-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
15612d2
commit a900e84
Showing
2 changed files
with
89 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
const std = @import("std"); | ||
const iguana = @import("iguana"); | ||
|
||
pub fn init() anyerror!void { | ||
} | ||
|
||
const Client = iguana.Client( | ||
std.net.Stream.Reader, | ||
std.net.Stream.Writer, | ||
iguana.ciphersuites.all, | ||
false, // TODO: should we provide the http/1.1 protocol? | ||
); | ||
|
||
pub const SslConn = struct { | ||
// state that an SslConn uses that is "pinned" to a fixed address | ||
// this has to be separate from SslConn until https://github.com/ziglang/zig/issues/7769 is implemented | ||
pub const Pinned = struct { | ||
rand: std.rand.DefaultCsprng, | ||
arena: std.heap.ArenaAllocator, | ||
}; | ||
|
||
client: Client, | ||
|
||
pub fn init(file: std.net.Stream, serverName: []const u8, pinned: *Pinned) !SslConn { | ||
//var fbs = std.io.fixedBufferStream(@embedFile("../../iguanaTLS/test/DigiCertGlobalRootCA.crt.pem")); | ||
//var trusted_chain = try x509.TrustAnchorChain.from_pem(std.testing.allocator, fbs.reader()); | ||
//defer trusted_chain.deinit(); | ||
|
||
// @TODO Remove this once std.crypto.rand works in .evented mode | ||
pinned.rand = blk: { | ||
var seed: [std.rand.DefaultCsprng.secret_seed_length]u8 = undefined; | ||
try std.os.getrandom(&seed); | ||
break :blk std.rand.DefaultCsprng.init(seed); | ||
}; | ||
pinned.arena = std.heap.ArenaAllocator.init(std.heap.page_allocator); | ||
|
||
return SslConn { | ||
.client = try iguana.client_connect(.{ | ||
.rand = pinned.rand.random(), | ||
.reader = file.reader(), | ||
.writer = file.writer(), | ||
.temp_allocator = pinned.arena.allocator(), | ||
.cert_verifier = .none, | ||
// TODO: do I need to add protocols here? what does that do? | ||
//.protocols = &[_][]const u8{"http/1.1"}, | ||
// TODO: I should support certificates | ||
//.cert_verifier = .default, | ||
//.trusted_certificates = trusted_chain.data.items, | ||
}, serverName), | ||
}; | ||
} | ||
|
||
// TODO: This should be SslConn (not *SslConn) | ||
// iquanaTLS will need to modify close_notify to take @This() instead of *@This() | ||
pub fn deinit(self: *SslConn) void { | ||
self.client.close_notify() catch {}; | ||
} | ||
|
||
pub fn read(self: *SslConn, data: []u8) !usize { | ||
return self.client.reader().read(data); | ||
} | ||
pub fn write(self: *SslConn, data: []const u8) !usize { | ||
return self.client.writer().write(data); | ||
} | ||
}; |