net-http-persistent 2.9.4 → 3.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 21b9c2d72e25672250e7d4544bed635d05a583cd
-  data.tar.gz: 8baa746d3b463cc46282e93e1c95fea48ce34de7
+  metadata.gz: 2ac4ced8426e3492194191bc08b33f911d09191a
+  data.tar.gz: a6b022f6d8a64047938b72a3e8bed913b435f547
 SHA512:
-  metadata.gz: 34d31b4bb74a92791b8091bec2e098935440b522a22a00cf189a7d48652415a4729496758c30af51ce38cd1c227b3414040cb3396b348dcc355634f5fb1d012d
-  data.tar.gz: 6afc70cd26e21e4d7fbce7d5531543ba55df0da22dd2b4ac5f697b34290f567167afc3a76a98fd7faa351e539f94cf1d2dae0295f0840036d482a6537bd0271f
+  metadata.gz: 10729b7555b94f553ee0aed2c51d8ac950f92dc7e669dc39638e6ee76ac64914e8fb54cab8c97cb1087a7f224d8f5ea62d404a81f2d4da00446d1c13c4458533
+  data.tar.gz: fd5bf2624f9cb961e1086480c9085a4ae14fdc9ae28797b95dd8493887ec0d87e0014e64bb5c52cf16eae4eef5e8aec3b23c745c8698d841163385ae6b9b447f

data/.travis.yml

@@ -0,0 +1,15 @@
+---
+after_script:
+- rake travis:after -t
+before_script:
+- gem install hoe-travis --no-rdoc --no-ri
+- rake travis:before -t
+language: ruby
+notifications:
+  email:
+  - drbrain@segment7.net
+rvm:
+- 2.1.10
+- 2.2.5
+- 2.3.1
+script: rake travis

data/History.txt

@@ -1,3 +1,22 @@
+=== 3.0
+
+Breaking changes:
+
+* No longer supports ruby 2.0 and earlier
+* Net::HTTP::Persistent::new now uses keyword arguments for +name+ and
+  +proxy+.
+* Removed #max_age, use #expired?
+
+New features:
+
+* Uses connection_pool to manage all connections for a Net::HTTP::Persistent
+  instance.
+
+Bug fixes:
+
+* Add missing SSL options ca_path, ciphers, ssl_timeout, verify_depth.
+  Issue #63 by Johnneylee Jack Rollins.
+
 === 2.9.4 / 2014-02-10
 
 * Bug fixes

data/Manifest.txt

@@ -1,11 +1,13 @@
 .autotest
 .gemtest
+.travis.yml
 History.txt
 Manifest.txt
 README.rdoc
 Rakefile
-lib/net/http/faster.rb
 lib/net/http/persistent.rb
-lib/net/http/persistent/ssl_reuse.rb
+lib/net/http/persistent/connection.rb
+lib/net/http/persistent/pool.rb
+lib/net/http/persistent/timed_stack_multi.rb
 test/test_net_http_persistent.rb
-test/test_net_http_persistent_ssl_reuse.rb
+test/test_net_http_persistent_timed_stack_multi.rb

data/Rakefile

@@ -13,12 +13,15 @@ Hoe.spec 'net-http-persistent' do
   self.readme_file      = 'README.rdoc'
   self.extra_rdoc_files += Dir['*.rdoc']
 
+  self.require_ruby_version '~> 2.1'
+
   license 'MIT'
 
   rdoc_locations <<
     'docs.seattlerb.org:/data/www/docs.seattlerb.org/net-http-persistent/'
 
-  dependency 'minitest', '~> 5.2', :development
+  dependency 'connection_pool', '~> 2.2'
+  dependency 'minitest',        '~> 5.2', :development
 end
 
 # vim: syntax=Ruby

data/lib/net/http/persistent.rb

@@ -1,12 +1,7 @@
 require 'net/http'
-begin
-  require 'net/https'
-rescue LoadError
-  # net/https or openssl
-end if RUBY_VERSION < '1.9' # but only for 1.8
-require 'net/http/faster'
 require 'uri'
 require 'cgi' # for escaping
+require 'connection_pool'
 
 begin
   require 'net/http/pipeline'
@@ -70,13 +65,17 @@ autoload :OpenSSL, 'openssl'
 # Here are the SSL settings, see the individual methods for documentation:
 #
 # #certificate        :: This client's certificate
-# #ca_file            :: The certificate-authority
+# #ca_file            :: The certificate-authorities
+# #ca_path            :: Directory with certificate-authorities
 # #cert_store         :: An SSL certificate store
+# #ciphers            :: List of SSl ciphers allowed
 # #private_key        :: The client's SSL private key
 # #reuse_ssl_sessions :: Reuse a previously opened SSL session for a new
 #                        connection
+# #ssl_timeout        :: SSL session lifetime
 # #ssl_version        :: Which specific SSL version to use
 # #verify_callback    :: For server certificate verification
+# #verify_depth       :: Depth of certificate verification
 # #verify_mode        :: How connections should be verified
 #
 # == Proxies
@@ -200,10 +199,15 @@ class Net::HTTP::Persistent
 
   HAVE_OPENSSL = defined? OpenSSL::SSL # :nodoc:
 
+  ##
+  # The default connection pool size is 1/4 the allowed open files.
+
+  DEFAULT_POOL_SIZE = Process.getrlimit(Process::RLIMIT_NOFILE).first / 4
+
   ##
   # The version of Net::HTTP::Persistent you are using
 
-  VERSION = '2.9.4'
+  VERSION = '3.0.0'
 
   ##
   # Exceptions rescued for automatic retry on ruby 2.0.0.  This overlaps with
@@ -248,31 +252,31 @@ class Net::HTTP::Persistent
 
     http = new 'net-http-persistent detect_idle_timeout'
 
-    connection = http.connection_for uri
+    http.connection_for uri do |connection|
+      sleep_time = 0
 
-    sleep_time = 0
+      http = connection.http
 
-    loop do
-      response = connection.request req
+      loop do
+        response = http.request req
 
-      $stderr.puts "HEAD #{uri} => #{response.code}" if $DEBUG
+        $stderr.puts "HEAD #{uri} => #{response.code}" if $DEBUG
 
-      unless Net::HTTPOK === response then
-        raise Error, "bad response code #{response.code} detecting idle timeout"
-      end
+        unless Net::HTTPOK === response then
+          raise Error, "bad response code #{response.code} detecting idle timeout"
+        end
 
-      break if sleep_time >= max
+        break if sleep_time >= max
 
-      sleep_time += 1
+        sleep_time += 1
 
-      $stderr.puts "sleeping #{sleep_time}" if $DEBUG
-      sleep sleep_time
+        $stderr.puts "sleeping #{sleep_time}" if $DEBUG
+        sleep sleep_time
+      end
     end
   rescue
     # ignore StandardErrors, we've probably found the idle timeout.
   ensure
-    http.shutdown
-
     return sleep_time unless $!
   end
 
@@ -281,7 +285,9 @@ class Net::HTTP::Persistent
 
   attr_reader :certificate
 
+  ##
   # For Net::HTTP parity
+
   alias cert certificate
 
   ##
@@ -290,12 +296,23 @@ class Net::HTTP::Persistent
 
   attr_reader :ca_file
 
+  ##
+  # A directory of SSL certificates to be used as certificate authorities.
+  # Setting this will set verify_mode to VERIFY_PEER.
+
+  attr_reader :ca_path
+
   ##
   # An SSL certificate store.  Setting this will override the default
   # certificate store.  See verify_mode for more information.
 
   attr_reader :cert_store
 
+  ##
+  # The ciphers allowed for SSL connections
+
+  attr_reader :ciphers
+
   ##
   # Sends debug_output to this IO via Net::HTTP#set_debug_output.
   #
@@ -309,11 +326,6 @@ class Net::HTTP::Persistent
 
   attr_reader :generation # :nodoc:
 
-  ##
-  # Where this instance's connections live in the thread local variables
-
-  attr_reader :generation_key # :nodoc:
-
   ##
   # Headers that are added to every request using Net::HTTP#add_field
 
@@ -369,7 +381,9 @@ class Net::HTTP::Persistent
 
   attr_reader :private_key
 
+  ##
   # For Net::HTTP parity
+
   alias key private_key
 
   ##
@@ -383,14 +397,14 @@ class Net::HTTP::Persistent
   attr_reader :no_proxy
 
   ##
-  # Seconds to wait until reading one block.  See Net::HTTP#read_timeout
+  # Test-only accessor for the connection pool
 
-  attr_accessor :read_timeout
+  attr_reader :pool # :nodoc:
 
   ##
-  # Where this instance's request counts live in the thread local variables
+  # Seconds to wait until reading one block.  See Net::HTTP#read_timeout
 
-  attr_reader :request_key # :nodoc:
+  attr_accessor :read_timeout
 
   ##
   # By default SSL sessions are reused to avoid extra SSL handshakes.  Set
@@ -418,9 +432,9 @@ class Net::HTTP::Persistent
   attr_reader :ssl_generation # :nodoc:
 
   ##
-  # Where this instance's SSL connections live in the thread local variables
+  # SSL session lifetime
 
-  attr_reader :ssl_generation_key # :nodoc:
+  attr_reader :ssl_timeout
 
   ##
   # SSL version to use.
@@ -428,7 +442,7 @@ class Net::HTTP::Persistent
   # By default, the version will be negotiated automatically between client
   # and server.  Ruby 1.9 and newer only.
 
-  attr_reader :ssl_version if RUBY_VERSION > '1.9'
+  attr_reader :ssl_version
 
   ##
   # Where this instance's last-use times live in the thread local variables
@@ -436,16 +450,21 @@ class Net::HTTP::Persistent
   attr_reader :timeout_key # :nodoc:
 
   ##
-  # SSL verification callback.  Used when ca_file is set.
+  # SSL verification callback.  Used when ca_file or ca_path is set.
 
   attr_reader :verify_callback
 
+  ##
+  # Sets the depth of SSL certificate verification
+
+  attr_reader :verify_depth
+
   ##
   # HTTPS verify mode.  Defaults to OpenSSL::SSL::VERIFY_PEER which verifies
   # the server certificate.
   #
-  # If no ca_file or cert_store is set the default system certificate store is
-  # used.
+  # If no ca_file, ca_path or cert_store is set the default system certificate
+  # store is used.
   #
   # You can use +verify_mode+ to override any default values.
 
@@ -478,8 +497,12 @@ class Net::HTTP::Persistent
   #   proxy = URI 'http://proxy.example'
   #   proxy.user     = 'AzureDiamond'
   #   proxy.password = 'hunter2'
+  #
+  # Set +pool_size+ to limit the maximum number of connections allowed.
+  # Defaults to 1/4 the number of allowed file handles.  You can have no more
+  # than this many threads with active HTTP transactions.
 
-  def initialize name = nil, proxy = nil
+  def initialize name: nil, proxy: nil, pool_size: DEFAULT_POOL_SIZE
     @name = name
 
     @debug_output     = nil
@@ -494,26 +517,28 @@ class Net::HTTP::Persistent
     @idle_timeout     = 5
     @max_requests     = nil
     @socket_options   = []
+    @ssl_generation   = 0 # incremented when SSL session variables change
 
     @socket_options << [Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1] if
       Socket.const_defined? :TCP_NODELAY
 
-    key = ['net_http_persistent', name].compact
-    @generation_key     = [key, 'generations'    ].join('_').intern
-    @ssl_generation_key = [key, 'ssl_generations'].join('_').intern
-    @request_key        = [key, 'requests'       ].join('_').intern
-    @timeout_key        = [key, 'timeouts'       ].join('_').intern
+    @pool = Net::HTTP::Persistent::Pool.new size: pool_size do |http_args|
+      Net::HTTP::Persistent::Connection.new Net::HTTP, http_args, @ssl_generation
+    end
 
     @certificate        = nil
     @ca_file            = nil
+    @ca_path            = nil
+    @ciphers            = nil
     @private_key        = nil
+    @ssl_timeout        = nil
     @ssl_version        = nil
     @verify_callback    = nil
+    @verify_depth       = nil
     @verify_mode        = nil
     @cert_store         = nil
 
     @generation         = 0 # incremented when proxy URI changes
-    @ssl_generation     = 0 # incremented when SSL session variables change
 
     if HAVE_OPENSSL then
       @verify_mode        = OpenSSL::SSL::VERIFY_PEER
@@ -522,9 +547,6 @@ class Net::HTTP::Persistent
 
     @retry_change_requests = false
 
-    @ruby_1 = RUBY_VERSION < '2'
-    @retried_on_ruby_2 = !@ruby_1
-
     self.proxy = proxy if proxy
   end
 
@@ -549,6 +571,15 @@ class Net::HTTP::Persistent
     reconnect_ssl
   end
 
+  ##
+  # Sets the SSL certificate authority path.
+
+  def ca_path= path
+    @ca_path = path
+
+    reconnect_ssl
+  end
+
   ##
   # Overrides the default SSL certificate store used for verifying
   # connections.
@@ -560,90 +591,55 @@ class Net::HTTP::Persistent
   end
 
   ##
-  # Finishes all connections on the given +thread+ that were created before
-  # the given +generation+ in the threads +generation_key+ list.
-  #
-  # See #shutdown for a bunch of scary warning about misusing this method.
-
-  def cleanup(generation, thread = Thread.current,
-              generation_key = @generation_key) # :nodoc:
-    timeouts = thread[@timeout_key]
+  # The ciphers allowed for SSL connections
 
-    (0...generation).each do |old_generation|
-      next unless thread[generation_key]
+  def ciphers= ciphers
+    @ciphers = ciphers
 
-      conns = thread[generation_key].delete old_generation
-
-      conns.each_value do |conn|
-        finish conn, thread
-
-        timeouts.delete conn.object_id if timeouts
-      end if conns
-    end
+    reconnect_ssl
   end
 
   ##
   # Creates a new connection for +uri+
 
   def connection_for uri
-    Thread.current[@generation_key]     ||= Hash.new { |h,k| h[k] = {} }
-    Thread.current[@ssl_generation_key] ||= Hash.new { |h,k| h[k] = {} }
-    Thread.current[@request_key]        ||= Hash.new 0
-    Thread.current[@timeout_key]        ||= Hash.new EPOCH
-
     use_ssl = uri.scheme.downcase == 'https'
 
-    if use_ssl then
-      raise Net::HTTP::Persistent::Error, 'OpenSSL is not available' unless
-        HAVE_OPENSSL
-
-      ssl_generation = @ssl_generation
-
-      ssl_cleanup ssl_generation
+    net_http_args = [uri.host, uri.port]
 
-      connections = Thread.current[@ssl_generation_key][ssl_generation]
-    else
-      generation = @generation
+    net_http_args.concat @proxy_args if
+      @proxy_uri and not proxy_bypass? uri.host, uri.port
 
-      cleanup generation
+    connection = @pool.checkout net_http_args
 
-      connections = Thread.current[@generation_key][generation]
-    end
+    http = connection.http
 
-    net_http_args = [uri.host, uri.port]
-    connection_id = net_http_args.join ':'
+    connection.ressl @ssl_generation if
+      connection.ssl_generation != @ssl_generation
 
-    if @proxy_uri and not proxy_bypass? uri.host, uri.port then
-      connection_id << @proxy_connection_id
-      net_http_args.concat @proxy_args
-    end
-
-    connection = connections[connection_id]
-
-    unless connection = connections[connection_id] then
-      connections[connection_id] = http_class.new(*net_http_args)
-      connection = connections[connection_id]
-      ssl connection if use_ssl
-    else
-      reset connection if expired? connection
+    if not http.started? then
+      ssl   http if use_ssl
+      start http
+    elsif expired? connection then
+      reset connection
     end
 
-    start connection unless connection.started?
-
-    connection.read_timeout = @read_timeout if @read_timeout
-    connection.keep_alive_timeout = @idle_timeout if @idle_timeout && connection.respond_to?(:keep_alive_timeout=)
+    http.read_timeout = @read_timeout if @read_timeout
+    http.keep_alive_timeout = @idle_timeout if @idle_timeout
 
-    connection
+    return yield connection
   rescue Errno::ECONNREFUSED
-    address = connection.proxy_address || connection.address
-    port    = connection.proxy_port    || connection.port
+    address = http.proxy_address || http.address
+    port    = http.proxy_port    || http.port
 
     raise Error, "connection refused: #{address}:#{port}"
   rescue Errno::EHOSTDOWN
-    address = connection.proxy_address || connection.address
-    port    = connection.proxy_port    || connection.port
+    address = http.proxy_address || http.address
+    port    = http.proxy_port    || http.port
 
     raise Error, "host down: #{address}:#{port}"
+  ensure
+    @pool.checkin net_http_args
   end
 
   ##
@@ -651,12 +647,11 @@ class Net::HTTP::Persistent
   # this connection
 
   def error_message connection
-    requests = Thread.current[@request_key][connection.object_id] - 1 # fixup
-    last_use = Thread.current[@timeout_key][connection.object_id]
+    connection.requests -= 1 # fixup
 
-    age = Time.now - last_use
+    age = Time.now - connection.last_use
 
-    "after #{requests} requests on #{connection.object_id}, " \
+    "after #{connection.requests} requests on #{connection.http.object_id}, " \
       "last used #{age} seconds ago"
   end
 
@@ -680,26 +675,23 @@ class Net::HTTP::Persistent
   # maximum request count, false otherwise.
 
   def expired? connection
-    requests = Thread.current[@request_key][connection.object_id]
-    return true  if     @max_requests && requests >= @max_requests
+    return true  if     @max_requests && connection.requests >= @max_requests
     return false unless @idle_timeout
     return true  if     @idle_timeout.zero?
 
-    last_used = Thread.current[@timeout_key][connection.object_id]
-
-    Time.now - last_used > @idle_timeout
+    Time.now - connection.last_use > @idle_timeout
   end
 
   ##
   # Starts the Net::HTTP +connection+
 
-  def start connection
-    connection.set_debug_output @debug_output if @debug_output
-    connection.open_timeout = @open_timeout if @open_timeout
+  def start http
+    http.set_debug_output @debug_output if @debug_output
+    http.open_timeout = @open_timeout if @open_timeout
 
-    connection.start
+    http.start
 
-    socket = connection.instance_variable_get :@socket
+    socket = http.instance_variable_get :@socket
 
     if socket then # for fakeweb
       @socket_options.each do |option|
@@ -711,25 +703,11 @@ class Net::HTTP::Persistent
   ##
   # Finishes the Net::HTTP +connection+
 
-  def finish connection, thread = Thread.current
-    if requests = thread[@request_key] then
-      requests.delete connection.object_id
-    end
-
+  def finish connection
     connection.finish
-  rescue IOError
-  end
 
-  def http_class # :nodoc:
-    if RUBY_VERSION > '2.0' then
-      Net::HTTP
-    elsif [:Artifice, :FakeWeb, :WebMock].any? { |klass|
-             Object.const_defined?(klass)
-          } or not @reuse_ssl_sessions then
-        Net::HTTP
-    else
-      Net::HTTP::Persistent::SSLReuse
-    end
+    connection.http.instance_variable_set :@ssl_session, nil unless
+      @reuse_ssl_sessions
   end
 
   ##
@@ -752,55 +730,9 @@ class Net::HTTP::Persistent
 
   ##
   # Is the request +req+ idempotent or is retry_change_requests allowed.
-  #
-  # If +retried_on_ruby_2+ is true, true will be returned if we are on ruby,
-  # retry_change_requests is allowed and the request is not idempotent.
-
-  def can_retry? req, retried_on_ruby_2 = false
-    return @retry_change_requests && !idempotent?(req) if retried_on_ruby_2
 
-    @retry_change_requests || idempotent?(req)
-  end
-
-  if RUBY_VERSION > '1.9' then
-    ##
-    # Workaround for missing Net::HTTPHeader#connection_close? on Ruby 1.8
-
-    def connection_close? header
-      header.connection_close?
-    end
-
-    ##
-    # Workaround for missing Net::HTTPHeader#connection_keep_alive? on Ruby 1.8
-
-    def connection_keep_alive? header
-      header.connection_keep_alive?
-    end
-  else
-    ##
-    # Workaround for missing Net::HTTPRequest#connection_close? on Ruby 1.8
-
-    def connection_close? header
-      header['connection'] =~ /close/ or header['proxy-connection'] =~ /close/
-    end
-
-    ##
-    # Workaround for missing Net::HTTPRequest#connection_keep_alive? on Ruby
-    # 1.8
-
-    def connection_keep_alive? header
-      header['connection'] =~ /keep-alive/ or
-        header['proxy-connection'] =~ /keep-alive/
-    end
-  end
-
-  ##
-  # Deprecated in favor of #expired?
-
-  def max_age # :nodoc:
-    return Time.now + 1 unless @idle_timeout
-
-    Time.now - @idle_timeout
+  def can_retry? req
+    @retry_change_requests && !idempotent?(req)
   end
 
   ##
@@ -822,9 +754,9 @@ class Net::HTTP::Persistent
   # <tt>net-http-persistent</tt> #pipeline will be present.
 
   def pipeline uri, requests, &block # :yields: responses
-    connection = connection_for uri
-
-    connection.pipeline requests, &block
+    connection_for uri do |connection|
+      connection.http.pipeline requests, &block
+    end
   end
 
   ##
@@ -957,18 +889,17 @@ class Net::HTTP::Persistent
   # Finishes then restarts the Net::HTTP +connection+
 
   def reset connection
-    Thread.current[@request_key].delete connection.object_id
-    Thread.current[@timeout_key].delete connection.object_id
+    http = connection.http
 
     finish connection
 
-    start connection
+    start http
   rescue Errno::ECONNREFUSED
-    e = Error.new "connection refused: #{connection.address}:#{connection.port}"
+    e = Error.new "connection refused: #{http.address}:#{http.port}"
     e.set_backtrace $@
     raise e
   rescue Errno::EHOSTDOWN
-    e = Error.new "host down: #{connection.address}:#{connection.port}"
+    e = Error.new "host down: #{http.address}:#{http.port}"
     e.set_backtrace $@
     raise e
   end
@@ -989,52 +920,56 @@ class Net::HTTP::Persistent
     retried      = false
     bad_response = false
 
-    req = request_setup req || uri
+    uri      = URI uri
+    req      = request_setup req || uri
+    response = nil
 
-    connection = connection_for uri
-    connection_id = connection.object_id
+    connection_for uri do |connection|
+      http = connection.http
 
-    begin
-      Thread.current[@request_key][connection_id] += 1
-      response = connection.request req, &block
+      begin
+        connection.requests += 1
 
-      if connection_close?(req) or
-         (response.http_version <= '1.0' and
-          not connection_keep_alive?(response)) or
-         connection_close?(response) then
-        connection.finish
-      end
-    rescue Net::HTTPBadResponse => e
-      message = error_message connection
+        response = http.request req, &block
 
-      finish connection
+        if req.connection_close? or
+           (response.http_version <= '1.0' and
+            not response.connection_keep_alive?) or
+           response.connection_close? then
+          finish connection
+        end
+      rescue Net::HTTPBadResponse => e
+        message = error_message connection
 
-      raise Error, "too many bad responses #{message}" if
+        finish connection
+
+        raise Error, "too many bad responses #{message}" if
         bad_response or not can_retry? req
 
-      bad_response = true
-      retry
-    rescue *RETRIED_EXCEPTIONS => e # retried on ruby 2
-      request_failed e, req, connection if
-        retried or not can_retry? req, @retried_on_ruby_2
+        bad_response = true
+        retry
+      rescue *RETRIED_EXCEPTIONS => e
+        request_failed e, req, connection if
+          retried or not can_retry? req
 
-      reset connection
+        reset connection
 
-      retried = true
-      retry
-    rescue Errno::EINVAL, Errno::ETIMEDOUT => e # not retried on ruby 2
-      request_failed e, req, connection if retried or not can_retry? req
+        retried = true
+        retry
+      rescue Errno::EINVAL, Errno::ETIMEDOUT => e # not retried on ruby 2
+        request_failed e, req, connection if retried or not can_retry? req
 
-      reset connection
+        reset connection
 
-      retried = true
-      retry
-    rescue Exception => e
-      finish connection
+        retried = true
+        retry
+      rescue Exception => e
+        finish connection
 
-      raise
-    ensure
-      Thread.current[@timeout_key][connection_id] = Time.now
+        raise
+      ensure
+        connection.last_use = Time.now
+      end
     end
 
     @http_versions["#{uri.host}:#{uri.port}"] ||= response.http_version
@@ -1054,7 +989,6 @@ class Net::HTTP::Persistent
 
     finish connection
 
-
     raise Error, message, exception.backtrace
   end
 
@@ -1088,45 +1022,17 @@ class Net::HTTP::Persistent
   end
 
   ##
-  # Shuts down all connections for +thread+.
-  #
-  # Uses the current thread by default.
-  #
-  # If you've used Net::HTTP::Persistent across multiple threads you should
-  # call this in each thread when you're done making HTTP requests.
+  # Shuts down all connections
   #
-  # *NOTE*: Calling shutdown for another thread can be dangerous!
+  # *NOTE*: Calling shutdown for can be dangerous!
   #
-  # If the thread is still using the connection it may cause an error!  It is
-  # best to call #shutdown in the thread at the appropriate time instead!
+  # If any thread is still using a connection it may cause an error!  Call
+  # #shutdown when you are completely done making requests!
 
-  def shutdown thread = Thread.current
-    generation = reconnect
-    cleanup generation, thread, @generation_key
-
-    ssl_generation = reconnect_ssl
-    cleanup ssl_generation, thread, @ssl_generation_key
-
-    thread[@request_key] = nil
-    thread[@timeout_key] = nil
-  end
-
-  ##
-  # Shuts down all connections in all threads
-  #
-  # *NOTE*: THIS METHOD IS VERY DANGEROUS!
-  #
-  # Do not call this method if other threads are still using their
-  # connections!  Call #shutdown at the appropriate time instead!
-  #
-  # Use this method only as a last resort!
-
-  def shutdown_in_all_threads
-    Thread.list.each do |thread|
-      shutdown thread
+  def shutdown
+    @pool.available.shutdown do |http|
+      http.finish
     end
-
-    nil
   end
 
   ##
@@ -1135,9 +1041,12 @@ class Net::HTTP::Persistent
   def ssl connection
     connection.use_ssl = true
 
+    connection.ciphers     = @ciphers     if @ciphers
+    connection.ssl_timeout = @ssl_timeout if @ssl_timeout
     connection.ssl_version = @ssl_version if @ssl_version
 
-    connection.verify_mode = @verify_mode
+    connection.verify_depth = @verify_depth
+    connection.verify_mode  = @verify_mode
 
     if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and
        not Object.const_defined?(:I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG) then
@@ -1166,8 +1075,10 @@ application:
       WARNING
     end
 
-    if @ca_file then
-      connection.ca_file = @ca_file
+    connection.ca_file = @ca_file if @ca_file
+    connection.ca_path = @ca_path if @ca_path
+
+    if @ca_file or @ca_path then
       connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
       connection.verify_callback = @verify_callback if @verify_callback
     end
@@ -1187,11 +1098,12 @@ application:
   end
 
   ##
-  # Finishes all connections that existed before the given SSL parameter
-  # +generation+.
+  # SSL session lifetime
 
-  def ssl_cleanup generation # :nodoc:
-    cleanup generation, Thread.current, @ssl_generation_key
+  def ssl_timeout= ssl_timeout
+    @ssl_timeout = ssl_timeout
+
+    reconnect_ssl
   end
 
   ##
@@ -1201,7 +1113,16 @@ application:
     @ssl_version = ssl_version
 
     reconnect_ssl
-  end if RUBY_VERSION > '1.9'
+  end
+
+  ##
+  # Sets the depth of SSL certificate verification
+
+  def verify_depth= verify_depth
+    @verify_depth = verify_depth
+
+    reconnect_ssl
+  end
 
   ##
   # Sets the HTTPS verify mode.  Defaults to OpenSSL::SSL::VERIFY_PEER.
@@ -1227,5 +1148,6 @@ application:
 
 end
 
-require 'net/http/persistent/ssl_reuse'
+require 'net/http/persistent/connection'
+require 'net/http/persistent/pool'