Hi, I have implemented SSL support for snap-server, you can see the result in this commit
http://github.com/wuzzeb/snap-server/commit/33170f1198234126b5809b25f25953632d2f91b2 I just directly bind to gnutls because the existing hackage package uses lazy bytestrings and the API of the hackage package wasn't really what we would want. It isn't quite ready to be pulled because I would like your feedback on a few points: - The way I think the ev backend will work is that for each cpu we create two mkEvIO, one for the normal socket and one for the ssl socket. Both will feed the same Channel. Then in withConnection we test and see if we have an ssl session. Thus for each cpu we have two accept threads feeding one thread calling withConnection. Do you think instead we should create 2n backends? We could use mkEvIO to create two different accept callbacks in Backend.new and stick them in the same evLoop, but have the two accept callbacks create their own private channels to pass on two two separate threads both bound to the same cpu calling withConnection. - We need to add the ssl ports and key files in the configuration, and update Snap/Http/Server.hs to call httpsServe. - We need to somehow expose isSecure in the Request data type. - I probably need to do some cabal hacking allow the server to be built without SSL support. Thanks, John _______________________________________________ Snap mailing list [email protected] http://mailman-mail5.webfaction.com/listinfo/snap
