in wangle/example/ssl/Server.cpp [127:182]
int main(int argc, char** argv) {
folly::Init init(&argc, &argv);
folly::ssl::init();
ServerSocketConfig cfg;
folly::Optional<TLSTicketKeySeeds> seeds;
ServerBootstrap<EchoPipeline> sb;
TLSCredProcessor processor;
if (!FLAGS_tickets_path.empty()) {
seeds = TLSCredProcessor::processTLSTickets(FLAGS_tickets_path);
if (seeds) {
cfg.initialTicketSeeds = *seeds;
// watch for changes
processor.setTicketPathToWatch(FLAGS_tickets_path);
}
}
if (!FLAGS_cert_path.empty() && !FLAGS_key_path.empty()) {
VLOG(0) << "Configuring SSL";
SSLContextConfig sslCfg;
sslCfg.addCertificate(FLAGS_cert_path, FLAGS_key_path, "");
sslCfg.clientCAFile = FLAGS_ca_path;
sslCfg.isDefault = true;
cfg.sslContextConfigs.push_back(sslCfg);
// IMPORTANT: when allowing both plaintext and ssl on the same port,
// the acceptor requires 9 bytes of data to determine what kind of
// connection is coming in. If the client does not send 9 bytes the
// connection will idle out before the EchoCallback receives data.
cfg.allowInsecureConnectionsOnSecureServer = true;
// reload ssl contexts when certs change
std::set<std::string> pathsToWatch{FLAGS_cert_path, FLAGS_key_path};
if (!FLAGS_ca_path.empty()) {
pathsToWatch.insert(FLAGS_ca_path);
}
processor.setCertPathsToWatch(std::move(pathsToWatch));
}
initCredProcessorCallbacks(sb, processor);
// workers
auto workers =
std::make_shared<folly::IOThreadPoolExecutor>(FLAGS_num_workers);
// create a server
sb.acceptorConfig(cfg);
sb.childPipeline(std::make_shared<EchoPipelineFactory>());
sb.setUseSharedSSLContextManager(FLAGS_enable_share_ssl_ctx);
sb.group(workers);
sb.bind(FLAGS_port);
sb.waitForStop();
return 0;
}