fixes

CMakeLists.txt

@@ -22,9 +22,6 @@ message (STATUS "[tgbm] TGBM_CLANG_FORMAT: ${TGBM_CLANG_FORMAT}")
 message (STATUS "[tgbm] TGBM_PYTHON: ${TGBM_PYTHON}")
 
 # also options:
-# - TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH
-#     define to path for setting additional path to ssl ceritficate,
-#     by default uses only default ssl pathes(they may be unreachable on windows)
 # - TGBM_SSL_KEYS_FILE
 #     define to path where ssl keys will be stored for debug using wireshark
 #     disabled by default
@@ -145,11 +142,6 @@ if (DEFINED TGBM_SSL_KEYS_FILE)
   target_compile_definitions(tgbmlib PUBLIC TGBM_SSL_KEYS_FILE="${TGBM_SSL_KEYS_FILE}")
 endif()
 
-if (DEFINED TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH)
-  message (STATUS "[tgbm] TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH: ${TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH}")
-  target_compile_definitions(tgbmlib PUBLIC TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH="${TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH}")
-endif()
-
 # disable warnings for third party libs
 
 if (MSVC)

include/tgbm/net/http2_client.hpp

@@ -69,7 +69,6 @@ struct http2_client_options {
   uint32_t max_send_frame_size = 8 * 1024;  // 8 KB
   uint32_t max_receive_frame_size = uint32_t(-1);
   uint32_t hpack_dyntab_size = 4096;
-  // TODO https/http (? erase start_read / start_write)
   // sends ping when there are no requests(for keeping alive). disabled by default
   duration_t ping_interval = duration_t::max();
   // duration_t::max() disables timeouts

include/tgbm/net/http_base.hpp

@@ -52,6 +52,7 @@ struct http_header_t {
   std::string value;
 };
 
+// TODO use const_string here
 // client knows authority and scheme and sets it
 struct http_request {
   // Host for HTTP1/1, :authority for HTTP2
@@ -60,9 +61,11 @@ struct http_request {
   // must be setted to not empty string
   std::string path;
   http_method_e method = http_method_e::UNKNOWN;
+  // 'scheme' is for server, clients will ignore it and use their scheme instead
   scheme_e scheme = scheme_e::UNKNOWN;
-  http_body body;
-  std::vector<http_header_t> headers;  // additional headers, all must be lowercase for HTTP2
+  http_body body = {};
+  // additional headers, all must be lowercase for HTTP2
+  std::vector<http_header_t> headers;
 };
 
 struct http_response {

include/tgbm/net/ssl_context.hpp

@@ -5,6 +5,7 @@
 #include <boost/intrusive_ptr.hpp>
 
 #include <filesystem>
+#include <span>
 
 namespace tgbm {
 
@@ -39,9 +40,9 @@ struct ssl_context {
   }
 };
 
-ssl_context_ptr make_ssl_context_for_http2();
+ssl_context_ptr make_ssl_context_for_http2(std::span<const std::filesystem::path> additional_certs);
 
-ssl_context_ptr make_ssl_context_for_http11();
+ssl_context_ptr make_ssl_context_for_http11(std::span<const std::filesystem::path> additional_certs);
 
 // returns null on error
 ssl_context_ptr make_ssl_context_for_server(std::filesystem::path certificate,

include/tgbm/net/tcp_connection.hpp

@@ -24,18 +24,19 @@ namespace asio = boost::asio;
 struct tcp_connection_options {
   uint32_t send_buffer_size = 1024 * 1024 * 4;     // 4 MB
   uint32_t receive_buffer_size = 1024 * 1024 * 4;  // 4 MB
+  std::vector<std::filesystem::path> additional_ssl_certificates;
   // adds delay (waiting for new requests to merge them)
   bool merge_small_requests = false;
   bool is_primal_connection = true;
   /*
-    use only for testing,
+    default true, because in most cases (windows...) it will produce errors until you set
+    'additional_ssl_certificates'
 
     if you are receiving error with ssl hanfshake,
     add verify path for your certificate, specially on windows, where default path may be unreachable
     you can download default cerifiers here: (https://curl.se/docs/caextract.html)
-    then set TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH and recompile program
   */
-  bool disable_ssl_certificate_verify = false;
+  bool disable_ssl_certificate_verify = true;
 
   template <typename E>
   void apply(asio::basic_socket<asio::ip::tcp, E>& tcp_sock) {

src/Api.cpp

@@ -2273,7 +2273,11 @@ dd::task<std::vector<GameHighScore::Ptr>> Api::getGameHighScores(std::int64_t us
 dd::task<int> Api::downloadFile(
     std::string filePath, fn_ref<void(std::span<const byte_t>, bool is_last_chunk)> on_data_part) const {
   int status = co_await _httpClient.send_request(
-      nullptr, &on_data_part, http_request{.path = fmt::format("/file/bot{}/{}", get_token(), filePath)},
+      nullptr, &on_data_part,
+      http_request{.authority = {},
+                   .path = fmt::format("/file/bot{}/{}", get_token(), filePath),
+                   .method = http_method_e::GET,
+                   .scheme = scheme_e::HTTPS},
       duration_t::max());
   co_return status;
 }

src/Bot.cpp

@@ -35,16 +35,14 @@ dd::task<void> Bot::get_and_handle_updates(std::chrono::seconds update_wait_time
   on_scope_exit {
     _client->stop();
   };
-repeat_try:
   try {
     co_foreach(Update::Ptr update,
                long_poll(get_api(), 100, update_wait_timeout, nullptr, /*confirm_before_handle=*/true)) {
       _eventHandler.handleUpdate(update);
     }
   } catch (std::exception& e) {
     LOG_ERR("Bot getUpdates ended with exception, its ignored, err: {}", e.what());
-    goto repeat_try;
-    // LOG_ERR("getUpdates ended with exception, http client will be stopped, what: {}", e.what());
+    LOG_ERR("getUpdates ended with exception, http client will be stopped, what: {}", e.what());
   } catch (...) {
     LOG_ERR("getUpdates ended with unknown exception, http client will be stopped");
   }

src/net/http11_client.cpp

@@ -198,9 +198,13 @@ static dd::task<void> send_request(tcp_connection_ptr con, on_header_fn_ptr on_h
 
 http11_client::http11_client(size_t connections_max_count, std::string_view host,
                              tcp_connection_options tcp_opts)
-    : http_client(host), io_ctx(1), tcp_options(tcp_opts), connections(connections_max_count, [this]() {
+    : http_client(host),
+      io_ctx(1),
+      tcp_options(std::move(tcp_opts)),
+      connections(connections_max_count, [this]() {
         // Do not reuses ssl ctx because... just because + multithread no one knows how to work
-        return tcp_connection::create(io_ctx, std::string(get_host()), make_ssl_context_for_http11(),
+        return tcp_connection::create(io_ctx, std::string(get_host()),
+                                      make_ssl_context_for_http11(tcp_options.additional_ssl_certificates),
                                       tcp_options);
       }) {
 }

src/net/http2/protocol.cpp

@@ -40,15 +40,14 @@ void parse_http2_request_headers(hpack::decoder& d, std::span<const hpack::byte_
       authority_parsed = true;
       req.authority = header.value.str();
     } else {
-      break;
+      goto push_header;
     }
   }
-  if (header)
-    req.headers.push_back(http_header_t(std::string(header.name.str()), std::string(header.value.str())));
   while (in != e) {
     d.decode_header(in, e, header);
     if (!header)
       continue;
+  push_header:
     req.headers.push_back(http_header_t(std::string(header.name.str()), std::string(header.value.str())));
   }
 }

src/net/http2_client.cpp

@@ -129,7 +129,6 @@ static bytes_t generate_http2_headers(const http_request& request, hpack::encode
   auto out = std::back_inserter(headers);
 
   // required scheme, method, authority, path
-  assert(request.scheme == scheme_e::HTTPS);
   encoder.encode_header_fully_indexed(hdrs::scheme_https, out);
   switch (request.method) {
     case http_method_e::GET:
@@ -430,10 +429,6 @@ struct http2_connection {
     http2_connection_ptr lock = this;
     while (!timers.empty() && timers.top()->deadline.is_reached()) {
       // node deleted from timers by forgetting
-      LOG_DEBUG("END BY TIMEOUT, NOW {}, NODE(STREAM {})", timers.top()->req.streamid,
-                std::chrono::duration_cast<std::chrono::milliseconds>(timers.top()->deadline.tp -
-                                                                      std::chrono::steady_clock::now())
-                    .count());
       finish_request_by_timeout(*timers.top());
     }
   }
@@ -797,7 +792,8 @@ dd::job http2_client::start_connecting() {
         notify_connection_waiters(new_connection);
       };
       tcp_connection_ptr asio_con = co_await tcp_connection::create(
-          io_ctx, std::string(get_host()), make_ssl_context_for_http2(), tcp_options);
+          io_ctx, std::string(get_host()),
+          make_ssl_context_for_http2(tcp_options.additional_ssl_certificates), tcp_options);
       new_connection = co_await establish_http2_session(std::move(*asio_con), options);
     }
     assert(!connection);
@@ -1042,7 +1038,7 @@ dd::job http2_client::start_writer_for(http2_connection_ptr con) {
       write_pending_data_frames(std::move(unfinished), unfinished_handled, con).start_and_detach();
   }  // end loop handling requests
 end:
-  if (ec != asio::error::operation_aborted)
+  if (ec && ec != asio::error::operation_aborted)
     LOG_DEBUG("[HTTP2] connection dropped with network err {}", ec.what());
   drop_connection(reqerr_e::network_err);
 }

src/net/http2_server.cpp

@@ -691,7 +691,7 @@ dd::job http2_server::start_accept(asio::ip::tcp::endpoint ep) {
     }
     LOG_DEBUG("[HTTP2] accepted TCP socket");
 
-    ec = session_ctx.socket.handshake(asio::ssl::stream_base::server, ec);
+    co_await net.handshake(session_ctx.socket, asio::ssl::stream_base::server, ec);
     if (ec) {
       if (ec == asio::error::operation_aborted)
         co_return;

src/net/ssl_context.cpp

@@ -2,9 +2,10 @@
 #include "tgbm/logger.h"
 #include "tgbm/net/errors.hpp"
 
+#include <filesystem>
+
 #ifdef TGBM_SSL_KEYS_FILE
 #define TGBM_ENABLE_WIRESHARK_SUPPORT
-#include <filesystem>
 #include <fstream>
 #endif
 
@@ -26,7 +27,7 @@ static void keylog_callback(const SSL*, const char* line) {
 
 #endif
 
-ssl_context_ptr make_ssl_context_for_http11() {
+ssl_context_ptr make_ssl_context_for_http11(std::span<const std::filesystem::path> additional_certs) {
   namespace ssl = asio::ssl;
   asio::ssl::context_base::method method =
 #ifndef TGBM_ENABLE_WIRESHARK_SUPPORT
@@ -42,15 +43,14 @@ ssl_context_ptr make_ssl_context_for_http11() {
 #endif
   sslctx->ctx.set_default_verify_paths();
 
-#ifdef TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH
-  try {
-    sslctx->ctx.load_verify_file(TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH);
-    LOG("additional SSL certificate loaded, path: {}", TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH);
-  } catch (std::exception& e) {
-    LOG_ERR("error while loading ssl verify file, err: {}, path: {}", e.what(),
-            TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH);
+  for (io_error_code ec; const auto& p : additional_certs) {
+    std::filesystem::path ap = std::filesystem::absolute(p);
+    ec = sslctx->ctx.load_verify_file(ap.string(), ec);
+    if (ec)
+      LOG_ERR("error while loading ssl verify file, err: {}, path: {}", ec.what(), p.string());
+    else
+      LOG("additional SSL certificate loaded, path: {}", p.string());
   }
-#endif
 
   sslctx->ctx.set_options(ssl::context::default_workarounds | ssl::context::no_sslv2 |
                           ssl::context::no_sslv3 | ssl::context::single_dh_use |
@@ -63,8 +63,8 @@ ssl_context_ptr make_ssl_context_for_http11() {
   return sslctx;
 }
 
-ssl_context_ptr make_ssl_context_for_http2() {
-  ssl_context_ptr sslctx = make_ssl_context_for_http11();
+ssl_context_ptr make_ssl_context_for_http2(std::span<const std::filesystem::path> additional_certs) {
+  ssl_context_ptr sslctx = make_ssl_context_for_http11(additional_certs);
   const unsigned char alpn_protos[] = {0x02, 'h', '2'};  // HTTP/2
   if (0 != SSL_CTX_set_alpn_protos(sslctx->ctx.native_handle(), alpn_protos, sizeof(alpn_protos)))
     throw network_exception{"ALPN ctx broken {}", ERR_error_string(ERR_get_error(), nullptr)};

src/net/tcp_connection.cpp

@@ -56,15 +56,7 @@ dd::task<tcp_connection_ptr> tcp_connection::create(asio::io_context& io_ctx, st
     SSL_set_mode(socket.native_handle(), SSL_MODE_RELEASE_BUFFERS);
   co_await net.handshake(socket, ssl::stream_base::handshake_type::client, ec);
   if (ec) {
-    LOG_ERR(
-        "[TCP/SSL] cannot ssl handshake: {}"
-#ifndef TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH
-        ". If your certificate is not default or you are on windows (where default pathes may be unreachable)"
-        " define TGBM_SSL_ADDITIONAL_CERTIFICATE_PATH to provide additional certificate or use option "
-        "'disable_ssl_certificate_verify' (only for testing)"
-#endif
-        ,
-        ec.message());
+    LOG_ERR("[TCP/SSL] cannot ssl handshake: {}", ec.message());
     throw network_exception(ec);
   }
   co_return connection;