From 49b0c6fdcc5efa5c7342dd78280dbb13288e3ef1 Mon Sep 17 00:00:00 2001
From: "Sean T. Allen" <sean@seantallen.com>
Date: Sun, 14 Jan 2024 21:17:42 +0000
Subject: [PATCH] Fix bug triggered by OpenSSL 3.2.0

When using with OpenSSL 3.2.0, prior to the upgrade, running the
regression test added in this commit would either hang if compiled
in release mode or segfault due to infinite recursion if compiled
in debug mode.

This commit:

- Adds a test to checking for the ponylang/net_ssl 105 regression
- An update to ponylang/net_ssl 1.3.2 to fix the bug
- Adds release notes for this fix
---
 .release-notes/openssl3.2.md         |  3 ++
 corral.json                          |  2 +-
 http/_test.pony                      |  1 +
 http/test_netssl_105_regression.pony | 48 ++++++++++++++++++++++++++++
 4 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 .release-notes/openssl3.2.md
 create mode 100644 http/test_netssl_105_regression.pony

diff --git a/.release-notes/openssl3.2.md b/.release-notes/openssl3.2.md
new file mode 100644
index 0000000..6fb9a04
--- /dev/null
+++ b/.release-notes/openssl3.2.md
@@ -0,0 +1,3 @@
+## Fix bug triggered by OpenSSL 3.2
+
+Making HTTPClient calls over SSL when using OpenSSL 3.2.0 would encounter a nasty bug. When executed in a program compiled in release mode, the program would hang. When executed in a program compiled in debug mode, the program would segfault due to infinite recursion.
diff --git a/corral.json b/corral.json
index 05bf27b..416c680 100644
--- a/corral.json
+++ b/corral.json
@@ -2,7 +2,7 @@
   "deps": [
     {
       "locator": "github.com/ponylang/net_ssl.git",
-      "version": "1.3.1"
+      "version": "1.3.2"
     }
   ],
   "packages": [
diff --git a/http/_test.pony b/http/_test.pony
index cb67e22..fd538bc 100644
--- a/http/_test.pony
+++ b/http/_test.pony
@@ -11,6 +11,7 @@ actor \nodoc\ Main is TestList
   fun tag tests(test: PonyTest) =>
     _ClientErrorHandlingTests.make().tests(test)
     _ClientTests.make().tests(test)
+    _NetSSL105RegressionTests.make().tests(test)
 
     test(_Encode)
     test(_EncodeBad)
diff --git a/http/test_netssl_105_regression.pony b/http/test_netssl_105_regression.pony
new file mode 100644
index 0000000..6980cc2
--- /dev/null
+++ b/http/test_netssl_105_regression.pony
@@ -0,0 +1,48 @@
+use "pony_test"
+use "net"
+
+// Tests to verify that the ponylang/net_ssl #105 regression is fixed.
+// https://github.com/ponylang/net_ssl/issues/105
+// The expectation is that this test will pass if everything is good.
+// Otherwise, the test will segfault when compiled in debug mode or it will
+// hang if compled in release mode.
+actor \nodoc\ _NetSSL105RegressionTests is TestList
+  new make() =>
+    None
+
+  fun tag tests(test: PonyTest) =>
+    test(_NetSSL105RegressionTest)
+
+class \nodoc\ val _NetSSL105RegressionHandlerFactory is HandlerFactory
+  let _h: TestHelper
+
+  new create(h: TestHelper) =>
+    _h = h
+
+  fun box apply(session: HTTPSession tag): HTTPHandler ref^ =>
+    _NetSSL105RegressionHandler(_h)
+
+class \nodoc\ val _NetSSL105RegressionHandler is HTTPHandler
+  let _h: TestHelper
+
+  new create(h: TestHelper) =>
+     _h = h
+
+  fun ref apply(payload: Payload val): None tag =>
+    _h.complete(true)
+
+class \nodoc\ iso _NetSSL105RegressionTest is UnitTest
+  fun name(): String => "regression/net_ssl-105"
+
+  fun apply(h: TestHelper) =>
+    h.long_test(2_000_000_000)
+
+    try
+      let url = URL.build("https://echo.sacovo.ch")?
+      let auth = TCPConnectAuth(h.env.root)
+      let client = HTTPClient(auth)
+      let payload = Payload.request("GET", url)
+      client.apply(consume payload, _NetSSL105RegressionHandlerFactory(h))?
+    else
+      h.fail("Unable to setup test")
+    end