http: support HTTPS (kinda)

It's barely any effort at all to support HTTPS now that we have NNTPS support and can share all the code for writing daemons. However, we still depend on Varnish to avoid hug-of-death situations, so supporting reverse-proxying will be required.
author: Eric Wong <e@80x24.org> 2019-06-28 08:18:51 +0000
committer: Eric Wong <e@80x24.org> 2019-06-29 19:59:00 +0000
commit: eaa0a245e3e1da46ab6b3a8e0025883b0011fa07 (patch)
tree: 18f79a27c667767059add0bd0a247b91e3d633eb /lib/PublicInbox
parent: df815ac5b2614f7278ca747750ea7e92ecd0986c (diff)
download: public-inbox-eaa0a245e3e1da46ab6b3a8e0025883b0011fa07.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm
index b8912950..680be72b 100644
--- a/lib/PublicInbox/HTTP.pm
+++ b/lib/PublicInbox/HTTP.pm
@@ -56,8 +56,16 @@ sub http_date () {
  sub new ($$$) {
          my ($class, $sock, $addr, $httpd) = @_;
          my $self = fields::new($class);
-        $self->SUPER::new($sock, EPOLLIN | EPOLLONESHOT);
+        my $ev = EPOLLIN;
+        my $wbuf;
+        if (ref($sock) eq 'IO::Socket::SSL' && !$sock->accept_SSL) {
+                return CORE::close($sock) if $! != EAGAIN;
+                $ev = PublicInbox::TLS::epollbit();
+                $wbuf = [ \&PublicInbox::DS::accept_tls_step ];
+        }
+        $self->SUPER::new($sock, $ev | EPOLLONESHOT);
          $self->{httpd} = $httpd;
+        $self->{wbuf} = $wbuf if $wbuf;
          ($self->{remote_addr}, $self->{remote_port}) =
                  PublicInbox::Daemon::host_with_port($addr);
          $self;
author	Eric Wong <e@80x24.org>	2019-06-28 08:18:51 +0000
committer	Eric Wong <e@80x24.org>	2019-06-29 19:59:00 +0000
commit	eaa0a245e3e1da46ab6b3a8e0025883b0011fa07 (patch)
tree	18f79a27c667767059add0bd0a247b91e3d633eb /lib/PublicInbox
parent	df815ac5b2614f7278ca747750ea7e92ecd0986c (diff)
download	public-inbox-eaa0a245e3e1da46ab6b3a8e0025883b0011fa07.tar.gz