Add SSL support for open_stream_direct() and corresponding tests

yhirose · yhirose · commit 61374462b45b · 2025-11-26T01:29:49.000-05:00
diff --git a/httplib.h b/httplib.h
@@ -1402,7 +1402,25 @@ struct ClientConnection {
 
   // Move-only semantics
   ClientConnection() = default;
-  ~ClientConnection() = default;
+
+  ~ClientConnection() {
+#ifdef CPPHTTPLIB_OPENSSL_SUPPORT
+    if (ssl) {
+      // Non-graceful shutdown to avoid waiting for peer's close_notify
+      // This is acceptable since we're closing the connection anyway
+      SSL_free(ssl);
+      ssl = nullptr;
+    }
+#endif
+    if (sock != INVALID_SOCKET) {
+#ifdef _WIN32
+      closesocket(sock);
+#else
+      close(sock);
+#endif
+      sock = INVALID_SOCKET;
+    }
+  }
 
   ClientConnection(const ClientConnection &) = delete;
   ClientConnection &operator=(const ClientConnection &) = delete;
@@ -1485,6 +1503,21 @@ class ClientImpl {
     Stream *stream_ = nullptr;                     // Stream for reading
     detail::BodyReader body_reader_;               // Body reading state
 
+    // Default constructor
+    StreamHandle() = default;
+
+    // Move-only semantics (non-copyable due to unique_ptr members)
+    StreamHandle(const StreamHandle &) = delete;
+    StreamHandle &operator=(const StreamHandle &) = delete;
+    StreamHandle(StreamHandle &&) = default;
+    StreamHandle &operator=(StreamHandle &&) = default;
+
+    // Destructor: Cleans up socket connection.
+    // In socket direct mode, if the body was not fully read, remaining data
+    // is discarded and the connection is closed (cannot be reused).
+    // This is safe but may leave unread data in the socket buffer.
+    ~StreamHandle() = default;
+
     bool is_valid() const {
       return response != nullptr && error == Error::Success;
     }
@@ -9235,6 +9268,13 @@ ClientImpl::open_stream_direct(const std::string &path,
     auto is_alive = false;
     if (socket_.is_open()) {
       is_alive = detail::is_socket_alive(socket_.sock);
+#ifdef CPPHTTPLIB_OPENSSL_SUPPORT
+      if (is_alive && is_ssl()) {
+        if (detail::is_ssl_peer_could_be_closed(socket_.ssl, socket_.sock)) {
+          is_alive = false;
+        }
+      }
+#endif
       if (!is_alive) {
         shutdown_ssl(socket_, false);
         shutdown_socket(socket_);
@@ -9247,6 +9287,17 @@ ClientImpl::open_stream_direct(const std::string &path,
         handle.response.reset();
         return handle;
       }
+
+#ifdef CPPHTTPLIB_OPENSSL_SUPPORT
+      // Initialize SSL for SSL clients
+      if (is_ssl()) {
+        auto &scli = static_cast<SSLClient &>(*this);
+        if (!scli.initialize_ssl(socket_, handle.error)) {
+          handle.response.reset();
+          return handle;
+        }
+      }
+#endif
     }
 
     // Transfer socket ownership to StreamHandle
@@ -9258,10 +9309,22 @@ ClientImpl::open_stream_direct(const std::string &path,
     socket_.sock = INVALID_SOCKET;
   }
 
-  // Create SocketStream for the transferred socket
+  // Create appropriate stream for the transferred socket
+#ifdef CPPHTTPLIB_OPENSSL_SUPPORT
+  if (is_ssl() && handle.connection_->ssl) {
+    handle.socket_stream_ = detail::make_unique<detail::SSLSocketStream>(
+        handle.connection_->sock, handle.connection_->ssl, read_timeout_sec_,
+        read_timeout_usec_, write_timeout_sec_, write_timeout_usec_);
+  } else {
+    handle.socket_stream_ = detail::make_unique<detail::SocketStream>(
+        handle.connection_->sock, read_timeout_sec_, read_timeout_usec_,
+        write_timeout_sec_, write_timeout_usec_);
+  }
+#else
   handle.socket_stream_ = detail::make_unique<detail::SocketStream>(
       handle.connection_->sock, read_timeout_sec_, read_timeout_usec_,
       write_timeout_sec_, write_timeout_usec_);
+#endif
   handle.stream_ = handle.socket_stream_.get();
 
   // Build and send request
diff --git a/test/test20.cc b/test/test20.cc
@@ -530,6 +530,9 @@ TEST(ClientConnectionTest, IsOpenReturnsTrueWhenSocketValid) {
   conn.sock = 1; // Fake valid socket
 
   EXPECT_TRUE(conn.is_open());
+
+  // Reset to avoid closing invalid socket in destructor
+  conn.sock = INVALID_SOCKET;
 }
 
 TEST(ClientConnectionTest, MoveConstructor) {
@@ -540,6 +543,9 @@ TEST(ClientConnectionTest, MoveConstructor) {
 
   EXPECT_EQ(42, conn2.sock);
   EXPECT_EQ(INVALID_SOCKET, conn1.sock); // Moved-from state
+
+  // Reset to avoid closing invalid socket in destructor
+  conn2.sock = INVALID_SOCKET;
 }
 
 TEST(ClientConnectionTest, MoveAssignment) {
@@ -551,6 +557,9 @@ TEST(ClientConnectionTest, MoveAssignment) {
 
   EXPECT_EQ(42, conn2.sock);
   EXPECT_EQ(INVALID_SOCKET, conn1.sock); // Moved-from state
+
+  // Reset to avoid closing invalid socket in destructor
+  conn2.sock = INVALID_SOCKET;
 }
 
 //------------------------------------------------------------------------------
@@ -926,3 +935,70 @@ TEST_F(OpenStreamDirectTest, ChunkedResponseInPieces) {
 
   EXPECT_EQ("chunkchunkchunk", result);
 }
+
+// =============================================================================
+// Phase 2.7: SSL Support Tests
+// =============================================================================
+
+#ifdef CPPHTTPLIB_OPENSSL_SUPPORT
+class SSLOpenStreamDirectTest : public ::testing::Test {
+protected:
+  SSLOpenStreamDirectTest() : svr_("cert.pem", "key.pem") {}
+
+  void SetUp() override {
+    svr_.Get("/hello", [](const httplib::Request &, httplib::Response &res) {
+      res.set_content("Hello SSL World!", "text/plain");
+    });
+
+    svr_.Get("/chunked", [](const httplib::Request &, httplib::Response &res) {
+      res.set_chunked_content_provider(
+          "text/plain", [](size_t offset, httplib::DataSink &sink) {
+            if (offset < 15) {
+              sink.write("chunk", 5);
+              return true;
+            }
+            sink.done();
+            return true;
+          });
+    });
+
+    thread_ = std::thread([this]() { svr_.listen("127.0.0.1", 8788); });
+    svr_.wait_until_ready();
+  }
+
+  void TearDown() override {
+    svr_.stop();
+    if (thread_.joinable()) { thread_.join(); }
+  }
+
+  httplib::SSLServer svr_;
+  std::thread thread_;
+};
+
+TEST_F(SSLOpenStreamDirectTest, BasicSSLStream) {
+  httplib::SSLClient cli("127.0.0.1", 8788);
+  cli.enable_server_certificate_verification(false);
+
+  auto handle = cli.open_stream_direct("/hello");
+
+  ASSERT_TRUE(handle.is_valid());
+  EXPECT_EQ(200, handle.response->status);
+  EXPECT_TRUE(handle.is_socket_direct_mode());
+
+  auto body = handle.read_all();
+  EXPECT_EQ("Hello SSL World!", body);
+}
+
+TEST_F(SSLOpenStreamDirectTest, SSLChunkedResponse) {
+  httplib::SSLClient cli("127.0.0.1", 8788);
+  cli.enable_server_certificate_verification(false);
+
+  auto handle = cli.open_stream_direct("/chunked");
+
+  ASSERT_TRUE(handle.is_valid());
+  EXPECT_TRUE(handle.body_reader_.chunked);
+
+  auto body = handle.read_all();
+  EXPECT_EQ("chunkchunkchunk", body);
+}
+#endif
