Add iguanaTLS back in

build.zig

@@ -26,20 +26,21 @@ pub fn build(b: *Builder) !void {
     }
 
     // by default, install the std ssl backend
-    const default_exe = ssl_exes[@intFromEnum(SslBackend.std)];
+    const default_exe = ssl_exes[@intFromEnum(SslBackend.iguana)];
     b.installArtifact(default_exe);
     const run_cmd = b.addRunArtifact(default_exe);
     run_cmd.step.dependOn(b.getInstallStep());
     if (b.args) |args| {
         run_cmd.addArgs(args);
     }
-    const run_step = b.step("run", "Run ziget with the std ssl backend");
+    const run_step = b.step("run", "Run ziget with the iguana backend");
     run_step.dependOn(&run_cmd.step);
 }
 
 fn getEnabledByDefault(optional_ssl_backend: ?SslBackend, is_ci: bool) bool {
     return if (optional_ssl_backend) |backend| switch (backend) {
         .std => true,
+        .iguana => true,
         .schannel => false, // schannel not supported yet
         .opensslstatic => (
                builtin.os.tag == .linux
@@ -62,7 +63,7 @@ fn addExe(
 ) *std.build.CompileStep {
     const info: struct { name: []const u8, exe_suffix: []const u8 } = comptime if (optional_ssl_backend) |backend| .{
         .name = @tagName(backend),
-        .exe_suffix = if (backend == .std) "" else ("-" ++ @tagName(backend)),
+        .exe_suffix = if (backend == .iguana) "" else ("-" ++ @tagName(backend)),
     } else .{
         .name = "nossl",
         .exe_suffix = "-nossl",
@@ -139,6 +140,7 @@ pub const SslBackend = enum {
     std,
     openssl,
     opensslstatic,
+    iguana,
     schannel,
 };
 pub const ssl_backends = @typeInfo(SslBackend).Enum.fields;
@@ -268,6 +270,25 @@ fn addSslBackend(compile: *std.build.CompileStep, backend: SslBackend, ziget_rep
                 .source_file = .{ .path = std.fs.path.join(b.allocator, &[_][]const u8 { ziget_repo, "openssl", "ssl.zig" }) catch unreachable},
             });
         },
+        .iguana => {
+            const iguana_repo = GitRepoStep.create(b, .{
+                .url = "https://github.com/marler8997/iguanaTLS",
+                .branch = null,
+                .sha = "91d22df192d1df1022352df49f41c1a90ca8327d",
+                .fetch_enabled = true,
+            });
+            compile.step.dependOn(&iguana_repo.step);
+            const iguana_repo_path = iguana_repo.getPath(&compile.step);
+            const iguana_mod = b.addModule("iguanaTLS", .{
+                .source_file = .{ .path = b.pathJoin(&.{iguana_repo_path, "src", "main.zig"}), },
+            });
+            return b.createModule(.{
+                .source_file = .{ .path = b.pathJoin(&.{ ziget_repo, "iguana", "ssl.zig" }), },
+                .dependencies = &[_]std.Build.ModuleDependency{
+                    .{ .name = "iguana", .module = iguana_mod },
+                },
+            });
+        },
         .schannel => {
             {
                 // NOTE: for now I'm using msspi from https://github.com/deemru/msspi

iguana/ssl.zig

@@ -0,0 +1,65 @@
+const std = @import("std");
+const iguana = @import("iguana");
+
+pub fn init() anyerror!void {
+}
+
+const Client = iguana.Client(
+    std.net.Stream.Reader,
+    std.net.Stream.Writer,
+    iguana.ciphersuites.all,
+    false, // TODO: should we provide the http/1.1 protocol?
+);
+
+pub const SslConn = struct {
+    // state that an SslConn uses that is "pinned" to a fixed address
+    // this has to be separate from SslConn until https://github.com/ziglang/zig/issues/7769 is implemented
+    pub const Pinned = struct {
+        rand: std.rand.DefaultCsprng,
+        arena: std.heap.ArenaAllocator,
+    };
+
+    client: Client,
+
+    pub fn init(file: std.net.Stream, serverName: []const u8, pinned: *Pinned) !SslConn {
+        //var fbs = std.io.fixedBufferStream(@embedFile("../../iguanaTLS/test/DigiCertGlobalRootCA.crt.pem"));
+        //var trusted_chain = try x509.TrustAnchorChain.from_pem(std.testing.allocator, fbs.reader());
+        //defer trusted_chain.deinit();
+
+        // @TODO Remove this once std.crypto.rand works in .evented mode
+        pinned.rand = blk: {
+            var seed: [std.rand.DefaultCsprng.secret_seed_length]u8 = undefined;
+            try std.os.getrandom(&seed);
+            break :blk std.rand.DefaultCsprng.init(seed);
+        };
+        pinned.arena = std.heap.ArenaAllocator.init(std.heap.page_allocator);
+
+        return SslConn {
+            .client = try iguana.client_connect(.{
+                .rand = pinned.rand.random(),
+                .reader = file.reader(),
+                .writer = file.writer(),
+                .temp_allocator = pinned.arena.allocator(),
+                .cert_verifier = .none,
+                // TODO: do I need to add protocols here?  what does that do?
+                //.protocols = &[_][]const u8{"http/1.1"},
+                // TODO: I should support certificates
+                //.cert_verifier = .default,
+                //.trusted_certificates = trusted_chain.data.items,
+            }, serverName),
+        };
+    }
+
+    // TODO: This should be SslConn (not *SslConn)
+    //       iquanaTLS will need to modify close_notify to take @This() instead of *@This()
+    pub fn deinit(self: *SslConn) void {
+        self.client.close_notify() catch {};
+    }
+
+    pub fn read(self: *SslConn, data: []u8) !usize {
+        return self.client.reader().read(data);
+    }
+    pub fn write(self: *SslConn, data: []const u8) !usize {
+        return self.client.writer().write(data);
+    }
+};