Update & configure SSL a little

author: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com> 2022-09-17 21:43:32 -0700
committer: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com> 2022-09-17 21:45:03 -0700
commit: 3719c3b736fde4fb3fd164c32f1494c5125bee6f (patch)
tree: e30a04ba89a8172ebcb241191d7b43b7b7ee1895 /src
parent: 0e424de6848bf8031924d610d279fcb371338eb9 (diff)
download: bun-3719c3b736fde4fb3fd164c32f1494c5125bee6f.tar.gz
bun-3719c3b736fde4fb3fd164c32f1494c5125bee6f.tar.zst
bun-3719c3b736fde4fb3fd164c32f1494c5125bee6f.zip
5 files changed, 62 insertions, 39 deletions
diff --git a/src/deps/boringssl b/src/deps/boringssl
-Subproject fa3fbda07bbf70925453d6a3c25a7aa455aa1ce
+Subproject 04989786e9ab16cef5261bbd05a2b1a8cb312db
diff --git a/src/deps/boringssl.translated.zig b/src/deps/boringssl.translated.zig
index 7b5f55a27..892c7a495 100644
--- a/src/deps/boringssl.translated.zig
+++ b/src/deps/boringssl.translated.zig
@@ -18861,12 +18861,16 @@ pub const SSL_CTX = opaque {
     pub fn init() ?*SSL_CTX {
         var ctx = SSL_CTX_new(TLS_with_buffers_method()) orelse return null;
         ctx.setCustomVerify(noop_custom_verify);
+        ctx.setup();
+        return ctx;
+    }
+
+    pub fn setup(ctx: *SSL_CTX) void {
         if (auto_crypto_buffer_pool == null) auto_crypto_buffer_pool = CRYPTO_BUFFER_POOL_new();
         SSL_CTX_set0_buffer_pool(ctx, auto_crypto_buffer_pool);
         // _ = SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
         _ = SSL_CTX_set_cipher_list(ctx, SSL_DEFAULT_CIPHER_LIST);
         SSL_CTX_set_quiet_shutdown(ctx, 1);
-        return ctx;
     }
 
     pub inline fn setCustomVerify(this: *SSL_CTX, cb: ?VerifyCallback) void {
@@ -18880,7 +18884,7 @@ fn noop_custom_verify(_: *SSL, _: [*c]u8) callconv(.C) VerifyResult {
     return VerifyResult.ok;
 }
 
-var auto_crypto_buffer_pool: ?*CRYPTO_BUFFER_POOL = null;
+threadlocal var auto_crypto_buffer_pool: ?*CRYPTO_BUFFER_POOL = null;
 
 pub const BIOMethod = struct {
     pub const create = fn (*BIO) callconv(.C) c_int;
diff --git a/src/deps/uws.zig b/src/deps/uws.zig
index 103a8dc7c..353db4da9 100644
--- a/src/deps/uws.zig
+++ b/src/deps/uws.zig
@@ -37,7 +37,7 @@ pub fn NewSocketHandler(comptime ssl: bool) type {
 
             return @ptrCast(*ContextType, @alignCast(alignment, ptr));
         }
-        pub fn context(this: ThisSocket) *us_socket_context_t {
+        pub fn context(this: ThisSocket) *SocketContext {
             return us_socket_context(
                 comptime ssl_int,
                 this.socket,
@@ -109,7 +109,7 @@ pub fn NewSocketHandler(comptime ssl: bool) type {
         pub fn connect(
             host: []const u8,
             port: c_int,
-            socket_ctx: *us_socket_context_t,
+            socket_ctx: *SocketContext,
             comptime Context: type,
             ctx: Context,
             comptime socket_field_name: []const u8,
@@ -134,7 +134,7 @@ pub fn NewSocketHandler(comptime ssl: bool) type {
         pub fn connectAnon(
             host: []const u8,
             port: c_int,
-            socket_ctx: *us_socket_context_t,
+            socket_ctx: *SocketContext,
             ptr: *anyopaque,
         ) ?ThisSocket {
             var stack_fallback = std.heap.stackFallback(1024, bun.default_allocator);
@@ -154,7 +154,7 @@ pub fn NewSocketHandler(comptime ssl: bool) type {
         }
 
         pub fn configure(
-            ctx: *us_socket_context_t,
+            ctx: *SocketContext,
             comptime ContextType: type,
             comptime Fields: anytype,
         ) void {
@@ -239,7 +239,7 @@ pub fn NewSocketHandler(comptime ssl: bool) type {
 
         pub fn adopt(
             socket: *Socket,
-            socket_ctx: *us_socket_context_t,
+            socket_ctx: *SocketContext,
             comptime Context: type,
             comptime socket_field_name: []const u8,
             ctx: Context,
@@ -261,7 +261,11 @@ pub const SocketTCP = NewSocketHandler(false);
 pub const SocketTLS = NewSocketHandler(true);
 
 pub const us_timer_t = opaque {};
-pub const us_socket_context_t = opaque {};
+pub const SocketContext = opaque {
+    pub fn getNativeHandle(this: *SocketContext, comptime ssl: bool) *anyopaque {
+        return us_socket_context_get_native_handle(comptime @as(c_int, @boolToInt(ssl)), this).?;
+    }
+};
 pub const Loop = extern struct {
     internal_loop_data: InternalLoopData align(16),
 
@@ -288,8 +292,8 @@ pub const Loop = extern struct {
         sweep_timer: ?*us_timer_t,
         wakeup_async: ?*us_internal_async,
         last_write_failed: c_int,
-        head: ?*us_socket_context_t,
-        iterator: ?*us_socket_context_t,
+        head: ?*SocketContext,
+        iterator: ?*SocketContext,
         recv_buf: [*]u8,
         ssl_data: ?*anyopaque,
         pre_cb: ?fn (?*Loop) callconv(.C) void,
@@ -397,30 +401,30 @@ pub const us_socket_context_options_t = extern struct {
     ssl_prefer_low_memory_usage: c_int = 0,
 };
 
-extern fn us_socket_context_timestamp(ssl: c_int, context: ?*us_socket_context_t) c_ushort;
-extern fn us_socket_context_add_server_name(ssl: c_int, context: ?*us_socket_context_t, hostname_pattern: [*c]const u8, options: us_socket_context_options_t) void;
-extern fn us_socket_context_remove_server_name(ssl: c_int, context: ?*us_socket_context_t, hostname_pattern: [*c]const u8) void;
-extern fn us_socket_context_on_server_name(ssl: c_int, context: ?*us_socket_context_t, cb: ?fn (?*us_socket_context_t, [*c]const u8) callconv(.C) void) void;
-extern fn us_socket_context_get_native_handle(ssl: c_int, context: ?*us_socket_context_t) ?*anyopaque;
-pub extern fn us_create_socket_context(ssl: c_int, loop: ?*Loop, ext_size: c_int, options: us_socket_context_options_t) ?*us_socket_context_t;
-extern fn us_socket_context_free(ssl: c_int, context: ?*us_socket_context_t) void;
-extern fn us_socket_context_on_open(ssl: c_int, context: ?*us_socket_context_t, on_open: fn (*Socket, c_int, [*c]u8, c_int) callconv(.C) ?*Socket) void;
-extern fn us_socket_context_on_close(ssl: c_int, context: ?*us_socket_context_t, on_close: fn (*Socket, c_int, ?*anyopaque) callconv(.C) ?*Socket) void;
-extern fn us_socket_context_on_data(ssl: c_int, context: ?*us_socket_context_t, on_data: fn (*Socket, [*c]u8, c_int) callconv(.C) ?*Socket) void;
-extern fn us_socket_context_on_writable(ssl: c_int, context: ?*us_socket_context_t, on_writable: fn (*Socket) callconv(.C) ?*Socket) void;
-extern fn us_socket_context_on_timeout(ssl: c_int, context: ?*us_socket_context_t, on_timeout: fn (*Socket) callconv(.C) ?*Socket) void;
-extern fn us_socket_context_on_connect_error(ssl: c_int, context: ?*us_socket_context_t, on_connect_error: fn (*Socket, c_int) callconv(.C) ?*Socket) void;
-extern fn us_socket_context_on_end(ssl: c_int, context: ?*us_socket_context_t, on_end: fn (*Socket) callconv(.C) ?*Socket) void;
-extern fn us_socket_context_ext(ssl: c_int, context: ?*us_socket_context_t) ?*anyopaque;
-
-extern fn us_socket_context_listen(ssl: c_int, context: ?*us_socket_context_t, host: [*c]const u8, port: c_int, options: c_int, socket_ext_size: c_int) ?*listen_socket_t;
-
-pub extern fn us_socket_context_connect(ssl: c_int, context: ?*us_socket_context_t, host: [*c]const u8, port: c_int, source_host: [*c]const u8, options: c_int, socket_ext_size: c_int) ?*Socket;
+extern fn SocketContextimestamp(ssl: c_int, context: ?*SocketContext) c_ushort;
+extern fn us_socket_context_add_server_name(ssl: c_int, context: ?*SocketContext, hostname_pattern: [*c]const u8, options: us_socket_context_options_t) void;
+extern fn us_socket_context_remove_server_name(ssl: c_int, context: ?*SocketContext, hostname_pattern: [*c]const u8) void;
+extern fn us_socket_context_on_server_name(ssl: c_int, context: ?*SocketContext, cb: ?fn (?*SocketContext, [*c]const u8) callconv(.C) void) void;
+extern fn us_socket_context_get_native_handle(ssl: c_int, context: ?*SocketContext) ?*anyopaque;
+pub extern fn us_create_socket_context(ssl: c_int, loop: ?*Loop, ext_size: c_int, options: us_socket_context_options_t) ?*SocketContext;
+extern fn us_socket_context_free(ssl: c_int, context: ?*SocketContext) void;
+extern fn us_socket_context_on_open(ssl: c_int, context: ?*SocketContext, on_open: fn (*Socket, c_int, [*c]u8, c_int) callconv(.C) ?*Socket) void;
+extern fn us_socket_context_on_close(ssl: c_int, context: ?*SocketContext, on_close: fn (*Socket, c_int, ?*anyopaque) callconv(.C) ?*Socket) void;
+extern fn us_socket_context_on_data(ssl: c_int, context: ?*SocketContext, on_data: fn (*Socket, [*c]u8, c_int) callconv(.C) ?*Socket) void;
+extern fn us_socket_context_on_writable(ssl: c_int, context: ?*SocketContext, on_writable: fn (*Socket) callconv(.C) ?*Socket) void;
+extern fn us_socket_context_on_timeout(ssl: c_int, context: ?*SocketContext, on_timeout: fn (*Socket) callconv(.C) ?*Socket) void;
+extern fn us_socket_context_on_connect_error(ssl: c_int, context: ?*SocketContext, on_connect_error: fn (*Socket, c_int) callconv(.C) ?*Socket) void;
+extern fn us_socket_context_on_end(ssl: c_int, context: ?*SocketContext, on_end: fn (*Socket) callconv(.C) ?*Socket) void;
+extern fn us_socket_context_ext(ssl: c_int, context: ?*SocketContext) ?*anyopaque;
+
+extern fn us_socket_context_listen(ssl: c_int, context: ?*SocketContext, host: [*c]const u8, port: c_int, options: c_int, socket_ext_size: c_int) ?*listen_socket_t;
+
+pub extern fn us_socket_context_connect(ssl: c_int, context: ?*SocketContext, host: [*c]const u8, port: c_int, source_host: [*c]const u8, options: c_int, socket_ext_size: c_int) ?*Socket;
 pub extern fn us_socket_is_established(ssl: c_int, s: ?*Socket) c_int;
 pub extern fn us_socket_close_connecting(ssl: c_int, s: ?*Socket) ?*Socket;
-pub extern fn us_socket_context_loop(ssl: c_int, context: ?*us_socket_context_t) ?*Loop;
-pub extern fn us_socket_context_adopt_socket(ssl: c_int, context: ?*us_socket_context_t, s: ?*Socket, ext_size: c_int) ?*Socket;
-pub extern fn us_create_child_socket_context(ssl: c_int, context: ?*us_socket_context_t, context_ext_size: c_int) ?*us_socket_context_t;
+pub extern fn us_socket_context_loop(ssl: c_int, context: ?*SocketContext) ?*Loop;
+pub extern fn us_socket_context_adopt_socket(ssl: c_int, context: ?*SocketContext, s: ?*Socket, ext_size: c_int) ?*Socket;
+pub extern fn us_create_child_socket_context(ssl: c_int, context: ?*SocketContext, context_ext_size: c_int) ?*SocketContext;
 
 pub const Poll = opaque {
     pub fn create(
@@ -505,7 +509,7 @@ extern fn us_socket_get_native_handle(ssl: c_int, s: ?*Socket) ?*anyopaque;
 
 extern fn us_socket_timeout(ssl: c_int, s: ?*Socket, seconds: c_uint) void;
 extern fn us_socket_ext(ssl: c_int, s: ?*Socket) ?*anyopaque;
-extern fn us_socket_context(ssl: c_int, s: ?*Socket) ?*us_socket_context_t;
+extern fn us_socket_context(ssl: c_int, s: ?*Socket) ?*SocketContext;
 extern fn us_socket_flush(ssl: c_int, s: ?*Socket) void;
 extern fn us_socket_write(ssl: c_int, s: ?*Socket, data: [*c]const u8, length: c_int, msg_more: c_int) c_int;
 extern fn us_socket_shutdown(ssl: c_int, s: ?*Socket) void;
diff --git a/src/http/websocket_http_client.zig b/src/http/websocket_http_client.zig
index eaade8cd9..b9ec84f49 100644
--- a/src/http/websocket_http_client.zig
+++ b/src/http/websocket_http_client.zig
@@ -135,7 +135,7 @@ pub fn NewHTTPUpgradeClient(comptime ssl: bool) type {
         pub fn register(global: *JSC.JSGlobalObject, loop_: *anyopaque, ctx_: *anyopaque) callconv(.C) void {
             var vm = global.bunVM();
             var loop = @ptrCast(*uws.Loop, @alignCast(@alignOf(uws.Loop), loop_));
-            var ctx: *uws.us_socket_context_t = @ptrCast(*uws.us_socket_context_t, ctx_);
+            var ctx: *uws.SocketContext = @ptrCast(*uws.SocketContext, ctx_);
 
             if (vm.uws_event_loop) |other| {
                 std.debug.assert(other == loop);
@@ -189,7 +189,7 @@ pub fn NewHTTPUpgradeClient(comptime ssl: bool) type {
             const prev_start_server_on_next_tick = vm.eventLoop().start_server_on_next_tick;
             vm.eventLoop().start_server_on_next_tick = true;
 
-            if (Socket.connect(host_.slice(), port, @ptrCast(*uws.us_socket_context_t, socket_ctx), HTTPClient, client, "tcp")) |out| {
+            if (Socket.connect(host_.slice(), port, @ptrCast(*uws.SocketContext, socket_ctx), HTTPClient, client, "tcp")) |out| {
                 out.tcp.timeout(120);
                 return out;
             }
@@ -767,7 +767,7 @@ pub fn NewWebSocketClient(comptime ssl: bool) type {
             var vm = global.bunVM();
             var loop = @ptrCast(*uws.Loop, @alignCast(@alignOf(uws.Loop), loop_));
 
-            var ctx: *uws.us_socket_context_t = @ptrCast(*uws.us_socket_context_t, ctx_);
+            var ctx: *uws.SocketContext = @ptrCast(*uws.SocketContext, ctx_);
 
             if (vm.uws_event_loop) |other| {
                 std.debug.assert(other == loop);
@@ -1402,7 +1402,7 @@ pub fn NewWebSocketClient(comptime ssl: bool) type {
             buffered_data_len: usize,
         ) callconv(.C) ?*anyopaque {
             var tcp = @ptrCast(*uws.Socket, input_socket);
-            var ctx = @ptrCast(*uws.us_socket_context_t, socket_ctx);
+            var ctx = @ptrCast(*uws.SocketContext, socket_ctx);
             var adopted = Socket.adopt(
                 tcp,
                 ctx,
diff --git a/src/http_client_async.zig b/src/http_client_async.zig
index be63ff06e..c73db732e 100644
--- a/src/http_client_async.zig
+++ b/src/http_client_async.zig
@@ -19,7 +19,7 @@ const Zlib = @import("./zlib.zig");
 const StringBuilder = @import("./string_builder.zig");
 const AsyncIO = @import("io");
 const ThreadPool = @import("thread_pool");
-const boring = @import("boringssl");
+const BoringSSL = @import("boringssl");
 pub const NetworkThread = @import("./network_thread.zig");
 const ObjectPool = @import("./pool.zig").ObjectPool;
 const SOCK = os.SOCK;
@@ -56,7 +56,7 @@ fn NewHTTPContext(comptime ssl: bool) type {
         };
 
         pending_sockets: HiveArray(PooledSocket, pool_size) = HiveArray(PooledSocket, pool_size).init(),
-        us_socket_context: *uws.us_socket_context_t,
+        us_socket_context: *uws.SocketContext,
 
         const Context = @This();
         pub const HTTPSocket = uws.NewSocketHandler(ssl);
@@ -78,10 +78,21 @@ fn NewHTTPContext(comptime ssl: bool) type {
 
         const MAX_KEEPALIVE_HOSTNAME = 128;
 
+        pub fn sslCtx(this: *@This()) *BoringSSL.SSL_CTX {
+            if (comptime !ssl) {
+                unreachable;
+            }
+
+            return @ptrCast(*BoringSSL.SSL_CTX, this.us_socket_context.getNativeHandle(true));
+        }
+
         pub fn init(this: *@This()) !void {
             var opts: uws.us_socket_context_options_t = undefined;
             @memset(@ptrCast([*]u8, &opts), 0, @sizeOf(uws.us_socket_context_options_t));
             this.us_socket_context = uws.us_create_socket_context(ssl_int, http_thread.loop, @sizeOf(usize), opts).?;
+            if (comptime ssl) {
+                this.sslCtx().setup();
+            }
 
             HTTPSocket.configure(
                 this.us_socket_context,
@@ -457,6 +468,10 @@ pub fn onOpen(
     comptime is_ssl: bool,
     socket: NewHTTPContext(is_ssl).HTTPSocket,
 ) void {
+    if (comptime Environment.allow_assert) {
+        std.debug.assert(is_ssl == client.url.isHTTPS());
+    }
+
     log("Connected {s} \n", .{client.url.href});
     if (client.state.request_stage == .pending) {
         client.onWritable(true, comptime is_ssl, socket);
author	Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>	2022-09-17 21:43:32 -0700
committer	Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>	2022-09-17 21:45:03 -0700
commit	3719c3b736fde4fb3fd164c32f1494c5125bee6f (patch)
tree	e30a04ba89a8172ebcb241191d7b43b7b7ee1895 /src
parent	0e424de6848bf8031924d610d279fcb371338eb9 (diff)
download	bun-3719c3b736fde4fb3fd164c32f1494c5125bee6f.tar.gz bun-3719c3b736fde4fb3fd164c32f1494c5125bee6f.tar.zst bun-3719c3b736fde4fb3fd164c32f1494c5125bee6f.zip