closes #19: first integration of OpenSSL...this makes leak testing with valgrind a pain so i will think about some conditional to activate and deactivate it. Additionally it seems that some memory will be left over somewhere, maybe i missed somed cleanup function i have to call and finally the integration really needs error handling.

certs/server.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAhgCCQDgHe3rh23alDANBgkqhkiG9w0BAQUFADCBmzELMAkGA1UEBhMC
+REUxEDAOBgNVBAgMB0hhbWJ1cmcxEDAOBgNVBAcMB0hhbWJ1cmcxGjAYBgNVBAoM
+EVdlaXJkIFdlYiBXb3JrZXJzMRQwEgYDVQQLDAtkZXZlbG9wbWVudDETMBEGA1UE
+AwwKR2VvcmcgSG9wcDEhMB8GCSqGSIb3DQEJARYSZ2VvcmdAc3RlZmZlcnMub3Jn
+MB4XDTEyMDMwOTExMjUxOVoXDTEzMDMwOTExMjUxOVowgZsxCzAJBgNVBAYTAkRF
+MRAwDgYDVQQIDAdIYW1idXJnMRAwDgYDVQQHDAdIYW1idXJnMRowGAYDVQQKDBFX
+ZWlyZCBXZWIgV29ya2VyczEUMBIGA1UECwwLZGV2ZWxvcG1lbnQxEzARBgNVBAMM
+Ckdlb3JnIEhvcHAxITAfBgkqhkiG9w0BCQEWEmdlb3JnQHN0ZWZmZXJzLm9yZzCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAt5ntW8UUwImTL0s3l7Jm2AkMqBvk
++XCDjkO3g89dxfYyRaYjluANnUqeg/ilF2ZcxI/8GVlCBTDbsJeQXFtlRFr94S2d
+i1358dZkjGIQAutmtwf8L1nbYi6mtvS6wBWJhtE9baPfj6HDRePnAC/YtKunKfz9
+5TbOj+/2vjj//I8CAwEAATANBgkqhkiG9w0BAQUFAAOBgQCWVZuqshFdOC3Vmf/7
+CKrtA8/da2tgOIFB60LwGwcWicM3m/VIS6RPf3Ui/sUDFMempkmtkUYflr58T901
+SAV5YubjNV3oaOySqDozsvfLsAxb7EUXk4VqY/g5VkK+pUxVAfE1biqf6LhPHzRd
+KJrq5muIGeVx3YX1G9A1gdI0YQ==
+-----END CERTIFICATE-----

certs/server.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQC3me1bxRTAiZMvSzeXsmbYCQyoG+T5cIOOQ7eDz13F9jJFpiOW
+4A2dSp6D+KUXZlzEj/wZWUIFMNuwl5BcW2VEWv3hLZ2LXfnx1mSMYhAC62a3B/wv
+WdtiLqa29LrAFYmG0T1to9+PocNF4+cAL9i0q6cp/P3lNs6P7/a+OP/8jwIDAQAB
+AoGAMbOEkpwmQvy7EElvUixkNMU2XOe4M2Im6sMgEZl4DBfaggo4hiY+6T6C7LzJ
+jC0Unc1QdFg6TAdu4T4WQToojkODjEXWd/QRltxJjkCz2vrDp68JldzfTovE2HDn
+k5MQvUZCrH1jFnvzwC1Ak+X4ON5hlsu67u2EYNTfdEeTI6ECQQDwm6DNNjsGynGy
+W+zCCGTPjuwYHG7zjaGQw9Ng7g+SyYHkg0zSsxcVpwKwI3m3Iuju1O85pgcl/Bj9
+UDuPdtLxAkEAw1i3ZyGxW/CHmk8mG4w31eC7loyjFgN51lSJE7DrZ3VtKnzRwUrk
+EEUgQMh1RxWKTc5F8QvmMpkWJha2+FTHfwJBALDtwBEnD8CunWzKrA8CnR8DuhkA
+z5XJUEVjusxMQqduBlZDNvq5NwB1D0T20UoaIa9+ZWu+6wLDnpynoySb/AECQQDB
+EDY63EbQqfkrHdx4z20DmZdsZFRuVkMc+/F6H5mYZ6rbmf8ofR7HoboNrNCTz4sf
++KSRZgQ9r6T/QeXVqtx7AkEApiC8VAYhH0Dz+Y6QSRqwjOww0kDBCnFlrdn+oyG4
+kAC34PCOFHzvSsJ3tjcAwNJgcaN/qw49DRnHBlwti6gyBg==
+-----END RSA PRIVATE KEY-----

include/server.h

@@ -29,6 +29,8 @@
 #include <stdio.h>	// for printf() and fprintf()
 #include <poll.h> 	// for poll system call and related
 
+#include <openssl/ssl.h>
+
 #include "class.h"
 #include "socket.h"
 #include "logger.h"
@@ -43,6 +45,8 @@ struct conns {
 CLASS(Server) {
 	Logger          logger;
 	Sock            sock;
+	Sock            sockSSL;
+	SSL_CTX *       ctx;
 	void *          worker;
 
 	nfds_t          nfds;

src/server.c

@@ -24,6 +24,9 @@
 #include <unistd.h>
 #include <stdlib.h>
 
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
 #include "class.h"
 #include "server.h"
 #include "socket.h"
@@ -57,16 +60,36 @@ serverCtor(void * _this, va_list * params)
 
 	this->fds     = calloc(sizeof(struct pollfd), this->max_fds);
 	this->conns   = calloc(sizeof(struct conns), this->max_fds);
-	this->sock    = new(Sock, this->logger, port);
 
+	this->sock    = new(Sock, this->logger, port);
 	flags = fcntl(this->sock->handle, F_GETFL, 0);
 	fcntl(this->sock->handle, F_SETFL, flags | O_NONBLOCK);
 
+	this->sockSSL = new(Sock, this->logger, port+1);
+	flags = fcntl(this->sockSSL->handle, F_GETFL, 0);
+	fcntl(this->sockSSL->handle, F_SETFL, flags | O_NONBLOCK);
+
+	SSL_library_init();
+	SSL_load_error_strings();
+	this->ctx = SSL_CTX_new(SSLv23_server_method());
+	SSL_CTX_use_certificate_file(
+			this->ctx,
+			"./certs/server.crt",
+			SSL_FILETYPE_PEM);
+
+	SSL_CTX_use_RSAPrivateKey_file(
+			this->ctx,
+			"./certs/server.key",
+			SSL_FILETYPE_PEM);
+
 	socketListen(this->sock, backlog);
+	socketListen(this->sockSSL, backlog);
 
 	(this->fds)[0].fd     = this->sock->handle;
 	(this->fds)[0].events = POLLIN;
-	this->nfds = 1;
+	(this->fds)[1].fd     = this->sockSSL->handle;
+	(this->fds)[1].events = POLLIN;
+	this->nfds = 2;
 
 	return 0;
 }
@@ -80,8 +103,16 @@ serverDtor(void * _this)
 
     for (i=0; i<this->nfds; i++) {
 		if (this->sock->handle != (this->fds)[i].fd) {
+			Stream st = (this->conns[(this->fds)[i].fd]).stream;
+
 			delete((this->conns[(this->fds)[i].fd]).sock);
 			delete((this->conns[(this->fds)[i].fd]).worker);
+
+			if (NULL != st && STREAM_SSL == st->type) {
+				SSL_shutdown((st->handle).ssl);
+				SSL_free((st->handle).ssl);
+			}
+
 			delete((this->conns[(this->fds)[i].fd]).stream);
 		}
     }
@@ -90,6 +121,9 @@ serverDtor(void * _this)
 	FREE(this->conns);
 
 	delete(this->sock);
+	delete(this->sockSSL);
+	SSL_CTX_free(this->ctx);
+	ERR_free_strings();
 }
 
 INIT_IFACE(Class, serverCtor, serverDtor, NULL);

src/server/close_conn.c

@@ -25,14 +25,21 @@
 
 #include "server.h"
 #include "interface/class.h"
+#include "stream.h"
 
 void
 serverCloseConn(Server this, unsigned int i)
 {
 	int    fd = (this->fds)[i].fd;
+	Stream st = (this->conns[(this->fds)[i].fd]).stream;
 
 	delete((this->conns)[fd].sock);
 	delete((this->conns)[fd].worker);
+
+	if (NULL != st && STREAM_SSL == st->type) {
+		SSL_shutdown((st->handle).ssl);
+	}
+
 	delete((this->conns)[fd].stream);
 
 	memset(&(this->fds[i]), 0, sizeof(struct pollfd));

src/server/handle_accept.c

@@ -24,6 +24,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 
+#include <openssl/ssl.h>
+
 #include "http/worker.h"
 #include "server.h"
 #include "interface/class.h"
@@ -31,16 +33,37 @@
 #include "stream.h"
 
 int
-serverHandleAccept(Server this)
+serverHandleAccept(Server this, unsigned int i)
 {
 	char   remoteAddr[16] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
 	Sock   acc = NULL;
+	Stream st;
 
 	if (this->nfds >= this->max_fds) {
 		return -1;
 	}
 
+	switch(i) {
+		case 0:
+			// no SSL
 			acc = socketAccept(this->sock, &remoteAddr);
+			st = new(Stream, STREAM_FD, acc->handle);
+			break;
+
+		case 1:
+			// SSL
+			{
+				SSL * ssl = SSL_new(this->ctx);
+				acc = socketAccept(this->sockSSL, &remoteAddr);
+				SSL_set_fd(ssl, acc->handle);
+				SSL_accept(ssl);
+				st = new(Stream, STREAM_SSL, ssl);
+			}
+			break;
+
+		default:
+			break;
+	}
 
 	if (-1 != acc->handle) {
 		// save the socket handle
@@ -48,7 +71,7 @@ serverHandleAccept(Server this)
 
 		// clone worker
 		(this->conns)[acc->handle].worker = clone(this->worker);
-		(this->conns)[acc->handle].stream = new(Stream, STREAM_FD, acc->handle);
+		(this->conns)[acc->handle].stream = st;
 
 		(this->fds)[this->nfds].fd        = acc->handle;
 		(this->fds)[this->nfds].events    = POLLIN;

src/server/poll.c

@@ -38,7 +38,7 @@ serverPoll(Server this) {
 	/**
 	 * put all closed fds to end of array in O(this->nfds)
 	 */
-	struct pollfd * fda = &(this->fds[1]);
+	struct pollfd * fda = &(this->fds[2]);
 	struct pollfd * fdb = &(this->fds[this->nfds-1]);
 
 	while (fda <= fdb) {

src/server/run.c

@@ -26,7 +26,7 @@
 #include "utils/signalHandling.h"
 
 int     serverPoll(Server);
-int     serverHandleAccept(Server);
+int     serverHandleAccept(Server, unsigned int);
 void    serverCloseConn(Server, unsigned int);
 ssize_t serverRead(Server, unsigned int);
 ssize_t serverWrite(Server, unsigned int);
@@ -50,12 +50,22 @@ serverRun(Server this)
 		 */
 		if (0 != ((this->fds)[0].revents & POLLIN)) {
 			events--;
-			while(-1 != serverHandleAccept(this) && 0 < naccs) {
+			while(-1 != serverHandleAccept(this, 0) && 0 < naccs) {
 				naccs--;
 			}
 		}
 
-		for (i=1; i < this->nfds; i++) {
+		/**
+		 * handle accept SSL
+		 */
+		if (0 != ((this->fds)[1].revents & POLLIN)) {
+			events--;
+			while(-1 != serverHandleAccept(this, 1) && 0 < naccs) {
+				naccs--;
+			}
+		}
+
+		for (i=2; i < this->nfds; i++) {
 			int nreads = 10, nwrites = 10;
 
 			/**

src/webgameserver.c

@@ -40,6 +40,7 @@
 #include "http/worker.h"
 
 #include "interface/class.h"
+#include "interface/logger.h"
 
 #include "utils/signalHandling.h"