puma 2.8.2 → 2.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: dd2e7a0ca1eba42615a406f35c0bbc304b91ee4c
+  data.tar.gz: fe274c58f7d7722caa7a7d444b080873c271034b
+SHA512:
+  metadata.gz: f021e24772d46c519e6edc358e25d3ab51bd65b6378918826bd647d7f08d1084c61f49e234c38c24113acdd075985a45f9bd83f7a1cb685526a36586af082ba3
+  data.tar.gz: 8dfc80519eaa94052b3f377546c701b7d1b84efeb40b6345d894caa40369a467a2bfc37955ece93ea84f4cb5a5013e14ff3952ccaf58f0260e222a09e1a6ac72

data/DEPLOYMENT.md

@@ -42,7 +42,7 @@ Here are some rules of thumb:
 
 **How do you know if you're got enough (or too many workers)?**
 
-A good question. Due to MRI's GIL, only one thread can be executing at a time.
+A good question. Due to MRI's GIL, only one thread can be executing Ruby code at a time.
 But since so many apps are waiting on IO from DBs, etc., they can utilize threads
 to make better use of the process.
 
@@ -56,7 +56,7 @@ you've got capacity still but aren't starving threads.
 
 ## Daemonizing
 
-I prefer to not daemonize my servers and use something like `runit` or `upstrart` to
+I prefer to not daemonize my servers and use something like `runit` or `upstart` to
 monitor them as child processes. This gives them fast response to crashes and
 makes it easy to figure out what is going on. Additionally, unlike `unicorn`,
 puma does not require daemonization to do zero-downtime restarts.

data/History.txt

@@ -1,3 +1,27 @@
+=== 2.9.0 / 2014-07-12
+
+* 1 minor feature:
+  * Add SSL support for JRuby
+
+* 3 bug fixes:
+  * Typo BUNDLER_GEMFILE -> BUNDLE_GEMFILE
+  * Use fast_write because we can't trust syswrite
+  * pumactl - do not modify original ARGV
+
+* 4 doc fixes:
+  * BSD-3-Clause over BSD to avoid confusion
+  * Deploy doc: clarification of the GIL
+  * Fix typo in DEPLOYMENT.md
+  * Update README.md
+
+* 6 PRs merged:
+  * Merge pull request #520 from misfo/patch-2
+  * Merge pull request #530 from looker/jruby-ssl
+  * Merge pull request #537 from vlmonk/patch-1
+  * Merge pull request #540 from allaire/patch-1
+  * Merge pull request #544 from chulkilee/bsd-3-clause
+  * Merge pull request #551 from jcxplorer/patch-1
+
 === 2.8.2 / 2014-04-12
 
 * 4 bug fixes:

data/README.md

@@ -117,7 +117,7 @@ If you're preloading your application and using ActiveRecord, it's recommend you
       end
     end
     
-When you use preload_app, your new code goes all in the master process, and is then copied in the workers (meaning it’s only compatible with cluster mode). General rule is to use preload_app when your workers die often and need fast starts. If you don’t have many workers, you should probably don’t use preload_app.
+When you use preload_app, your new code goes all in the master process, and is then copied in the workers (meaning it’s only compatible with cluster mode). General rule is to use preload_app when your workers die often and need fast starts. If you don’t have many workers, you probably should not use preload_app.
 
 Note that preload_app can’t be used with phased restart, since phased restart kills and restarts workers one-by-one, and preload_app is all about copying the code of master into the workers.
 
@@ -248,4 +248,4 @@ $ bundle exec rake
 
 ## License
 
-Puma is copyright 2013 Evan Phoenix and contributors. It is licensed under the BSD license. See the include LICENSE file for details.
+Puma is copyright 2013 Evan Phoenix and contributors. It is licensed under the BSD 3-Clause license. See the include LICENSE file for details.

data/Rakefile

@@ -11,7 +11,7 @@ HOE = Hoe.spec "puma" do
   self.readme_file    = "README.md"
   self.urls = %w!http://puma.io https://github.com/puma/puma!
 
-  license "BSD"
+  license "BSD-3-Clause"
   developer 'Evan Phoenix', 'evan@phx.io'
 
   spec_extras[:extensions]  = ["ext/puma_http11/extconf.rb"]
@@ -22,7 +22,7 @@ HOE = Hoe.spec "puma" do
 
   dependency "rack", [">= 1.1", "< 2.0"]
 
-  extra_dev_deps << ["rake-compiler", "~> 0.8.0"]
+  extra_dev_deps << ["rake-compiler", "~> 0.8"]
 end
 
 task :prerelease => [:clobber, :check_manifest, :test]

data/bin/pumactl

@@ -2,7 +2,7 @@
 
 require 'puma/control_cli'
 
-cli = Puma::ControlCLI.new ARGV
+cli = Puma::ControlCLI.new ARGV.dup
 
 begin
   cli.run

data/ext/puma_http11/mini_ssl.c

@@ -36,15 +36,18 @@ ms_conn* engine_alloc(VALUE klass, VALUE* obj) {
   return conn;
 }
 
-VALUE engine_init_server(VALUE self, VALUE key, VALUE cert) {
+VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
   VALUE obj;
   SSL_CTX* ctx;
   SSL* ssl;
 
   ms_conn* conn = engine_alloc(self, &obj);
 
-  StringValue(key);
-  StringValue(cert);
+  ID sym_key = rb_intern("key");
+  VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0);
+
+  ID sym_cert = rb_intern("cert");
+  VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);
 
   ctx = SSL_CTX_new(SSLv23_server_method());
   conn->ctx = ctx;
@@ -184,7 +187,7 @@ void Init_mini_ssl(VALUE puma) {
 
   eError = rb_define_class_under(mod, "SSLError", rb_eStandardError);
 
-  rb_define_singleton_method(eng, "server", engine_init_server, 2);
+  rb_define_singleton_method(eng, "server", engine_init_server, 1);
   rb_define_singleton_method(eng, "client", engine_init_client, 0);
 
   rb_define_method(eng, "inject", engine_inject, 1);

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -2,29 +2,34 @@ package org.jruby.puma;
 
 import org.jruby.Ruby;
 import org.jruby.RubyClass;
-import org.jruby.RubyHash;
 import org.jruby.RubyModule;
-import org.jruby.RubyNumeric;
 import org.jruby.RubyObject;
 import org.jruby.RubyString;
-
 import org.jruby.anno.JRubyMethod;
-
 import org.jruby.runtime.Block;
 import org.jruby.runtime.ObjectAllocator;
 import org.jruby.runtime.ThreadContext;
 import org.jruby.runtime.builtin.IRubyObject;
-
-import org.jruby.exceptions.RaiseException;
-
 import org.jruby.util.ByteList;
 
-
-import javax.net.ssl.*;
-import javax.net.ssl.SSLEngineResult.*;
-import java.io.*;
-import java.security.*;
-import java.nio.*;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLEngineResult;
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSession;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import static javax.net.ssl.SSLEngineResult.Status;
+import static javax.net.ssl.SSLEngineResult.HandshakeStatus;
 
 public class MiniSSL extends RubyObject {
   private static ObjectAllocator ALLOCATOR = new ObjectAllocator() {
@@ -33,9 +38,12 @@ public class MiniSSL extends RubyObject {
     }
   };
 
+  // set to true to switch on our low-fi trace logging
+  private static boolean DEBUG = false;
+
   public static void createMiniSSL(Ruby runtime) {
     RubyModule mPuma = runtime.defineModule("Puma");
-    RubyModule ssl =   mPuma.defineModuleUnder("MiniSSL");
+    RubyModule ssl = mPuma.defineModuleUnder("MiniSSL");
 
     mPuma.defineClassUnder("SSLError",
                            runtime.getClass("IOError"),
@@ -45,245 +53,329 @@ public class MiniSSL extends RubyObject {
     eng.defineAnnotatedMethods(MiniSSL.class);
   }
 
-  private Ruby runtime;
-  private SSLContext sslc;
+  /**
+   * Fairly transparent wrapper around {@link java.nio.ByteBuffer} which adds the enhancements we need
+   */
+  private static class MiniSSLBuffer {
+    ByteBuffer buffer;
+
+    private MiniSSLBuffer(int capacity) { buffer = ByteBuffer.allocate(capacity); }
+    private MiniSSLBuffer(byte[] initialContents) { buffer = ByteBuffer.wrap(initialContents); }
+
+    public void clear() { buffer.clear(); }
+    public void compact() { buffer.compact(); }
+    public void flip() { buffer.flip(); }
+    public boolean hasRemaining() { return buffer.hasRemaining(); }
+    public int position() { return buffer.position(); }
+
+    public ByteBuffer getRawBuffer() {
+      return buffer;
+    }
+
+    /**
+     * Writes bytes to the buffer after ensuring there's room
+     */
+    public void put(byte[] bytes) {
+      if (buffer.remaining() < bytes.length) {
+        resize(buffer.limit() + bytes.length);
+      }
+      buffer.put(bytes);
+    }
+
+    /**
+     * Ensures that newCapacity bytes can be written to this buffer, only re-allocating if necessary
+     */
+    public void resize(int newCapacity) {
+      if (newCapacity > buffer.capacity()) {
+        ByteBuffer dstTmp = ByteBuffer.allocate(newCapacity);
+        buffer.flip();
+        dstTmp.put(buffer);
+        buffer = dstTmp;
+      } else {
+        buffer.limit(newCapacity);
+      }
+    }
+
+    /**
+     * Drains the buffer to a ByteList, or returns null for an empty buffer
+     */
+    public ByteList asByteList() {
+      buffer.flip();
+      if (!buffer.hasRemaining()) {
+        buffer.clear();
+        return null;
+      }
+
+      byte[] bss = new byte[buffer.limit()];
+
+      buffer.get(bss);
+      buffer.clear();
+      return new ByteList(bss);
+    }
+
+    @Override
+    public String toString() { return buffer.toString(); }
+  }
 
-  private SSLEngine  engine;
+  private SSLEngine engine;
+  private MiniSSLBuffer inboundNetData;
+  private MiniSSLBuffer outboundAppData;
+  private MiniSSLBuffer outboundNetData;
 
-  private ByteBuffer peerAppData;
-  private ByteBuffer peerNetData;
-  private ByteBuffer netData;
-  private ByteBuffer dummy;
-  
   public MiniSSL(Ruby runtime, RubyClass klass) {
     super(runtime, klass);
-
-    this.runtime = runtime;
   }
 
   @JRubyMethod(meta = true)
-  public static IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject key, IRubyObject cert) {
-      RubyClass klass = (RubyClass) recv;
-      IRubyObject newInstance = klass.newInstance(context,
-          new IRubyObject[] { key, cert },
-          Block.NULL_BLOCK);
+  public static IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext) {
+    RubyClass klass = (RubyClass) recv;
 
-      return newInstance;
+    return klass.newInstance(context,
+        new IRubyObject[] { miniSSLContext },
+        Block.NULL_BLOCK);
   }
 
   @JRubyMethod
-  public IRubyObject initialize(IRubyObject key, IRubyObject cert) 
-      throws java.security.KeyStoreException,
-             java.io.FileNotFoundException,
-             java.io.IOException,
-             java.io.FileNotFoundException,
-             java.security.NoSuchAlgorithmException,
-             java.security.KeyManagementException,
-             java.security.cert.CertificateException,
-             java.security.UnrecoverableKeyException
-  {
+  public IRubyObject initialize(ThreadContext threadContext, IRubyObject miniSSLContext)
+      throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
     KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-    KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
-
-    char[] pass = "blahblah".toCharArray();
 
-    ks.load(new FileInputStream(key.convertToString().asJavaString()),
-                                pass);
-    ts.load(new FileInputStream(cert.convertToString().asJavaString()),
-            pass);
+    char[] password = miniSSLContext.callMethod(threadContext, "keystore_pass").convertToString().asJavaString().toCharArray();
+    ks.load(new FileInputStream(miniSSLContext.callMethod(threadContext, "keystore").convertToString().asJavaString()),
+        password);
 
     KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
-    kmf.init(ks, pass);
-
-    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
-    tmf.init(ts);
+    kmf.init(ks, password);
 
     SSLContext sslCtx = SSLContext.getInstance("TLS");
 
-    sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
-
-    sslc = sslCtx;
-
-    engine = sslc.createSSLEngine();
+    sslCtx.init(kmf.getKeyManagers(), null, null);
+    engine = sslCtx.createSSLEngine();
     engine.setUseClientMode(false);
-    // engine.setNeedClientAuth(true);
 
     SSLSession session = engine.getSession();
-    peerNetData = ByteBuffer.allocate(session.getPacketBufferSize());
-    peerAppData = ByteBuffer.allocate(session.getApplicationBufferSize());		
-    netData = ByteBuffer.allocate(session.getPacketBufferSize());
-    peerNetData.limit(0);
-    peerAppData.limit(0);
-    netData.limit(0);
-
-    peerNetData.clear();
-    peerAppData.clear();
-    netData.clear();
-
-    dummy = ByteBuffer.allocate(0);
-    
+    inboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
+    outboundAppData = new MiniSSLBuffer(session.getApplicationBufferSize());
+    outboundAppData.flip();
+    outboundNetData = new MiniSSLBuffer(session.getPacketBufferSize());
+
     return this;
   }
 
   @JRubyMethod
   public IRubyObject inject(IRubyObject arg) {
-    byte[] bytes = arg.convertToString().getBytes();
-
-    peerNetData.limit(peerNetData.limit() + bytes.length);
-
-    log("capacity: " + peerNetData.capacity() + " limit: " + peerNetData.limit());
-
-    peerNetData.put(bytes);
-
-    log("netData: " + peerNetData.position() + "/" + peerAppData.limit());
-    return this;
+    try {
+      byte[] bytes = arg.convertToString().getBytes();
+
+      log("Net Data post pre-inject: " + inboundNetData);
+      inboundNetData.put(bytes);
+      log("Net Data post post-inject: " + inboundNetData);
+
+      log("inject(): " + bytes.length + " encrypted bytes from request");
+      return this;
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
   }
 
-  @JRubyMethod
-  public IRubyObject read() throws javax.net.ssl.SSLException, Exception {
-    peerAppData.clear();
-    peerNetData.flip();
-    SSLEngineResult res;
+  private enum SSLOperation {
+    WRAP,
+    UNWRAP
+  }
 
-    log("available read: " + peerNetData.position() + "/ " + peerNetData.limit());
+  private SSLEngineResult doOp(SSLOperation sslOp, MiniSSLBuffer src, MiniSSLBuffer dst) throws SSLException {
+    SSLEngineResult res = null;
+    boolean retryOp = true;
+    while (retryOp) {
+      switch (sslOp) {
+        case WRAP:
+          res = engine.wrap(src.getRawBuffer(), dst.getRawBuffer());
+          break;
+        case UNWRAP:
+          res = engine.unwrap(src.getRawBuffer(), dst.getRawBuffer());
+          break;
+        default:
+          throw new IllegalStateException("Unknown SSLOperation: " + sslOp);
+      }
 
-    if(!peerNetData.hasRemaining()) {
-      return getRuntime().getNil();
+      switch (res.getStatus()) {
+        case BUFFER_OVERFLOW:
+          log("SSLOp#doRun(): overflow");
+          log("SSLOp#doRun(): dst data at overflow: " + dst);
+          // increase the buffer size to accommodate the overflowing data
+          int newSize = Math.max(engine.getSession().getPacketBufferSize(), engine.getSession().getApplicationBufferSize());
+          dst.resize(newSize + dst.position());
+          // retry the operation
+          retryOp = true;
+          break;
+        case BUFFER_UNDERFLOW:
+          log("SSLOp#doRun(): underflow");
+          log("SSLOp#doRun(): src data at underflow: " + src);
+          // need to wait for more data to come in before we retry
+          retryOp = false;
+          break;
+        default:
+          // other cases are OK and CLOSED.  We're done here.
+          retryOp = false;
+      }
     }
 
-    do {
-      res = engine.unwrap(peerNetData, peerAppData);
-    } while(res.getStatus() == SSLEngineResult.Status.OK &&
-        res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP &&
-        res.bytesProduced() == 0);
-
-    log("read: ", res);
-
-    if(peerNetData.hasRemaining()) {
-      log("STILL HAD peerNetData!");
+    // after each op, run any delegated tasks if needed
+    if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+      Runnable runnable;
+      while ((runnable = engine.getDelegatedTask()) != null) {
+        runnable.run();
+      }
     }
 
-    peerNetData.position(0);
-    peerNetData.limit(0);
+    return res;
+  }
 
-    HandshakeStatus hsStatus = runDelegatedTasks(res, engine);
+  @JRubyMethod
+  public IRubyObject read() throws Exception {
+    try {
+      inboundNetData.flip();
 
-    if(res.getStatus() == SSLEngineResult.Status.BUFFER_UNDERFLOW) {
-      return getRuntime().getNil();
-    }
+      if(!inboundNetData.hasRemaining()) {
+        return getRuntime().getNil();
+      }
 
-    if(hsStatus == HandshakeStatus.NEED_WRAP) {
-      netData.clear();
-      log("netData: " + netData.limit());
-      engine.wrap(dummy, netData);
-      return getRuntime().getNil();
-    }
+      log("read(): inboundNetData prepped for read: " + inboundNetData);
+
+      MiniSSLBuffer inboundAppData = new MiniSSLBuffer(engine.getSession().getApplicationBufferSize());
+      SSLEngineResult res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+      log("read(): after initial unwrap", engine, res);
+
+      log("read(): Net Data post unwrap: " + inboundNetData);
+
+      HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
+      boolean done = false;
+      while (!done) {
+        switch (handshakeStatus) {
+          case NEED_WRAP:
+            res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
+            log("read(): after handshake wrap", engine, res);
+            break;
+          case NEED_UNWRAP:
+            res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+            log("read(): after handshake unwrap", engine, res);
+            if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
+              // need more data before we can shake more hands
+              done = true;
+            }
+            break;
+          default:
+            done = true;
+        }
+        handshakeStatus = engine.getHandshakeStatus();
+      }
 
-    if(hsStatus == HandshakeStatus.NEED_UNWRAP) {
-      return getRuntime().getNil();
+      if (inboundNetData.hasRemaining()) {
+        log("Net Data post pre-compact: " + inboundNetData);
+        inboundNetData.compact();
+        log("Net Data post post-compact: " + inboundNetData);
+      } else {
+        log("Net Data post pre-reset: " + inboundNetData);
+        inboundNetData.clear();
+        log("Net Data post post-reset: " + inboundNetData);
+      }
 
-      // log("peerNet: " + peerNetData.position() + "/" + peerNetData.limit());
-      // log("peerApp: " + peerAppData.position() + "/" + peerAppData.limit());
+      ByteList appDataByteList = inboundAppData.asByteList();
+      if (appDataByteList == null) {
+        return getRuntime().getNil();
+      }
 
-      // peerNetData.compact();
+      RubyString str = getRuntime().newString("");
+      str.setValue(appDataByteList);
 
-      // log("peerNet: " + peerNetData.position() + "/" + peerNetData.limit());
-        // do {
-          // res = engine.unwrap(peerNetData, peerAppData);
-        // } while(res.getStatus() == SSLEngineResult.Status.OK &&
-            // res.getHandshakeStatus() == SSLEngineResult.HandshakeStatus.NEED_UNWRAP &&
-            // res.bytesProduced() == 0);
-      // return getRuntime().getNil();
+      logPlain("\n");
+      log("read(): begin dump of request data >>>>\n");
+      if (str.asJavaString().getBytes().length < 1000) {
+        logPlain(str.asJavaString() + "\n");
+      }
+      logPlain("Num bytes: " + str.asJavaString().getBytes().length + "\n");
+      log("read(): end dump of request data   <<<<\n");
+      return str;
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
     }
-
-    // if(peerAppData.position() == 0 && 
-        // res.getStatus() == SSLEngineResult.Status.OK &&
-        // peerNetData.hasRemaining()) {
-      // res = engine.unwrap(peerNetData, peerAppData);
-    // }
-
-    byte[] bss = new byte[peerAppData.limit()];
-
-    peerAppData.get(bss);
-
-    RubyString str = getRuntime().newString("");
-    str.setValue(new ByteList(bss));
-
-    return str;
   }
 
-  private static HandshakeStatus runDelegatedTasks(SSLEngineResult result,
-      SSLEngine engine) throws Exception {
-
-    HandshakeStatus hsStatus = result.getHandshakeStatus();
-
-    if(hsStatus == HandshakeStatus.NEED_TASK) {
-      Runnable runnable;
-      while ((runnable = engine.getDelegatedTask()) != null) {
-        log("\trunning delegated task...");
-        runnable.run();
-      }
-      hsStatus = engine.getHandshakeStatus();
-      if (hsStatus == HandshakeStatus.NEED_TASK) {
-        throw new Exception(
-            "handshake shouldn't need additional tasks");
-      }
-      log("\tnew HandshakeStatus: " + hsStatus);
+  private static void log(String str, SSLEngine engine, SSLEngineResult result) {
+    if (DEBUG) {
+      log(str + " " + result.getStatus() + "/" + engine.getHandshakeStatus() +
+          "---bytes consumed: " + result.bytesConsumed() +
+          ", bytes produced: " + result.bytesProduced());
     }
-
-    return hsStatus;
   }
-  
-
-  private static void log(String str, SSLEngineResult result) {
-    System.out.println("The format of the SSLEngineResult is: \n" +
-        "\t\"getStatus() / getHandshakeStatus()\" +\n" +
-        "\t\"bytesConsumed() / bytesProduced()\"\n");
-
-    HandshakeStatus hsStatus = result.getHandshakeStatus();
-    log(str +
-        result.getStatus() + "/" + hsStatus + ", " +
-        result.bytesConsumed() + "/" + result.bytesProduced() +
-        " bytes");
-    if (hsStatus == HandshakeStatus.FINISHED) {
-      log("\t...ready for application data");
+
+  private static void log(String str) {
+    if (DEBUG) {
+      System.out.println("MiniSSL.java: " + str);
     }
   }
 
-  private static void log(String str) {
-    System.out.println(str);
+  private static void logPlain(String str) {
+    if (DEBUG) {
+      System.out.println(str);
+    }
   }
-  
-  
 
   @JRubyMethod
-  public IRubyObject write(IRubyObject arg) throws javax.net.ssl.SSLException {
-    log("write from: " + netData.position());
-
-    byte[] bls = arg.convertToString().getBytes();
-    ByteBuffer src = ByteBuffer.wrap(bls);
+  public IRubyObject write(IRubyObject arg) {
+    try {
+      log("write(): begin dump of response data >>>>\n");
+      logPlain("\n");
+      if (arg.asJavaString().getBytes().length < 1000) {
+        logPlain(arg.asJavaString() + "\n");
+      }
+      logPlain("Num bytes: " + arg.asJavaString().getBytes().length + "\n");
+      log("write(): end dump of response data   <<<<\n");
 
-    SSLEngineResult res = engine.wrap(src, netData);
+      byte[] bls = arg.convertToString().getBytes();
+      outboundAppData = new MiniSSLBuffer(bls);
 
-    return getRuntime().newFixnum(res.bytesConsumed());
+      return getRuntime().newFixnum(bls.length);
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
   }
 
   @JRubyMethod
-  public IRubyObject extract() {
-    netData.flip();
+  public IRubyObject extract() throws SSLException {
+    try {
+      ByteList dataByteList = outboundNetData.asByteList();
+      if (dataByteList != null) {
+        RubyString str = getRuntime().newString("");
+        str.setValue(dataByteList);
+        return str;
+      }
 
-    if(!netData.hasRemaining()) {
-      return getRuntime().getNil();
-    }
+      if (!outboundAppData.hasRemaining()) {
+        return getRuntime().getNil();
+      }
 
-    byte[] bss = new byte[netData.limit()];
+      outboundNetData.clear();
+      SSLEngineResult res = doOp(SSLOperation.WRAP, outboundAppData, outboundNetData);
+      log("extract(): bytes consumed: " + res.bytesConsumed() + "\n");
+      log("extract(): bytes produced: " + res.bytesProduced() + "\n");
+      dataByteList = outboundNetData.asByteList();
+      if (dataByteList == null) {
+        return getRuntime().getNil();
+      }
 
-    netData.get(bss);
-    netData.clear();
+      RubyString str = getRuntime().newString("");
+      str.setValue(dataByteList);
 
-    RubyString str = getRuntime().newString("");
-    str.setValue(new ByteList(bss));
+      log("extract(): " + dataByteList.getRealSize() + " encrypted bytes for response");
 
-    return str;
+      return str;
+    } catch (Exception e) {
+      e.printStackTrace();
+      throw new RuntimeException(e);
+    }
   }
 }

data/lib/puma/binder.rb

@@ -121,26 +121,36 @@ module Puma
 
           @listeners << [str, io]
         when "ssl"
-          if IS_JRUBY
-            @events.error "SSL not supported on JRuby"
-            raise UnsupportedOption
-          end
-
           params = Rack::Utils.parse_query uri.query
           require 'puma/minissl'
 
           ctx = MiniSSL::Context.new
-          unless params['key']
-            @events.error "Please specify the SSL key via 'key='"
-          end
 
-          ctx.key = params['key']
+          if defined?(JRUBY_VERSION)
+            unless params['keystore']
+              @events.error "Please specify the Java keystore via 'keystore='"
+            end
 
-          unless params['cert']
-            @events.error "Please specify the SSL cert via 'cert='"
-          end
+            ctx.keystore = params['keystore']
+
+            unless params['keystore-pass']
+              @events.error "Please specify the Java keystore password  via 'keystore-pass='"
+            end
+
+            ctx.keystore_pass = params['keystore-pass']
+          else
+            unless params['key']
+              @events.error "Please specify the SSL key via 'key='"
+            end
+
+            ctx.key = params['key']
 
-          ctx.cert = params['cert']
+            unless params['cert']
+              @events.error "Please specify the SSL cert via 'cert='"
+            end
+
+            ctx.cert = params['cert']
+          end
 
           ctx.verify_mode = MiniSSL::VERIFY_NONE
 
@@ -215,11 +225,6 @@ module Puma
 
     def add_ssl_listener(host, port, ctx,
                          optimize_for_latency=true, backlog=1024)
-      if IS_JRUBY
-        @events.error "SSL not supported on JRuby"
-        raise UnsupportedOption
-      end
-
       require 'puma/minissl'
 
       s = TCPServer.new(host, port)
@@ -239,11 +244,6 @@ module Puma
     end
 
     def inherited_ssl_listener(fd, ctx)
-      if IS_JRUBY
-        @events.error "SSL not supported on JRuby"
-        raise UnsupportedOption
-      end
-
       require 'puma/minissl'
       s = TCPServer.for_fd(fd)
       @ios << MiniSSL::Server.new(s, ctx)

data/lib/puma/cluster.rb

@@ -183,7 +183,7 @@ module Puma
 
       # If we're not running under a Bundler context, then
       # report the info about the context we will be using
-      if !ENV['BUNDLER_GEMFILE'] and File.exist?("Gemfile")
+      if !ENV['BUNDLE_GEMFILE'] and File.exist?("Gemfile")
         log "+ Gemfile in context: #{File.expand_path("Gemfile")}"
       end
 

data/lib/puma/const.rb

@@ -28,8 +28,8 @@ module Puma
   # too taxing on performance.
   module Const
 
-    PUMA_VERSION = VERSION = "2.8.2".freeze
-    CODE_NAME = "Sir Edmund Percival Hillary".freeze
+    PUMA_VERSION = VERSION = "2.9.0".freeze
+    CODE_NAME = "Team High Five".freeze
 
     FAST_TRACK_KA_TIMEOUT = 0.2
 

data/lib/puma/minissl.rb

@@ -69,7 +69,7 @@ module Puma
 
           return data.bytesize if need == 0
 
-          data = data[need..-1]
+          data = data[wrote..-1]
         end
       end
 
@@ -91,31 +91,35 @@ module Puma
     class Context
       attr_accessor :verify_mode
 
-      attr_reader :key
-      attr_reader :cert
+      if defined?(JRUBY_VERSION)
+        # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
+        attr_reader :keystore
+        attr_accessor :keystore_pass
 
-      def key=(key)
-        raise ArgumentError, "No such key file '#{key}'" unless File.exist? key
-        @key = key
-      end
+        def keystore=(keystore)
+          raise ArgumentError, "No such keystore file '#{keystore}'" unless File.exist? keystore
+          @keystore = keystore
+        end
+      else
+        # non-jruby Context properties
+        attr_reader :key
+        attr_reader :cert
+
+        def key=(key)
+          raise ArgumentError, "No such key file '#{key}'" unless File.exist? key
+          @key = key
+        end
 
-      def cert=(cert)
-        raise ArgumentError, "No such cert file '#{cert}'" unless File.exist? cert
-        @cert = cert
+        def cert=(cert)
+          raise ArgumentError, "No such cert file '#{cert}'" unless File.exist? cert
+          @cert = cert
+        end
       end
     end
 
     VERIFY_NONE = 0
     VERIFY_PEER = 1
 
-    #if defined?(JRUBY_VERSION)
-    #class Engine
-    #def self.server(key, cert)
-    #new(key, cert)
-    #end
-    #end
-    #end
-
     class Server
       def initialize(socket, ctx)
         @socket = socket
@@ -128,14 +132,14 @@ module Puma
 
       def accept
         io = @socket.accept
-        engine = Engine.server @ctx.key, @ctx.cert
+        engine = Engine.server @ctx
 
         Socket.new io, engine
       end
 
       def accept_nonblock
         io = @socket.accept_nonblock
-        engine = Engine.server @ctx.key, @ctx.cert
+        engine = Engine.server @ctx
 
         Socket.new io, engine
       end

data/lib/puma/server.rb

@@ -614,10 +614,10 @@ module Puma
         begin
           res_body.each do |part|
             if chunked
-              client.syswrite part.bytesize.to_s(16)
-              client.syswrite line_ending
+              fast_write client, part.bytesize.to_s(16)
+              fast_write client, line_ending
               fast_write client, part
-              client.syswrite line_ending
+              fast_write client, line_ending
             else
               fast_write client, part
             end
@@ -626,7 +626,7 @@ module Puma
           end
 
           if chunked
-            client.syswrite CLOSE_CHUNKED
+            fast_write client, CLOSE_CHUNKED
             client.flush
           end
         rescue SystemCallError, IOError

data/puma.gemspec

@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
   s.extensions = ["ext/puma_http11/extconf.rb"]
   s.files = `git ls-files`.split($/)
   s.homepage = "http://puma.io"
-  s.license = "BSD"
+  s.license = "BSD-3-Clause"
   s.rdoc_options = ["--main", "README.md"]
   s.require_paths = ["lib"]
   s.required_ruby_version = Gem::Requirement.new(">= 1.8.7")

data/test/test_minissl.rb

@@ -1,25 +1,29 @@
 require 'test/unit'
-
-unless defined? JRUBY_VERSION
-
 require 'puma'
 require 'puma/minissl'
 
 class TestMiniSSL < Test::Unit::TestCase
 
-  def test_raises_with_invalid_key_file
-    ctx = Puma::MiniSSL::Context.new
+  if defined?(JRUBY_VERSION)
+    def test_raises_with_invalid_keystore_file
+      ctx = Puma::MiniSSL::Context.new
 
-    exception = assert_raise(ArgumentError) { ctx.key = "/no/such/key" }
-    assert_equal("No such key file '/no/such/key'", exception.message)
-  end
+      exception = assert_raise(ArgumentError) { ctx.keystore = "/no/such/keystore" }
+      assert_equal("No such keystore file '/no/such/keystore'", exception.message)
+    end
+  else
+    def test_raises_with_invalid_key_file
+      ctx = Puma::MiniSSL::Context.new
 
-  def test_raises_with_invalid_cert_file
-    ctx = Puma::MiniSSL::Context.new
+      exception = assert_raise(ArgumentError) { ctx.key = "/no/such/key" }
+      assert_equal("No such key file '/no/such/key'", exception.message)
+    end
 
-    exception = assert_raise(ArgumentError) { ctx.cert = "/no/such/cert" }
-    assert_equal("No such cert file '/no/such/cert'", exception.message)
-  end
-end
+    def test_raises_with_invalid_cert_file
+      ctx = Puma::MiniSSL::Context.new
 
+      exception = assert_raise(ArgumentError) { ctx.cert = "/no/such/cert" }
+      assert_equal("No such cert file '/no/such/cert'", exception.message)
+    end
+  end
 end

data/test/test_puma_server.rb

@@ -18,47 +18,12 @@ class TestPumaServer < Test::Unit::TestCase
 
     @events = Puma::Events.new STDOUT, STDERR
     @server = Puma::Server.new @app, @events
-
-    if defined?(JRUBY_VERSION)
-      @ssl_key =  File.expand_path "../../examples/puma/keystore.jks", __FILE__
-      @ssl_cert = @ssl_key
-    else
-      @ssl_key =  File.expand_path "../../examples/puma/puma_keypair.pem", __FILE__
-      @ssl_cert = File.expand_path "../../examples/puma/cert_puma.pem", __FILE__
-    end
   end
 
   def teardown
     @server.stop(true)
   end
 
-  def test_url_scheme_for_https
-    ctx = Puma::MiniSSL::Context.new
-
-    ctx.key = @ssl_key
-    ctx.cert = @ssl_cert
-
-    ctx.verify_mode = Puma::MiniSSL::VERIFY_NONE
-
-    @server.add_ssl_listener @host, @port, ctx
-    @server.run
-
-    http = Net::HTTP.new @host, @port
-    http.use_ssl = true
-    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-
-    body = nil
-    http.start do
-      req = Net::HTTP::Get.new "/", {}
-
-      http.request(req) do |rep|
-        body = rep.body
-      end
-    end
-
-    assert_equal "https", body
-  end unless defined? JRUBY_VERSION
-
   def test_proper_stringio_body
     data = nil
 

data/test/test_puma_server_ssl.rb

@@ -0,0 +1,91 @@
+require "rbconfig"
+require 'test/unit'
+require 'socket'
+require 'openssl'
+
+require 'puma/minissl'
+require 'puma/server'
+
+require 'net/https'
+
+class TestPumaServerSSL < Test::Unit::TestCase
+
+  def setup
+    @port = 3212
+    @host = "127.0.0.1"
+
+    @app = lambda { |env| [200, {}, [env['rack.url_scheme']]] }
+
+    ctx = Puma::MiniSSL::Context.new
+
+    if defined?(JRUBY_VERSION)
+      ctx.keystore =  File.expand_path "../../examples/puma/keystore.jks", __FILE__
+      ctx.keystore_pass = 'blahblah'
+    else
+      ctx.key =  File.expand_path "../../examples/puma/puma_keypair.pem", __FILE__
+      ctx.cert = File.expand_path "../../examples/puma/cert_puma.pem", __FILE__
+    end
+
+    ctx.verify_mode = Puma::MiniSSL::VERIFY_NONE
+
+    @events = Puma::Events.new STDOUT, STDERR
+    @server = Puma::Server.new @app, @events
+    @server.add_ssl_listener @host, @port, ctx
+    @server.run
+
+    @http = Net::HTTP.new @host, @port
+    @http.use_ssl = true
+    @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  end
+
+  def teardown
+    @server.stop(true)
+  end
+
+  def test_url_scheme_for_https
+    body = nil
+    @http.start do
+      req = Net::HTTP::Get.new "/", {}
+
+      @http.request(req) do |rep|
+        body = rep.body
+      end
+    end
+
+    assert_equal "https", body
+  end
+
+  def test_very_large_return
+    giant = "x" * 2056610
+
+    @server.app = proc do
+      [200, {}, [giant]]
+    end
+
+    body = nil
+    @http.start do
+      req = Net::HTTP::Get.new "/"
+      @http.request(req) do |rep|
+        body = rep.body
+      end
+    end
+
+    assert_equal giant.bytesize, body.bytesize
+  end
+
+  def test_form_submit
+    body = nil
+    @http.start do
+      req = Net::HTTP::Post.new '/'
+      req.set_form_data('a' => '1', 'b' => '2')
+
+      @http.request(req) do |rep|
+        body = rep.body
+      end
+
+    end
+
+    assert_equal "https", body
+  end
+
+end

metadata

@@ -1,86 +1,77 @@
 --- !ruby/object:Gem::Specification
 name: puma
 version: !ruby/object:Gem::Version
-  version: 2.8.2
-  prerelease: 
+  version: 2.9.0
 platform: ruby
 authors:
 - Evan Phoenix
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-12 00:00:00.000000000 Z
+date: 2014-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.1'
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.1'
-    - - <
+    - - "<"
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rdoc
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '4.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rake-compiler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
+        version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: hoe
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.12'
 description: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server
   for Ruby/Rack applications. Puma is intended for use in both development and production
   environments. In order to get the best throughput, it is highly recommended that
@@ -164,14 +155,6 @@ files:
 - lib/puma/util.rb
 - lib/rack/handler/puma.rb
 - puma.gemspec
-- tools/jungle/README.md
-- tools/jungle/init.d/README.md
-- tools/jungle/init.d/puma
-- tools/jungle/init.d/run-puma
-- tools/jungle/upstart/README.md
-- tools/jungle/upstart/puma-manager.conf
-- tools/jungle/upstart/puma.conf
-- tools/trickletest.rb
 - test/test_app_status.rb
 - test/test_cli.rb
 - test/test_config.rb
@@ -183,38 +166,46 @@ files:
 - test/test_null_io.rb
 - test/test_persistent.rb
 - test/test_puma_server.rb
+- test/test_puma_server_ssl.rb
 - test/test_rack_handler.rb
 - test/test_rack_server.rb
 - test/test_tcp_rack.rb
 - test/test_thread_pool.rb
 - test/test_unix_socket.rb
 - test/test_ws.rb
+- tools/jungle/README.md
+- tools/jungle/init.d/README.md
+- tools/jungle/init.d/puma
+- tools/jungle/init.d/run-puma
+- tools/jungle/upstart/README.md
+- tools/jungle/upstart/puma-manager.conf
+- tools/jungle/upstart/puma.conf
+- tools/trickletest.rb
 homepage: http://puma.io
 licenses:
-- BSD
+- BSD-3-Clause
+metadata: {}
 post_install_message: 
 rdoc_options:
-- --main
+- "--main"
 - README.md
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.8.7
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: puma
-rubygems_version: 1.8.25
+rubyforge_project: 
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for
   Ruby/Rack applications
 test_files:
@@ -229,6 +220,7 @@ test_files:
 - test/test_null_io.rb
 - test/test_persistent.rb
 - test/test_puma_server.rb
+- test/test_puma_server_ssl.rb
 - test/test_rack_handler.rb
 - test/test_rack_server.rb
 - test/test_tcp_rack.rb