HTTPS client plugin for SA-MP and Open Multiplayer, written in Rust — by NullSablex
-lightgrey){kind=icon}
https_samp is a modern HTTPS client plugin for SA-MP (San Andreas Multiplayer) and Open Multiplayer (open.mp), written entirely in Rust. It provides a non-blocking REST-grade HTTP client with body builders, mutual TLS, optional cookie persistence, response headers exposed to Pawn, and a strict secure-by-default redirect policy.
The same binary loads on SA-MP and on Open Multiplayer — natively as a component (recommended) or via legacy mode.
- Zero external dependencies. rustls-based TLS and HTTP/2 are statically linked. No system libraries to install.
- Non-blocking requests. A bounded worker pool (2–8 threads) processes calls in parallel; the Pawn caller returns immediately and the callback is dispatched automatically by the unified runtime tick — no Pawn timer required.
- REST-complete.
GET,POST,HEAD,PUT,DELETE, andPATCH. - Body builders. Raw, JSON-validated, form-urlencoded, and full
multipart/form-datawith file uploads, all staged one-shot. - Response headers in Pawn. Read any header of the response currently being delivered via
https_response_header. - Cancellation.
https_cancel(index)drops a callback that the gamemode no longer needs (e.g., player disconnected before the response came back). - Authentication helpers. One-shot
BasicandBearertoken natives — the plugin handles the base64 encoding. - Cookies (opt-in). Per-process cookie jar shared across requests, toggleable and clearable from Pawn.
- Mutual TLS. Client certificate identity from a PEM buffer or a file on disk.
- Secure by default. Anti-downgrade redirects (no HTTPS → HTTP), explicit cross-host opt-in,
Authorizationstripping on cross-host hops, bounded body and queue sizes, hard timeouts. - Universal binary. Built on top of rust-samp v3.0.0; one
.so/.dllruns on SA-MP and on Open Multiplayer (native component or legacy).
- Download the latest release for your platform:
https_samp.so(Linux i686)https_samp.dll(Windows i686, MSVC ABI)https_samp.inc(Pawn include, shared between SA-MP and Open Multiplayer)
- Place the binary in the server's
plugins/directory. - Copy
https_samp.incto your compiler's include folder:- Windows:
pawno/include/orqawno/include/ - Linux:
include/(at the server root)
- Windows:
- Register the plugin:
- SA-MP — add to
server.cfg:(orplugins https_samp.sohttps_samp.dllon Windows) - Open Multiplayer (native, recommended) — drop the binary into the server's components folder. No
config.jsonentry is required; the server discovers and loads it throughComponentEntryPointautomatically, with access toICore,ITimersComponent, and the other native APIs. - Open Multiplayer (legacy) — to force the SA-MP compatibility path instead, add the binary under
pawn.legacy_pluginsinconfig.json. Same binary, no extra build flags.
- SA-MP — add to
Important
No system TLS library is required. The plugin is self-contained.
#include <a_samp>
#include <https_samp>
public OnGameModeInit()
{
// Submit a non-blocking GET. The "1" is an arbitrary correlation id.
https(1, HTTPS_GET, "https://api.github.com/zen", "", "OnZen");
return 1;
}
forward OnZen(index, response[], status, error);
public OnZen(index, response[], status, error)
{
if (error != HTTPS_ERROR_NONE)
{
printf("[zen] request failed: error=%d", error);
return 1;
}
// Read any response header (case-insensitive) inside the callback.
new ratelimit[16];
https_response_header("X-RateLimit-Remaining", ratelimit);
printf("[zen] status=%d remaining=%s body=%s", status, ratelimit, response);
return 1;
}More runnable snippets — POST with JSON, multipart uploads, cookies, mTLS, per-request timeout, cancellation — are available in examples/. The plugin natives and the include file are identical on both runtimes.
The full plugin documentation lives in docs/:
| Document | Contents |
|---|---|
| Installation | Setup, server.cfg / config.json, requirements |
| Usage | Request lifecycle, callback signature, concurrency model |
| Headers | Temporary vs global, precedence, interactions with body builders |
| Body builders | Raw, JSON, form, multipart — one-shot staging |
| Cookies | Enabling, clearing, interactions with mTLS and redirects |
| Security | TLS, redirect policy, cross-host, mTLS, resource caps |
| Error codes | Full mapping with disambiguation per category |
| API reference | Every native with arguments and return semantics |
| Migration | Upgrade notes from older versions and from older SDKs |
- Rust stable toolchain with the targets
i686-unknown-linux-gnuandi686-pc-windows-msvc cargo-xwinfor cross-compiling the Windows.dllfrom Linux (installed automatically by the script)- No system libraries — the build is 100% Rust
cargo build --target i686-unknown-linux-gnuFrom Linux:
./scripts/build-linux.shFrom Windows (Git Bash):
./scripts/build-windows.shBoth scripts produce dist/https_samp.so and dist/https_samp.dll, each with full SA-MP + Open Multiplayer native support.
Caution
This plugin is distributed under the AGPL v3 (or later). Any derivative work — including services that expose modified versions to users over a network — must keep the source code open under the same license.
Copyright (c) 2026 NullSablex
This project is licensed under the GNU Affero General Public License v3.0 (or later).