iodine 0.7.56 → 0.7.58
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +10 -10
- data/examples/bates/README.md +3 -0
- data/examples/bates/config.ru +342 -0
- data/examples/bates/david+bold.pdf +0 -0
- data/examples/bates/public/drop-pdf.png +0 -0
- data/examples/bates/public/index.html +600 -0
- data/ext/iodine/extconf.rb +1 -1
- data/ext/iodine/fio_tls_openssl.c +140 -90
- data/ext/iodine/iodine.c +1 -1
- data/ext/iodine/iodine_caller.c +25 -13
- data/lib/iodine/version.rb +1 -1
- data/lib/iodine.rb +1 -1
- metadata +8 -3
|
@@ -32,7 +32,7 @@ typedef struct {
|
|
|
32
32
|
/* *****************************************************************************
|
|
33
33
|
The SSL/TLS helper data types (can be left as is)
|
|
34
34
|
***************************************************************************** */
|
|
35
|
-
#define FIO_INCLUDE_STR
|
|
35
|
+
#define FIO_INCLUDE_STR 1
|
|
36
36
|
#define FIO_FORCE_MALLOC_TMP 1
|
|
37
37
|
#include <fio.h>
|
|
38
38
|
|
|
@@ -65,12 +65,12 @@ static inline void fio_tls_cert_destroy(cert_s *obj) {
|
|
|
65
65
|
fio_str_free(&obj->password);
|
|
66
66
|
}
|
|
67
67
|
|
|
68
|
-
#define FIO_ARY_NAME
|
|
69
|
-
#define FIO_ARY_TYPE
|
|
68
|
+
#define FIO_ARY_NAME cert_ary
|
|
69
|
+
#define FIO_ARY_TYPE cert_s
|
|
70
70
|
#define FIO_ARY_COMPARE(k1, k2) (fio_tls_cert_cmp(&(k1), &(k2)))
|
|
71
71
|
#define FIO_ARY_COPY(dest, obj) fio_tls_cert_copy(&(dest), &(obj))
|
|
72
|
-
#define FIO_ARY_DESTROY(key)
|
|
73
|
-
#define FIO_FORCE_MALLOC_TMP
|
|
72
|
+
#define FIO_ARY_DESTROY(key) fio_tls_cert_destroy(&(key))
|
|
73
|
+
#define FIO_FORCE_MALLOC_TMP 1
|
|
74
74
|
#include <fio.h>
|
|
75
75
|
|
|
76
76
|
typedef struct {
|
|
@@ -90,12 +90,12 @@ static inline void fio_tls_trust_destroy(trust_s *obj) {
|
|
|
90
90
|
fio_str_free(&obj->pem);
|
|
91
91
|
}
|
|
92
92
|
|
|
93
|
-
#define FIO_ARY_NAME
|
|
94
|
-
#define FIO_ARY_TYPE
|
|
93
|
+
#define FIO_ARY_NAME trust_ary
|
|
94
|
+
#define FIO_ARY_TYPE trust_s
|
|
95
95
|
#define FIO_ARY_COMPARE(k1, k2) (fio_tls_trust_cmp(&(k1), &(k2)))
|
|
96
96
|
#define FIO_ARY_COPY(dest, obj) fio_tls_trust_copy(&(dest), &(obj))
|
|
97
|
-
#define FIO_ARY_DESTROY(key)
|
|
98
|
-
#define FIO_FORCE_MALLOC_TMP
|
|
97
|
+
#define FIO_ARY_DESTROY(key) fio_tls_trust_destroy(&(key))
|
|
98
|
+
#define FIO_FORCE_MALLOC_TMP 1
|
|
99
99
|
#include <fio.h>
|
|
100
100
|
|
|
101
101
|
typedef struct {
|
|
@@ -123,12 +123,12 @@ static inline void fio_alpn_destroy(alpn_s *obj) {
|
|
|
123
123
|
fio_str_free(&obj->name);
|
|
124
124
|
}
|
|
125
125
|
|
|
126
|
-
#define FIO_SET_NAME
|
|
127
|
-
#define FIO_SET_OBJ_TYPE
|
|
126
|
+
#define FIO_SET_NAME alpn_list
|
|
127
|
+
#define FIO_SET_OBJ_TYPE alpn_s
|
|
128
128
|
#define FIO_SET_OBJ_COMPARE(k1, k2) fio_alpn_cmp(&(k1), &(k2))
|
|
129
129
|
#define FIO_SET_OBJ_COPY(dest, obj) fio_alpn_copy(&(dest), &(obj))
|
|
130
|
-
#define FIO_SET_OBJ_DESTROY(key)
|
|
131
|
-
#define FIO_FORCE_MALLOC_TMP
|
|
130
|
+
#define FIO_SET_OBJ_DESTROY(key) fio_alpn_destroy(&(key))
|
|
131
|
+
#define FIO_FORCE_MALLOC_TMP 1
|
|
132
132
|
#include <fio.h>
|
|
133
133
|
|
|
134
134
|
/* *****************************************************************************
|
|
@@ -167,10 +167,13 @@ FIO_FUNC inline alpn_s *alpn_find(fio_tls_s *tls, char *name, size_t len) {
|
|
|
167
167
|
}
|
|
168
168
|
|
|
169
169
|
/** Adds an ALPN data object to the ALPN "list" (set) */
|
|
170
|
-
FIO_FUNC inline void alpn_add(
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
170
|
+
FIO_FUNC inline void alpn_add(fio_tls_s *tls,
|
|
171
|
+
const char *protocol_name,
|
|
172
|
+
void (*on_selected)(intptr_t uuid,
|
|
173
|
+
void *udata_connection,
|
|
174
|
+
void *udata_tls),
|
|
175
|
+
void *udata_tls,
|
|
176
|
+
void (*on_cleanup)(void *udata_tls)) {
|
|
174
177
|
alpn_s tmp = {
|
|
175
178
|
.name = FIO_STR_INIT_STATIC(protocol_name),
|
|
176
179
|
.on_selected = on_selected,
|
|
@@ -212,7 +215,8 @@ FIO_FUNC inline void alpn_select___task(void *t_, void *ignr_) {
|
|
|
212
215
|
}
|
|
213
216
|
|
|
214
217
|
/** Schedules the ALPN protocol callback. */
|
|
215
|
-
FIO_FUNC inline void alpn_select(alpn_s *alpn,
|
|
218
|
+
FIO_FUNC inline void alpn_select(alpn_s *alpn,
|
|
219
|
+
intptr_t uuid,
|
|
216
220
|
void *udata_connection) {
|
|
217
221
|
if (!alpn || !alpn->on_selected)
|
|
218
222
|
return;
|
|
@@ -257,7 +261,8 @@ static void fio_tls_make_root_key(void) {
|
|
|
257
261
|
"OpenSSL failed to create RSA key.");
|
|
258
262
|
BN_free(e);
|
|
259
263
|
EVP_PKEY_assign_RSA(fio_tls_pkey, rsa);
|
|
260
|
-
fio_state_callback_add(FIO_CALL_AT_EXIT,
|
|
264
|
+
fio_state_callback_add(FIO_CALL_AT_EXIT,
|
|
265
|
+
fio_tls_clear_root_key,
|
|
261
266
|
fio_tls_pkey);
|
|
262
267
|
finish:
|
|
263
268
|
fio_unlock(&lock);
|
|
@@ -284,12 +289,27 @@ static X509 *fio_tls_create_self_signed(char *server_name) {
|
|
|
284
289
|
/* set identity details */
|
|
285
290
|
X509_NAME *s = X509_get_subject_name(cert);
|
|
286
291
|
size_t srv_name_len = strlen(server_name);
|
|
287
|
-
X509_NAME_add_entry_by_txt(s,
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
(unsigned char *)server_name,
|
|
291
|
-
|
|
292
|
-
|
|
292
|
+
X509_NAME_add_entry_by_txt(s,
|
|
293
|
+
"O",
|
|
294
|
+
MBSTRING_ASC,
|
|
295
|
+
(unsigned char *)server_name,
|
|
296
|
+
srv_name_len,
|
|
297
|
+
-1,
|
|
298
|
+
0);
|
|
299
|
+
X509_NAME_add_entry_by_txt(s,
|
|
300
|
+
"CN",
|
|
301
|
+
MBSTRING_ASC,
|
|
302
|
+
(unsigned char *)server_name,
|
|
303
|
+
srv_name_len,
|
|
304
|
+
-1,
|
|
305
|
+
0);
|
|
306
|
+
X509_NAME_add_entry_by_txt(s,
|
|
307
|
+
"CA",
|
|
308
|
+
MBSTRING_ASC,
|
|
309
|
+
(unsigned char *)server_name,
|
|
310
|
+
srv_name_len,
|
|
311
|
+
-1,
|
|
312
|
+
0);
|
|
293
313
|
X509_set_issuer_name(cert, s);
|
|
294
314
|
|
|
295
315
|
/* sign certificate */
|
|
@@ -324,12 +344,15 @@ static void fio_tls_alpn_fallback(fio_tls_connection_s *c) {
|
|
|
324
344
|
return;
|
|
325
345
|
/* set protocol to default protocol */
|
|
326
346
|
FIO_LOG_DEBUG("TLS ALPN handshake missing, falling back on %s for %p",
|
|
327
|
-
fio_str_info(&alpn->name).data,
|
|
347
|
+
fio_str_info(&alpn->name).data,
|
|
348
|
+
(void *)c->uuid);
|
|
328
349
|
alpn_select(alpn, c->uuid, c->alpn_arg);
|
|
329
350
|
}
|
|
330
|
-
static int fio_tls_alpn_selector_cb(SSL *ssl,
|
|
351
|
+
static int fio_tls_alpn_selector_cb(SSL *ssl,
|
|
352
|
+
const unsigned char **out,
|
|
331
353
|
unsigned char *outlen,
|
|
332
|
-
const unsigned char *in,
|
|
354
|
+
const unsigned char *in,
|
|
355
|
+
unsigned int inlen,
|
|
333
356
|
void *tls_) {
|
|
334
357
|
fio_tls_s *tls = tls_;
|
|
335
358
|
alpn_s *alpn;
|
|
@@ -358,7 +381,8 @@ static int fio_tls_alpn_selector_cb(SSL *ssl, const unsigned char **out,
|
|
|
358
381
|
alpn_select(alpn, c->uuid, c->alpn_arg);
|
|
359
382
|
FIO_LOG_DEBUG(
|
|
360
383
|
"TLS ALPN handshake failed, falling back on default (%s) for %p",
|
|
361
|
-
fio_str_data(&alpn->name),
|
|
384
|
+
fio_str_data(&alpn->name),
|
|
385
|
+
(void *)c->uuid);
|
|
362
386
|
return SSL_TLSEXT_ERR_NOACK;
|
|
363
387
|
(void)ssl;
|
|
364
388
|
(void)out;
|
|
@@ -380,7 +404,9 @@ static void fio_tls_destroy_context(fio_tls_s *tls) {
|
|
|
380
404
|
FIO_LOG_DEBUG("destroyed TLS context for OpenSSL %p", (void *)tls);
|
|
381
405
|
}
|
|
382
406
|
|
|
383
|
-
static int fio_tls_pem_passwd_cb(char *buf,
|
|
407
|
+
static int fio_tls_pem_passwd_cb(char *buf,
|
|
408
|
+
int size,
|
|
409
|
+
int rwflag,
|
|
384
410
|
void *password) {
|
|
385
411
|
fio_str_info_s *p = password;
|
|
386
412
|
if (!p || !p->len || !size)
|
|
@@ -407,7 +433,8 @@ static void fio_tls_build_context(fio_tls_s *tls) {
|
|
|
407
433
|
/* attach certificates */
|
|
408
434
|
FIO_ARY_FOR(&tls->sni, pos) {
|
|
409
435
|
fio_str_info_s keys[4] = {
|
|
410
|
-
fio_str_info(&pos->private_key),
|
|
436
|
+
fio_str_info(&pos->private_key),
|
|
437
|
+
fio_str_info(&pos->public_key),
|
|
411
438
|
fio_str_info(&pos->password),
|
|
412
439
|
/* empty password slot for public key */
|
|
413
440
|
};
|
|
@@ -416,8 +443,10 @@ static void fio_tls_build_context(fio_tls_s *tls) {
|
|
|
416
443
|
/* Extract private key from private key file */
|
|
417
444
|
BIO *bio = BIO_new_mem_buf(keys[0].data, keys[0].len);
|
|
418
445
|
if (bio) {
|
|
419
|
-
EVP_PKEY *k = PEM_read_bio_PrivateKey(
|
|
420
|
-
|
|
446
|
+
EVP_PKEY *k = PEM_read_bio_PrivateKey(bio,
|
|
447
|
+
NULL,
|
|
448
|
+
fio_tls_pem_passwd_cb,
|
|
449
|
+
keys + 2);
|
|
421
450
|
if (k) {
|
|
422
451
|
FIO_LOG_DEBUG("TLS read private key from PEM file.");
|
|
423
452
|
SSL_CTX_use_PrivateKey(tls->ctx, k);
|
|
@@ -430,15 +459,21 @@ static void fio_tls_build_context(fio_tls_s *tls) {
|
|
|
430
459
|
/* Extract as much data as possible from each file */
|
|
431
460
|
BIO *bio = BIO_new_mem_buf(keys[ki].data, keys[ki].len);
|
|
432
461
|
FIO_ASSERT(bio, "OpenSSL error allocating BIO.");
|
|
433
|
-
STACK_OF(X509_INFO) *inf = PEM_X509_INFO_read_bio(
|
|
434
|
-
|
|
462
|
+
STACK_OF(X509_INFO) *inf = PEM_X509_INFO_read_bio(bio,
|
|
463
|
+
NULL,
|
|
464
|
+
fio_tls_pem_passwd_cb,
|
|
465
|
+
keys + ki + 2);
|
|
435
466
|
if (inf) {
|
|
436
467
|
for (int i = 0; i < sk_X509_INFO_num(inf); ++i) {
|
|
437
468
|
/* for each element in PEM */
|
|
438
469
|
X509_INFO *tmp = sk_X509_INFO_value(inf, i);
|
|
439
470
|
if (tmp->x509) {
|
|
440
471
|
FIO_LOG_DEBUG("TLS adding certificate from PEM file.");
|
|
441
|
-
|
|
472
|
+
if (i == 0) {
|
|
473
|
+
SSL_CTX_use_certificate(tls->ctx, tmp->x509);
|
|
474
|
+
} else {
|
|
475
|
+
SSL_CTX_add1_chain_cert(tls->ctx, tmp->x509);
|
|
476
|
+
}
|
|
442
477
|
}
|
|
443
478
|
if (tmp->x_pkey) {
|
|
444
479
|
FIO_LOG_DEBUG("TLS adding private key from PEM file.");
|
|
@@ -541,7 +576,9 @@ static void fio_tls_delayed_close(void *uuid, void *ignr_) {
|
|
|
541
576
|
* Note: facil.io library functions MUST NEVER be called by any r/w hook, or a
|
|
542
577
|
* deadlock might occur.
|
|
543
578
|
*/
|
|
544
|
-
static ssize_t fio_tls_read(intptr_t uuid,
|
|
579
|
+
static ssize_t fio_tls_read(intptr_t uuid,
|
|
580
|
+
void *udata,
|
|
581
|
+
void *buf,
|
|
545
582
|
size_t count) {
|
|
546
583
|
fio_tls_connection_s *c = udata;
|
|
547
584
|
ssize_t ret = SSL_read(c->ssl, buf, count);
|
|
@@ -549,23 +586,19 @@ static ssize_t fio_tls_read(intptr_t uuid, void *udata, void *buf,
|
|
|
549
586
|
return ret;
|
|
550
587
|
ret = SSL_get_error(c->ssl, ret);
|
|
551
588
|
switch (ret) {
|
|
552
|
-
case SSL_ERROR_SSL:
|
|
553
|
-
case SSL_ERROR_ZERO_RETURN:
|
|
554
|
-
|
|
555
|
-
case
|
|
556
|
-
|
|
557
|
-
case
|
|
558
|
-
case
|
|
559
|
-
case
|
|
560
|
-
case
|
|
561
|
-
case SSL_ERROR_WANT_WRITE: /* overflow */
|
|
562
|
-
case SSL_ERROR_WANT_READ: /* overflow */
|
|
589
|
+
case SSL_ERROR_SSL: /* overflow */
|
|
590
|
+
case SSL_ERROR_ZERO_RETURN: return 0; /* EOF */
|
|
591
|
+
case SSL_ERROR_SYSCALL: /* allow errno to inform us */ break; /* return -1 */
|
|
592
|
+
case SSL_ERROR_NONE: /* overflow */
|
|
593
|
+
case SSL_ERROR_WANT_CONNECT: /* overflow */
|
|
594
|
+
case SSL_ERROR_WANT_ACCEPT: /* overflow */
|
|
595
|
+
case SSL_ERROR_WANT_X509_LOOKUP: /* overflow */
|
|
596
|
+
case SSL_ERROR_WANT_WRITE: /* overflow */
|
|
597
|
+
case SSL_ERROR_WANT_READ: /* overflow */
|
|
563
598
|
#ifdef SSL_ERROR_WANT_ASYNC
|
|
564
|
-
case SSL_ERROR_WANT_ASYNC:
|
|
599
|
+
case SSL_ERROR_WANT_ASYNC: /* overflow */
|
|
565
600
|
#endif
|
|
566
|
-
default:
|
|
567
|
-
errno = EWOULDBLOCK;
|
|
568
|
-
break;
|
|
601
|
+
default: errno = EWOULDBLOCK; break;
|
|
569
602
|
}
|
|
570
603
|
return -1;
|
|
571
604
|
(void)uuid;
|
|
@@ -597,7 +630,9 @@ static ssize_t fio_tls_flush(intptr_t uuid, void *udata) {
|
|
|
597
630
|
* Note: facil.io library functions MUST NEVER be called by any r/w hook, or a
|
|
598
631
|
* deadlock might occur.
|
|
599
632
|
*/
|
|
600
|
-
static ssize_t fio_tls_write(intptr_t uuid,
|
|
633
|
+
static ssize_t fio_tls_write(intptr_t uuid,
|
|
634
|
+
void *udata,
|
|
635
|
+
const void *buf,
|
|
601
636
|
size_t count) {
|
|
602
637
|
fio_tls_connection_s *c = udata;
|
|
603
638
|
ssize_t ret = SSL_write(c->ssl, buf, count);
|
|
@@ -605,23 +640,19 @@ static ssize_t fio_tls_write(intptr_t uuid, void *udata, const void *buf,
|
|
|
605
640
|
return ret;
|
|
606
641
|
ret = SSL_get_error(c->ssl, ret);
|
|
607
642
|
switch (ret) {
|
|
608
|
-
case SSL_ERROR_SSL:
|
|
609
|
-
case SSL_ERROR_ZERO_RETURN:
|
|
610
|
-
|
|
611
|
-
case
|
|
612
|
-
|
|
613
|
-
case
|
|
614
|
-
case
|
|
615
|
-
case
|
|
616
|
-
case
|
|
617
|
-
case SSL_ERROR_WANT_WRITE: /* overflow */
|
|
618
|
-
case SSL_ERROR_WANT_READ: /* overflow */
|
|
643
|
+
case SSL_ERROR_SSL: /* overflow */
|
|
644
|
+
case SSL_ERROR_ZERO_RETURN: return 0; /* EOF */
|
|
645
|
+
case SSL_ERROR_SYSCALL: /* allow errno to inform us */ break; /* return -1 */
|
|
646
|
+
case SSL_ERROR_NONE: /* overflow */
|
|
647
|
+
case SSL_ERROR_WANT_CONNECT: /* overflow */
|
|
648
|
+
case SSL_ERROR_WANT_ACCEPT: /* overflow */
|
|
649
|
+
case SSL_ERROR_WANT_X509_LOOKUP: /* overflow */
|
|
650
|
+
case SSL_ERROR_WANT_WRITE: /* overflow */
|
|
651
|
+
case SSL_ERROR_WANT_READ: /* overflow */
|
|
619
652
|
#ifdef SSL_ERROR_WANT_ASYNC
|
|
620
|
-
case SSL_ERROR_WANT_ASYNC:
|
|
653
|
+
case SSL_ERROR_WANT_ASYNC: /* overflow */
|
|
621
654
|
#endif
|
|
622
|
-
default:
|
|
623
|
-
errno = EWOULDBLOCK;
|
|
624
|
-
break;
|
|
655
|
+
default: errno = EWOULDBLOCK; break;
|
|
625
656
|
}
|
|
626
657
|
return -1;
|
|
627
658
|
(void)uuid;
|
|
@@ -664,9 +695,9 @@ static fio_rw_hook_s FIO_TLS_HOOKS = {
|
|
|
664
695
|
.cleanup = fio_tls_cleanup,
|
|
665
696
|
};
|
|
666
697
|
|
|
667
|
-
#define FIO_TLS_HANDSHAKE_ERROR
|
|
668
|
-
#define FIO_TLS_HANDSHAKE_OK
|
|
669
|
-
#define FIO_TLS_HANDSHAKE_NEED_READ
|
|
698
|
+
#define FIO_TLS_HANDSHAKE_ERROR 0
|
|
699
|
+
#define FIO_TLS_HANDSHAKE_OK 1
|
|
700
|
+
#define FIO_TLS_HANDSHAKE_NEED_READ 2
|
|
670
701
|
#define FIO_TLS_HANDSHAKE_NEED_WRITE 4
|
|
671
702
|
|
|
672
703
|
static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
|
|
@@ -701,7 +732,8 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
|
|
|
701
732
|
if (errno) {
|
|
702
733
|
FIO_LOG_DEBUG(
|
|
703
734
|
"SSL_accept/SSL_connect %p error: SSL_ERROR_SYSCALL, errno: %s",
|
|
704
|
-
(void *)uuid,
|
|
735
|
+
(void *)uuid,
|
|
736
|
+
strerror(errno));
|
|
705
737
|
}
|
|
706
738
|
break;
|
|
707
739
|
case SSL_ERROR_SSL:
|
|
@@ -741,7 +773,8 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
|
|
|
741
773
|
#endif
|
|
742
774
|
default:
|
|
743
775
|
FIO_LOG_DEBUG("SSL_accept/SSL_connect %p error: unknown (%d).",
|
|
744
|
-
(void *)uuid,
|
|
776
|
+
(void *)uuid,
|
|
777
|
+
ri);
|
|
745
778
|
break;
|
|
746
779
|
}
|
|
747
780
|
fio_rw_hook_replace_unsafe(uuid, &FIO_TLS_HOOKS, udata);
|
|
@@ -766,7 +799,8 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
|
|
|
766
799
|
}
|
|
767
800
|
if (alpn)
|
|
768
801
|
FIO_LOG_DEBUG("setting ALPN %s for TLS client %p",
|
|
769
|
-
fio_str_data(&alpn->name),
|
|
802
|
+
fio_str_data(&alpn->name),
|
|
803
|
+
(void *)uuid);
|
|
770
804
|
alpn_select(alpn, c->uuid, c->alpn_arg);
|
|
771
805
|
}
|
|
772
806
|
}
|
|
@@ -783,7 +817,8 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
|
|
|
783
817
|
#if FIO_TLS_PRINT_SECRET
|
|
784
818
|
if (FIO_LOG_LEVEL >= FIO_LOG_LEVEL_DEBUG) {
|
|
785
819
|
unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH + 2];
|
|
786
|
-
size_t ret = SSL_SESSION_get_master_key(SSL_get_session(c->ssl),
|
|
820
|
+
size_t ret = SSL_SESSION_get_master_key(SSL_get_session(c->ssl),
|
|
821
|
+
buff,
|
|
787
822
|
SSL_MAX_MASTER_KEY_LENGTH + 1);
|
|
788
823
|
buff[ret] = 0;
|
|
789
824
|
unsigned char buff2[(SSL_MAX_MASTER_KEY_LENGTH + 2) << 1];
|
|
@@ -794,7 +829,8 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
|
|
|
794
829
|
: ('0' + (buff[i] & 15));
|
|
795
830
|
}
|
|
796
831
|
buff2[(ret << 1)] = 0;
|
|
797
|
-
FIO_LOG_DEBUG("OpenSSL Master Key for uuid %p:\n\t\t%s",
|
|
832
|
+
FIO_LOG_DEBUG("OpenSSL Master Key for uuid %p:\n\t\t%s",
|
|
833
|
+
(void *)uuid,
|
|
798
834
|
buff2);
|
|
799
835
|
}
|
|
800
836
|
#endif
|
|
@@ -802,7 +838,9 @@ static size_t fio_tls_handshake(intptr_t uuid, void *udata) {
|
|
|
802
838
|
return status;
|
|
803
839
|
}
|
|
804
840
|
|
|
805
|
-
static ssize_t fio_tls_read4handshake(intptr_t uuid,
|
|
841
|
+
static ssize_t fio_tls_read4handshake(intptr_t uuid,
|
|
842
|
+
void *udata,
|
|
843
|
+
void *buf,
|
|
806
844
|
size_t count) {
|
|
807
845
|
// FIO_LOG_DEBUG("TLS handshake from read %p", (void *)uuid);
|
|
808
846
|
size_t s = fio_tls_handshake(uuid, udata);
|
|
@@ -814,8 +852,10 @@ static ssize_t fio_tls_read4handshake(intptr_t uuid, void *udata, void *buf,
|
|
|
814
852
|
return -1;
|
|
815
853
|
}
|
|
816
854
|
|
|
817
|
-
static ssize_t fio_tls_write4handshake(intptr_t uuid,
|
|
818
|
-
|
|
855
|
+
static ssize_t fio_tls_write4handshake(intptr_t uuid,
|
|
856
|
+
void *udata,
|
|
857
|
+
const void *buf,
|
|
858
|
+
size_t count) {
|
|
819
859
|
// FIO_LOG_DEBUG("TLS handshake from write %p", (void *)uuid);
|
|
820
860
|
size_t s = fio_tls_handshake(uuid, udata);
|
|
821
861
|
if (s == FIO_TLS_HANDSHAKE_OK)
|
|
@@ -845,8 +885,10 @@ static fio_rw_hook_s FIO_TLS_HANDSHAKE_HOOKS = {
|
|
|
845
885
|
.flush = fio_tls_flush4handshake,
|
|
846
886
|
.cleanup = fio_tls_cleanup,
|
|
847
887
|
};
|
|
848
|
-
static inline void fio_tls_attach2uuid(intptr_t uuid,
|
|
849
|
-
|
|
888
|
+
static inline void fio_tls_attach2uuid(intptr_t uuid,
|
|
889
|
+
fio_tls_s *tls,
|
|
890
|
+
void *udata,
|
|
891
|
+
uint8_t is_server) {
|
|
850
892
|
fio_atomic_add(&tls->ref, 1);
|
|
851
893
|
/* create SSL connection context from global context */
|
|
852
894
|
fio_tls_connection_s *c = malloc(sizeof(*c));
|
|
@@ -891,8 +933,10 @@ SSL/TLS API implementation - this can be pretty much used as is...
|
|
|
891
933
|
* Creates a new SSL/TLS context / settings object with a default certificate
|
|
892
934
|
* (if any).
|
|
893
935
|
*/
|
|
894
|
-
fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name,
|
|
895
|
-
const char *
|
|
936
|
+
fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name,
|
|
937
|
+
const char *cert,
|
|
938
|
+
const char *key,
|
|
939
|
+
const char *pk_password) {
|
|
896
940
|
REQUIRE_LIBRARY();
|
|
897
941
|
fio_tls_s *tls = calloc(sizeof(*tls), 1);
|
|
898
942
|
tls->ref = 1;
|
|
@@ -903,8 +947,10 @@ fio_tls_s *FIO_TLS_WEAK fio_tls_new(const char *server_name, const char *cert,
|
|
|
903
947
|
/**
|
|
904
948
|
* Adds a certificate a new SSL/TLS context / settings object.
|
|
905
949
|
*/
|
|
906
|
-
void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls,
|
|
907
|
-
const char *
|
|
950
|
+
void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls,
|
|
951
|
+
const char *server_name,
|
|
952
|
+
const char *cert,
|
|
953
|
+
const char *key,
|
|
908
954
|
const char *pk_password) {
|
|
909
955
|
REQUIRE_LIBRARY();
|
|
910
956
|
cert_s c = {
|
|
@@ -929,7 +975,8 @@ void FIO_TLS_WEAK fio_tls_cert_add(fio_tls_s *tls, const char *server_name,
|
|
|
929
975
|
return;
|
|
930
976
|
file_missing:
|
|
931
977
|
FIO_LOG_FATAL("TLS certificate file missing for either %s or %s or both.",
|
|
932
|
-
key,
|
|
978
|
+
key,
|
|
979
|
+
cert);
|
|
933
980
|
exit(-1);
|
|
934
981
|
}
|
|
935
982
|
|
|
@@ -950,10 +997,13 @@ file_missing:
|
|
|
950
997
|
* Except for the `tls` and `protocol_name` arguments, all arguments can be
|
|
951
998
|
* NULL.
|
|
952
999
|
*/
|
|
953
|
-
void FIO_TLS_WEAK fio_tls_alpn_add(
|
|
954
|
-
|
|
955
|
-
|
|
956
|
-
|
|
1000
|
+
void FIO_TLS_WEAK fio_tls_alpn_add(fio_tls_s *tls,
|
|
1001
|
+
const char *protocol_name,
|
|
1002
|
+
void (*on_selected)(intptr_t uuid,
|
|
1003
|
+
void *udata_connection,
|
|
1004
|
+
void *udata_tls),
|
|
1005
|
+
void *udata_tls,
|
|
1006
|
+
void (*on_cleanup)(void *udata_tls)) {
|
|
957
1007
|
REQUIRE_LIBRARY();
|
|
958
1008
|
alpn_add(tls, protocol_name, on_selected, udata_tls, on_cleanup);
|
|
959
1009
|
fio_tls_build_context(tls);
|
data/ext/iodine/iodine.c
CHANGED
|
@@ -1325,7 +1325,7 @@ Ruby loads the library and invokes the Init_<lib_name> function...
|
|
|
1325
1325
|
Here we connect all the C code to the Ruby interface, completing the bridge
|
|
1326
1326
|
between Lib-Server and Ruby.
|
|
1327
1327
|
***************************************************************************** */
|
|
1328
|
-
void
|
|
1328
|
+
void Init_iodine_ext(void) {
|
|
1329
1329
|
/* common Symbol objects in use by Iodine */
|
|
1330
1330
|
#define IODINE_MAKE_SYM(name) \
|
|
1331
1331
|
do { \
|
data/ext/iodine/iodine_caller.c
CHANGED
|
@@ -10,7 +10,7 @@
|
|
|
10
10
|
static pthread_key_t iodine_GVL_state_key;
|
|
11
11
|
static pthread_once_t iodine_GVL_state_once = PTHREAD_ONCE_INIT;
|
|
12
12
|
static void init_iodine_GVL_state_key(void) {
|
|
13
|
-
pthread_key_create(&iodine_GVL_state_key, NULL);
|
|
13
|
+
pthread_key_create(&iodine_GVL_state_key, NULL);
|
|
14
14
|
}
|
|
15
15
|
static void init_iodine_GVL_state_init(void) {
|
|
16
16
|
uint8_t *gvl = malloc(sizeof(uint8_t));
|
|
@@ -47,14 +47,18 @@ static void *iodine_handle_exception(void *ignr) {
|
|
|
47
47
|
if (TYPE(bt) == T_ARRAY) {
|
|
48
48
|
bt = rb_ary_join(bt, rb_str_new_literal("\n"));
|
|
49
49
|
FIO_LOG_ERROR("Iodine caught an unprotected exception - %.*s: %.*s\n%s",
|
|
50
|
-
(int)RSTRING_LEN(exc_class),
|
|
51
|
-
|
|
50
|
+
(int)RSTRING_LEN(exc_class),
|
|
51
|
+
RSTRING_PTR(exc_class),
|
|
52
|
+
(int)RSTRING_LEN(msg),
|
|
53
|
+
RSTRING_PTR(msg),
|
|
52
54
|
StringValueCStr(bt));
|
|
53
55
|
} else {
|
|
54
56
|
FIO_LOG_ERROR("Iodine caught an unprotected exception - %.*s: %.*s\n"
|
|
55
57
|
"No backtrace available.\n",
|
|
56
|
-
(int)RSTRING_LEN(exc_class),
|
|
57
|
-
(
|
|
58
|
+
(int)RSTRING_LEN(exc_class),
|
|
59
|
+
RSTRING_PTR(exc_class),
|
|
60
|
+
(int)RSTRING_LEN(msg),
|
|
61
|
+
RSTRING_PTR(msg));
|
|
58
62
|
}
|
|
59
63
|
rb_backtrace();
|
|
60
64
|
FIO_LOG_ERROR("\n");
|
|
@@ -69,8 +73,12 @@ static void *iodine_handle_exception(void *ignr) {
|
|
|
69
73
|
/* calls the Ruby each method within the protection block */
|
|
70
74
|
static VALUE iodine_ruby_caller_perform_block(VALUE tsk_) {
|
|
71
75
|
iodine_rb_task_s *task = (void *)tsk_;
|
|
72
|
-
return rb_block_call(task->obj,
|
|
73
|
-
task->
|
|
76
|
+
return rb_block_call(task->obj,
|
|
77
|
+
task->method,
|
|
78
|
+
task->argc,
|
|
79
|
+
task->argv,
|
|
80
|
+
(rb_block_call_func_t)(task->each_func),
|
|
81
|
+
task->each_udata);
|
|
74
82
|
}
|
|
75
83
|
|
|
76
84
|
/* calls the Ruby method within the protection block */
|
|
@@ -83,7 +91,8 @@ static VALUE iodine_ruby_caller_perform(VALUE tsk_) {
|
|
|
83
91
|
static void *iodine_protect_ruby_call(void *task_) {
|
|
84
92
|
int state = 0;
|
|
85
93
|
VALUE ret = rb_protect(((iodine_rb_task_s *)task_)->protected_task,
|
|
86
|
-
(VALUE)(task_),
|
|
94
|
+
(VALUE)(task_),
|
|
95
|
+
&state);
|
|
87
96
|
if (state) {
|
|
88
97
|
iodine_handle_exception(NULL);
|
|
89
98
|
}
|
|
@@ -157,10 +166,13 @@ static VALUE iodine_call2(VALUE obj, ID method, int argc, VALUE *argv) {
|
|
|
157
166
|
}
|
|
158
167
|
|
|
159
168
|
/** Calls a Ruby method on a given object, protecting against exceptions. */
|
|
160
|
-
static VALUE iodine_call_block(
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
169
|
+
static VALUE iodine_call_block(
|
|
170
|
+
VALUE obj,
|
|
171
|
+
ID method,
|
|
172
|
+
int argc,
|
|
173
|
+
VALUE *argv,
|
|
174
|
+
VALUE udata,
|
|
175
|
+
VALUE(each_func)(VALUE block_arg, VALUE udata, int argc, VALUE *argv)) {
|
|
164
176
|
iodine_rb_task_s task = {
|
|
165
177
|
.obj = obj,
|
|
166
178
|
.argc = argc,
|
|
@@ -186,7 +198,7 @@ static uint8_t iodine_in_GVL(void) {
|
|
|
186
198
|
}
|
|
187
199
|
|
|
188
200
|
/** Forces the GVL state flag. */
|
|
189
|
-
static void iodine_set_GVL(uint8_t state) {
|
|
201
|
+
static void iodine_set_GVL(uint8_t state) {
|
|
190
202
|
pthread_once(&iodine_GVL_state_once, init_iodine_GVL_state_key);
|
|
191
203
|
uint8_t *iodine_GVL_state = pthread_getspecific(iodine_GVL_state_key);
|
|
192
204
|
if (!iodine_GVL_state) {
|
data/lib/iodine/version.rb
CHANGED
data/lib/iodine.rb
CHANGED
|
@@ -3,7 +3,7 @@ require 'socket' # TCPSocket is used internally for Hijack support
|
|
|
3
3
|
# require 'openssl' # For SSL/TLS support using OpenSSL
|
|
4
4
|
|
|
5
5
|
require_relative './iodine/version'
|
|
6
|
-
require_relative './iodine/
|
|
6
|
+
require_relative './iodine/iodine_ext' # loading a binary C extension
|
|
7
7
|
|
|
8
8
|
# Iodine is an HTTP / WebSocket server as well as an Evented Network Tool Library. In essense, Iodine is a Ruby port for the [facil.io](http://facil.io) C library.
|
|
9
9
|
#
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iodine
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.58
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Boaz Segev
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-04-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -143,6 +143,11 @@ files:
|
|
|
143
143
|
- bin/poc/gemfile
|
|
144
144
|
- bin/poc/www/index.html
|
|
145
145
|
- examples/async_task.ru
|
|
146
|
+
- examples/bates/README.md
|
|
147
|
+
- examples/bates/config.ru
|
|
148
|
+
- examples/bates/david+bold.pdf
|
|
149
|
+
- examples/bates/public/drop-pdf.png
|
|
150
|
+
- examples/bates/public/index.html
|
|
146
151
|
- examples/config.ru
|
|
147
152
|
- examples/echo.ru
|
|
148
153
|
- examples/etag.ru
|
|
@@ -246,7 +251,7 @@ licenses:
|
|
|
246
251
|
metadata:
|
|
247
252
|
allowed_push_host: https://rubygems.org
|
|
248
253
|
post_install_message: |-
|
|
249
|
-
Thank you for installing Iodine 0.7.
|
|
254
|
+
Thank you for installing Iodine 0.7.58.
|
|
250
255
|
Remember: if iodine supports your business, it's only fair to give value back (code contributions / donations).
|
|
251
256
|
rdoc_options: []
|
|
252
257
|
require_paths:
|