Skip to content

feat(net, veb): add OpenSSL-based HTTPS server support#27480

Open
guweigang wants to merge 1 commit into
vlang:masterfrom
guweigang:openssl-https
Open

feat(net, veb): add OpenSSL-based HTTPS server support#27480
guweigang wants to merge 1 commit into
vlang:masterfrom
guweigang:openssl-https

Conversation

@guweigang

@guweigang guweigang commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR implements OpenSSL-based HTTPS server capabilities in net.openssl and integrates it into the veb web framework. Previously, veb only supported running HTTPS servers using net.mbedtls. When compiling with -d use_openssl, veb HTTPS servers were unavailable and would return a compile/runtime error.

Details of Changes

  1. net.openssl:

    • Added missing OpenSSL C bindings: C.TLS_server_method, C.SSL_CTX_check_private_key, C.SSL_accept, and C.ERR_print_errors_fp.
    • Implemented SSLListener along with new_ssl_listener(saddr, config) and shutdown().
    • Decoupled TCP connection acceptance from SSL handshaking by introducing accept_without_handshake() and accept_handshake(). This allows V's concurrent applications (like veb) to accept sockets on the main thread and perform slow TLS handshakes concurrently in spawned coroutines, avoiding blocking the main event loop.

  2. net.ssl:

    • Exported SSLListener and new_ssl_listener dynamically in both ssl_d_use_openssl.v and ssl_notd_use_openssl.v to keep the unified wrapper layer consistent.

  3. veb:

    • Refactored vlib/veb/ssl_d_use_openssl.v to utilize the new openssl.SSLListener. When compiled with -d use_openssl, veb now properly runs HTTPS servers using OpenSSL while completely excluding any link dependencies to mbedtls.
    • Enabled concurrent handshaking in spawned connection handlers using accept_handshake().

  4. Tests:

    • Added vlib/net/openssl/openssl_sslconn_shutdown_does_not_panic_test.v to verify OpenSSL server binding, client dialing, handshaking, and clean connection shutdowns without panicking or double-freeing.
    • Refactored the old ssl_test.v into two platform-specific/define-specific test files: ssl_test_d_use_openssl.v (for testing OpenSSL HTTPS) and ssl_test_notd_use_openssl.v (for testing MbedTLS HTTPS) to avoid unknown module compiler issues.

Checklist

  • I have formatted my V files with v fmt -w.
  • I have added standard V doc comments for all new public functions and structures.
  • All new and existing tests pass.

Tests Run

# 1. OpenSSL server & client handshake and shutdown test
./v vlib/net/openssl/openssl_sslconn_shutdown_does_not_panic_test.v

# 2. Veb HTTPS integration test under OpenSSL mode
./v -d use_openssl vlib/veb/tests/ssl_test_d_use_openssl.v

# 3. Veb HTTPS integration test under default MbedTLS mode
./v vlib/veb/tests/ssl_test_notd_use_openssl.v

All tests passed successfully on local machine.

@guweigang guweigang marked this pull request as ready for review June 17, 2026 14:10
@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 17, 2026

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@guweigang