-    AGOO_FREE(b->key);
-    AGOO_FREE(b->cert);
-    AGOO_FREE(b->ca);
     AGOO_FREE(b);
 }
 
@@ -239,9 +283,9 @@ usual_listen(agooErr err, agooBind b) {
 
 	return agoo_err_set(err, errno, "Server failed to open server socket. %s.", strerror(errno));
     }
-#ifdef OSX_OS 
+#ifdef OSX_OS
     setsockopt(b->fd, SOL_SOCKET, SO_NOSIGPIPE, &optval, sizeof(optval));
-#endif    
+#endif
     setsockopt(b->fd, SOL_SOCKET, SO_REUSEPORT, &optval, sizeof(optval));
     setsockopt(b->fd, IPPROTO_TCP, TCP_NODELAY, &optval, sizeof(optval));
     if (AF_INET6 == b->family) {
@@ -298,20 +342,11 @@ named_listen(agooErr err, agooBind b) {
     return AGOO_ERR_OK;
 }
 
-static int
-ssl_listen(agooErr err, agooBind b) {
-    // TBD
-    return AGOO_ERR_OK;
-}
-
 int
 agoo_bind_listen(agooErr err, agooBind b) {
     if (NULL != b->name) {
 	return named_listen(err, b);
     }
-    if (NULL != b->key) {
-	return ssl_listen(err, b);
-    }
     return usual_listen(err, b);
 }
 

data/ext/agoo/bind.h

@@ -22,16 +22,12 @@ typedef struct _agooBind {
 	struct in_addr	addr4;
 	struct in6_addr	addr6;
     };
-    agooConKind		kind;
     bool		(*read)(struct _agooCon *c);
     bool		(*write)(struct _agooCon *c);
     short		(*events)(struct _agooCon *c);
-    char		scheme[8];
     char		*name; // if set then Unix file
-    char		*key;  // if set then SSL
-    char		*cert;
-    char		*ca;
     char		*id;
+    agooConKind		kind;
 } *agooBind;
 
 extern agooBind	agoo_bind_url(agooErr err, const char *url);

data/ext/agoo/con.c

@@ -83,6 +83,12 @@ agoo_con_destroy(agooCon c) {
 	agoo_ws_req_close(c);
     }
     if (0 < c->sock) {
+#ifdef HAVE_OPENSSL_SSL_H
+	if (NULL != c->ssl) {
+	    SSL_free(c->ssl);
+	    c->ssl = NULL;
+	}
+#endif
 	close(c->sock);
 	c->sock = 0;
     }
@@ -282,7 +288,7 @@ con_header_read(agooCon c, size_t *mlenp) {
     }
     if (agoo_req_cat.on) {
 	*hend = '\0';
-	agoo_log_cat(&agoo_req_cat, "%llu: %s", (unsigned long long)c->id, c->buf);
+	agoo_log_cat(&agoo_req_cat, "%s %llu: %s", agoo_con_kind_str(c->bind->kind), (unsigned long long)c->id, c->buf);
 	*hend = '\r';
     }
     for (b = c->buf; ' ' != *b; b++) {
@@ -480,6 +486,18 @@ check_upgrade(agooCon c) {
     }
 }
 
+#ifdef HAVE_OPENSSL_SSL_H
+static void
+con_ssl_error(agooCon c, const char *filename, int line) {
+    char		buf[224];
+    unsigned long	e = ERR_get_error();
+
+    c->dead = true;
+    ERR_error_string_n(e, buf, sizeof(buf));
+    agoo_log_cat(&agoo_error_cat, "%s at %s:%d", buf, filename, line);
+}
+#endif
+
 bool
 agoo_con_http_read(agooCon c) {
     ssize_t	cnt;
@@ -487,10 +505,34 @@ agoo_con_http_read(agooCon c) {
     if (c->dead || 0 == c->sock || c->closing) {
 	return true;
     }
-    if (NULL != c->req) {
-	cnt = recv(c->sock, c->req->msg + c->bcnt, c->req->mlen - c->bcnt, 0);
+    if (AGOO_CON_HTTPS == c->bind->kind) {
+#ifdef HAVE_OPENSSL_SSL_H
+	if (NULL != c->req) {
+	    cnt = SSL_read(c->ssl, c->req->msg + c->bcnt, c->req->mlen - c->bcnt);
+	} else {
+	    cnt = SSL_read(c->ssl, c->buf + c->bcnt, sizeof(c->buf) - c->bcnt - 1);
+	}
+	if (0 > cnt) {
+	    unsigned long	e = ERR_get_error();
+
+	    if (0 == e) {
+		cnt = 0;
+		return false;
+	    } else {
+		con_ssl_error(c, __FILE__, __LINE__);
+		return true;
+	    }
+	}
+#else
+	agoo_log_cat(&agoo_error_cat, "SSL not included in the build.");
+	c->dead = true;
+#endif
     } else {
-	cnt = recv(c->sock, c->buf + c->bcnt, sizeof(c->buf) - c->bcnt - 1, 0);
+	if (NULL != c->req) {
+	    cnt = recv(c->sock, c->req->msg + c->bcnt, c->req->mlen - c->bcnt, 0);
+	} else {
+	    cnt = recv(c->sock, c->buf + c->bcnt, sizeof(c->buf) - c->bcnt - 1, 0);
+	}
     }
     c->timeout = dtime() + CON_TIMEOUT;
     if (0 >= cnt) {
@@ -544,7 +586,7 @@ agoo_con_http_read(agooCon c) {
 		long	mlen;
 
 		if (agoo_debug_cat.on && NULL != c->req && NULL != c->req->body.start) {
-		    agoo_log_cat(&agoo_debug_cat, "request on %llu: %s", (unsigned long long)c->id, c->req->body.start);
+		    agoo_log_cat(&agoo_debug_cat, "%s request on %llu: %s", agoo_con_kind_str(c->bind->kind), (unsigned long long)c->id, c->req->body.start);
 		}
 		if (NULL == (res = agoo_res_create(c))) {
 		    c->req = NULL;
@@ -584,6 +626,79 @@ agoo_con_http_read(agooCon c) {
     return false;
 }
 
+// return false to remove/close connection
+bool
+agoo_con_http_write(agooCon c) {
+    agooRes	res = agoo_con_res_pop(c);
+    agooText	message = agoo_res_message_peek(res);
+    ssize_t	cnt;
+
+    if (NULL == message) {
+	return true;
+    }
+    c->timeout = dtime() + CON_TIMEOUT;
+    if (0 == c->wcnt) {
+	if (agoo_resp_cat.on) {
+	    char	buf[4096];
+	    char	*hend = strstr(message->text, "\r\n\r\n");
+
+	    if (NULL == hend) {
+		hend = message->text + message->len;
+	    }
+	    if ((long)sizeof(buf) <= hend - message->text) {
+		hend = message->text + sizeof(buf) - 1;
+	    }
+	    memcpy(buf, message->text, hend - message->text);
+	    buf[hend - message->text] = '\0';
+	    agoo_log_cat(&agoo_resp_cat, "%s %llu: %s", agoo_con_kind_str(c->bind->kind), (unsigned long long)c->id, buf);
+	}
+	if (agoo_debug_cat.on) {
+	    agoo_log_cat(&agoo_debug_cat, "%s response on %llu: %s", agoo_con_kind_str(c->bind->kind), (unsigned long long)c->id, message->text);
+	}
+    }
+    if (AGOO_CON_HTTPS == c->bind->kind) {
+#ifdef HAVE_OPENSSL_SSL_H
+	if (0 >= (cnt = SSL_write(c->ssl, message->text + c->wcnt, message->len - c->wcnt))) {
+	    unsigned long	e = ERR_get_error();
+
+	    if (0 == e) {
+		return true;
+	    }
+	    con_ssl_error(c, __FILE__, __LINE__);
+	    return false;
+	}
+#else
+	agoo_log_cat(&agoo_error_cat, "SSL not included in the build.");
+	c->dead = true;
+#endif
+    } else {
+	if (0 > (cnt = send(c->sock, message->text + c->wcnt, message->len - c->wcnt, MSG_DONTWAIT))) {
+	    if (EAGAIN == errno) {
+		return true;
+	    }
+	    agoo_log_cat(&agoo_error_cat, "Socket error @ %llu.", (unsigned long long)c->id);
+
+	    return false;
+	}
+    }
+    c->wcnt += cnt;
+    if (c->wcnt == message->len) { // finished
+	agooText	next = agoo_res_message_next(res);
+
+	c->wcnt = 0;
+	if (NULL == next && res->final) {
+	    bool	done = res->close;
+
+	    agoo_res_destroy(res);
+
+	    return !done;
+	}
+    }
+    agoo_con_res_prepend(c, res);
+
+    return true;
+}
+
 static bool
 con_ws_read(agooCon c) {
     ssize_t	cnt;
@@ -692,62 +807,6 @@ con_ws_read(agooCon c) {
     return false;
 }
 
-// return false to remove/close connection
-bool
-agoo_con_http_write(agooCon c) {
-    agooRes	res = agoo_con_res_pop(c);
-    agooText	message = agoo_res_message_peek(res);
-    ssize_t	cnt;
-
-    if (NULL == message) {
-	return true;
-    }
-    c->timeout = dtime() + CON_TIMEOUT;
-    if (0 == c->wcnt) {
-	if (agoo_resp_cat.on) {
-	    char	buf[4096];
-	    char	*hend = strstr(message->text, "\r\n\r\n");
-
-	    if (NULL == hend) {
-		hend = message->text + message->len;
-	    }
-	    if ((long)sizeof(buf) <= hend - message->text) {
-		hend = message->text + sizeof(buf) - 1;
-	    }
-	    memcpy(buf, message->text, hend - message->text);
-	    buf[hend - message->text] = '\0';
-	    agoo_log_cat(&agoo_resp_cat, "%llu: %s", (unsigned long long)c->id, buf);
-	}
-	if (agoo_debug_cat.on) {
-	    agoo_log_cat(&agoo_debug_cat, "response on %llu: %s", (unsigned long long)c->id, message->text);
-	}
-    }
-    if (0 > (cnt = send(c->sock, message->text + c->wcnt, message->len - c->wcnt, MSG_DONTWAIT))) {
-	if (EAGAIN == errno) {
-	    return true;
-	}
-	agoo_log_cat(&agoo_error_cat, "Socket error @ %llu.", (unsigned long long)c->id);
-
-	return false;
-    }
-    c->wcnt += cnt;
-    if (c->wcnt == message->len) { // finished
-	agooText	next = agoo_res_message_next(res);
-
-	c->wcnt = 0;
-	if (NULL == next && res->final) {
-	    bool	done = res->close;
-
-	    agoo_res_destroy(res);
-
-	    return !done;
-	}
-    }
-    agoo_con_res_prepend(c, res);
-
-    return true;
-}
-
 static const char	ping_msg[] = "\x89\x00";
 static const char	pong_msg[] = "\x8a\x00";
 
@@ -1171,6 +1230,24 @@ queue_ready_io(void *ctx) {
     return AGOO_READY_IN;
 }
 
+static void
+con_ssl_setup(agooCon c) {
+#ifdef HAVE_OPENSSL_SSL_H
+    if (NULL == (c->ssl = SSL_new(agoo_server.ssl_ctx))) {
+	con_ssl_error(c, __FILE__, __LINE__);
+    }
+    if (!SSL_set_fd(c->ssl, c->sock)) {
+	con_ssl_error(c, __FILE__, __LINE__);
+    }
+    if (!SSL_accept(c->ssl)) {
+	con_ssl_error(c, __FILE__, __LINE__);
+    }
+#else
+    agoo_log_cat(&agoo_error_cat, "SSL not included in the build.");
+    c->dead = true;
+#endif
+}
+
 static bool
 con_queue_ready_read(agooReady ready, void *ctx) {
     agooConLoop		loop = (agooConLoop)ctx;
@@ -1184,6 +1261,9 @@ con_queue_ready_read(agooReady ready, void *ctx) {
 	    agoo_log_cat(&agoo_error_cat, "Failed to add connection to manager. %s", err.msg);
 	    agoo_err_clear(&err);
 	}
+	if (AGOO_CON_HTTPS == c->bind->kind) {
+	    con_ssl_setup(c);
+	}
     }
     return true;
 }
@@ -1249,6 +1329,9 @@ agoo_con_loop(void *x) {
 		agoo_log_cat(&agoo_error_cat, "Failed to add connection to manager. %s", err.msg);
 		agoo_err_clear(&err);
 	    }
+	    if (AGOO_CON_HTTPS == c->bind->kind) {
+		con_ssl_setup(c);
+	    }
 	}
 	while (NULL != (pub = (agooPub)agoo_queue_pop(&loop->pub_queue, 0.0))) {
 	    process_pub_con(pub, loop);

data/ext/agoo/con.h

@@ -7,6 +7,9 @@
 #include <pthread.h>
 #include <stdbool.h>
 #include <stdint.h>
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/ssl.h>
+#endif
 
 #include "err.h"
 #include "req.h"
@@ -59,6 +62,9 @@ typedef struct _agooCon {
 
     struct _agooUpgraded	*up; // only set for push connections
     struct _gqlSub		*gsub; // for graphql subscription
+#ifdef HAVE_OPENSSL_SSL_H
+    SSL				*ssl;
+#endif
     agooConLoop			loop;
 } *agooCon;
 

data/ext/agoo/doc.c

@@ -283,7 +283,6 @@ read_number(agooErr err, agooDoc doc) {
 	    for (; '0' <= *doc->cur && *doc->cur <= '9'; doc->cur++) {
 		exp = exp * 10 + (*doc->cur - '0');
 		if (EXP_MAX <= exp) {
-		    // TBD maybe just ignore extra and continue till the end
 		    agoo_doc_err(doc, err, "number has too many digits");
 		    return NULL;
 		}

data/ext/agoo/domain.c

@@ -115,7 +115,6 @@ agoo_domain_resolve(const char *host, char *buf, size_t blen) {
 			    *b++ = *m++;
 			    *b = '\0';
 			}
-			// TBD
 		    } else {
 			*b++ = *p;
 		    }

data/ext/agoo/err.c

@@ -25,7 +25,7 @@ agoo_err_set(agooErr err, int code, const char *fmt, ...) {
 int
 agoo_err_no(agooErr err, const char *fmt, ...) {
     int	cnt = 0;
-    
+
     if (NULL != fmt) {
 	va_list	ap;
 
@@ -53,7 +53,7 @@ agoo_err_clear(agooErr err) {
 const char*
 agoo_err_str(agooErrCode code) {
     const char	*str = NULL;
-    
+
     if (code < AGOO_ERR_START) {
 	str = strerror(code);
     }
@@ -72,6 +72,7 @@ agoo_err_str(agooErrCode code) {
 	case AGOO_ERR_TOO_MANY:	str = "too many";		break;
 	case AGOO_ERR_TYPE:	str = "type error";		break;
 	case AGOO_ERR_EVAL:	str = "eval error";		break;
+	case AGOO_ERR_TLS:	str = "TLS error";		break;
 	default:		str = "unknown error";		break;
 	}
     }
@@ -82,5 +83,3 @@ int
 agoo_err_memory(agooErr err, const char *type, const char *file, int line) {
     return agoo_err_set(err, AGOO_ERR_MEMORY, "Failed to allocate memory for a %s at %s:%d.", type, file, line);
 }
-
-    

data/ext/agoo/err.h

@@ -29,6 +29,7 @@ typedef enum {
     AGOO_ERR_TOO_MANY,
     AGOO_ERR_TYPE,
     AGOO_ERR_EVAL,
+    AGOO_ERR_TLS,
     AGOO_ERR_LAST
 } agooErrCode;
 

data/ext/agoo/extconf.rb

@@ -3,15 +3,22 @@ require 'rbconfig'
 
 extension_name = 'agoo'
 dir_config(extension_name)
+dir_config('openssl')
 
-$CFLAGS += " -DPLATFORM_LINUX" if 'x86_64-linux' == RUBY_PLATFORM
+if 'x86_64-linux' == RUBY_PLATFORM
+  $CFLAGS += " -DPLATFORM_LINUX -std=gnu11"
+else
+  $CFLAGS += ' -std=c11'
+end
 
 # Adding the __attribute__ flag only works with gcc compilers and even then it
-# does not work to check args with varargs s just remove the check.
+# does not work to check args with varargs so just remove the check.
 CONFIG['warnflags'].slice!(/ -Wsuggest-attribute=format/)
 
 have_header('stdatomic.h')
 #have_header('sys/epoll.h')
+have_header('openssl/ssl.h')
+have_library('ssl')
 
 create_makefile(File.join(extension_name, extension_name))
 

data/ext/agoo/gqleval.c

@@ -39,7 +39,6 @@ static const char	variables_str[] = "variables";
 
 gqlValue	(*gql_doc_eval_func)(agooErr err, gqlDoc doc) = NULL;
 
-// TBD errors should have message, location, and path
 static void
 err_resp(agooRes res, agooErr err, int status) {
     char		buf[1024];
@@ -540,7 +539,7 @@ eval_post(agooErr err, agooReq req) {
 		    for (link = m->value->members; NULL != link; link = link->next) {
 			gqlVar	v = gql_op_var_create(err, link->key, link->value->type, link->value);
 
-			link->value = NULL; // TBD is this correct?
+			link->value = NULL;
 			if (NULL == v) {
 			    goto DONE;
 			}

data/ext/agoo/kinds.c

@@ -0,0 +1,16 @@
+// Copyright (c) 2019, Peter Ohler, All rights reserved.
+
+#include "kinds.h"
+
+const char*
+agoo_con_kind_str(agooConKind kind) {
+    switch (kind) {
+    case AGOO_CON_ANY:		return "ANY";
+    case AGOO_CON_HTTP:		return "HTTP";
+    case AGOO_CON_HTTPS:	return "HTTPS";
+    case AGOO_CON_WS:		return "WS";
+    case AGOO_CON_SSE:		return "SSE";
+    default:			break;
+    }
+    return "UNKNOWN";
+}

data/ext/agoo/kinds.h

@@ -6,8 +6,11 @@
 typedef enum {
     AGOO_CON_ANY	= '\0',
     AGOO_CON_HTTP	= 'H',
+    AGOO_CON_HTTPS	= 'T',
     AGOO_CON_WS		= 'W',
     AGOO_CON_SSE	= 'S',
 } agooConKind;
 
+extern const char*	agoo_con_kind_str(agooConKind kind);
+
 #endif // AGOO_KINDS_H

data/ext/agoo/request.c

@@ -23,6 +23,7 @@ static VALUE	empty_val = Qundef;
 static VALUE	get_val = Qundef;
 static VALUE	head_val = Qundef;
 static VALUE	http_val = Qundef;
+static VALUE	https_val = Qundef;
 static VALUE	options_val = Qundef;
 static VALUE	patch_val = Qundef;
 static VALUE	path_info_val = Qundef;
@@ -262,7 +263,9 @@ rack_version(VALUE self) {
 
 static VALUE
 req_rack_url_scheme(agooReq r) {
-    // TBD http or https when ssl is supported
+    if (AGOO_CON_HTTPS == r->res->con->bind->kind) {
+	return https_val;
+    }
     return http_val;
 }
 
@@ -691,6 +694,7 @@ request_init(VALUE mod) {
     get_val = rb_str_new_cstr("GET");				rb_gc_register_address(&get_val);
     head_val = rb_str_new_cstr("HEAD");				rb_gc_register_address(&head_val);
     http_val = rb_str_new_cstr("http");				rb_gc_register_address(&http_val);
+    https_val = rb_str_new_cstr("https");			rb_gc_register_address(&https_val);
     options_val = rb_str_new_cstr("OPTIONS");			rb_gc_register_address(&options_val);
     patch_val = rb_str_new_cstr("PATCH");			rb_gc_register_address(&patch_val);
     path_info_val = rb_str_new_cstr("PATH_INFO");		rb_gc_register_address(&path_info_val);

data/ext/agoo/rserver.c

@@ -160,6 +160,21 @@ configure(agooErr err, int port, const char *root, VALUE options) {
 		}
 	    }
 	}
+	if (Qnil != (v = rb_hash_lookup(options, ID2SYM(rb_intern("ssl_cert"))))) {
+	    rb_check_type(v, T_STRING);
+	    const char	*cert =StringValuePtr(v);
+
+	    if (Qnil != (v = rb_hash_lookup(options, ID2SYM(rb_intern("ssl_key"))))) {
+		rb_check_type(v, T_STRING);
+		const char	*key =StringValuePtr(v);
+
+		if (AGOO_ERR_OK != agoo_server_ssl_init(err, cert, key)) {
+		    rb_raise(rb_eArgError, "%s", err->msg);
+		}
+	    } else {
+		rb_raise(rb_eArgError, "An ssl_key must be provided if an ssl_cert was provided.");
+	    }
+	}
 	if (Qnil != (v = rb_hash_lookup(options, ID2SYM(rb_intern("bind"))))) {
 	    int	len;
 	    int	i;
@@ -258,6 +273,12 @@ configure(agooErr err, int port, const char *root, VALUE options) {
  *   - *:bind* [_String_|_Array_] a binding or array of binds. Examples are: "http ://127.0.0.1:6464", "unix:///tmp/agoo.socket", "http ://[::1]:6464, or to not restrict the address "http ://:6464".
  *
  *   - *:graphql* [_String_] path to GraphQL endpoint if support for GraphQL is desired.
+ *
+ *   - *:max_push_pending* [_Integer_] maximum number or outstanding push messages, less than 1000.
+ *
+ *   - *:ssl_sert* [_String_] filepath to the SSL certificate file.
+ *
+ *   - *:ssl_key* [_String_] filepath to the SSL private key file.
  */
 static VALUE
 rserver_init(int argc, VALUE *argv, VALUE self) {

data/ext/agoo/server.c

@@ -34,8 +34,6 @@ double	agoo_io_loop_ratio = 0.5;
 
 int
 agoo_server_setup(agooErr err) {
-    long	i;
-
     memset(&agoo_server, 0, sizeof(struct _agooServer));
     pthread_mutex_init(&agoo_server.up_lock, 0);
     agoo_server.up_list = NULL;
@@ -47,6 +45,8 @@ agoo_server_setup(agooErr err) {
 	AGOO_ERR_OK != agoo_queue_multi_init(err, &agoo_server.eval_queue, 1024, true, true)) {
 	return err->code;
     }
+    long	i;
+
     agoo_server.loop_max = 4;
     if (0 < (i = sysconf(_SC_NPROCESSORS_ONLN))) {
 	i = (int)(i * agoo_io_loop_ratio);
@@ -58,6 +58,41 @@ agoo_server_setup(agooErr err) {
     return AGOO_ERR_OK;
 }
 
+#ifdef HAVE_OPENSSL_SSL_H
+static int
+ssl_error(agooErr err, const char *filename, int line) {
+    char		buf[224];
+    unsigned long	e = ERR_get_error();
+
+    ERR_error_string_n(e, buf, sizeof(buf));
+
+    return agoo_err_set(err, AGOO_ERR_TLS, "%s at %s:%d", buf, filename, line);
+}
+#endif
+
+int
+agoo_server_ssl_init(agooErr err, const char *cert_pem, const char *key_pem) {
+#ifdef HAVE_OPENSSL_SSL_H
+    SSL_load_error_strings();
+    SSL_library_init();
+    if (NULL == (agoo_server.ssl_ctx = SSL_CTX_new(SSLv23_server_method()))) {
+	return ssl_error(err, __FILE__, __LINE__);
+    }
+    SSL_CTX_set_ecdh_auto(agoo_server.ssl_ctx, 1);
+
+    if (!SSL_CTX_use_certificate_file(agoo_server.ssl_ctx, cert_pem, SSL_FILETYPE_PEM)) {
+	return ssl_error(err, __FILE__, __LINE__);
+    }
+    if (!SSL_CTX_use_PrivateKey_file(agoo_server.ssl_ctx, key_pem, SSL_FILETYPE_PEM)) {
+	return ssl_error(err, __FILE__, __LINE__);
+    }
+    if (!SSL_CTX_check_private_key(agoo_server.ssl_ctx)) {
+	return agoo_err_set(err, AGOO_ERR_TLS, "TLS private key check failed");
+    }
+#endif
+    return AGOO_ERR_OK;
+}
+
 static void
 add_con_loop() {
     struct _agooErr	err = AGOO_ERR_INIT;
@@ -255,6 +290,12 @@ agoo_server_shutdown(const char *app_name, void (*stop)()) {
 	agoo_pages_cleanup();
 	agoo_http_cleanup();
 	agoo_domain_cleanup();
+#ifdef HAVE_OPENSSL_SSL_H
+	if (NULL != agoo_server.ssl_ctx) {
+	    SSL_CTX_free(agoo_server.ssl_ctx);
+	    EVP_cleanup();
+	}
+#endif
     }
 }
 

data/ext/agoo/server.h

@@ -6,6 +6,12 @@
 #include <pthread.h>
 #include <stdbool.h>
 
+#ifdef HAVE_OPENSSL_SSL_H
+#include <openssl/bio.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#endif
+
 #include "atomic.h"
 #include "bind.h"
 #include "err.h"
@@ -28,6 +34,7 @@ typedef struct _agooServer {
     bool			pedantic;
     bool			root_first;
     bool			rack_early_hints;
+    bool			tls;
     pthread_t			listen_thread;
     struct _agooQueue		con_queue;
     agooHook			hooks;
@@ -48,6 +55,9 @@ typedef struct _agooServer {
     void			*env_nil_value;
     void			*ctx_nil_value;
 
+#ifdef HAVE_OPENSSL_SSL_H
+    SSL_CTX			*ssl_ctx;
+#endif
     // A count of the running threads from the wrapper or the server managed
     // threads.
     atomic_int			running;
@@ -56,6 +66,7 @@ typedef struct _agooServer {
 extern int	agoo_server_setup(agooErr err);
 extern void	agoo_server_shutdown(const char *app_name, void (*stop)());
 extern void	agoo_server_bind(agooBind b);
+extern int	agoo_server_ssl_init(agooErr err, const char *cert_pem, const char *key_pem);
 
 extern int	setup_listen(agooErr err);
 extern int	agoo_server_start(agooErr err, const char *app_name, const char *version);

data/lib/agoo/version.rb

@@ -1,5 +1,5 @@
 
 module Agoo
   # Agoo version.
-  VERSION = '2.10.0'
+  VERSION = '2.11.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: agoo
 version: !ruby/object:Gem::Version
-  version: 2.10.0
+  version: 2.11.0
 platform: ruby
 authors:
 - Peter Ohler
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-08-29 00:00:00.000000000 Z
+date: 2019-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oj
@@ -88,6 +88,7 @@ files:
 - ext/agoo/hook.h
 - ext/agoo/http.c
 - ext/agoo/http.h
+- ext/agoo/kinds.c
 - ext/agoo/kinds.h
 - ext/agoo/log.c
 - ext/agoo/log.h