puma 4.2.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puma might be problematic. Click here for more details.

Files changed (80) hide show
  1. checksums.yaml +7 -0
  2. data/History.md +1513 -0
  3. data/LICENSE +26 -0
  4. data/README.md +309 -0
  5. data/bin/puma +10 -0
  6. data/bin/puma-wild +31 -0
  7. data/bin/pumactl +12 -0
  8. data/docs/architecture.md +37 -0
  9. data/docs/deployment.md +111 -0
  10. data/docs/images/puma-connection-flow-no-reactor.png +0 -0
  11. data/docs/images/puma-connection-flow.png +0 -0
  12. data/docs/images/puma-general-arch.png +0 -0
  13. data/docs/nginx.md +80 -0
  14. data/docs/plugins.md +28 -0
  15. data/docs/restart.md +41 -0
  16. data/docs/signals.md +96 -0
  17. data/docs/systemd.md +290 -0
  18. data/ext/puma_http11/PumaHttp11Service.java +19 -0
  19. data/ext/puma_http11/ext_help.h +15 -0
  20. data/ext/puma_http11/extconf.rb +23 -0
  21. data/ext/puma_http11/http11_parser.c +1044 -0
  22. data/ext/puma_http11/http11_parser.h +65 -0
  23. data/ext/puma_http11/http11_parser.java.rl +161 -0
  24. data/ext/puma_http11/http11_parser.rl +147 -0
  25. data/ext/puma_http11/http11_parser_common.rl +54 -0
  26. data/ext/puma_http11/io_buffer.c +155 -0
  27. data/ext/puma_http11/mini_ssl.c +553 -0
  28. data/ext/puma_http11/org/jruby/puma/Http11.java +234 -0
  29. data/ext/puma_http11/org/jruby/puma/Http11Parser.java +470 -0
  30. data/ext/puma_http11/org/jruby/puma/IOBuffer.java +72 -0
  31. data/ext/puma_http11/org/jruby/puma/MiniSSL.java +363 -0
  32. data/ext/puma_http11/puma_http11.c +500 -0
  33. data/lib/puma.rb +31 -0
  34. data/lib/puma/accept_nonblock.rb +29 -0
  35. data/lib/puma/app/status.rb +80 -0
  36. data/lib/puma/binder.rb +439 -0
  37. data/lib/puma/cli.rb +239 -0
  38. data/lib/puma/client.rb +494 -0
  39. data/lib/puma/cluster.rb +555 -0
  40. data/lib/puma/commonlogger.rb +108 -0
  41. data/lib/puma/configuration.rb +362 -0
  42. data/lib/puma/const.rb +235 -0
  43. data/lib/puma/control_cli.rb +281 -0
  44. data/lib/puma/convenient.rb +25 -0
  45. data/lib/puma/delegation.rb +13 -0
  46. data/lib/puma/detect.rb +15 -0
  47. data/lib/puma/dsl.rb +738 -0
  48. data/lib/puma/events.rb +156 -0
  49. data/lib/puma/io_buffer.rb +4 -0
  50. data/lib/puma/jruby_restart.rb +84 -0
  51. data/lib/puma/launcher.rb +478 -0
  52. data/lib/puma/minissl.rb +278 -0
  53. data/lib/puma/null_io.rb +44 -0
  54. data/lib/puma/plugin.rb +120 -0
  55. data/lib/puma/plugin/tmp_restart.rb +36 -0
  56. data/lib/puma/rack/builder.rb +301 -0
  57. data/lib/puma/rack/urlmap.rb +93 -0
  58. data/lib/puma/rack_default.rb +9 -0
  59. data/lib/puma/reactor.rb +399 -0
  60. data/lib/puma/runner.rb +185 -0
  61. data/lib/puma/server.rb +1033 -0
  62. data/lib/puma/single.rb +124 -0
  63. data/lib/puma/state_file.rb +31 -0
  64. data/lib/puma/tcp_logger.rb +41 -0
  65. data/lib/puma/thread_pool.rb +328 -0
  66. data/lib/puma/util.rb +124 -0
  67. data/lib/rack/handler/puma.rb +115 -0
  68. data/tools/docker/Dockerfile +16 -0
  69. data/tools/jungle/README.md +19 -0
  70. data/tools/jungle/init.d/README.md +61 -0
  71. data/tools/jungle/init.d/puma +421 -0
  72. data/tools/jungle/init.d/run-puma +18 -0
  73. data/tools/jungle/rc.d/README.md +74 -0
  74. data/tools/jungle/rc.d/puma +61 -0
  75. data/tools/jungle/rc.d/puma.conf +10 -0
  76. data/tools/jungle/upstart/README.md +61 -0
  77. data/tools/jungle/upstart/puma-manager.conf +31 -0
  78. data/tools/jungle/upstart/puma.conf +69 -0
  79. data/tools/trickletest.rb +44 -0
  80. metadata +144 -0
@@ -0,0 +1,553 @@
1
+ #define RSTRING_NOT_MODIFIED 1
2
+
3
+ #include <ruby.h>
4
+ #include <ruby/version.h>
5
+
6
+ #if RUBY_API_VERSION_MAJOR == 1
7
+ #include <rubyio.h>
8
+ #else
9
+ #include <ruby/io.h>
10
+ #endif
11
+
12
+ #ifdef HAVE_OPENSSL_BIO_H
13
+
14
+ #include <openssl/bio.h>
15
+ #include <openssl/ssl.h>
16
+ #include <openssl/dh.h>
17
+ #include <openssl/err.h>
18
+ #include <openssl/x509.h>
19
+
20
+ #ifndef SSL_OP_NO_COMPRESSION
21
+ #define SSL_OP_NO_COMPRESSION 0
22
+ #endif
23
+
24
+ typedef struct {
25
+ BIO* read;
26
+ BIO* write;
27
+ SSL* ssl;
28
+ SSL_CTX* ctx;
29
+ } ms_conn;
30
+
31
+ typedef struct {
32
+ unsigned char* buf;
33
+ int bytes;
34
+ } ms_cert_buf;
35
+
36
+ void engine_free(ms_conn* conn) {
37
+ ms_cert_buf* cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
38
+ if(cert_buf) {
39
+ OPENSSL_free(cert_buf->buf);
40
+ free(cert_buf);
41
+ }
42
+ SSL_free(conn->ssl);
43
+ SSL_CTX_free(conn->ctx);
44
+
45
+ free(conn);
46
+ }
47
+
48
+ ms_conn* engine_alloc(VALUE klass, VALUE* obj) {
49
+ ms_conn* conn;
50
+
51
+ *obj = Data_Make_Struct(klass, ms_conn, 0, engine_free, conn);
52
+
53
+ conn->read = BIO_new(BIO_s_mem());
54
+ BIO_set_nbio(conn->read, 1);
55
+
56
+ conn->write = BIO_new(BIO_s_mem());
57
+ BIO_set_nbio(conn->write, 1);
58
+
59
+ conn->ssl = 0;
60
+ conn->ctx = 0;
61
+
62
+ return conn;
63
+ }
64
+
65
+ DH *get_dh1024() {
66
+ /* `openssl dhparam 1024 -C`
67
+ * -----BEGIN DH PARAMETERS-----
68
+ * MIGHAoGBALPwcEv0OstmQCZdfHw0N5r+07lmXMxkpQacy1blwj0LUqC+Divp6pBk
69
+ * usTJ9W2/dOYr1X7zi6yXNLp4oLzc/31PUL3D9q8CpGS7vPz5gijKSw9BwCTT5z9+
70
+ * KF9v46qw8XqT5HHV87sWFlGQcVFq+pEkA2kPikkKZ/X/CCcpCAV7AgEC
71
+ * -----END DH PARAMETERS-----
72
+ */
73
+ static unsigned char dh1024_p[] = {
74
+ 0xB3,0xF0,0x70,0x4B,0xF4,0x3A,0xCB,0x66,0x40,0x26,0x5D,0x7C,
75
+ 0x7C,0x34,0x37,0x9A,0xFE,0xD3,0xB9,0x66,0x5C,0xCC,0x64,0xA5,
76
+ 0x06,0x9C,0xCB,0x56,0xE5,0xC2,0x3D,0x0B,0x52,0xA0,0xBE,0x0E,
77
+ 0x2B,0xE9,0xEA,0x90,0x64,0xBA,0xC4,0xC9,0xF5,0x6D,0xBF,0x74,
78
+ 0xE6,0x2B,0xD5,0x7E,0xF3,0x8B,0xAC,0x97,0x34,0xBA,0x78,0xA0,
79
+ 0xBC,0xDC,0xFF,0x7D,0x4F,0x50,0xBD,0xC3,0xF6,0xAF,0x02,0xA4,
80
+ 0x64,0xBB,0xBC,0xFC,0xF9,0x82,0x28,0xCA,0x4B,0x0F,0x41,0xC0,
81
+ 0x24,0xD3,0xE7,0x3F,0x7E,0x28,0x5F,0x6F,0xE3,0xAA,0xB0,0xF1,
82
+ 0x7A,0x93,0xE4,0x71,0xD5,0xF3,0xBB,0x16,0x16,0x51,0x90,0x71,
83
+ 0x51,0x6A,0xFA,0x91,0x24,0x03,0x69,0x0F,0x8A,0x49,0x0A,0x67,
84
+ 0xF5,0xFF,0x08,0x27,0x29,0x08,0x05,0x7B
85
+ };
86
+ static unsigned char dh1024_g[] = { 0x02 };
87
+
88
+ DH *dh;
89
+ dh = DH_new();
90
+
91
+ #if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
92
+ dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
93
+ dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
94
+
95
+ if ((dh->p == NULL) || (dh->g == NULL)) {
96
+ DH_free(dh);
97
+ return NULL;
98
+ }
99
+ #else
100
+ BIGNUM *p, *g;
101
+ p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
102
+ g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
103
+
104
+ if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
105
+ DH_free(dh);
106
+ BN_free(p);
107
+ BN_free(g);
108
+ return NULL;
109
+ }
110
+ #endif
111
+
112
+ return dh;
113
+ }
114
+
115
+ static int engine_verify_callback(int preverify_ok, X509_STORE_CTX* ctx) {
116
+ X509* err_cert;
117
+ SSL* ssl;
118
+ int bytes;
119
+ unsigned char* buf = NULL;
120
+
121
+ if(!preverify_ok) {
122
+ err_cert = X509_STORE_CTX_get_current_cert(ctx);
123
+ if(err_cert) {
124
+ /*
125
+ * Save the failed certificate for inspection/logging.
126
+ */
127
+ bytes = i2d_X509(err_cert, &buf);
128
+ if(bytes > 0) {
129
+ ms_cert_buf* cert_buf = (ms_cert_buf*)malloc(sizeof(ms_cert_buf));
130
+ cert_buf->buf = buf;
131
+ cert_buf->bytes = bytes;
132
+ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
133
+ SSL_set_app_data(ssl, cert_buf);
134
+ }
135
+ }
136
+ }
137
+
138
+ return preverify_ok;
139
+ }
140
+
141
+ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
142
+ VALUE obj;
143
+ SSL_CTX* ctx;
144
+ SSL* ssl;
145
+ int min, ssl_options;
146
+
147
+ ms_conn* conn = engine_alloc(self, &obj);
148
+
149
+ ID sym_key = rb_intern("key");
150
+ VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0);
151
+
152
+ StringValue(key);
153
+
154
+ ID sym_cert = rb_intern("cert");
155
+ VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);
156
+
157
+ StringValue(cert);
158
+
159
+ ID sym_ca = rb_intern("ca");
160
+ VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);
161
+
162
+ ID sym_verify_mode = rb_intern("verify_mode");
163
+ VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);
164
+
165
+ ID sym_ssl_cipher_filter = rb_intern("ssl_cipher_filter");
166
+ VALUE ssl_cipher_filter = rb_funcall(mini_ssl_ctx, sym_ssl_cipher_filter, 0);
167
+
168
+ ID sym_no_tlsv1 = rb_intern("no_tlsv1");
169
+ VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
170
+
171
+ ID sym_no_tlsv1_1 = rb_intern("no_tlsv1_1");
172
+ VALUE no_tlsv1_1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1_1, 0);
173
+
174
+ #ifdef HAVE_TLS_SERVER_METHOD
175
+ ctx = SSL_CTX_new(TLS_server_method());
176
+ #else
177
+ ctx = SSL_CTX_new(SSLv23_server_method());
178
+ #endif
179
+ conn->ctx = ctx;
180
+
181
+ SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
182
+ SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
183
+
184
+ if (!NIL_P(ca)) {
185
+ StringValue(ca);
186
+ SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
187
+ }
188
+
189
+ ssl_options = SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION;
190
+
191
+ #ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
192
+ if (RTEST(no_tlsv1_1)) {
193
+ min = TLS1_2_VERSION;
194
+ }
195
+ else if (RTEST(no_tlsv1)) {
196
+ min = TLS1_1_VERSION;
197
+ }
198
+ else {
199
+ min = TLS1_VERSION;
200
+ }
201
+
202
+ SSL_CTX_set_min_proto_version(ctx, min);
203
+
204
+ SSL_CTX_set_options(ctx, ssl_options);
205
+
206
+ #else
207
+ /* As of 1.0.2f, SSL_OP_SINGLE_DH_USE key use is always on */
208
+ ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE;
209
+
210
+ if (RTEST(no_tlsv1)) {
211
+ ssl_options |= SSL_OP_NO_TLSv1;
212
+ }
213
+ if(RTEST(no_tlsv1_1)) {
214
+ ssl_options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
215
+ }
216
+ SSL_CTX_set_options(ctx, ssl_options);
217
+ #endif
218
+
219
+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
220
+
221
+ if (!NIL_P(ssl_cipher_filter)) {
222
+ StringValue(ssl_cipher_filter);
223
+ SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(ssl_cipher_filter));
224
+ }
225
+ else {
226
+ SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
227
+ }
228
+
229
+ DH *dh = get_dh1024();
230
+ SSL_CTX_set_tmp_dh(ctx, dh);
231
+
232
+ #if OPENSSL_VERSION_NUMBER < 0x10002000L
233
+ // Remove this case if OpenSSL 1.0.1 (now EOL) support is no
234
+ // longer needed.
235
+ EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
236
+ if (ecdh) {
237
+ SSL_CTX_set_tmp_ecdh(ctx, ecdh);
238
+ EC_KEY_free(ecdh);
239
+ }
240
+ #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
241
+ // Prior to OpenSSL 1.1.0, servers must manually enable server-side ECDH
242
+ // negotiation.
243
+ SSL_CTX_set_ecdh_auto(ctx, 1);
244
+ #endif
245
+
246
+ ssl = SSL_new(ctx);
247
+ conn->ssl = ssl;
248
+ SSL_set_app_data(ssl, NULL);
249
+
250
+ if (NIL_P(verify_mode)) {
251
+ /* SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); */
252
+ } else {
253
+ SSL_set_verify(ssl, NUM2INT(verify_mode), engine_verify_callback);
254
+ }
255
+
256
+ SSL_set_bio(ssl, conn->read, conn->write);
257
+
258
+ SSL_set_accept_state(ssl);
259
+ return obj;
260
+ }
261
+
262
+ VALUE engine_init_client(VALUE klass) {
263
+ VALUE obj;
264
+ ms_conn* conn = engine_alloc(klass, &obj);
265
+ #ifdef HAVE_DTLS_METHOD
266
+ conn->ctx = SSL_CTX_new(DTLS_method());
267
+ #else
268
+ conn->ctx = SSL_CTX_new(DTLSv1_method());
269
+ #endif
270
+ conn->ssl = SSL_new(conn->ctx);
271
+ SSL_set_app_data(conn->ssl, NULL);
272
+ SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL);
273
+
274
+ SSL_set_bio(conn->ssl, conn->read, conn->write);
275
+
276
+ SSL_set_connect_state(conn->ssl);
277
+ return obj;
278
+ }
279
+
280
+ VALUE engine_inject(VALUE self, VALUE str) {
281
+ ms_conn* conn;
282
+ long used;
283
+
284
+ Data_Get_Struct(self, ms_conn, conn);
285
+
286
+ StringValue(str);
287
+
288
+ used = BIO_write(conn->read, RSTRING_PTR(str), (int)RSTRING_LEN(str));
289
+
290
+ if(used == 0 || used == -1) {
291
+ return Qfalse;
292
+ }
293
+
294
+ return INT2FIX(used);
295
+ }
296
+
297
+ static VALUE eError;
298
+
299
+ void raise_error(SSL* ssl, int result) {
300
+ char buf[512];
301
+ char msg[512];
302
+ const char* err_str;
303
+ int err = errno;
304
+ int ssl_err = SSL_get_error(ssl, result);
305
+ int verify_err = (int) SSL_get_verify_result(ssl);
306
+
307
+ if(SSL_ERROR_SYSCALL == ssl_err) {
308
+ snprintf(msg, sizeof(msg), "System error: %s - %d", strerror(err), err);
309
+
310
+ } else if(SSL_ERROR_SSL == ssl_err) {
311
+ if(X509_V_OK != verify_err) {
312
+ err_str = X509_verify_cert_error_string(verify_err);
313
+ snprintf(msg, sizeof(msg),
314
+ "OpenSSL certificate verification error: %s - %d",
315
+ err_str, verify_err);
316
+
317
+ } else {
318
+ err = (int) ERR_get_error();
319
+ ERR_error_string_n(err, buf, sizeof(buf));
320
+ snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err);
321
+
322
+ }
323
+ } else {
324
+ snprintf(msg, sizeof(msg), "Unknown OpenSSL error: %d", ssl_err);
325
+ }
326
+
327
+ ERR_clear_error();
328
+ rb_raise(eError, "%s", msg);
329
+ }
330
+
331
+ VALUE engine_read(VALUE self) {
332
+ ms_conn* conn;
333
+ char buf[512];
334
+ int bytes, error;
335
+
336
+ Data_Get_Struct(self, ms_conn, conn);
337
+
338
+ ERR_clear_error();
339
+
340
+ bytes = SSL_read(conn->ssl, (void*)buf, sizeof(buf));
341
+
342
+ if(bytes > 0) {
343
+ return rb_str_new(buf, bytes);
344
+ }
345
+
346
+ if(SSL_want_read(conn->ssl)) return Qnil;
347
+
348
+ error = SSL_get_error(conn->ssl, bytes);
349
+
350
+ if(error == SSL_ERROR_ZERO_RETURN) {
351
+ rb_eof_error();
352
+ } else {
353
+ raise_error(conn->ssl, bytes);
354
+ }
355
+
356
+ return Qnil;
357
+ }
358
+
359
+ VALUE engine_write(VALUE self, VALUE str) {
360
+ ms_conn* conn;
361
+ int bytes;
362
+
363
+ Data_Get_Struct(self, ms_conn, conn);
364
+
365
+ StringValue(str);
366
+
367
+ ERR_clear_error();
368
+
369
+ bytes = SSL_write(conn->ssl, (void*)RSTRING_PTR(str), (int)RSTRING_LEN(str));
370
+ if(bytes > 0) {
371
+ return INT2FIX(bytes);
372
+ }
373
+
374
+ if(SSL_want_write(conn->ssl)) return Qnil;
375
+
376
+ raise_error(conn->ssl, bytes);
377
+
378
+ return Qnil;
379
+ }
380
+
381
+ VALUE engine_extract(VALUE self) {
382
+ ms_conn* conn;
383
+ int bytes;
384
+ size_t pending;
385
+ char buf[512];
386
+
387
+ Data_Get_Struct(self, ms_conn, conn);
388
+
389
+ pending = BIO_pending(conn->write);
390
+ if(pending > 0) {
391
+ bytes = BIO_read(conn->write, buf, sizeof(buf));
392
+ if(bytes > 0) {
393
+ return rb_str_new(buf, bytes);
394
+ } else if(!BIO_should_retry(conn->write)) {
395
+ raise_error(conn->ssl, bytes);
396
+ }
397
+ }
398
+
399
+ return Qnil;
400
+ }
401
+
402
+ VALUE engine_shutdown(VALUE self) {
403
+ ms_conn* conn;
404
+ int ok;
405
+
406
+ Data_Get_Struct(self, ms_conn, conn);
407
+
408
+ ERR_clear_error();
409
+
410
+ ok = SSL_shutdown(conn->ssl);
411
+ if (ok == 0) {
412
+ return Qfalse;
413
+ }
414
+
415
+ return Qtrue;
416
+ }
417
+
418
+ VALUE engine_init(VALUE self) {
419
+ ms_conn* conn;
420
+
421
+ Data_Get_Struct(self, ms_conn, conn);
422
+
423
+ return SSL_in_init(conn->ssl) ? Qtrue : Qfalse;
424
+ }
425
+
426
+ VALUE engine_peercert(VALUE self) {
427
+ ms_conn* conn;
428
+ X509* cert;
429
+ int bytes;
430
+ unsigned char* buf = NULL;
431
+ ms_cert_buf* cert_buf = NULL;
432
+ VALUE rb_cert_buf;
433
+
434
+ Data_Get_Struct(self, ms_conn, conn);
435
+
436
+ cert = SSL_get_peer_certificate(conn->ssl);
437
+ if(!cert) {
438
+ /*
439
+ * See if there was a failed certificate associated with this client.
440
+ */
441
+ cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
442
+ if(!cert_buf) {
443
+ return Qnil;
444
+ }
445
+ buf = cert_buf->buf;
446
+ bytes = cert_buf->bytes;
447
+
448
+ } else {
449
+ bytes = i2d_X509(cert, &buf);
450
+ X509_free(cert);
451
+
452
+ if(bytes < 0) {
453
+ return Qnil;
454
+ }
455
+ }
456
+
457
+ rb_cert_buf = rb_str_new((const char*)(buf), bytes);
458
+ if(!cert_buf) {
459
+ OPENSSL_free(buf);
460
+ }
461
+
462
+ return rb_cert_buf;
463
+ }
464
+
465
+ VALUE noop(VALUE self) {
466
+ return Qnil;
467
+ }
468
+
469
+ void Init_mini_ssl(VALUE puma) {
470
+ VALUE mod, eng;
471
+
472
+ /* Fake operation for documentation (RDoc, YARD) */
473
+ #if 0 == 1
474
+ puma = rb_define_module("Puma");
475
+ #endif
476
+
477
+ SSL_library_init();
478
+ OpenSSL_add_ssl_algorithms();
479
+ SSL_load_error_strings();
480
+ ERR_load_crypto_strings();
481
+
482
+ mod = rb_define_module_under(puma, "MiniSSL");
483
+ eng = rb_define_class_under(mod, "Engine", rb_cObject);
484
+
485
+ // OpenSSL Build / Runtime/Load versions
486
+
487
+ /* Version of OpenSSL that Puma was compiled with */
488
+ rb_define_const(mod, "OPENSSL_VERSION", rb_str_new2(OPENSSL_VERSION_TEXT));
489
+
490
+ #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000
491
+ /* Version of OpenSSL that Puma loaded with */
492
+ rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
493
+ #else
494
+ rb_define_const(mod, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
495
+ #endif
496
+
497
+ #if defined(OPENSSL_NO_SSL3) || defined(OPENSSL_NO_SSL3_METHOD)
498
+ /* True if SSL3 is not available */
499
+ rb_define_const(mod, "OPENSSL_NO_SSL3", Qtrue);
500
+ #else
501
+ rb_define_const(mod, "OPENSSL_NO_SSL3", Qfalse);
502
+ #endif
503
+
504
+ #if defined(OPENSSL_NO_TLS1) || defined(OPENSSL_NO_TLS1_METHOD)
505
+ /* True if TLS1 is not available */
506
+ rb_define_const(mod, "OPENSSL_NO_TLS1", Qtrue);
507
+ #else
508
+ rb_define_const(mod, "OPENSSL_NO_TLS1", Qfalse);
509
+ #endif
510
+
511
+ #if defined(OPENSSL_NO_TLS1_1) || defined(OPENSSL_NO_TLS1_1_METHOD)
512
+ /* True if TLS1_1 is not available */
513
+ rb_define_const(mod, "OPENSSL_NO_TLS1_1", Qtrue);
514
+ #else
515
+ rb_define_const(mod, "OPENSSL_NO_TLS1_1", Qfalse);
516
+ #endif
517
+
518
+ rb_define_singleton_method(mod, "check", noop, 0);
519
+
520
+ eError = rb_define_class_under(mod, "SSLError", rb_eStandardError);
521
+
522
+ rb_define_singleton_method(eng, "server", engine_init_server, 1);
523
+ rb_define_singleton_method(eng, "client", engine_init_client, 0);
524
+
525
+ rb_define_method(eng, "inject", engine_inject, 1);
526
+ rb_define_method(eng, "read", engine_read, 0);
527
+
528
+ rb_define_method(eng, "write", engine_write, 1);
529
+ rb_define_method(eng, "extract", engine_extract, 0);
530
+
531
+ rb_define_method(eng, "shutdown", engine_shutdown, 0);
532
+
533
+ rb_define_method(eng, "init?", engine_init, 0);
534
+
535
+ rb_define_method(eng, "peercert", engine_peercert, 0);
536
+ }
537
+
538
+ #else
539
+
540
+ VALUE raise_error(VALUE self) {
541
+ rb_raise(rb_eStandardError, "SSL not available in this build");
542
+ return Qnil;
543
+ }
544
+
545
+ void Init_mini_ssl(VALUE puma) {
546
+ VALUE mod;
547
+
548
+ mod = rb_define_module_under(puma, "MiniSSL");
549
+ rb_define_class_under(mod, "SSLError", rb_eStandardError);
550
+
551
+ rb_define_singleton_method(mod, "check", raise_error, 0);
552
+ }
553
+ #endif