Native SSL support (#816)

* drop --enable-openssl from gambit configuration * std: remove some remnant package: declarations * libcrypto: remove duplicate cdecl * std/io/socket: tiny tweaks to accomodate ssl sockets * ssl client * libcrypto: modernize initialization * ssl client works * make stream-socket final again * don't fail to close the socket if ssl shutdown fails * refactor: put ssl socket impl on its own module * ssl server sockets * ssl server (self signed) certificate test and bug fixes * add ERR_error_string to libcrypto * provide hooks for ssl upgrades STARTTLS baby! * port net/request to stdio * fix ssl error message * support ssl in httpd * fix bug * add https test * test case for https server test * improve code robustness * std/misc/process: add invoke * use invoke from std/misc/process * actor TLS of course it needs to be tested and it's gonna have some bugz; no plan survives contact with the enemy. * prelude/core.ssxi.ss: fix create-directory* arity declaration * fix bugz * if we have a tls context, it supersedes lack of admin creds * actor tls test * make it work * use 4k RSA keys * tls-test: uncomment cleanup * update gxensemble for ca related operations and organize in subcommands while at it * gxensewmble package command * gxensemble add options for certificate subject stuff * include cookie in gxensemble package * fix some minor things in gxensemble
mighty-gerbils · Sep 13, 2023 · 921da63 · 921da63
1 parent fe293ca
commit 921da63
Show file tree

Hide file tree

Showing 32 changed files with 2,725 additions and 729 deletions.
diff --git a/configure b/configure
@@ -62,7 +62,7 @@ std_disable_feature() {
 
 readonly gerbil_version="v$(git describe --tags --always)"
 readonly default_gambit_tag=v4.9.5
-readonly default_gambit_config="--enable-targets='' --enable-single-host --enable-dynamic-clib --enable-default-runtime-options=t8,f8,-8 --enable-trust-c-tco --enable-openssl"
+readonly default_gambit_config="--enable-targets='' --enable-single-host --enable-dynamic-clib --enable-default-runtime-options=t8,f8,-8 --enable-trust-c-tco"
 prefix="/opt/gerbil"
 readonly cflags_opt="-foptimize-sibling-calls"
 readonly ldflags_rpath="-Wl,-rpath"
@@ -218,15 +218,11 @@ fi
 
 if [ -z "${LDFLAGS}" ]; then
     if [ "${gerbil_shared}" = "t" ]; then
-        LDFLAGS="${ldflags_rpath}=${gerbil_prefix}/lib -lssl"
-    else
-        LDFLAGS="-lssl"
+        LDFLAGS="${ldflags_rpath}=${gerbil_prefix}/lib"
     fi
 else
     if [ "${gerbil_shared}" = "t" ]; then
-        LDFLAGS="${LDFLAGS} ${ldflags_rpath}=${gerbil_prefix}/lib -lssl"
-    else
-        LDFLAGS="${LDFLAGS} -lssl"
+        LDFLAGS="${LDFLAGS} ${ldflags_rpath}=${gerbil_prefix}/lib"
     fi
 fi
 

diff --git a/src/build/build-libgerbil.ss b/src/build/build-libgerbil.ss
@@ -23,9 +23,9 @@
 
 (cond-expand
  (netbsd
-  (def default-ld-options "-lm -lssl"))
+  (def default-ld-options "-lm"))
  (else
-  (def default-ld-options "-ldl -lm -lssl")))
+  (def default-ld-options "-ldl -lm")))
 
 (def stdlib-exclude
   '("gambit-sharp"                      ; _gambit#.scm wrapper

diff --git a/src/gerbil/prelude/core.ssxi.ss b/src/gerbil/prelude/core.ssxi.ss
@@ -362,7 +362,7 @@ package: gerbil
  raise
  exception? error-object? type-error?
  error? error-message error-irritants error-trace
- create-directory create-directory*
+ create-directory
  delete-file delete-directory
  file-type
  path-extension path-strip-extension
@@ -514,7 +514,8 @@ package: gerbil
  (write-subu8vector 3 4)
  (open-input-u8vector 0 1)
  (open-output-u8vector 0 1)
- (load-module 1 2))
+ (load-module 1 2)
+ (create-directory* 1 2))
 
 ;; extended runtime procedures -- :gerbil/gambit
 (declare-primitive/0

diff --git a/src/std/actor-v18/api.ss b/src/std/actor-v18/api.ss
@@ -12,6 +12,7 @@
         ./server
         ./ensemble
         ./cookie
+        ./tls
         ./admin
         ./path
         ./loader)
@@ -80,15 +81,16 @@
 ;; call a thunk in the context of an ensemble server
 ;; this is the programmatic equivalent of gxensemble run
 (def (call-with-ensemble-server server-id thunk
-                                log-level: (log-level 'INFO)
-                                log-file:  (log-file #f)
-                                listen:    (listen-addrs [])
-                                announce:  (public-addrs #f)
-                                registry:  (registry-addrs #f)
-                                roles:     (roles [])
-                                cookie:    (cookie (get-actor-server-cookie))
-                                admin:     (admin (get-admin-pubkey))
-                                auth:      (auth #f))
+                                log-level:   (log-level 'INFO)
+                                log-file:    (log-file #f)
+                                listen:      (listen-addrs [])
+                                announce:    (public-addrs #f)
+                                registry:    (registry-addrs #f)
+                                roles:       (roles [])
+                                tls-context: (tls-context (get-actor-tls-context server-id))
+                                cookie:      (cookie (get-actor-server-cookie))
+                                admin:       (admin (get-admin-pubkey))
+                                auth:        (auth #f))
   (current-logger-options log-level)
   (when log-file
     (let (path
@@ -113,11 +115,12 @@
             (cons unix-addr public-addrs)
             listen-addrs)))
     ;; start the actor server
-    (start-actor-server! cookie: cookie
+    (start-actor-server! identifier: server-id
+                         tls-context: tls-context
+                         cookie: cookie
                          admin:  admin
                          auth: auth
                          addresses: listen-addrs
-                         identifier: server-id
                          ensemble: known-servers)
     ;; start the loader
     (start-loader!)