From 822ee0584d4262f8386fccf91786b0b13fa7a18f Mon Sep 17 00:00:00 2001
From: Nagy Salem <me@muhnagy.com>
Date: Wed, 24 Jun 2020 21:49:56 +0300
Subject: [PATCH 1/4] Added support for SSL #51

---
 gearbox.go            | 12 ++++++++++++
 gearbox_test.go       | 26 ++++++++++++++++++++++++++
 ssl-cert-snakeoil.crt | 22 ++++++++++++++++++++++
 ssl-cert-snakeoil.key | 27 +++++++++++++++++++++++++++
 4 files changed, 87 insertions(+)
 create mode 100644 ssl-cert-snakeoil.crt
 create mode 100644 ssl-cert-snakeoil.key

diff --git a/gearbox.go b/gearbox.go
index 82d0ca7..e756517 100644
--- a/gearbox.go
+++ b/gearbox.go
@@ -200,6 +200,15 @@ type Settings struct {
 
 	// The maximum amount of time to wait for the next request when keep-alive is enabled
 	IdleTimeout time.Duration // default unlimited
+
+	// Enable TLS or not
+	TLSEnabled bool // default false
+
+	// The path of the TLS certificate
+	TLSCertPath string // default ""
+
+	// The path of the TLS key
+	TLSKeyPath string // default ""
 }
 
 // Route struct which holds each route info
@@ -269,6 +278,9 @@ func (gb *gearbox) Start(address string) error {
 		printStartupMessage(address)
 	}
 
+	if gb.settings.TLSEnabled == true {
+		return gb.httpServer.ServeTLS(ln, gb.settings.TLSCertPath, gb.settings.TLSKeyPath)
+	}
 	return gb.httpServer.Serve(ln)
 }
 
diff --git a/gearbox_test.go b/gearbox_test.go
index 0376343..0f6e20c 100644
--- a/gearbox_test.go
+++ b/gearbox_test.go
@@ -3,6 +3,7 @@ package gearbox
 import (
 	"bufio"
 	"bytes"
+	"crypto/tls"
 	"io/ioutil"
 	"net"
 	"net/http"
@@ -236,6 +237,31 @@ func TestStart(t *testing.T) {
 	gb.Start(":3000")
 }
 
+// TestStart tests start service method
+func TestStartWithTLS(t *testing.T) {
+	gb := New(&Settings{
+		DisableStartupMessage: true,
+		TLSKeyPath:            "ssl-cert-snakeoil.crt.key",
+		TLSCertPath:           "ssl-cert-snakeoil.crt.crt",
+		TLSEnabled:            true,
+	})
+
+	go func() {
+		time.Sleep(1000 * time.Millisecond)
+		_, err := tls.Dial("tcp",
+			"localhost:3000",
+			&tls.Config{
+				InsecureSkipVerify: true,
+			})
+		if err != nil {
+			t.Fatalf("StartWithSSL failed to connect with TLS error: %s", err)
+		}
+		gb.Stop()
+	}()
+
+	gb.Start(":3000")
+}
+
 // TestStartInvalidListener tests start with invalid listener
 func TestStartInvalidListener(t *testing.T) {
 	gb := New()
diff --git a/ssl-cert-snakeoil.crt b/ssl-cert-snakeoil.crt
new file mode 100644
index 0000000..325ce59
--- /dev/null
+++ b/ssl-cert-snakeoil.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnYCCQD7pt94/+oaVTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC
+RUUxEDAOBgNVBAgMB1RhbGxpbm4xEDAOBgNVBAcMB1RhbGxpbm4xEDAOBgNVBAoM
+B0dlYXJib3gxEDAOBgNVBAsMB0dlYXJib3gxEjAQBgNVBAMMCWxvY2FsaG9zdDEd
+MBsGCSqGSIb3DQEJARYObWVAbXVobmFneS5jb20wHhcNMjAwNjI0MTgzODE2WhcN
+MjEwNjI0MTgzODE2WjCBiDELMAkGA1UEBhMCRUUxEDAOBgNVBAgMB1RhbGxpbm4x
+EDAOBgNVBAcMB1RhbGxpbm4xEDAOBgNVBAoMB0dlYXJib3gxEDAOBgNVBAsMB0dl
+YXJib3gxEjAQBgNVBAMMCWxvY2FsaG9zdDEdMBsGCSqGSIb3DQEJARYObWVAbXVo
+bmFneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIlbxHqZnm
+mCOd7mW5XbqIxfd85rIoUnGgeTn+PoahjkV3A5uP9RCpRFig3TveR8gZM5argNMe
+eFqgppcEMSMWAQAaWGm/ieL94Xz3WuOBZg5ACrtpiHuThyVFvKpUp/2QwGNBeMI+
+1fgxCruylTJoNWPj2U/uPwsVuxxk/bpc9W+oWFXGc6tUYYv/XmmEW9WYrHZUZkR9
+bsu6iwcQUJo6poMNopqGPjEgTheLJn/QEx0Muk6ESxLJyLSbhIn9cXsoDsgaTp8l
+LG5nrWa1mwdYP48dQO5eqc8+HWX8ngfGzFf7RBZdMVw/oKOrImm70+jnwT1PFvDD
+JZsW0rlaOY8ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD3llJQnRiDKc4OqtnTr
+Hwt4jqazuysovHkpH2z++CiGWCRzLpKSuJDbhCfZzFeq3+h0gen2tVCuWaFVJDtI
+g81ANcagSIW9rxEMCrbn0cRsIWjpSCyE/+4alUh7f89bZJMQPR3IZBSs5aRHUVcY
+wIIOSWG882gN/a8R/atMYUWEmwSvWw43UWa/hlDYP6LuqhlTABa+GVMJdqA7q5F+
+oT8Em7KaEl8VszLKJQqu+fFJvBwkVj+qfp/8ziXxQ+DCtDLVdBcNnc7G9Zqj9xSR
+4xIje+189L/gI/uiEqxpPFwPwGUK4vsho4A2KTgoDMuz+wL8KkC7R5R3QvVtBZaz
+aa8=
+-----END CERTIFICATE-----
diff --git a/ssl-cert-snakeoil.key b/ssl-cert-snakeoil.key
new file mode 100644
index 0000000..8e2c459
--- /dev/null
+++ b/ssl-cert-snakeoil.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAyJW8R6mZ5pgjne5luV26iMX3fOayKFJxoHk5/j6GoY5FdwOb
+j/UQqURYoN073kfIGTOWq4DTHnhaoKaXBDEjFgEAGlhpv4ni/eF891rjgWYOQAq7
+aYh7k4clRbyqVKf9kMBjQXjCPtX4MQq7spUyaDVj49lP7j8LFbscZP26XPVvqFhV
+xnOrVGGL/15phFvVmKx2VGZEfW7LuosHEFCaOqaDDaKahj4xIE4XiyZ/0BMdDLpO
+hEsSyci0m4SJ/XF7KA7IGk6fJSxuZ61mtZsHWD+PHUDuXqnPPh1l/J4HxsxX+0QW
+XTFcP6CjqyJpu9Po58E9TxbwwyWbFtK5WjmPGQIDAQABAoIBAQCdgzf+7mg0dHRD
+qNmo3rmEfjECnAZ7M4KXCZtI08DVTOuvsd2PBlq3ETyn1hMVUjkH0UMYGmmvG8PP
+NAKTACMVPGPgTF1+U8E0rMV9WJofGw1FrSfOj6a7Cv1x7d2z7NdpvCo1V6bxwQTN
+Pih27EJRItv2KMhjxo3l2rFJfRXDuHJEKe61dRSn4rM4PjpUIbb13ctVqsJvNKk5
+LcjambAZXnk92HTYOOLTh8bORfb0UVs/I9NpKvO1RuxovE6RZYtCd4OM6XA/5QYp
+dUM+9pmNT3MH3P2U8riNEGI2f9jPOZSZRn2laA8ZgGEltnjgeetN5dUQizTsJZkJ
+9iBUTNGhAoGBAP7WPvKNYC3szqrE6/pDdN04E9AwMMnBI78Qz3QB0+FkE54AykfH
+cCKz62mQ7uzpiQmBkrcnBc+46tG7k0ThPgdUgfnO2HG9fXCkmW/5bHEqsTUSRg2M
+TGh28dGZer38iXkYc0E1NeZjRBEhFMkTsv9QK7kmuXvj3gwt6Hpd11qvAoGBAMmA
+GdnQhC2hjthW5KIFHD12lEP9f39NWYhbJJU0HtUoKQcNoekMBKPAVu2y110gXBNh
+xc2ADzJFdl8dqSAcxwc57aLvq4Q7DB7rLJLKD6nbX/MEfksaoXaJrr82R2K0zMfK
+ciqJVO++mQHvNqm8NgZTK852cO3Fo54dFxVZMwS3AoGAck79+2TJELCZX2Znh2G8
+yQI/ePI04Dr/YtQSijHLrd1rI0OteJcQSLC11yuI0MJMkvQJMJiTdcK3qg5el9YF
+MdqJVtmeox5hZyaeIOkb6INC69BflfIpz+4SuHcE5LWjoKsD/+rzW32JabmSDkQE
+1ZtLkYi6SMVEs+ff0QvI7scCgYEAq6oX2+n6AcoGoSZ+B84kvfQ84iOgMDsckL9d
+TkOmFODu+xRRIPLdLQiaxky7j5oW92gvlSCJUcG909C4GiSKJwzh+BMJY1DOxbSD
+N9cvOv0rJCVq1t8sOYmYt0wtytjPMVK2qqhvFQSi4/QA9N/kgsTuqCldkiPzfau4
+07Y3cccCgYEAnbwpJqp69OT/5ByHoXQCW1PSbOCgSlc0Qgy08pGdzZTkTQyeXhPS
+Uyt5hQvTzDc51YvuedkswlijBoKx8I/TQfXu6TWRyTlr+IBg9HZI6ODi1EEWfZWl
+TITDQ1DHskOg2TySW0FGghw9tiD06DkpX5zdSD5se/X0grPZ5SV+xlA=
+-----END RSA PRIVATE KEY-----

From 8666a6c3fa07412fa7d87bf9c13735933646c45c Mon Sep 17 00:00:00 2001
From: Nagy Salem <me@muhnagy.com>
Date: Thu, 25 Jun 2020 01:00:17 +0300
Subject: [PATCH 2/4] Fixed deepsource issues

---
 gearbox.go      |  2 +-
 gearbox_test.go | 20 ++++++++++++++------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/gearbox.go b/gearbox.go
index e756517..5bd9282 100644
--- a/gearbox.go
+++ b/gearbox.go
@@ -278,7 +278,7 @@ func (gb *gearbox) Start(address string) error {
 		printStartupMessage(address)
 	}
 
-	if gb.settings.TLSEnabled == true {
+	if gb.settings.TLSEnabled {
 		return gb.httpServer.ServeTLS(ln, gb.settings.TLSCertPath, gb.settings.TLSKeyPath)
 	}
 	return gb.httpServer.Serve(ln)
diff --git a/gearbox_test.go b/gearbox_test.go
index 0f6e20c..e14a0a1 100644
--- a/gearbox_test.go
+++ b/gearbox_test.go
@@ -241,25 +241,33 @@ func TestStart(t *testing.T) {
 func TestStartWithTLS(t *testing.T) {
 	gb := New(&Settings{
 		DisableStartupMessage: true,
-		TLSKeyPath:            "ssl-cert-snakeoil.crt.key",
-		TLSCertPath:           "ssl-cert-snakeoil.crt.crt",
+		TLSKeyPath:            "ssl-cert-snakeoil.key",
+		TLSCertPath:           "ssl-cert-snakeoil.crt",
 		TLSEnabled:            true,
 	})
+	// use a channel to hand off the error ( if any )
+	errs := make(chan error, 1)
 
 	go func() {
 		time.Sleep(1000 * time.Millisecond)
-		_, err := tls.Dial("tcp",
+		_, err := tls.DialWithDialer(&net.Dialer{
+			Timeout: time.Second * 10,
+		}, "tcp",
 			"localhost:3000",
 			&tls.Config{
 				InsecureSkipVerify: true,
 			})
-		if err != nil {
-			t.Fatalf("StartWithSSL failed to connect with TLS error: %s", err)
-		}
+		errs <- err
 		gb.Stop()
 	}()
 
 	gb.Start(":3000")
+
+	// wait for an error
+	err := <-errs
+	if err != nil {
+		t.Fatalf("StartWithSSL failed to connect with TLS error: %s", err)
+	}
 }
 
 // TestStartInvalidListener tests start with invalid listener

From 63bd16f7867c551ef70c129dcf0cac88d8b56a05 Mon Sep 17 00:00:00 2001
From: Nagy Salem <me@muhnagy.com>
Date: Thu, 25 Jun 2020 01:02:21 +0300
Subject: [PATCH 3/4] Make test look better

---
 gearbox_test.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gearbox_test.go b/gearbox_test.go
index e14a0a1..797ac77 100644
--- a/gearbox_test.go
+++ b/gearbox_test.go
@@ -252,7 +252,8 @@ func TestStartWithTLS(t *testing.T) {
 		time.Sleep(1000 * time.Millisecond)
 		_, err := tls.DialWithDialer(&net.Dialer{
 			Timeout: time.Second * 10,
-		}, "tcp",
+		},
+			"tcp",
 			"localhost:3000",
 			&tls.Config{
 				InsecureSkipVerify: true,

From 4e1bf12ed1f52be8b5c59b6520316b4f1b100738 Mon Sep 17 00:00:00 2001
From: Nagy Salem <me@muhnagy.com>
Date: Thu, 25 Jun 2020 01:12:57 +0300
Subject: [PATCH 4/4] Added TLS support for Prefork

---
 gearbox.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gearbox.go b/gearbox.go
index 5bd9282..68d186f 100644
--- a/gearbox.go
+++ b/gearbox.go
@@ -265,6 +265,9 @@ func (gb *gearbox) Start(address string) error {
 		pf.Reuseport = true
 		pf.Network = "tcp4"
 
+		if gb.settings.TLSEnabled {
+			return pf.ListenAndServeTLS(address, gb.settings.TLSCertPath, gb.settings.TLSKeyPath)
+		}
 		return pf.ListenAndServe(address)
 	}