iodine 0.7.16 → 0.7.17

data/ext/iodine/iodine_http.h

@@ -12,7 +12,10 @@ Feel free to copy, use and enjoy according to the license provided.
 extern VALUE IODINE_R_HIJACK;
 extern VALUE IODINE_R_HIJACK_IO;
 extern VALUE IODINE_R_HIJACK_CB;
-extern VALUE iodine_default_args;
 void iodine_init_http(void);
 
+intptr_t iodine_http_listen(iodine_connection_args_s args);
+// intptr_t iodine_http_connect(iodine_connection_args_s args); // not yet...
+intptr_t iodine_ws_connect(iodine_connection_args_s args);
+
 #endif

data/ext/iodine/iodine_mustache.c

@@ -9,9 +9,9 @@
 
 static ID call_func_id;
 static ID to_s_func_id;
-static ID filename_id;
-static ID data_id;
-static ID template_id;
+static VALUE filename_id;
+static VALUE data_id;
+static VALUE template_id;
 /* *****************************************************************************
 C <=> Ruby Data allocation
 ***************************************************************************** */
@@ -255,20 +255,63 @@ Loading the template
 ***************************************************************************** */
 
 /**
-Loads a mustache template (and any partials).
+Loads the mustache template found in `:filename`. If `:template` is provided it
+will be used instead of reading the file's content.
+
+    Iodine::Mustache.new(filename, template = nil)
+
+When template data is provided, filename (if any) will only be used for partial
+template path resolution and the template data will be used for the template's
+content. This allows, for example, for front matter to be extracted before
+parsing the template.
 
 Once a template was loaded, it could be rendered using {render}.
+
+Accepts named arguments as well:
+
+    Iodine::Mustache.new(filename: "foo.mustache", template: "{{ bar }}")
+
 */
-static VALUE iodine_mustache_new(VALUE self, VALUE filename) {
+static VALUE iodine_mustache_new(int argc, VALUE *argv, VALUE self) {
+  VALUE filename = Qnil, template = Qnil;
+  if (argc == 1 && RB_TYPE_P(argv[0], T_HASH)) {
+    /* named arguments */
+    filename = rb_hash_aref(argv[0], filename_id);
+    template = rb_hash_aref(argv[0], template_id);
+  } else {
+    /* regular arguments */
+    if (argc == 0 || argc > 2)
+      rb_raise(rb_eArgError, "expecting 1..2 arguments or named arguments.");
+    filename = argv[0];
+    if (argc > 1) {
+      template = argv[1];
+    }
+  }
+  if (filename == Qnil && template == Qnil)
+    rb_raise(rb_eArgError, "need either template contents or file name.");
+
+  if (template != Qnil)
+    Check_Type(template, T_STRING);
+  if (filename != Qnil)
+    Check_Type(filename, T_STRING);
+
+  fio_str_s str = FIO_STR_INIT;
+
   mustache_s **m = NULL;
   TypedData_Get_Struct(self, mustache_s *, &iodine_mustache_data_type, m);
   if (!m) {
     rb_raise(rb_eRuntimeError, "Iodine::Mustache allocation error.");
   }
-  Check_Type(filename, T_STRING);
+
   mustache_error_en err;
-  *m = mustache_load(.filename = RSTRING_PTR(filename),
-                     .filename_len = RSTRING_LEN(filename), .err = &err);
+  *m = mustache_load(.filename =
+                         (filename == Qnil ? NULL : RSTRING_PTR(filename)),
+                     .filename_len =
+                         (filename == Qnil ? 0 : RSTRING_LEN(filename)),
+                     .data = (template == Qnil ? NULL : RSTRING_PTR(template)),
+                     .data_len = (template == Qnil ? 0 : RSTRING_LEN(template)),
+                     .err = &err);
+
   if (!*m)
     goto error;
   return self;
@@ -412,7 +455,7 @@ static VALUE iodine_mustache_render_klass(int argc, VALUE *argv, VALUE self) {
     }
   }
   if (filename == Qnil && template == Qnil)
-    rb_raise(rb_eArgError, "missing both template contents and file name.");
+    rb_raise(rb_eArgError, "need either template contents or file name.");
 
   if (template != Qnil)
     Check_Type(template, T_STRING);
@@ -502,53 +545,15 @@ Initialize Iodine::Mustache
 void iodine_init_mustache(void) {
   call_func_id = rb_intern2("call", 4);
   to_s_func_id = rb_intern2("to_s", 4);
-  filename_id = rb_intern2("filename", 8);
-  data_id = rb_intern2("data", 4);
-  template_id = rb_intern2("template", 8);
-  /**
-  Iodine::Mustache offers a logicless mustache template engine with strict HTML
-  escaping (more than the basic `"<>'$`).
-
-  This offers more security against XSS and protects against the chance of
-  executing Ruby code within the template.
-
-  You can test the parser using:
-
-      TEMPLATE="my_template.mustache"
-
-      require 'json'
-      require 'iodine'
-      TIMES = 100
-      STR = IO.binread(JSON_FILENAME); nil
-
-      JSON.parse(STR) == Iodine::JSON.parse(STR) # => true
-      JSON.parse(STR,
-          symbolize_names: true) == Iodine::JSON.parse(STR,
-           symbolize_names: true) # => true
-      JSON.parse!(STR) == Iodine::JSON.parse!(STR) # => true/false (unknown)
-
-      # warm-up
-      TIMES.times { JSON.parse STR }
-      TIMES.times { Iodine::JSON.parse STR }
-
-      Benchmark.bm do |b|
-        sys = b.report("system") { TIMES.times { JSON.parse STR } }
-        sys_sym = b.report("system sym") { TIMES.times { JSON.parse STR,
-                                                 symbolize_names: true } }
-        iodine = b.report("iodine") { TIMES.times { Iodine::JSON.parse STR } }
-        iodine_sym = b.report("iodine sym") do
-                           TIMES.times { Iodine::JSON.parse STR,
-                                                  symbolize_names: true }
-                      end
-        puts "System    /    Iodine: #{sys/iodine}"
-        puts "System-sym/Iodine-sym: #{sys_sym/iodine_sym}"
-      end; nil
-
-
-  */
+  filename_id = rb_id2sym(rb_intern2("filename", 8));
+  data_id = rb_id2sym(rb_intern2("data", 4));
+  template_id = rb_id2sym(rb_intern2("template", 8));
+  rb_global_variable(&filename_id);
+  rb_global_variable(&data_id);
+  rb_global_variable(&template_id);
   VALUE tmp = rb_define_class_under(IodineModule, "Mustache", rb_cData);
   rb_define_alloc_func(tmp, iodine_mustache_data_alloc_c);
-  rb_define_method(tmp, "initialize", iodine_mustache_new, 1);
+  rb_define_method(tmp, "initialize", iodine_mustache_new, -1);
   rb_define_method(tmp, "render", iodine_mustache_render, 1);
   rb_define_singleton_method(tmp, "render", iodine_mustache_render_klass, -1);
   // rb_define_module_function(tmp, "render", iodine_mustache_render_klass, 2);

data/ext/iodine/iodine_pubsub.c

@@ -388,7 +388,7 @@ static VALUE iodine_pubsub_redis_new(int argc, VALUE *argv, VALUE self) {
   }
 
   /* parse URL assume redis://redis:password@localhost:6379 */
-  http_url_s info = http_url_parse(RSTRING_PTR(url), RSTRING_LEN(url));
+  fio_url_s info = fio_url_parse(RSTRING_PTR(url), RSTRING_LEN(url));
 
   FIO_LOG_INFO("Initializing Redis engine for address: %.*s",
                (int)RSTRING_LEN(url), RSTRING_PTR(url));

data/ext/iodine/iodine_tcp.c

@@ -100,8 +100,10 @@ static void iodine_tcp_ping(intptr_t uuid, fio_protocol_s *protocol) {
   (void)uuid;
 }
 
-/** called when a connection opens */
+/** fio_listen callback, called when a connection opens */
 static void iodine_tcp_on_open(intptr_t uuid, void *udata) {
+  if (!fio_is_valid(uuid))
+    return;
   VALUE handler = IodineCaller.call((VALUE)udata, call_id);
   IodineStore.add(handler);
   iodine_tcp_attch_uuid(uuid, handler);
@@ -115,15 +117,12 @@ static void iodine_tcp_on_finish(intptr_t uuid, void *udata) {
 }
 
 /**
- * The `on_connect` callback should return a pointer to a protocol object
- * that will handle any connection related events.
- *
- * Should either call `fio_attach` or close the connection.
+ * The `on_connect` callback should either call `fio_attach` or close the
+ * connection.
  */
 static void iodine_tcp_on_connect(intptr_t uuid, void *udata) {
-  VALUE handler = (VALUE)udata;
-  iodine_tcp_attch_uuid(uuid, handler);
-  IodineStore.remove(handler);
+  iodine_tcp_attch_uuid(uuid, (VALUE)udata);
+  IodineStore.remove((VALUE)udata);
 }
 
 /**
@@ -131,13 +130,7 @@ static void iodine_tcp_on_connect(intptr_t uuid, void *udata) {
  * is passed along.
  */
 static void iodine_tcp_on_fail(intptr_t uuid, void *udata) {
-  VALUE handler = (VALUE)udata;
-  if (rb_respond_to(handler, on_closed_id)) {
-    VALUE client = Qnil;
-    IodineCaller.call2(handler, on_closed_id, 1, &client);
-  }
-  IodineStore.remove(handler);
-  (void)uuid;
+  IodineStore.remove((VALUE)udata);
 }
 
 /* *****************************************************************************
@@ -203,7 +196,7 @@ Here's a telnet based chat-room example:
           self
         end
       end
-      # we can bothe the `handler` keuword or a block, anything that answers #call.
+      # we use can both the `handler` keyword or a block, anything that answers #call.
       Iodine.listen(port: "3000", handler: ChatHandler)
       # start the service
       Iodine.threads = 1
@@ -213,45 +206,13 @@ Here's a telnet based chat-room example:
 
 Returns the handler object used.
 */
-static VALUE iodine_tcp_listen(VALUE self, VALUE args) {
+intptr_t iodine_tcp_listen(iodine_connection_args_s args) {
   // clang-format on
-  Check_Type(args, T_HASH);
-  VALUE rb_port = rb_hash_aref(args, port_id);
-  VALUE rb_address = rb_hash_aref(args, address_id);
-  VALUE rb_handler = rb_hash_aref(args, handler_id);
-  fio_str_s port = FIO_STR_INIT;
-  if (rb_handler == Qnil || rb_handler == Qfalse || rb_handler == Qtrue) {
-    rb_need_block();
-    rb_handler = rb_block_proc();
-  }
-  IodineStore.add(rb_handler);
-  if (rb_address != Qnil) {
-    Check_Type(rb_address, T_STRING);
-  }
-
-  if (rb_port != Qnil) {
-    if (rb_port == Qfalse) {
-      fio_str_write_i(&port, 0);
-    } else if (RB_TYPE_P(rb_port, T_STRING))
-      fio_str_write(&port, RSTRING_PTR(rb_port), RSTRING_LEN(rb_port));
-    else if (RB_TYPE_P(rb_port, T_FIXNUM))
-      fio_str_write_i(&port, FIX2LONG(rb_port));
-    else
-      rb_raise(rb_eTypeError,
-               "The `port` property MUST be either a String or a Number");
-  }
-  if (fio_listen(.port = fio_str_info(&port).data,
-                 .address =
-                     (rb_address == Qnil ? NULL : StringValueCStr(rb_address)),
-                 .on_open = iodine_tcp_on_open,
-                 .on_finish = iodine_tcp_on_finish,
-                 .udata = (void *)rb_handler) == -1) {
-    IodineStore.remove(rb_handler);
-    rb_raise(rb_eRuntimeError,
-             "failed to listen to requested address, unknown error.");
-  }
-  return rb_handler;
-  (void)self;
+  IodineStore.add(args.handler);
+  return fio_listen(.port = args.port.data, .address = args.address.data,
+                    .on_open = iodine_tcp_on_open,
+                    .on_finish = iodine_tcp_on_finish, .tls = args.tls,
+                    .udata = (void *)args.handler);
 }
 
 // clang-format off
@@ -264,6 +225,7 @@ The method accepts a single Hash argument with the following optional keys:
 :address :: The address to listen to, which could be a Unix Socket path as well as an IPv4 / IPv6 address. Deafults to 0.0.0.0 (or the IPv6 equivelant).
 :handler :: A connection callback object that supports the following same callbacks listen in the {listen} method's documentation.
 :timeout :: An integer timeout for connection establishment (doen't effect the new connection's timeout. Should be in the rand of 0..255.
+:tls :: An {Iodine::TLS} object (optional) for secure connections.
 
 The method also accepts an optional block.
 
@@ -273,45 +235,13 @@ If the connection fails, only the `on_close` callback will be called (with a `ni
 
 Returns the handler object used.
 */
-static VALUE iodine_tcp_connect(VALUE self, VALUE args) {
+intptr_t iodine_tcp_connect(iodine_connection_args_s args){
   // clang-format on
-  Check_Type(args, T_HASH);
-  VALUE rb_port = rb_hash_aref(args, port_id);
-  VALUE rb_address = rb_hash_aref(args, address_id);
-  VALUE rb_handler = rb_hash_aref(args, handler_id);
-  VALUE rb_timeout = rb_hash_aref(args, timeout_id);
-  uint8_t timeout = 0;
-  fio_str_s port = FIO_STR_INIT;
-  if (rb_handler == Qnil || rb_handler == Qfalse || rb_handler == Qtrue) {
-    rb_raise(rb_eArgError, "A callback object (:handler) must be provided.");
-  }
-  IodineStore.add(rb_handler);
-  if (rb_address != Qnil) {
-    Check_Type(rb_address, T_STRING);
-  }
-  if (rb_port != Qnil) {
-    if (rb_port == Qfalse) {
-      fio_str_write_i(&port, 0);
-    } else if (RB_TYPE_P(rb_port, T_STRING))
-      fio_str_write(&port, RSTRING_PTR(rb_port), RSTRING_LEN(rb_port));
-    else if (RB_TYPE_P(rb_port, T_FIXNUM))
-      fio_str_write_i(&port, FIX2LONG(rb_port));
-    else
-      rb_raise(rb_eTypeError,
-               "The `port` property MUST be either a String or a Number");
-  }
-  if (rb_timeout != Qnil) {
-    Check_Type(rb_timeout, T_FIXNUM);
-    timeout = NUM2USHORT(rb_timeout);
-  }
-  fio_connect(.port = fio_str_info(&port).data,
-              .address =
-                  (rb_address == Qnil ? NULL : StringValueCStr(rb_address)),
-              .on_connect = iodine_tcp_on_connect,
-              .on_fail = iodine_tcp_on_fail, .timeout = timeout,
-              .udata = (void *)rb_handler);
-  return rb_handler;
-  (void)self;
+  IodineStore.add(args.handler);
+  return fio_connect(.port = args.port.data, .address = args.address.data,
+                     .on_connect = iodine_tcp_on_connect, .tls = args.tls,
+                     .on_fail = iodine_tcp_on_fail, .timeout = args.ping,
+                     .udata = (void *)args.handler);
 }
 
 // clang-format off
@@ -358,8 +288,6 @@ void iodine_init_tcp_connections(void) {
 
   IodineBinaryEncoding = rb_enc_find("binary");
 
-  rb_define_module_function(IodineModule, "listen", iodine_tcp_listen, 1);
-  rb_define_module_function(IodineModule, "connect", iodine_tcp_connect, 1);
   rb_define_module_function(IodineModule, "attach_fd", iodine_tcp_attach_fd, 2);
 }
 
@@ -369,16 +297,15 @@ Allow uuid attachment
 
 /** assigns a protocol and IO object to a handler */
 void iodine_tcp_attch_uuid(intptr_t uuid, VALUE handler) {
+  FIO_LOG_DEBUG("Iodine attaching handler %p to uuid %p", (void *)handler,
+                (void *)uuid);
   if (handler == Qnil || handler == Qfalse || handler == Qtrue) {
     fio_close(uuid);
     return;
   }
   /* temporary, in case `iodine_connection_new` invokes the GC */
   iodine_protocol_s *p = malloc(sizeof(*p));
-  if (!p) {
-    perror("FATAL ERROR: No Memory!");
-    exit(errno);
-  }
+  FIO_ASSERT_ALLOC(p);
   *p = (iodine_protocol_s){
       .p =
           {
@@ -393,6 +320,13 @@ void iodine_tcp_attch_uuid(intptr_t uuid, VALUE handler) {
   };
   /* clear away (remember the connection object manages these concerns) */
   fio_attach(uuid, &p->p);
-  iodine_connection_fire_event(p->io, IODINE_CONNECTION_ON_OPEN, Qnil);
-  p->p.on_ready = iodine_tcp_on_ready;
+  if (fio_is_valid(uuid)) {
+    iodine_connection_fire_event(p->io, IODINE_CONNECTION_ON_OPEN, Qnil);
+    p->p.on_ready = iodine_tcp_on_ready;
+    fio_force_event(uuid, FIO_EVENT_ON_READY);
+  } else {
+    FIO_LOG_DEBUG(
+        "Iodine couldn't attach handler %p to uuid %p - invalid uuid.",
+        (void *)handler, (void *)uuid);
+  }
 }

data/ext/iodine/iodine_tcp.h

@@ -3,7 +3,11 @@
 
 #include "ruby.h"
 
+#include "iodine.h"
+
 void iodine_init_tcp_connections(void);
 void iodine_tcp_attch_uuid(intptr_t uuid, VALUE handler);
+intptr_t iodine_tcp_listen(iodine_connection_args_s args);
+intptr_t iodine_tcp_connect(iodine_connection_args_s args);
 
 #endif

data/ext/iodine/iodine_tls.c

@@ -0,0 +1,267 @@
+#include <ruby.h>
+
+#include <fio.h>
+#include <fio_tls.h>
+#include <iodine.h>
+
+static VALUE server_name_sym = Qnil, certificate_sym = Qnil,
+             private_key_sym = Qnil, password_sym = Qnil;
+VALUE IodineTLSClass;
+/* *****************************************************************************
+C <=> Ruby Data allocation
+***************************************************************************** */
+
+static size_t iodine_tls_data_size(const void *c_) {
+  return sizeof(fio_tls_s *);
+  (void)c_;
+}
+
+static void iodine_tls_data_free(void *c_) { fio_tls_destroy(c_); }
+
+static const rb_data_type_t iodine_tls_data_type = {
+    .wrap_struct_name = "IodineTLSData",
+    .function =
+        {
+            .dmark = NULL,
+            .dfree = iodine_tls_data_free,
+            .dsize = iodine_tls_data_size,
+        },
+    .data = NULL,
+    // .flags = RUBY_TYPED_FREE_IMMEDIATELY,
+};
+
+/* Iodine::PubSub::Engine.allocate */
+static VALUE iodine_tls_data_alloc_c(VALUE klass) {
+  fio_tls_s *tls = fio_tls_new(NULL, NULL, NULL, NULL);
+  FIO_ASSERT_ALLOC(tls);
+  return TypedData_Wrap_Struct(klass, &iodine_tls_data_type, tls);
+}
+
+/* *****************************************************************************
+ALPN selection callback
+***************************************************************************** */
+
+FIO_FUNC void iodine_tls_alpn_cb(intptr_t uuid, void *udata, void *block_) {
+  if (!fio_is_valid(uuid)) {
+    FIO_LOG_DEBUG("ALPN callback called for invalid connetion. SSL/TLS error?");
+    return;
+  }
+  VALUE new_handler = IodineCaller.call((VALUE)block_, iodine_call_id);
+  if (!new_handler || new_handler == Qnil || new_handler == Qtrue ||
+      new_handler == Qfalse) {
+    fio_close(uuid);
+    return;
+  }
+
+  iodine_tcp_attch_uuid(uuid, new_handler);
+
+  (void)udata; /* we can't use `udata`, since it's different in HTTP vs. TCP */
+}
+
+/* *****************************************************************************
+C API
+***************************************************************************** */
+
+fio_tls_s *iodine_tls2c(VALUE self) {
+  fio_tls_s *c = NULL;
+  if (self == Qnil || self == Qfalse)
+    return NULL;
+  TypedData_Get_Struct(self, fio_tls_s, &iodine_tls_data_type, c);
+  if (!c) {
+    rb_raise(rb_eTypeError, "Iodine::TLS error - not an Iodine::TLS object?");
+  }
+  return c;
+}
+
+/* *****************************************************************************
+Ruby API
+***************************************************************************** */
+
+/**
+Assigns the TLS context a public sertificate, allowing remote parties to
+validate the connection's identity.
+
+A self signed certificate is automatically created if the `server_name` argument
+is specified and either (or both) of the `certificate` or `private_ket`
+arguments are missing.
+
+Some implementations allow servers to have more than a single certificate, which
+will be selected using the SNI extension. I believe the existing OpenSSL
+implementation supports this option (untested).
+
+     Iodine::TLS#use_certificate(server_name,
+                                 certificate = nil,
+                                 private_key = nil,
+                                 password = nil)
+
+Certificates and keys should be String objects leading to a PEM file.
+
+This method also accepts named arguments. i.e.:
+
+     tls = Iodine::TLS.new
+     tls.use_certificate server_name: "example.com"
+     tls.use_certificate certificate: "my_cert.pem", private_key: "my_key.pem"
+
+Since TLS setup is crucial for security, a missing file will result in Iodine
+crashing with an error message. This is expected behavior.
+
+*/
+static VALUE iodine_tls_use_certificate(int argc, VALUE *argv, VALUE self) {
+  VALUE server_name = Qnil, certificate = Qnil, private_key = Qnil,
+        password = Qnil;
+  if (argc == 1 && RB_TYPE_P(argv[0], T_HASH)) {
+    /* named arguments */
+    server_name = rb_hash_aref(argv[0], server_name_sym);
+    certificate = rb_hash_aref(argv[0], certificate_sym);
+    private_key = rb_hash_aref(argv[0], private_key_sym);
+    password = rb_hash_aref(argv[0], password_sym);
+  } else {
+    /* regular arguments */
+    switch (argc) {
+    case 4: /* overflow */
+      password = argv[3];
+      Check_Type(password, T_STRING);
+    case 3: /* overflow */
+      private_key = argv[1];
+      Check_Type(private_key, T_STRING);
+    case 2: /* overflow */
+      certificate = argv[2];
+      Check_Type(certificate, T_STRING);
+    case 1: /* overflow */
+      server_name = argv[0];
+      Check_Type(server_name, T_STRING);
+      break;
+    default:
+      rb_raise(rb_eArgError, "expecting 1..4 arguments or named arguments.");
+      return self;
+    }
+  }
+
+  fio_tls_s *t = iodine_tls2c(self);
+  char *srvname = (server_name == Qnil ? NULL : StringValueCStr(server_name));
+  char *pubcert = (certificate == Qnil ? NULL : StringValueCStr(certificate));
+  char *prvkey = (private_key == Qnil ? NULL : StringValueCStr(private_key));
+  char *pass = (password == Qnil ? NULL : StringValueCStr(password));
+
+  fio_tls_cert_add(t, srvname, pubcert, prvkey, pass);
+  return self;
+}
+
+/**
+Adds a certificate PEM file to the list of trusted certificates and enforces
+peer verification.
+
+This is extremely important when using {Iodine::TLS} for client connections,
+since adding the target server's
+
+It is enough to add the Certificate Authority's (CA) certificate, there's no
+need to add each client or server certificate.
+
+When {trust} is used on a server TLS, only trusted clients will be allowed to
+connect.
+
+Since TLS setup is crucial for security, a missing file will result in Iodine
+crashing with an error message. This is expected behavior.
+*/
+static VALUE iodine_tls_trust(VALUE self, VALUE certificate) {
+  Check_Type(certificate, T_STRING);
+  fio_tls_s *t = iodine_tls2c(self);
+  char *pubcert =
+      (certificate == Qnil ? NULL : IODINE_RSTRINFO(certificate).data);
+  fio_tls_trust(t, pubcert);
+  return self;
+}
+
+/**
+Adds an ALPN protocol callback for the named protocol, the required block must
+return the handler for that protocol.
+
+The first protocol added will be the default protocol in cases where ALPN
+failed.
+
+i.e.:
+
+     tls.on_protocol("http/1.1") { HTTPConnection.new }
+
+When implementing TLS clients, this identifies the protocol(s) that should be
+requested by the client.
+
+When implementing TLS servers, this identifies the protocol(s) offered by the
+server.
+
+More than a single protocol can be set, but iodine doesn't offer, at this
+moment, a way to handle these changes or to detect which protocol was selected
+except by assigning a different callback per protocol.
+
+This is implemented using the ALPN extension to TLS.
+*/
+static VALUE iodine_tls_alpn(VALUE self, VALUE protocol_name) {
+  Check_Type(protocol_name, T_STRING);
+  rb_need_block();
+  fio_tls_s *t = iodine_tls2c(self);
+  char *prname =
+      (protocol_name == Qnil ? NULL : IODINE_RSTRINFO(protocol_name).data);
+  VALUE block = IodineStore.add(rb_block_proc());
+  fio_tls_alpn_add(t, prname, iodine_tls_alpn_cb, (void *)block,
+                   (void (*)(void *))IodineStore.remove);
+  return self;
+}
+
+/**
+Loads the mustache template found in `:filename`. If `:template` is provided
+it will be used instead of reading the file's content.
+
+    Iodine::Mustache.new(filename, template = nil)
+
+When template data is provided, filename (if any) will only be used for
+partial template path resolution and the template data will be used for the
+template's content. This allows, for example, for front matter to be extracted
+before parsing the template.
+
+Once a template was loaded, it could be rendered using {render}.
+
+Accepts named arguments as well:
+
+    Iodine::Mustache.new(filename: "foo.mustache", template: "{{ bar }}")
+
+*/
+static VALUE iodine_tls_new(int argc, VALUE *argv, VALUE self) {
+  if (argc) {
+    iodine_tls_use_certificate(argc, argv, self);
+  }
+  return self;
+}
+
+/* *****************************************************************************
+Initialize Iodine::TLS
+***************************************************************************** */
+#define IODINE_MAKE_SYM(name)                                                  \
+  do {                                                                         \
+    name##_sym = rb_id2sym(rb_intern(#name));                                  \
+    rb_global_variable(&name##_sym);                                           \
+  } while (0)
+
+void iodine_init_tls(void) {
+
+  IODINE_MAKE_SYM(server_name);
+  IODINE_MAKE_SYM(certificate);
+  IODINE_MAKE_SYM(private_key);
+  IODINE_MAKE_SYM(password);
+
+  IodineTLSClass = rb_define_class_under(IodineModule, "TLS", rb_cData);
+  rb_define_alloc_func(IodineTLSClass, iodine_tls_data_alloc_c);
+  rb_define_method(IodineTLSClass, "initialize", iodine_tls_new, -1);
+  rb_define_method(IodineTLSClass, "use_certificate",
+                   iodine_tls_use_certificate, -1);
+  rb_define_method(IodineTLSClass, "trust", iodine_tls_trust, 1);
+  rb_define_method(IodineTLSClass, "on_protocol", iodine_tls_alpn, 1);
+
+#if HAVE_OPENSSL
+  rb_const_set(IodineTLSClass, rb_intern("SUPPORTED"), Qtrue);
+#elif HAVE_BEARSSL
+  rb_const_set(IodineTLSClass, rb_intern("SUPPORTED"), Qfalse);
+#else
+  rb_const_set(IodineTLSClass, rb_intern("SUPPORTED"), Qfalse);
+#endif
+}
+#undef IODINE_MAKE_SYM