in wangle/acceptor/Acceptor.cpp [57:131]
void Acceptor::init(
AsyncServerSocket* serverSocket,
EventBase* eventBase,
SSLStats* stats,
std::shared_ptr<const fizz::server::FizzServerContext> fizzContext) {
if (accConfig_.isSSL()) {
if (accConfig_.allowInsecureConnectionsOnSecureServer) {
securityProtocolCtxManager_.addPeeker(&tlsPlaintextPeekingCallback_);
}
if (accConfig_.fizzConfig.enableFizz) {
ticketSecrets_ = {
accConfig_.initialTicketSeeds.oldSeeds,
accConfig_.initialTicketSeeds.currentSeeds,
accConfig_.initialTicketSeeds.newSeeds};
if (!fizzCertManager_) {
fizzCertManager_ = createFizzCertManager();
}
auto context = fizzContext ? fizzContext : recreateFizzContext();
auto* peeker = getFizzPeeker();
peeker->setContext(std::move(context));
peeker->options().setHandshakeRecordAlignedReads(
accConfig_.fizzConfig.preferKTLS);
securityProtocolCtxManager_.addPeeker(peeker);
} else {
securityProtocolCtxManager_.addPeeker(&defaultPeekingCallback_);
}
if (!sslCtxManager_) {
sslCtxManager_ = std::make_unique<SSLContextManager>(
"vip_" + getName(), accConfig_.strictSSL, stats);
}
try {
// If the default ctx is nullptr, we can assume it hasn't been configured
// yet.
if (sslCtxManager_->getDefaultSSLCtx() == nullptr) {
for (const auto& sslCtxConfig : accConfig_.sslContextConfigs) {
sslCtxManager_->addSSLContextConfig(
sslCtxConfig,
accConfig_.sslCacheOptions,
&accConfig_.initialTicketSeeds,
accConfig_.bindAddress,
cacheProvider_);
}
}
CHECK(sslCtxManager_->getDefaultSSLCtx());
} catch (const std::runtime_error& ex) {
if (accConfig_.strictSSL) {
throw;
} else {
sslCtxManager_->clear();
// This is not a Not a fatal error, but useful to know.
LOG(INFO) << "Failed to configure TLS. This is not a fatal error. "
<< ex.what();
}
}
}
initDownstreamConnectionManager(eventBase);
if (serverSocket) {
serverSocket->addAcceptCallback(this, eventBase);
for (auto& fd : serverSocket->getNetworkSockets()) {
if (fd == folly::NetworkSocket()) {
continue;
}
for (const auto& opt : socketOptions_) {
opt.first.apply(fd, opt.second);
}
}
}
}