dependency updates and bug fix tls implementation

- example `tcp-echo-server.c` now works in tls mode
- remove most ssl/tls api out of main header file

Author: TheTechsTech

CMakeLists.txt

@@ -30,8 +30,8 @@ set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 find_package(raii QUIET)
 if(NOT raii_FOUND)
     FetchContent_Declare(raii
-        URL https://github.com/zelang-dev/c-raii/archive/refs/tags/2.1.0.zip
-        URL_MD5 e97338afb9360b320aecf74716be5fdc
+        URL https://github.com/zelang-dev/c-raii/archive/refs/tags/2.1.1.zip
+        URL_MD5 15c0497b21eb12960fbec91523df8b30
     )
     FetchContent_MakeAvailable(raii)
 endif()
@@ -48,8 +48,8 @@ endif()
 find_package(opentls QUIET)
 if(NOT opentls_FOUND)
     FetchContent_Declare(opentls
-        URL https://github.com/zelang-dev/openTLS/archive/refs/tags/4.1.6.zip
-        URL_MD5 25e2c2d820724473ff3ac053cb2ebb68
+        URL https://github.com/zelang-dev/openTLS/archive/refs/tags/4.1.8.zip
+        URL_MD5 e5f9f4b7ae0a2ed0939d954c9a698acd
     )
     if(WIN32)
         add_definitions(-DOPENSSL_MSVC_STATIC_RT=TRUE)

cert.pem

@@ -11,17 +11,19 @@ int uv_main(int argc, char **argv) {
         return 1;
     }
 
+	defer((func_t)EVP_PKEY_free, pkey);
     /* Generate the certificate. */
     puts("Generating x509 certificate..."CLR_LN);
     X509 *x509 = x509_self(pkey, NULL, NULL, name);
     if (!x509) {
         return 1;
     }
 
+	defer((func_t)X509_free, x509);
     /* Write the private key and certificate out to disk. */
     puts("Writing key and certificate to disk..."CLR_LN);
-    if (x509_self_export(pkey, x509, name)) {
-        puts("Success!");
+	if (x509_pkey_write(pkey, x509)) {
+        puts("Success!"CLR_LN);
         return 0;
     }
 

examples/create-x509.c

@@ -5,9 +5,10 @@
 
 void new_connection(uv_stream_t *socket) {
 	string data = stream_read(socket);
-	printf(CLR_LN"%s\n", data);
-	if (data)
+	if (data) {
 		stream_write(socket, data);
+		stream_flush(socket);
+	}
 }
 
 int uv_main(int argc, char **argv) {

examples/tcp-echo-server.c

@@ -434,7 +434,7 @@ C_API tty_err_t *tty_err(void);
 C_API string stream_read(uv_stream_t *);
 C_API string stream_read_once(uv_stream_t *);
 C_API string stream_read_wait(uv_stream_t *);
-C_API int stream_write(uv_stream_t *, string_t text);
+C_API int stream_write(uv_stream_t *, string_t data);
 C_API int stream_shutdown(uv_stream_t *);
 
 /*
@@ -456,6 +456,7 @@ C_API uv_stream_t *stream_connect_ex(uv_handle_type scheme, string_t address, in
 *
 * NOTE: Combines `uv_listen` and `uv_accept`. */
 C_API uv_stream_t *stream_listen(uv_stream_t *, int backlog);
+C_API int stream_flush(uv_stream_t *);
 
 /*
 * Parse `address` separating `scheme`, `host`, and `port`.
@@ -539,6 +540,7 @@ C_API void queue_delete(future);
 
 C_API uv_loop_t *asio_loop(void);
 C_API void_t asio_abort(void_t, int, routine_t *);
+C_API void asio_switch(routine_t *);
 
 /* For displaying Cpu core count, library version, and OS system info from `uv_os_uname()`. */
 C_API string_t asio_uname(void);
@@ -564,18 +566,14 @@ C_API bool is_tty_err(void_t);
 C_API bool is_addrinfo(void_t);
 C_API bool is_nameinfo(void_t);
 
-C_API bool is_promise(void_t);
-C_API bool is_future(void_t);
-
 /* This library provides its own ~main~,
 which call this function as an coroutine! */
 C_API int uv_main(int, char **);
 C_API u32 delay(u32 ms);
 
 typedef struct {
-	volatile bool ready;
-	size_t max;
 	ssize_t status;
+	size_t max;
 	unsigned char *buf;
 	routine_t *thread;
 } async_state;
@@ -585,57 +583,6 @@ C_API async_state *req_getasync_state(void_t);
 
 C_API sockaddr_t *sockaddr(string_t host, int port);
 
-#ifdef _WIN32
-#define _BIO_MODE_R(flags) (((flags) & PKCS7_BINARY) ? "rb" : "r")
-#define _BIO_MODE_W(flags) (((flags) & PKCS7_BINARY) ? "wb" : "w")
-#else
-#define _BIO_MODE_R(flags) "r"
-#define _BIO_MODE_W(flags) "w"
-#endif
-/* OpenSSL Certificate */
-typedef struct certificate_object ASIO_cert_t;
-
-/* OpenSSL AsymmetricKey */
-typedef struct pkey_object ASIO_pkey_t;
-
-/* OpenSSL Certificate Signing Request */
-typedef struct x509_request_object ASIO_req_t;
-
-C_API bool is_pkey(void_t);
-C_API bool is_cert_req(void_t);
-C_API bool is_cert(void_t);
-
-C_API string_t cert_file(void);
-C_API string_t pkey_file(void);
-C_API string_t csr_file(void);
-
-C_API void ASIO_ssl_error(void);
-C_API void ASIO_ssl_init(void);
-
-C_API ASIO_pkey_t *pkey_create(u32 num_pairs, ...);
-C_API ASIO_req_t *csr_create(EVP_PKEY *pkey, u32 num_pairs, ...);
-C_API ASIO_cert_t *x509_create(EVP_PKEY *pkey, u32 num_pairs, ...);
-
-C_API X509* csr_sign(ASIO_req_t *,
-                     ASIO_cert_t *,
-                     ASIO_pkey_t *,
-                     int days,
-                     int serial,
-					 arrays_t options);
-
-C_API X509 *x509_get(string_t file_path);
-C_API EVP_PKEY *pkey_get(string_t file_path);
-C_API string x509_str(X509 *cert, bool show_details);
-
-C_API bool pkey_x509_export(EVP_PKEY *pkey, string_t path_noext);
-C_API bool csr_x509_export(X509_REQ *req, string_t path_noext);
-C_API bool cert_x509_export(X509 *cert, string_t path_noext);
-
-C_API EVP_PKEY *rsa_pkey(int keylength);
-C_API X509 *x509_self(EVP_PKEY *pkey, string_t country, string_t org, string_t domain);
-C_API bool x509_self_export(EVP_PKEY *pkey, X509 *x509, string_t path_noext);
-
-C_API void use_certificate(string path, u32 ctx_pairs, ...);
 #ifdef __cplusplus
 }
 #endif

include/asio.h

@@ -8,17 +8,9 @@
 #include <openssl/ossl_typ.h>
 #include <stdbool.h>
 #include <tls.h>
+#include <rtypes.h>
 #include <uv.h>
 
-// https://wiki.mozilla.org/Security/Server_Side_TLS
-// https://wiki.mozilla.org/index.php?title=Security/Server_Side_TLS&oldid=1080944
-// "Modern" compatibility ciphersuite
-#define ASYNC_TLS_CIPHERS "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK"
-
-// According to SSL Labs, enabling TLS1.1 doesn't do any good...
-// Not 100% sure about its status in IE11 though.
-#define ASYNC_TLS_PROTOCOLS (TLS_PROTOCOLS_DEFAULT)
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -28,6 +20,8 @@ typedef struct tls tls_s;
 typedef struct {
 	uv_tcp_t *stream;
 	tls_s *secure;
+	unsigned flags;
+	int err;
 	void *data;
 	char *buf;
 } async_tls_t;
@@ -40,9 +34,63 @@ char const *async_tls_error(async_tls_t  *const socket);
 
 char *async_tls_read(async_tls_t *const socket);
 ssize_t async_tls_write(async_tls_t *const socket, unsigned char const *const buf, size_t const len);
+int async_tls_flush(async_tls_t *const socket);
 
 ssize_t async_read(uv_stream_t *const stream, unsigned char *const buf, size_t const max);
 
+#ifdef _WIN32
+#define _BIO_MODE_R(flags) (((flags) & PKCS7_BINARY) ? "rb" : "r")
+#define _BIO_MODE_W(flags) (((flags) & PKCS7_BINARY) ? "wb" : "w")
+#else
+#define _BIO_MODE_R(flags) "r"
+#define _BIO_MODE_W(flags) "w"
+#endif
+/* OpenSSL Certificate */
+typedef struct certificate_object ASIO_cert_t;
+
+/* OpenSSL AsymmetricKey */
+typedef struct pkey_object ASIO_pkey_t;
+
+/* OpenSSL Certificate Signing Request */
+typedef struct x509_request_object ASIO_req_t;
+
+C_API bool is_pkey(void_t);
+C_API bool is_cert_req(void_t);
+C_API bool is_cert(void_t);
+
+C_API string_t cert_file(void);
+C_API string_t pkey_file(void);
+C_API string_t csr_file(void);
+
+C_API void ASIO_ssl_error(void);
+C_API void ASIO_ssl_init(void);
+
+C_API ASIO_pkey_t *pkey_create(u32 num_pairs, ...);
+C_API ASIO_req_t *csr_create(EVP_PKEY *pkey, u32 num_pairs, ...);
+C_API ASIO_cert_t *x509_create(EVP_PKEY *pkey, u32 num_pairs, ...);
+
+C_API X509 *csr_sign(ASIO_req_t *,
+	ASIO_cert_t *,
+	ASIO_pkey_t *,
+	int days,
+	int serial,
+	arrays_t options);
+
+C_API X509 *x509_get(string_t file_path);
+C_API EVP_PKEY *pkey_get(string_t file_path);
+C_API string x509_str(X509 *cert, bool show_details);
+
+C_API bool pkey_x509_export(EVP_PKEY *pkey, string_t path_noext);
+C_API bool csr_x509_export(X509_REQ *req, string_t path_noext);
+C_API bool cert_x509_export(X509 *cert, string_t path_noext);
+C_API bool x509_pkey_write(EVP_PKEY *pkey, X509 *x509);
+
+C_API EVP_PKEY *rsa_pkey(int keylength);
+C_API X509 *x509_self(EVP_PKEY *pkey, string_t country, string_t org, string_t domain);
+C_API bool x509_self_export(EVP_PKEY *pkey, X509 *x509, string_t path_noext);
+
+C_API void use_certificate(string path, u32 ctx_pairs, ...);
+
 #ifdef __cplusplus
 }
 #endif