unclear how to add openssl support

[stoneburner]

Hi, i was able to use facil.io as websocket client, now i need tls support and tried to add openssl...

I cloned openssl, compiled it and added the headers to the include search path - but if i include <fio_tls.h> and call fio_tls_s * tls = fio_tls_new("www.example.com", NULL, NULL, NULL); then i get the output:
FATAL: No supported SSL/TLS library available.

i also tried setting some defines i found in the source:

#define HAVE_OPENSSL
#define FIO_TLS_FOUND

#include <http.h>
#include <fio.h>
#include <fio_tls.h>

this did not change anything, unfortunately

[boazsegev]

Hi @stoneburner ,

Thank you for opening this issue.

The makefile provided should automatically test for OpenSSL, if available. It also tests for the minimum version required - version 1.1.1.

Could you provide more details about your environment? OS? OpenSSL version? facil.io version?

Thank you!

[stoneburner]

the os is mac os catalina 10.15
the openssl version is the current one (3.0.0)
facil.io is a fresh clone from github (0.7.3)

i was able to compile the .a file using cmake, but i would prefer to just use the code - so i tried to figure out what i need to #define in order to use openssl as dynamic lib.

so my goal would be to use facil.io as "code library (so i can also remove some not needed parts) and load openssl as dynamic library.

an example on how to connect as client with https and upgrade the connection to websockets would be highly appreciated :)

[boazsegev]

i was able to compile the .a file using cmake, but i would prefer to just use the code - so i tried to figure out what i need to #define in order to use openssl as dynamic lib.

The CMake support might not work unless you update the CMake file to test for (and add) OpenSSL.

However, the GNU make (ships with MacOS) should automatically test for OpenSSL.

so my goal would be to use facil.io as "code library (so i can also remove some not needed parts) and load openssl as dynamic library.

This is exactly how facil.io was meant to be used.

the openssl version is the current one (3.0.0)

I think you might be referring to the OpenSSL development draft version (not yet released, might be insecure, and probably not supported by facil.io, since it's breaking the 1.1.1 API). Or you might be referring to LibreSSL which is the library shipped with MacOS.

The latest OpenSSL release is the 1.1.1 version, AFAIK.

Could you try installing the OpenSSL 1.1.1 version and see if make works for you?

an example on how to connect as client with https and upgrade the connection to websockets would be highly appreciated.

I'd love to, but honestly I'm a little swamped right now.

I think that the simple WebSocket client API (which I expect to change in version 0.8.0) doesn't support TLS just yet.

The existing approach needs to use http_connect, with a TLS context

Another approach would be to change these lines of code to create an automatic TLS anonymous context when missing:

facil.io/lib/facil/http/http.c

Lines 1061 to 1066 in c130672

	if (is_secure && !arg_settings.tls) {
	FIO_LOG_ERROR("Secure connections (%.*s) require a TLS object.",
	(int)u.scheme.len, u.scheme.data);
	errno = EINVAL;
	goto on_error;
	}

By updating these lines, you could use the existing websocket client with a wss URL scheme ("wss://example.com").

You would also need to add memory management for the new TLS object, such as destroying the self-made TLS context after the call to fio_connect but before the function returns.

Good Luck!