net.ssl: switch to mbedtls over openssl (#15841)

vlib/net/http/backend_nix.c.v

@@ -3,113 +3,33 @@
 // that can be found in the LICENSE file.
 module http
 
+import net.ssl
 import strings
-import net.openssl
-import os
-import time
-
-const (
-	is_used = openssl.is_used
-)
 
 fn (req &Request) ssl_do(port int, method Method, host_name string, path string) ?Response {
-	// ssl_method := C.SSLv23_method()
-	ctx := C.SSL_CTX_new(C.TLS_method())
-	defer {
-		if ctx != 0 {
-			C.SSL_CTX_free(ctx)
-		}
-	}
-	C.SSL_CTX_set_verify_depth(ctx, 4)
-	flags := C.SSL_OP_NO_SSLv2 | C.SSL_OP_NO_SSLv3 | C.SSL_OP_NO_COMPRESSION
-	C.SSL_CTX_set_options(ctx, flags)
-	// Support client certificates:
-	mut verify := req.verify
-	mut cert := req.cert
-	mut cert_key := req.cert_key
-	if req.in_memory_verification {
-		now := time.now().unix.str()
-		verify = os.temp_dir() + '/v_verify' + now
-		cert = os.temp_dir() + '/v_cert' + now
-		cert_key = os.temp_dir() + '/v_cert_key' + now
-		if req.verify != '' {
-			os.write_file(verify, req.verify)?
-		}
-		if req.cert != '' {
-			os.write_file(cert, req.cert)?
-		}
-		if req.cert_key != '' {
-			os.write_file(cert_key, req.cert_key)?
-		}
-	}
-	mut res := 0
-	if req.verify != '' {
-		res = C.SSL_CTX_load_verify_locations(ctx, &char(verify.str), 0)
-		if req.validate && res != 1 {
-			return error('http: openssl: SSL_CTX_load_verify_locations failed')
-		}
-	}
-	if req.cert != '' {
-		res = C.SSL_CTX_use_certificate_file(ctx, &char(cert.str), C.SSL_FILETYPE_PEM)
-		if req.validate && res != 1 {
-			return error('http: openssl: SSL_CTX_use_certificate_file failed, res: $res')
-		}
-	}
-	if req.cert_key != '' {
-		res = C.SSL_CTX_use_PrivateKey_file(ctx, &char(cert_key.str), C.SSL_FILETYPE_PEM)
-		if req.validate && res != 1 {
-			return error('http: openssl: SSL_CTX_use_PrivateKey_file failed, res: $res')
-		}
-	}
-	// the setup is done, prepare an ssl connection from the SSL context:
-	web := C.BIO_new_ssl_connect(ctx)
-	defer {
-		if web != 0 {
-			C.BIO_free_all(web)
-		}
-	}
-	addr := host_name + ':' + port.str()
-	res = C.BIO_set_conn_hostname(web, addr.str)
-	ssl := &openssl.SSL(0)
-	C.BIO_get_ssl(web, &ssl)
-	preferred_ciphers := 'HIGH:!aNULL:!kRSA:!PSK:!SRP:!MD5:!RC4'
-	res = C.SSL_set_cipher_list(voidptr(ssl), &char(preferred_ciphers.str))
-	if res != 1 {
-		return error('http: openssl: SSL_set_cipher_list failed, res: $res')
-	}
-	res = C.SSL_set_tlsext_host_name(voidptr(ssl), host_name.str)
-	res = C.BIO_do_connect(web)
-	if res != 1 {
-		return error('http: openssl: BIO_do_connect failed, res: $res (potential network issue?)')
-	}
-	res = C.BIO_do_handshake(web)
-	pcert := C.SSL_get_peer_certificate(voidptr(ssl))
-	defer {
-		if pcert != 0 {
-			C.X509_free(pcert)
-		}
-	}
-	res = C.SSL_get_verify_result(voidptr(ssl))
-	if req.validate && res != C.X509_V_OK {
-		return error('http: openssl: SSL_get_verify_result failed, res: $res')
-	}
-	// /////
+	mut ssl_conn := ssl.new_ssl_conn(
+		verify: req.verify
+		cert: req.cert
+		cert_key: req.cert_key
+		validate: req.validate
+		in_memory_verification: req.in_memory_verification
+	)?
+	ssl_conn.dial(host_name, port) or { return err }
+
 	req_headers := req.build_request_headers(method, host_name, path)
 	$if trace_http_request ? {
 		eprintln('> $req_headers')
 	}
 	// println(req_headers)
-	C.BIO_puts(web, &char(req_headers.str))
+	ssl_conn.write_string(req_headers) or { return err }
+
 	mut content := strings.new_builder(100)
 	mut buff := [bufsize]u8{}
 	bp := unsafe { &buff[0] }
 	mut readcounter := 0
 	for {
 		readcounter++
-		len := unsafe { C.BIO_read(web, bp, bufsize) }
-		if len <= 0 {
-			break
-		}
+		len := ssl_conn.socket_read_into_ptr(bp, bufsize) or { break }
 		$if debug_http ? {
 			eprintln('ssl_do, read ${readcounter:4d} | len: $len')
 			eprintln('-'.repeat(20))
@@ -118,6 +38,7 @@ fn (req &Request) ssl_do(port int, method Method, host_name string, path string)
 		}
 		unsafe { content.write_ptr(bp, len) }
 	}
+	ssl_conn.shutdown()?
 	response_text := content.str()
 	$if trace_http_response ? {
 		eprintln('< $response_text')