feat(net, veb): add OpenSSL-based HTTPS server support #7
guweigang
### Summary This PR implements OpenSSL-based HTTPS server capabilities in `net.openssl` and integrates it into the `veb` web framework. Previously, `veb` only supported running HTTPS servers using `net.mbedtls`. When compiling with `-d use_openssl`, `veb` HTTPS servers were unavailable and would return a compile/runtime error. ### Details of Changes 1. **`net.openssl`**: - Added missing OpenSSL C bindings: `C.TLS_server_method`, `C.SSL_CTX_check_private_key`, `C.SSL_accept`, and `C.ERR_print_errors_fp`. - Implemented `SSLListener` along with `new_ssl_listener(saddr, config)` and `shutdown()`. - Decoupled TCP connection acceptance from SSL handshaking by introducing `accept_without_handshake()` and `accept_handshake()`. This allows V's concurrent applications (like `veb`) to accept sockets on the main thread and perform slow TLS handshakes concurrently in spawned coroutines, avoiding blocking the main event loop. - **Address Review Comment P1 (mTLS / Client Verification)**: Added client certificate verification support in the OpenSSL listener. When `validate: true` and CA certificate `verify` are configured in `SSLConnectConfig`, the listener loads the CA certificate and enforces client validation via `SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, ...)` and `SSL_CTX_load_verify_locations`. - **Address Review Comment P2 (Old OpenSSL Compat)**: Added a compatibility wrapper `v_net_openssl_TLS_server_method` in `openssl_compat.h` falling back to `SSLv23_server_method()` when building on systems with OpenSSL older than 1.1.0 or LibreSSL. 2. **`net.ssl`**: - Exported `SSLListener` and `new_ssl_listener` dynamically in both `ssl_d_use_openssl.v` and `ssl_notd_use_openssl.v` to keep the unified wrapper layer consistent. 3. **`veb`**: - Refactored `vlib/veb/ssl_d_use_openssl.v` to utilize the new `openssl.SSLListener`. When compiled with `-d use_openssl`, `veb` now properly runs HTTPS servers using OpenSSL while completely excluding any link dependencies to `mbedtls`. - Enabled concurrent handshaking in spawned connection handlers using `accept_handshake()`. - **Address Review Comment P3 (Prevent malformed HTTP/ 0 responses)**: Added a guard in `write_ssl_context_response` to reject incomplete context requests (i.e. where `!completed_context.done && completed_context.return_type == .normal`), closing the connection properly instead of sending an empty `HTTP/ 0` response. 4. **Tests**: - Added `vlib/net/openssl/openssl_sslconn_shutdown_does_not_panic_test.v` to verify OpenSSL server binding, client dialing, handshaking, and clean connection shutdowns without panicking or double-freeing. - Refactored the old `ssl_test.v` into two platform-specific/define-specific test files: `ssl_test_d_use_openssl.v` (for testing OpenSSL HTTPS) and `ssl_test_notd_use_openssl.v` (for testing MbedTLS HTTPS) to avoid unknown module compiler issues. ### Checklist - [x] I have formatted my V files with `v fmt -w`. - [x] I have added standard V doc comments for all new public functions and structures. - [x] All new and existing tests pass. ### Tests Run ```bash # 1. OpenSSL server & client handshake and shutdown test ./v vlib/net/openssl/openssl_sslconn_shutdown_does_not_panic_test.v # 2. Veb HTTPS integration test under OpenSSL mode ./v -d use_openssl vlib/veb/tests/ssl_test_d_use_openssl.v # 3. Veb HTTPS integration test under default MbedTLS mode ./v vlib/veb/tests/ssl_test_notd_use_openssl.v # 4. Full veb test suite runs and passes on both macOS (host) and Ubuntu Linux (VM) under `-d use_openssl` ```