RubyGems - httpx - Versions diffs - 0.19.3 → 0.19.4 - Mend

httpx 0.19.3 → 0.19.4

Files changed (14) hide show

checksums.yaml +4 -4
data/doc/release_notes/0_19_4.md +13 -0
data/lib/httpx/adapters/webmock.rb +1 -0
data/lib/httpx/io.rb +3 -16
data/lib/httpx/pool.rb +1 -1
data/lib/httpx/resolver/native.rb +5 -1
data/lib/httpx/resolver/resolver.rb +1 -1
data/lib/httpx/version.rb +1 -1
data/sig/resolver/native.rbs +2 -2
metadata +4 -6
data/lib/httpx/io/tls/box.rb +0 -365
data/lib/httpx/io/tls/context.rb +0 -199
data/lib/httpx/io/tls/ffi.rb +0 -390
data/lib/httpx/io/tls.rb +0 -218

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 431fcabfda42f5d6010d903a15c6a83357123c9eef3528a769755c8639f1ec61
-  data.tar.gz: 52512337b7b2081a4ab123f7261dee14adb97da019fc9244b9ddf8e7de53c904
+  metadata.gz: c1c8ae2cc46f5a4033ea5c776bef1a7703cfc27834818cded1487101b8a6bbbe
+  data.tar.gz: ea445112ce42d2d81c4465f646687d605da855e3248838d26075388463250d9b
 SHA512:
-  metadata.gz: 7777af904a2e5a8f6f34984a69cb022c853483b6634dd631a3fbe92c9005fadb3637a21a214ff1e14ef4729ffa70d68362b703b9ccd25e2904b820fc674dbe6b
-  data.tar.gz: 94d92ad004319ecb3098b5e901921bfaf5d818cbb0e2e87eed8987248d1cc52d0fc70a5dc1dfe1a92faa8eae9e7074c926c0c01563002cb8067af449ae79fd51
+  metadata.gz: effaefc6365aa24fe86a62bca9bdbfed701dc9c19354c6bf7f046ea2bf84b94f908e1924381f2e27cfe748c7ad4e0b8d97dfa0a6d695775cec8d1b8a92760fe7
+  data.tar.gz: 55f846f8412acb99008cd18834ce50fe73ae072a0446d5d4fdf76fe2c48be4b2a863721b18191ca406a60b6883a8e35cba2f856c07ce9fa8ba808476b5b66887

data/doc/release_notes/0_19_4.md ADDED Viewed

@@ -0,0 +1,13 @@
+# 0.19.3
+## Improvements
+### Jruby: HTTP/2 with jruby-openssl (>= 0.12.2)
+The (optional) FFI-based TLS module for jruby was deleted. Besides it being cumbersome and hard to maintain, `jruby`'s own `openssl` released support for ALPN negotiation (in v0.12.2), which solves the problem the deleted module was supposed to address.
+## Bugfixes
+* `webmock` integration was fixed to take the mocked URI query string into account.
+* fix internal codepath where mergeable-but-not-coalescable connections were still triggering the coalesce branch.
+* fixed after-use mutation of connection addresses array which was making it empty after initial usage.

data/lib/httpx/adapters/webmock.rb CHANGED Viewed

@@ -19,6 +19,7 @@ module WebMock
       class << self
         def build_webmock_request_signature(request)
           uri = WebMock::Util::URI.heuristic_parse(request.uri)
+          uri.query = request.query
           uri.path = uri.normalized_path.gsub("[^:]//", "/")
           WebMock::RequestSignature.new(

data/lib/httpx/io.rb CHANGED Viewed

@@ -1,9 +1,10 @@
 # frozen_string_literal: true
 require "socket"
+require "httpx/io/udp"
 require "httpx/io/tcp"
 require "httpx/io/unix"
-require "httpx/io/udp"
+require "httpx/io/ssl"
 module HTTPX
   module IO
@@ -11,20 +12,6 @@ module HTTPX
     register "udp", UDP
     register "unix", HTTPX::UNIX
     register "tcp", TCP
-    if RUBY_ENGINE == "jruby"
-      begin
-        require "httpx/io/tls"
-        register "ssl", TLS
-      rescue LoadError
-        # :nocov:
-        require "httpx/io/ssl"
-        register "ssl", SSL
-        # :nocov:
-      end
-    else
-      require "httpx/io/ssl"
-      register "ssl", SSL
-    end
+    register "ssl", SSL
   end
 end

data/lib/httpx/pool.rb CHANGED Viewed

@@ -133,7 +133,7 @@ module HTTPX
       if found_connection.open?
         coalesce_connections(found_connection, connection)
-        throw(:coalesced, found_connection)
+        throw(:coalesced, found_connection) unless @connections.include?(connection)
       else
         found_connection.once(:open) do
           coalesce_connections(found_connection, connection)

data/lib/httpx/resolver/native.rb CHANGED Viewed

@@ -119,7 +119,11 @@ module HTTPX
     private
     def calculate_interests
-      !@write_buffer.empty? || @queries.empty? ? :w : :r
+      return :w unless @write_buffer.empty?
+      return :r unless @queries.empty?
+      nil
     end
     def consume

data/lib/httpx/resolver/resolver.rb CHANGED Viewed

@@ -72,7 +72,7 @@ module HTTPX
       return unless addresses
-      addresses.select! { |addr| addr.family == @family }
+      addresses = addresses.select { |addr| addr.family == @family }
       return if addresses.empty?

data/lib/httpx/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module HTTPX
-  VERSION = "0.19.3"
+  VERSION = "0.19.4"
 end

data/sig/resolver/native.rbs CHANGED Viewed

@@ -21,7 +21,7 @@ module HTTPX
       def call: () -> void
-      def interests: () -> io_interests
+      def interests: () -> (:r | :w | nil)
       def <<: (Connection) -> void
@@ -31,7 +31,7 @@ module HTTPX
       def initialize: (ip_family family, options options) -> void
-      def calculate_interests: () -> (:r | :w)
+      def calculate_interests: () -> (:r | :w | nil)
       def consume: () -> void

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: httpx
 version: !ruby/object:Gem::Version
-  version: 0.19.3
+  version: 0.19.4
 platform: ruby
 authors:
 - Tiago Cardoso
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-02-21 00:00:00.000000000 Z
+date: 2022-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: http-2-next
@@ -74,6 +74,7 @@ extra_rdoc_files:
 - doc/release_notes/0_19_1.md
 - doc/release_notes/0_19_2.md
 - doc/release_notes/0_19_3.md
+- doc/release_notes/0_19_4.md
 - doc/release_notes/0_1_0.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_2_1.md
@@ -141,6 +142,7 @@ files:
 - doc/release_notes/0_19_1.md
 - doc/release_notes/0_19_2.md
 - doc/release_notes/0_19_3.md
+- doc/release_notes/0_19_4.md
 - doc/release_notes/0_1_0.md
 - doc/release_notes/0_2_0.md
 - doc/release_notes/0_2_1.md
@@ -181,10 +183,6 @@ files:
 - lib/httpx/io.rb
 - lib/httpx/io/ssl.rb
 - lib/httpx/io/tcp.rb
-- lib/httpx/io/tls.rb
-- lib/httpx/io/tls/box.rb
-- lib/httpx/io/tls/context.rb
-- lib/httpx/io/tls/ffi.rb
 - lib/httpx/io/udp.rb
 - lib/httpx/io/unix.rb
 - lib/httpx/loggable.rb

data/lib/httpx/io/tls/box.rb DELETED Viewed

@@ -1,365 +0,0 @@
-# frozen_string_literal: true
-# Copyright (c) 2004-2013 Cotag Media
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is furnished
-# to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-#
-class HTTPX::TLS
-  class Box
-    InstanceLookup = ::Concurrent::Map.new
-    READ_BUFFER = 2048
-    SSL_VERIFY_PEER = 0x01
-    SSL_VERIFY_CLIENT_ONCE = 0x04
-    VerifyCB = FFI::Function.new(:int, %i[int pointer]) do |preverify_ok, x509_store|
-      x509 = SSL.X509_STORE_CTX_get_current_cert(x509_store)
-      ssl = SSL.X509_STORE_CTX_get_ex_data(x509_store, SSL.SSL_get_ex_data_X509_STORE_CTX_idx)
-      bio_out = SSL.BIO_new(SSL.BIO_s_mem)
-      ret = SSL.PEM_write_bio_X509(bio_out, x509)
-      if ret
-        len = SSL.BIO_pending(bio_out)
-        buffer = FFI::MemoryPointer.new(:char, len, false)
-        size = SSL.BIO_read(bio_out, buffer, len)
-        # THis is the callback into the ruby class
-        cert = buffer.read_string(size)
-        SSL.BIO_free(bio_out)
-        # InstanceLookup[ssl.address].verify(cert) || preverify_ok.zero? ? 1 : 0
-        depth = SSL.X509_STORE_CTX_get_error_depth(ssl)
-        box = InstanceLookup[ssl.address]
-        if preverify_ok == 1
-          hostname_verify = box.verify(cert)
-          if hostname_verify
-            1
-          else
-            # SSL.X509_STORE_CTX_set_error(x509_store, SSL::X509_V_ERR_HOSTNAME_MISMATCH)
-            0
-          end
-        else
-          1
-        end
-      else
-        SSL.BIO_free(bio_out)
-        SSL.X509_STORE_CTX_set_error(x509_store, SSL::X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
-        0
-      end
-    end
-    attr_reader :is_server, :context, :handshake_completed, :hosts, :ssl_version, :cipher, :verify_peer
-    def initialize(is_server, transport, options = {})
-      @ready = true
-      @handshake_completed = false
-      @handshake_signaled = false
-      @alpn_negotiated = false
-      @transport = transport
-      @read_buffer = FFI::MemoryPointer.new(:char, READ_BUFFER, false)
-      @is_server = is_server
-      @context = Context.new(is_server, options)
-      @bioRead = SSL.BIO_new(SSL.BIO_s_mem)
-      @bioWrite = SSL.BIO_new(SSL.BIO_s_mem)
-      @ssl = SSL.SSL_new(@context.ssl_ctx)
-      SSL.SSL_set_bio(@ssl, @bioRead, @bioWrite)
-      @write_queue = []
-      InstanceLookup[@ssl.address] = self
-      @verify_peer = options[:verify_peer]
-      if @verify_peer
-        SSL.SSL_set_verify(@ssl, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, VerifyCB)
-      end
-      # Add Server Name Indication (SNI) for client connections
-      if (hostname = options[:hostname])
-        if is_server
-          @hosts = ::Concurrent::Map.new
-          @hosts[hostname.to_s] = @context
-          @context.add_server_name_indication
-        else
-          SSL.SSL_set_tlsext_host_name(@ssl, hostname)
-        end
-      end
-      SSL.SSL_connect(@ssl) unless is_server
-    end
-    def add_host(hostname:, **options)
-      raise Error, "Server Name Indication (SNI) not configured for default host" unless @hosts
-      raise Error, "only valid for server mode context" unless @is_server
-      context = Context.new(true, options)
-      @hosts[hostname.to_s] = context
-      context.add_server_name_indication
-      nil
-    end
-    # Careful with this.
-    # If you remove all the hosts you'll end up with a segfault
-    def remove_host(hostname)
-      raise Error, "Server Name Indication (SNI) not configured for default host" unless @hosts
-      raise Error, "only valid for server mode context" unless @is_server
-      context = @hosts[hostname.to_s]
-      if context
-        @hosts.delete(hostname.to_s)
-        context.cleanup
-      end
-      nil
-    end
-    def get_peer_cert
-      return "" unless @ready
-      SSL.SSL_get_peer_certificate(@ssl)
-    end
-    def start
-      return unless @ready
-      dispatch_cipher_text
-    end
-    def encrypt(data)
-      return unless @ready
-      wrote = put_plain_text data
-      if wrote < 0
-        @transport.close_cb
-      else
-        dispatch_cipher_text
-      end
-    end
-    SSL_ERROR_WANT_READ = 2
-    SSL_ERROR_SSL = 1
-    def decrypt(data)
-      return unless @ready
-      put_cipher_text data
-      unless SSL.is_init_finished(@ssl)
-        resp = @is_server ? SSL.SSL_accept(@ssl) : SSL.SSL_connect(@ssl)
-        if resp < 0
-          err_code = SSL.SSL_get_error(@ssl, resp)
-          if err_code != SSL_ERROR_WANT_READ
-            if err_code == SSL_ERROR_SSL
-              verify_msg = SSL.X509_verify_cert_error_string(SSL.SSL_get_verify_result(@ssl))
-              @transport.close_cb(verify_msg)
-            end
-            return
-          end
-        end
-        @handshake_completed = true
-        @ssl_version = SSL.get_version(@ssl)
-        @cipher = SSL.get_current_cipher(@ssl)
-        signal_handshake unless @handshake_signaled
-      end
-      loop do
-        size = get_plain_text(@read_buffer, READ_BUFFER)
-        if size > 0
-          @transport.dispatch_cb @read_buffer.read_string(size)
-        else
-          break
-        end
-      end
-      dispatch_cipher_text
-    end
-    def signal_handshake
-      @handshake_signaled = true
-      # Check protocol support here
-      if @context.alpn_set
-        proto = alpn_negotiated_protocol
-        if proto == :failed
-          if @alpn_negotiated
-            # We should shutdown if this is the case
-            # TODO: send back proper error message
-            @transport.close_cb
-            return
-          end
-        end
-        @transport.alpn_protocol_cb(proto)
-      end
-      @transport.handshake_cb
-    end
-    def alpn_negotiated!
-      @alpn_negotiated = true
-    end
-    SSL_RECEIVED_SHUTDOWN = 2
-    def cleanup
-      return unless @ready
-      @ready = false
-      InstanceLookup.delete @ssl.address
-      if (SSL.SSL_get_shutdown(@ssl) & SSL_RECEIVED_SHUTDOWN) != 0
-        SSL.SSL_shutdown @ssl
-      else
-        SSL.SSL_clear @ssl
-      end
-      SSL.SSL_free @ssl
-      if @hosts
-        @hosts.each_value(&:cleanup)
-        @hosts = nil
-      else
-        @context.cleanup
-      end
-    end
-    # Called from class level callback function
-    def verify(cert)
-      @transport.verify_cb(cert)
-    end
-    def close(msg)
-      @transport.close_cb(msg)
-    end
-    private
-    def alpn_negotiated_protocol
-      return nil unless @context.alpn_set
-      proto = FFI::MemoryPointer.new(:pointer, 1, true)
-      len = FFI::MemoryPointer.new(:uint, 1, true)
-      SSL.SSL_get0_alpn_selected(@ssl, proto, len)
-      resp = proto.get_pointer(0)
-      return :failed if resp.address == 0
-      length = len.get_uint(0)
-      resp.read_string(length)
-    end
-    def get_plain_text(buffer, ready)
-      # Read the buffered clear text
-      size = SSL.SSL_read(@ssl, buffer, ready)
-      if size >= 0
-        size
-      else
-        SSL.SSL_get_error(@ssl, size) == SSL_ERROR_WANT_READ ? 0 : -1
-      end
-    end
-    def pending_data(bio)
-      SSL.BIO_pending(bio)
-    end
-    def get_cipher_text(buffer, length)
-      SSL.BIO_read(@bioWrite, buffer, length)
-    end
-    def put_cipher_text(data)
-      len = data.bytesize
-      wrote = SSL.BIO_write(@bioRead, data, len)
-      wrote == len
-    end
-    SSL_ERROR_WANT_WRITE = 3
-    def put_plain_text(data)
-      @write_queue.push(data) if data
-      return 0 unless SSL.is_init_finished(@ssl)
-      fatal = false
-      did_work = false
-      until @write_queue.empty?
-        data = @write_queue.pop
-        len = data.bytesize
-        wrote = SSL.SSL_write(@ssl, data, len)
-        if wrote > 0
-          did_work = true
-        else
-          err_code = SSL.SSL_get_error(@ssl, wrote)
-          if (err_code != SSL_ERROR_WANT_READ) && (err_code != SSL_ERROR_WANT_WRITE)
-            fatal = true
-          else
-            # Not fatal - add back to the queue
-            @write_queue.unshift data
-          end
-          break
-        end
-      end
-      if did_work
-        1
-      elsif fatal
-        -1
-      else
-        0
-      end
-    end
-    CIPHER_DISPATCH_FAILED = "Cipher text dispatch failed"
-    def dispatch_cipher_text
-      loop do
-        did_work = false
-        # Get all the encrypted data and transmit it
-        pending = pending_data(@bioWrite)
-        if pending > 0
-          buffer = FFI::MemoryPointer.new(:char, pending, false)
-          resp = get_cipher_text(buffer, pending)
-          raise Error, CIPHER_DISPATCH_FAILED unless resp > 0
-          @transport.transmit_cb(buffer.read_string(resp))
-          did_work = true
-        end
-        # Send any queued out going data
-        unless @write_queue.empty?
-          resp = put_plain_text nil
-          if resp > 0
-            did_work = true
-          elsif resp < 0
-            @transport.close_cb
-          end
-        end
-        break unless did_work
-      end
-    end
-  end
-end

data/lib/httpx/io/tls/context.rb DELETED Viewed

@@ -1,199 +0,0 @@
-# frozen_string_literal: true
-# Copyright (c) 2004-2013 Cotag Media
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is furnished
-# to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-#
-class HTTPX::TLS
-  class Context
-    # Based on information from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
-    CIPHERS = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
-    SESSION = "ruby-tls"
-    ALPN_LOOKUP = ::Concurrent::Map.new
-    ALPN_Select_CB = FFI::Function.new(:int, [
-                                         # array of str, unit8 out,uint8 in,        *arg
-                                         :pointer, :pointer, :pointer, :string, :uint, :pointer
-                                       ]) do |ssl_p, out, outlen, inp, inlen, _arg|
-      ssl = Box::InstanceLookup[ssl_p.address]
-      return SSL::SSL_TLSEXT_ERR_ALERT_FATAL unless ssl
-      protos = ssl.context.alpn_str
-      status = SSL.SSL_select_next_proto(out, outlen, protos, protos.length, inp, inlen)
-      ssl.alpn_negotiated
-      case status
-      when SSL::OPENSSL_NPN_UNSUPPORTED
-        SSL::SSL_TLSEXT_ERR_ALERT_FATAL
-      when SSL::OPENSSL_NPN_NEGOTIATED
-        SSL::SSL_TLSEXT_ERR_OK
-      when SSL::OPENSSL_NPN_NO_OVERLAP
-        SSL::SSL_TLSEXT_ERR_ALERT_WARNING
-      end
-    end
-    attr_reader :is_server, :ssl_ctx, :alpn_set, :alpn_str
-    def initialize(server, options = {})
-      @is_server = server
-      if @is_server
-        @ssl_ctx = SSL.SSL_CTX_new(SSL.TLS_server_method)
-        set_private_key(options[:private_key] || SSL::DEFAULT_PRIVATE)
-        set_certificate(options[:cert_chain]  || SSL::DEFAULT_CERT)
-        set_client_ca(options[:client_ca])
-      else
-        @ssl_ctx = SSL.SSL_CTX_new(SSL.TLS_client_method)
-      end
-      SSL.SSL_CTX_set_options(@ssl_ctx, SSL::SSL_OP_ALL)
-      SSL.SSL_CTX_set_mode(@ssl_ctx, SSL::SSL_MODE_RELEASE_BUFFERS)
-      SSL.SSL_CTX_set_cipher_list(@ssl_ctx, options[:ciphers] || CIPHERS)
-      set_min_version(options[:version])
-      if @is_server
-        SSL.SSL_CTX_sess_set_cache_size(@ssl_ctx, 128)
-        SSL.SSL_CTX_set_session_id_context(@ssl_ctx, SESSION, 8)
-      else
-        set_private_key(options[:private_key])
-        set_certificate(options[:cert_chain])
-      end
-      set_alpn_negotiation(options[:protocols])
-    end
-    def cleanup
-      return unless @ssl_ctx
-      SSL.SSL_CTX_free(@ssl_ctx)
-      @ssl_ctx = nil
-    end
-    def add_server_name_indication
-      raise Error, "only valid for server mode context" unless @is_server
-      SSL.SSL_CTX_set_tlsext_servername_callback(@ssl_ctx, ServerNameCB)
-    end
-    ServerNameCB = FFI::Function.new(:int, %i[pointer pointer pointer]) do |ssl, _, _|
-      ruby_ssl = Box::InstanceLookup[ssl.address]
-      return SSL::SSL_TLSEXT_ERR_NOACK unless ruby_ssl
-      ctx = ruby_ssl.hosts[SSL.SSL_get_servername(ssl, SSL::TLSEXT_NAMETYPE_host_name)]
-      if ctx
-        SSL.SSL_set_SSL_CTX(ssl, ctx.ssl_ctx)
-        SSL::SSL_TLSEXT_ERR_OK
-      else
-        SSL::SSL_TLSEXT_ERR_ALERT_FATAL
-      end
-    end
-    private
-    def self.build_alpn_string(protos)
-      protos.reduce("".b) do |buffer, proto|
-        buffer << proto.bytesize
-        buffer << proto
-      end
-    end
-    # Version can be one of:
-    # :SSL3, :TLS1, :TLS1_1, :TLS1_2, :TLS1_3, :TLS_MAX
-    if SSL::VERSION_SUPPORTED
-      def set_min_version(version)
-        return unless version
-        num = SSL.const_get("#{version}_VERSION")
-        SSL.SSL_CTX_set_min_proto_version(@ssl_ctx, num) == 1
-      rescue NameError
-        raise Error, "#{version} is unsupported"
-      end
-    else
-      def set_min_version(_version); end
-    end
-    if SSL::ALPN_SUPPORTED
-      def set_alpn_negotiation(protocols)
-        @alpn_set = false
-        return unless protocols
-        if @is_server
-          @alpn_str = Context.build_alpn_string(protocols)
-          SSL.SSL_CTX_set_alpn_select_cb(@ssl_ctx, ALPN_Select_CB, nil)
-          @alpn_set = true
-        else
-          protocols = Context.build_alpn_string(protocols)
-          @alpn_set = SSL.SSL_CTX_set_alpn_protos(@ssl_ctx, protocols, protocols.length) == 0
-        end
-      end
-    else
-      def set_alpn_negotiation(_protocols); end
-    end
-    def set_private_key(key)
-      err = if key.is_a? FFI::Pointer
-        SSL.SSL_CTX_use_PrivateKey(@ssl_ctx, key)
-      elsif key && File.file?(key)
-        SSL.SSL_CTX_use_PrivateKey_file(@ssl_ctx, key, SSL_FILETYPE_PEM)
-      else
-        1
-      end
-      # Check for errors
-      if err <= 0
-        # TODO: : ERR_print_errors_fp or ERR_print_errors
-        # So we can properly log the issue
-        cleanup
-        raise Error, "invalid private key or file not found"
-      end
-    end
-    def set_certificate(cert)
-      err = if cert.is_a? FFI::Pointer
-        SSL.SSL_CTX_use_certificate(@ssl_ctx, cert)
-      elsif cert && File.file?(cert)
-        SSL.SSL_CTX_use_certificate_chain_file(@ssl_ctx, cert)
-      else
-        1
-      end
-      if err <= 0
-        cleanup
-        raise Error, "invalid certificate or file not found"
-      end
-    end
-    def set_client_ca(ca)
-      return unless ca
-      if File.file?(ca) && (ca_ptr = SSL.SSL_load_client_CA_file(ca))
-        # there is no error checking provided by SSL_CTX_set_client_CA_list
-        SSL.SSL_CTX_set_client_CA_list(@ssl_ctx, ca_ptr)
-      else
-        cleanup
-        raise Error, "invalid ca certificate or file not found"
-      end
-    end
-  end
-end

data/lib/httpx/io/tls/ffi.rb DELETED Viewed

@@ -1,390 +0,0 @@
-# frozen_string_literal: true
-require "ffi"
-require "ffi-compiler/loader"
-require "concurrent"
-# Copyright (c) 2004-2013 Cotag Media
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is furnished
-# to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in all
-# copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-# THE SOFTWARE.
-#
-module HTTPX::TLS::SSL
-  Error = HTTPX::TLS::Error
-  extend FFI::Library
-  if FFI::Platform.windows?
-    begin
-      ffi_lib "libeay32", "ssleay32"
-    rescue LoadError
-      ffi_lib "libcrypto-1_1-x64", "libssl-1_1-x64"
-    end
-  else
-    ffi_lib "ssl"
-  end
-  # Common structures
-  typedef :pointer, :user_data
-  typedef :pointer, :bio
-  typedef :pointer, :evp_key
-  typedef :pointer, :evp_key_pointer
-  typedef :pointer, :x509
-  typedef :pointer, :x509_pointer
-  typedef :pointer, :ssl
-  typedef :pointer, :cipher
-  typedef :pointer, :ssl_ctx
-  typedef :int, :buffer_length
-  typedef :int, :pass_length
-  typedef :int, :read_write_flag
-  SSL_ST_OK = 0x03
-  begin
-    attach_function :SSL_library_init, [], :int
-    attach_function :SSL_load_error_strings, [], :void
-    attach_function :ERR_load_crypto_strings, [], :void
-    attach_function :SSL_state, [:ssl], :int
-    def self.is_init_finished(ssl)
-      SSL_state(ssl) == SSL_ST_OK
-    end
-    OPENSSL_V1_1 = false
-  rescue FFI::NotFoundError
-    OPENSSL_V1_1 = true
-    OPENSSL_INIT_LOAD_SSL_STRINGS = 0x200000
-    OPENSSL_INIT_NO_LOAD_SSL_STRINGS = 0x100000
-    attach_function :OPENSSL_init_ssl, %i[uint64 pointer], :int
-    attach_function :SSL_get_state, [:ssl], :int
-    attach_function :SSL_is_init_finished, [:ssl], :bool
-    def self.is_init_finished(ssl)
-      SSL_is_init_finished(ssl)
-    end
-  end
-  # Multi-threaded support
-  # callback :locking_cb, [:int, :int, :string, :int], :void
-  # callback :thread_id_cb, [], :ulong
-  # attach_function :CRYPTO_num_locks, [], :int
-  # attach_function :CRYPTO_set_locking_callback, [:locking_cb], :void
-  # attach_function :CRYPTO_set_id_callback, [:thread_id_cb], :void
-  # InitializeDefaultCredentials
-  attach_function :BIO_new_mem_buf, %i[string buffer_length], :bio
-  attach_function :EVP_PKEY_free, [:evp_key], :void
-  callback :pem_password_cb, %i[pointer buffer_length read_write_flag user_data], :pass_length
-  attach_function :PEM_read_bio_PrivateKey, %i[bio evp_key_pointer pem_password_cb user_data], :evp_key
-  attach_function :X509_free, [:x509], :void
-  attach_function :PEM_read_bio_X509, %i[bio x509_pointer pem_password_cb user_data], :x509
-  attach_function :BIO_free, [:bio], :int
-  # GetPeerCert
-  attach_function :SSL_get_peer_certificate, [:ssl], :x509
-  # PutPlaintext
-  attach_function :SSL_write, %i[ssl buffer_in buffer_length], :int
-  attach_function :SSL_get_error, %i[ssl int], :int
-  # GetCiphertext
-  attach_function :BIO_read, %i[bio buffer_out buffer_length], :int
-  # CanGetCiphertext
-  attach_function :BIO_ctrl, %i[bio int long pointer], :long
-  BIO_CTRL_PENDING = 10 # opt - is their more data buffered?
-  def self.BIO_pending(bio)
-    BIO_ctrl(bio, BIO_CTRL_PENDING, 0, nil)
-  end
-  # GetPlaintext
-  attach_function :SSL_accept, [:ssl], :int
-  attach_function :SSL_read, %i[ssl buffer_out buffer_length], :int
-  attach_function :SSL_pending, [:ssl], :int
-  # PutCiphertext
-  attach_function :BIO_write, %i[bio buffer_in buffer_length], :int
-  # Deconstructor
-  attach_function :SSL_get_shutdown, [:ssl], :int
-  attach_function :SSL_shutdown, [:ssl], :int
-  attach_function :SSL_clear, [:ssl], :void
-  attach_function :SSL_free, [:ssl], :void
-  # Constructor
-  attach_function :BIO_s_mem, [], :pointer
-  attach_function :BIO_new, [:pointer], :bio
-  attach_function :SSL_new, [:ssl_ctx], :ssl
-  # r,   w
-  attach_function :SSL_set_bio, %i[ssl bio bio], :void
-  attach_function :SSL_set_ex_data, %i[ssl int string], :int
-  callback :verify_callback, %i[int x509], :int
-  attach_function :SSL_set_verify, %i[ssl int verify_callback], :void
-  attach_function :SSL_CTX_set_verify, %i[ssl int verify_callback], :void
-  attach_function :SSL_get_verify_result, %i[ssl], :long
-  attach_function :SSL_connect, [:ssl], :int
-  # Verify callback
-  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT = 2
-  X509_V_ERR_HOSTNAME_MISMATCH = 62
-  X509_V_ERR_CERT_REJECTED = 28
-  attach_function :X509_STORE_CTX_get_current_cert, [:pointer], :x509
-  attach_function :SSL_get_ex_data_X509_STORE_CTX_idx, [], :int
-  attach_function :X509_STORE_CTX_get_ex_data, %i[pointer int], :ssl
-  attach_function :X509_STORE_CTX_get_error_depth, %i[x509], :int
-  attach_function :PEM_write_bio_X509, %i[bio x509], :bool
-  attach_function :X509_verify_cert_error_string, %i[long], :string
-  attach_function :X509_STORE_CTX_set_error, %i[ssl_ctx long], :void
-  # SSL Context Class
-  # OpenSSL before 1.1.0 do not have these methods
-  # https://www.openssl.org/docs/man1.1.0/ssl/TLSv1_2_server_method.html
-  begin
-    attach_function :TLS_server_method, [], :pointer
-    attach_function :TLS_client_method, [], :pointer
-  rescue FFI::NotFoundError
-    attach_function :SSLv23_server_method, [], :pointer
-    attach_function :SSLv23_client_method, [], :pointer
-    def self.TLS_server_method
-      self.SSLv23_server_method
-    end
-    def self.TLS_client_method
-      self.SSLv23_client_method
-    end
-  end
-  # Version can be one of:
-  # :SSL3, :TLS1, :TLS1_1, :TLS1_2, :TLS1_3, :TLS_MAX
-  begin
-    attach_function :SSL_get_version, %i[ssl], :string
-    attach_function :SSL_get_current_cipher, %i[ssl], :cipher
-    attach_function :SSL_CIPHER_get_name, %i[cipher], :string
-    attach_function :SSL_CTX_set_min_proto_version, %i[ssl_ctx int], :int
-    attach_function :SSL_CTX_set_max_proto_version, %i[ssl_ctx int], :int
-    VERSION_SUPPORTED = true
-    SSL3_VERSION    = 0x0300
-    TLS1_VERSION    = 0x0301
-    TLS1_1_VERSION  = 0x0302
-    TLS1_2_VERSION  = 0x0303
-    TLS1_3_VERSION  = 0x0304
-    TLS_MAX_VERSION = TLS1_3_VERSION
-    ANY_VERSION     = 0
-  rescue FFI::NotFoundError
-    VERSION_SUPPORTED = false
-  end
-  def self.get_version(ssl)
-    SSL_get_version(ssl)
-  end
-  def self.get_current_cipher(ssl)
-    cipher = SSL_get_current_cipher(ssl)
-    SSL_CIPHER_get_name(cipher)
-  end
-  attach_function :SSL_CTX_new, [:pointer], :ssl_ctx
-  attach_function :SSL_CTX_ctrl, %i[ssl_ctx int ulong pointer], :long
-  SSL_CTRL_OPTIONS = 32
-  def self.SSL_CTX_set_options(ssl_ctx, op)
-    SSL_CTX_ctrl(ssl_ctx, SSL_CTRL_OPTIONS, op, nil)
-  end
-  SSL_CTRL_MODE = 33
-  def self.SSL_CTX_set_mode(ssl_ctx, op)
-    SSL_CTX_ctrl(ssl_ctx, SSL_CTRL_MODE, op, nil)
-  end
-  SSL_CTRL_SET_SESS_CACHE_SIZE = 42
-  def self.SSL_CTX_sess_set_cache_size(ssl_ctx, op)
-    SSL_CTX_ctrl(ssl_ctx, SSL_CTRL_SET_SESS_CACHE_SIZE, op, nil)
-  end
-  attach_function :SSL_ctrl, %i[ssl int long pointer], :long
-  SSL_CTRL_SET_TLSEXT_HOSTNAME = 55
-  def self.SSL_set_tlsext_host_name(ssl, host_name)
-    name_ptr = FFI::MemoryPointer.from_string(host_name)
-    raise Error, "error setting SNI hostname" if SSL_ctrl(ssl, SSL_CTRL_SET_TLSEXT_HOSTNAME, TLSEXT_NAMETYPE_host_name, name_ptr).zero?
-  end
-  # Server Name Indication (SNI) Support
-  # NOTE:: We've hard coded the callback here (SSL defines a NULL callback)
-  callback :ssl_servername_cb, %i[ssl pointer pointer], :int
-  attach_function :SSL_CTX_callback_ctrl, %i[ssl_ctx int ssl_servername_cb], :long
-  SSL_CTRL_SET_TLSEXT_SERVERNAME_CB = 53
-  def self.SSL_CTX_set_tlsext_servername_callback(ctx, callback)
-    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TLSEXT_SERVERNAME_CB, callback)
-  end
-  attach_function :SSL_get_servername, %i[ssl int], :string
-  TLSEXT_NAMETYPE_host_name = 0
-  attach_function :SSL_set_SSL_CTX, %i[ssl ssl_ctx], :ssl_ctx
-  SSL_TLSEXT_ERR_OK = 0
-  SSL_TLSEXT_ERR_ALERT_WARNING = 1
-  SSL_TLSEXT_ERR_ALERT_FATAL = 2
-  SSL_TLSEXT_ERR_NOACK = 3
-  attach_function :SSL_CTX_use_PrivateKey_file, %i[ssl_ctx string int], :int, :blocking => true
-  attach_function :SSL_CTX_use_PrivateKey, %i[ssl_ctx pointer], :int
-  attach_function :ERR_print_errors_fp, [:pointer], :void # Pointer == File Handle
-  attach_function :SSL_CTX_use_certificate_chain_file, %i[ssl_ctx string], :int, :blocking => true
-  attach_function :SSL_CTX_use_certificate, %i[ssl_ctx x509], :int
-  attach_function :SSL_CTX_set_cipher_list, %i[ssl_ctx string], :int
-  attach_function :SSL_CTX_set_session_id_context, %i[ssl_ctx string buffer_length], :int
-  attach_function :SSL_load_client_CA_file, [:string], :pointer
-  attach_function :SSL_CTX_set_client_CA_list, %i[ssl_ctx pointer], :void
-  attach_function :SSL_CTX_load_verify_locations, %i[ssl_ctx pointer], :int, :blocking => true
-  # OpenSSL before 1.0.2 do not have these methods
-  begin
-    attach_function :SSL_CTX_set_alpn_protos, %i[ssl_ctx string uint], :int
-    OPENSSL_NPN_UNSUPPORTED = 0
-    OPENSSL_NPN_NEGOTIATED = 1
-    OPENSSL_NPN_NO_OVERLAP = 2
-    attach_function :SSL_select_next_proto, %i[pointer pointer string uint string uint], :int
-    # array of str, unit8 out,uint8 in,        *arg
-    callback :alpn_select_cb, %i[ssl pointer pointer string uint pointer], :int
-    attach_function :SSL_CTX_set_alpn_select_cb, %i[ssl_ctx alpn_select_cb pointer], :void
-    attach_function :SSL_get0_alpn_selected, %i[ssl pointer pointer], :void
-    ALPN_SUPPORTED = true
-rescue FFI::NotFoundError
-  ALPN_SUPPORTED = false
-  end
-  # Deconstructor
-  attach_function :SSL_CTX_free, [:ssl_ctx], :void
-  PrivateMaterials = <<~KEYSTR
-    -----BEGIN RSA PRIVATE KEY-----
-    MIICXAIBAAKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxwVDWV
-    Igdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t39hJ/
-    AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQIDAQAB
-    AoGALA89gIFcr6BIBo8N5fL3aNHpZXjAICtGav+kTUpuxSiaym9cAeTHuAVv8Xgk
-    H2Wbq11uz+6JMLpkQJH/WZ7EV59DPOicXrp0Imr73F3EXBfR7t2EQDYHPMthOA1D
-    I9EtCzvV608Ze90hiJ7E3guGrGppZfJ+eUWCPgy8CZH1vRECQQDv67rwV/oU1aDo
-    6/+d5nqjeW6mWkGqTnUU96jXap8EIw6B+0cUKskwx6mHJv+tEMM2748ZY7b0yBlg
-    w4KDghbFAkEAz2h8PjSJG55LwqmXih1RONSgdN9hjB12LwXL1CaDh7/lkEhq0PlK
-    PCAUwQSdM17Sl0Xxm2CZiekTSlwmHrtqXQJAF3+8QJwtV2sRJp8u2zVe37IeH1cJ
-    xXeHyjTzqZ2803fnjN2iuZvzNr7noOA1/Kp+pFvUZUU5/0G2Ep8zolPUjQJAFA7k
-    xRdLkzIx3XeNQjwnmLlncyYPRv+qaE3FMpUu7zftuZBnVCJnvXzUxP3vPgKTlzGa
-    dg5XivDRfsV+okY5uQJBAMV4FesUuLQVEKb6lMs7rzZwpeGQhFDRfywJzfom2TLn
-    2RdJQQ3dcgnhdVDgt5o1qkmsqQh8uJrJ9SdyLIaZQIc=
-    -----END RSA PRIVATE KEY-----
-    -----BEGIN CERTIFICATE-----
-    MIID6TCCA1KgAwIBAgIJANm4W/Tzs+s+MA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD
-    VQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYw
-    FAYDVQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsG
-    A1UEAxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2lu
-    ZWVyaW5nQHN0ZWFtaGVhdC5uZXQwHhcNMDYwNTA1MTcwNjAzWhcNMjQwMjIwMTcw
-    NjAzWjCBqjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQH
-    EwhOZXcgWW9yazEWMBQGA1UEChMNU3RlYW1oZWF0Lm5ldDEUMBIGA1UECxMLRW5n
-    aW5lZXJpbmcxHTAbBgNVBAMTFG9wZW5jYS5zdGVhbWhlYXQubmV0MSgwJgYJKoZI
-    hvcNAQkBFhllbmdpbmVlcmluZ0BzdGVhbWhlYXQubmV0MIGfMA0GCSqGSIb3DQEB
-    AQUAA4GNADCBiQKBgQDCYYhcw6cGRbhBVShKmbWm7UVsEoBnUf0cCh8AX+MKhMxw
-    VDWVIgdskntn3cSJjRtmgVJHIK0lpb/FYHQB93Ohpd9/Z18pDmovfFF9nDbFF0t3
-    9hJ/AqSzFB3GiVPoFFZJEE1vJqh+3jzsSF5K56bZ6azz38VlZgXeSozNW5bXkQID
-    AQABo4IBEzCCAQ8wHQYDVR0OBBYEFPJvPd1Fcmd8o/Tm88r+NjYPICCkMIHfBgNV
-    HSMEgdcwgdSAFPJvPd1Fcmd8o/Tm88r+NjYPICCkoYGwpIGtMIGqMQswCQYDVQQG
-    EwJVUzERMA8GA1UECBMITmV3IFlvcmsxETAPBgNVBAcTCE5ldyBZb3JrMRYwFAYD
-    VQQKEw1TdGVhbWhlYXQubmV0MRQwEgYDVQQLEwtFbmdpbmVlcmluZzEdMBsGA1UE
-    AxMUb3BlbmNhLnN0ZWFtaGVhdC5uZXQxKDAmBgkqhkiG9w0BCQEWGWVuZ2luZWVy
-    aW5nQHN0ZWFtaGVhdC5uZXSCCQDZuFv087PrPjAMBgNVHRMEBTADAQH/MA0GCSqG
-    SIb3DQEBBQUAA4GBAC1CXey/4UoLgJiwcEMDxOvW74plks23090iziFIlGgcIhk0
-    Df6hTAs7H3MWww62ddvR8l07AWfSzSP5L6mDsbvq7EmQsmPODwb6C+i2aF3EDL8j
-    uw73m4YIGI0Zw2XdBpiOGkx2H56Kya6mJJe/5XORZedh1wpI7zki01tHYbcy
-    -----END CERTIFICATE-----
-  KEYSTR
-  BuiltinPasswdCB = FFI::Function.new(:int, %i[pointer int int pointer]) do |buffer, _len, _flag, _data|
-    buffer.write_string("kittycat")
-    8
-  end
-  #  Save RAM by releasing read and write buffers when they're empty
-  SSL_MODE_RELEASE_BUFFERS = 0x00000010
-  SSL_OP_ALL = 0x80000BFF
-  SSL_FILETYPE_PEM = 1
-  # Locking isn't provided as long as all writes are done on the same thread.
-  # This is my main use case. Happy to enable it if someone requires it and can
-  # get it to work on MRI Ruby (Currently only works on JRuby and Rubinius)
-  # as MRI callbacks occur on a thread pool?
-  # CRYPTO_LOCK = 0x1
-  # LockingCB = FFI::Function.new(:void, [:int, :int, :string, :int]) do |mode, type, file, line|
-  #    if (mode & CRYPTO_LOCK) != 0
-  #        SSL_LOCKS[type].lock
-  #    else
-  # Unlock a lock
-  #        SSL_LOCKS[type].unlock
-  #    end
-  # end
-  # ThreadIdCB = FFI::Function.new(:ulong, []) do
-  #    Thread.current.object_id
-  # end
-  # INIT CODE
-  @init_required ||= false
-  unless @init_required
-    if OPENSSL_V1_1
-      self.OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, ::FFI::Pointer::NULL)
-    else
-      self.SSL_load_error_strings
-      self.SSL_library_init
-      self.ERR_load_crypto_strings
-    end
-    # Setup multi-threaded support
-    # SSL_LOCKS = []
-    # num_locks = self.CRYPTO_num_locks
-    # num_locks.times { SSL_LOCKS << Mutex.new }
-    # self.CRYPTO_set_locking_callback(LockingCB)
-    # self.CRYPTO_set_id_callback(ThreadIdCB)
-    bio = self.BIO_new_mem_buf(PrivateMaterials, PrivateMaterials.bytesize)
-    # Get the private key structure
-    pointer = FFI::MemoryPointer.new(:pointer)
-    self.PEM_read_bio_PrivateKey(bio, pointer, BuiltinPasswdCB, nil)
-    DEFAULT_PRIVATE = pointer.get_pointer(0)
-    # Get the certificate structure
-    pointer = FFI::MemoryPointer.new(:pointer)
-    self.PEM_read_bio_X509(bio, pointer, nil, nil)
-    DEFAULT_CERT = pointer.get_pointer(0)
-    self.BIO_free(bio)
-    @init_required = true
-  end
-end

data/lib/httpx/io/tls.rb DELETED Viewed

@@ -1,218 +0,0 @@
-# frozen_string_literal: true
-require "openssl"
-module HTTPX
-  class TLS < TCP
-    class Error < StandardError; end
-    def initialize(_, _, options)
-      super
-      @encrypted = Buffer.new(Connection::BUFFER_SIZE)
-      @decrypted = "".b
-      tls_options = convert_tls_options(options.ssl)
-      @sni_hostname = tls_options[:hostname]
-      @ctx = TLS::Box.new(false, self, tls_options)
-      @state = :negotiated if @keep_open
-    end
-    def interests
-      @interests || super
-    end
-    def protocol
-      @protocol || super
-    end
-    def connected?
-      @state == :negotiated
-    end
-    def connect
-      super
-      if @keep_open
-        @state = :negotiated
-        return
-      end
-      return if @state == :negotiated ||
-                @state != :connected
-      super
-      @ctx.start
-      @interests = :r
-      read(@options.window_size, @decrypted)
-    end
-    # :nocov:
-    def inspect
-      id = @io.closed? ? "closed" : @io
-      "#<TLS(fd: #{id}): #{@ip}:#{@port} state: #{@state}>"
-    end
-    # :nocov:
-    alias_method :transport_close, :close
-    def close
-      transport_close
-      @ctx.cleanup
-    end
-    def read(*, buffer)
-      ret = super
-      return ret if !ret || ret.zero?
-      @ctx.decrypt(buffer.to_s.dup)
-      buffer.replace(@decrypted)
-      @decrypted.clear
-      buffer.bytesize
-    end
-    alias_method :unencrypted_write, :write
-    def write(buffer)
-      @ctx.encrypt(buffer.to_s.dup)
-      buffer.clear
-      do_write
-    end
-    # TLS callback.
-    #
-    # buffers the encrypted +data+
-    def transmit_cb(data)
-      log { "TLS encrypted: #{data.bytesize} bytes" }
-      log(level: 2) { data.inspect }
-      @encrypted << data
-      do_write
-    end
-    # TLS callback.
-    #
-    # buffers the decrypted +data+
-    def dispatch_cb(data)
-      log { "TLS decrypted: #{data.bytesize} bytes" }
-      log(level: 2) { data.inspect }
-      @decrypted << data
-    end
-    # TLS callback.
-    #
-    # signals TLS invalid status / shutdown.
-    def close_cb(msg = nil)
-      log { "TLS Error: #{msg}, closing" }
-      raise Error, "certificate verify failed (#{msg})"
-    end
-    # TLS callback.
-    #
-    # alpn protocol negotiation (+protocol+).
-    #
-    def alpn_protocol_cb(protocol)
-      @protocol = protocol
-      log { "TLS ALPN protocol negotiated: #{@protocol}" }
-    end
-    # TLS callback.
-    #
-    # handshake finished.
-    #
-    def handshake_cb
-      log { "TLS handshake completed" }
-      transition(:negotiated)
-    end
-    # TLS callback.
-    #
-    # passed the peer +cert+ to be verified.
-    #
-    def verify_cb(cert)
-      raise Error, "Peer verification enabled, but no certificate received." if cert.nil?
-      log { "TLS verifying #{cert}" }
-      @peer_cert = OpenSSL::X509::Certificate.new(cert)
-      # by default one doesn't verify client certificates in the server
-      verify_hostname(@sni_hostname)
-    end
-    # copied from:
-    # https://github.com/ruby/ruby/blob/8cbf2dae5aadfa5d6241b0df2bf44d55db46704f/ext/openssl/lib/openssl/ssl.rb#L395-L409
-    #
-    def verify_hostname(host)
-      return false unless @ctx.verify_peer && @peer_cert
-      OpenSSL::SSL.verify_certificate_identity(@peer_cert, host)
-    end
-    private
-    def do_write
-      nwritten = 0
-      until @encrypted.empty?
-        siz = unencrypted_write(@encrypted)
-        break unless !siz || siz.zero?
-        nwritten += siz
-      end
-      nwritten
-    end
-    def convert_tls_options(ssl_options)
-      options = {}
-      options[:verify_peer] = !ssl_options.key?(:verify_mode) || ssl_options[:verify_mode] != OpenSSL::SSL::VERIFY_NONE
-      options[:version] = ssl_options[:ssl_version] if ssl_options.key?(:ssl_version)
-      if ssl_options.key?(:key)
-        private_key = ssl_options[:key]
-        private_key = private_key.to_pem if private_key.respond_to?(:to_pem)
-        options[:private_key] = private_key
-      end
-      if ssl_options.key?(:ca_path) || ssl_options.key?(:ca_file)
-        ca_path = ssl_options[:ca_path] || ssl_options[:ca_file].path
-        options[:cert_chain] = ca_path
-      end
-      options[:ciphers] = ssl_options[:ciphers] if ssl_options.key?(:ciphers)
-      options[:protocols] = ssl_options.fetch(:alpn_protocols, %w[h2 http/1.1])
-      options[:hostname] = ssl_options.fetch(:hostname, @hostname)
-      options
-    end
-    def transition(nextstate)
-      case nextstate
-      when :negotiated
-        return unless @state == :connected
-      when :closed
-        return unless @state == :negotiated ||
-                      @state == :connected
-      end
-      do_transition(nextstate)
-    end
-    def log_transition_state(nextstate)
-      return super unless nextstate == :negotiated
-      server_cert = @peer_cert
-      "#{super}\n\n" \
-      "SSL connection using #{@ctx.ssl_version} / #{Array(@ctx.cipher).first}\n" \
-      "ALPN, server accepted to use #{protocol}\n" +
-        (if server_cert
-           "Server certificate:\n" \
-             " subject: #{server_cert.subject}\n" \
-             " start date: #{server_cert.not_before}\n" \
-             " expire date: #{server_cert.not_after}\n" \
-             " issuer: #{server_cert.issuer}\n" \
-             " SSL certificate verify ok."
-         else
-           "SSL certificate verify failed."
-         end
-        )
-    end
-  end
-  TLSError = TLS::Error
-end
-require "httpx/io/tls/ffi"
-require "httpx/io/tls/context"
-require "httpx/io/tls/box"