puma 4.3.12 → 5.6.4
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puma might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/History.md +1461 -524
- data/LICENSE +23 -20
- data/README.md +120 -36
- data/bin/puma-wild +3 -9
- data/docs/architecture.md +63 -26
- data/docs/compile_options.md +21 -0
- data/docs/deployment.md +60 -69
- data/docs/fork_worker.md +33 -0
- data/docs/jungle/README.md +9 -0
- data/{tools → docs}/jungle/rc.d/README.md +1 -1
- data/{tools → docs}/jungle/rc.d/puma +2 -2
- data/{tools → docs}/jungle/rc.d/puma.conf +0 -0
- data/docs/kubernetes.md +66 -0
- data/docs/nginx.md +1 -1
- data/docs/plugins.md +15 -15
- data/docs/rails_dev_mode.md +28 -0
- data/docs/restart.md +46 -23
- data/docs/signals.md +13 -11
- data/docs/stats.md +142 -0
- data/docs/systemd.md +85 -128
- data/ext/puma_http11/PumaHttp11Service.java +2 -4
- data/ext/puma_http11/ext_help.h +1 -1
- data/ext/puma_http11/extconf.rb +38 -9
- data/ext/puma_http11/http11_parser.c +45 -47
- data/ext/puma_http11/http11_parser.h +1 -1
- data/ext/puma_http11/http11_parser.java.rl +1 -1
- data/ext/puma_http11/http11_parser.rl +1 -1
- data/ext/puma_http11/mini_ssl.c +204 -86
- data/ext/puma_http11/no_ssl/PumaHttp11Service.java +15 -0
- data/ext/puma_http11/org/jruby/puma/Http11.java +3 -3
- data/ext/puma_http11/org/jruby/puma/Http11Parser.java +3 -5
- data/ext/puma_http11/org/jruby/puma/MiniSSL.java +105 -61
- data/ext/puma_http11/puma_http11.c +32 -51
- data/lib/puma/app/status.rb +47 -36
- data/lib/puma/binder.rb +225 -106
- data/lib/puma/cli.rb +24 -18
- data/lib/puma/client.rb +104 -76
- data/lib/puma/cluster/worker.rb +173 -0
- data/lib/puma/cluster/worker_handle.rb +94 -0
- data/lib/puma/cluster.rb +212 -220
- data/lib/puma/commonlogger.rb +2 -2
- data/lib/puma/configuration.rb +58 -49
- data/lib/puma/const.rb +13 -6
- data/lib/puma/control_cli.rb +93 -76
- data/lib/puma/detect.rb +29 -2
- data/lib/puma/dsl.rb +364 -96
- data/lib/puma/error_logger.rb +104 -0
- data/lib/puma/events.rb +55 -34
- data/lib/puma/io_buffer.rb +9 -2
- data/lib/puma/jruby_restart.rb +0 -58
- data/lib/puma/json_serialization.rb +96 -0
- data/lib/puma/launcher.rb +117 -46
- data/lib/puma/minissl/context_builder.rb +14 -9
- data/lib/puma/minissl.rb +128 -46
- data/lib/puma/null_io.rb +13 -1
- data/lib/puma/plugin.rb +3 -12
- data/lib/puma/queue_close.rb +26 -0
- data/lib/puma/rack/builder.rb +1 -5
- data/lib/puma/reactor.rb +85 -369
- data/lib/puma/request.rb +472 -0
- data/lib/puma/runner.rb +46 -61
- data/lib/puma/server.rb +290 -763
- data/lib/puma/single.rb +9 -65
- data/lib/puma/state_file.rb +47 -8
- data/lib/puma/systemd.rb +46 -0
- data/lib/puma/thread_pool.rb +125 -57
- data/lib/puma/util.rb +20 -1
- data/lib/puma.rb +46 -0
- data/lib/rack/handler/puma.rb +2 -3
- data/tools/{docker/Dockerfile → Dockerfile} +1 -1
- metadata +26 -22
- data/docs/tcp_mode.md +0 -96
- data/ext/puma_http11/io_buffer.c +0 -155
- data/ext/puma_http11/org/jruby/puma/IOBuffer.java +0 -72
- data/lib/puma/accept_nonblock.rb +0 -29
- data/lib/puma/tcp_logger.rb +0 -41
- data/tools/jungle/README.md +0 -19
- data/tools/jungle/init.d/README.md +0 -61
- data/tools/jungle/init.d/puma +0 -421
- data/tools/jungle/init.d/run-puma +0 -18
- data/tools/jungle/upstart/README.md +0 -61
- data/tools/jungle/upstart/puma-manager.conf +0 -31
- data/tools/jungle/upstart/puma.conf +0 -69
data/ext/puma_http11/mini_ssl.c
CHANGED
@@ -2,12 +2,7 @@
|
|
2
2
|
|
3
3
|
#include <ruby.h>
|
4
4
|
#include <ruby/version.h>
|
5
|
-
|
6
|
-
#if RUBY_API_VERSION_MAJOR == 1
|
7
|
-
#include <rubyio.h>
|
8
|
-
#else
|
9
5
|
#include <ruby/io.h>
|
10
|
-
#endif
|
11
6
|
|
12
7
|
#ifdef HAVE_OPENSSL_BIO_H
|
13
8
|
|
@@ -33,7 +28,10 @@ typedef struct {
|
|
33
28
|
int bytes;
|
34
29
|
} ms_cert_buf;
|
35
30
|
|
36
|
-
|
31
|
+
VALUE eError;
|
32
|
+
|
33
|
+
void engine_free(void *ptr) {
|
34
|
+
ms_conn *conn = ptr;
|
37
35
|
ms_cert_buf* cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
|
38
36
|
if(cert_buf) {
|
39
37
|
OPENSSL_free(cert_buf->buf);
|
@@ -45,23 +43,13 @@ void engine_free(ms_conn* conn) {
|
|
45
43
|
free(conn);
|
46
44
|
}
|
47
45
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
conn->read = BIO_new(BIO_s_mem());
|
54
|
-
BIO_set_nbio(conn->read, 1);
|
55
|
-
|
56
|
-
conn->write = BIO_new(BIO_s_mem());
|
57
|
-
BIO_set_nbio(conn->write, 1);
|
58
|
-
|
59
|
-
conn->ssl = 0;
|
60
|
-
conn->ctx = 0;
|
61
|
-
|
62
|
-
return conn;
|
63
|
-
}
|
46
|
+
const rb_data_type_t engine_data_type = {
|
47
|
+
"MiniSSL/ENGINE",
|
48
|
+
{ 0, engine_free, 0 },
|
49
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
50
|
+
};
|
64
51
|
|
52
|
+
#ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
|
65
53
|
DH *get_dh2048(void) {
|
66
54
|
/* `openssl dhparam -C 2048`
|
67
55
|
* -----BEGIN DH PARAMETERS-----
|
@@ -132,6 +120,38 @@ DH *get_dh2048(void) {
|
|
132
120
|
|
133
121
|
return dh;
|
134
122
|
}
|
123
|
+
#endif
|
124
|
+
|
125
|
+
static void
|
126
|
+
sslctx_free(void *ptr) {
|
127
|
+
SSL_CTX *ctx = ptr;
|
128
|
+
SSL_CTX_free(ctx);
|
129
|
+
}
|
130
|
+
|
131
|
+
static const rb_data_type_t sslctx_type = {
|
132
|
+
"MiniSSL/SSLContext",
|
133
|
+
{
|
134
|
+
0, sslctx_free,
|
135
|
+
},
|
136
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
137
|
+
};
|
138
|
+
|
139
|
+
ms_conn* engine_alloc(VALUE klass, VALUE* obj) {
|
140
|
+
ms_conn* conn;
|
141
|
+
|
142
|
+
*obj = TypedData_Make_Struct(klass, ms_conn, &engine_data_type, conn);
|
143
|
+
|
144
|
+
conn->read = BIO_new(BIO_s_mem());
|
145
|
+
BIO_set_nbio(conn->read, 1);
|
146
|
+
|
147
|
+
conn->write = BIO_new(BIO_s_mem());
|
148
|
+
BIO_set_nbio(conn->write, 1);
|
149
|
+
|
150
|
+
conn->ssl = 0;
|
151
|
+
conn->ctx = 0;
|
152
|
+
|
153
|
+
return conn;
|
154
|
+
}
|
135
155
|
|
136
156
|
static int engine_verify_callback(int preverify_ok, X509_STORE_CTX* ctx) {
|
137
157
|
X509* err_cert;
|
@@ -159,48 +179,102 @@ static int engine_verify_callback(int preverify_ok, X509_STORE_CTX* ctx) {
|
|
159
179
|
return preverify_ok;
|
160
180
|
}
|
161
181
|
|
162
|
-
|
163
|
-
|
182
|
+
static VALUE
|
183
|
+
sslctx_alloc(VALUE klass) {
|
184
|
+
SSL_CTX *ctx;
|
185
|
+
long mode = 0 |
|
186
|
+
SSL_MODE_ENABLE_PARTIAL_WRITE |
|
187
|
+
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
|
188
|
+
SSL_MODE_RELEASE_BUFFERS;
|
189
|
+
|
190
|
+
#ifdef HAVE_TLS_SERVER_METHOD
|
191
|
+
ctx = SSL_CTX_new(TLS_method());
|
192
|
+
// printf("\nctx using TLS_method security_level %d\n", SSL_CTX_get_security_level(ctx));
|
193
|
+
#else
|
194
|
+
ctx = SSL_CTX_new(SSLv23_method());
|
195
|
+
#endif
|
196
|
+
if (!ctx) {
|
197
|
+
rb_raise(eError, "SSL_CTX_new");
|
198
|
+
}
|
199
|
+
SSL_CTX_set_mode(ctx, mode);
|
200
|
+
|
201
|
+
return TypedData_Wrap_Struct(klass, &sslctx_type, ctx);
|
202
|
+
}
|
203
|
+
|
204
|
+
VALUE
|
205
|
+
sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
|
164
206
|
SSL_CTX* ctx;
|
165
|
-
SSL* ssl;
|
166
|
-
int min, ssl_options;
|
167
207
|
|
168
|
-
|
208
|
+
#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
|
209
|
+
int min;
|
210
|
+
#endif
|
211
|
+
int ssl_options;
|
212
|
+
VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
|
213
|
+
verification_flags, session_id_bytes, cert_pem, key_pem;
|
214
|
+
#ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
|
215
|
+
DH *dh;
|
216
|
+
#endif
|
217
|
+
BIO *bio;
|
218
|
+
X509 *x509;
|
219
|
+
EVP_PKEY *pkey;
|
169
220
|
|
170
|
-
|
171
|
-
|
221
|
+
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
222
|
+
EC_KEY *ecdh;
|
223
|
+
#endif
|
172
224
|
|
173
|
-
|
225
|
+
TypedData_Get_Struct(self, SSL_CTX, &sslctx_type, ctx);
|
174
226
|
|
175
|
-
|
176
|
-
VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);
|
227
|
+
key = rb_funcall(mini_ssl_ctx, rb_intern_const("key"), 0);
|
177
228
|
|
178
|
-
|
229
|
+
cert = rb_funcall(mini_ssl_ctx, rb_intern_const("cert"), 0);
|
179
230
|
|
180
|
-
|
181
|
-
VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);
|
231
|
+
ca = rb_funcall(mini_ssl_ctx, rb_intern_const("ca"), 0);
|
182
232
|
|
183
|
-
|
184
|
-
VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);
|
233
|
+
cert_pem = rb_funcall(mini_ssl_ctx, rb_intern_const("cert_pem"), 0);
|
185
234
|
|
186
|
-
|
187
|
-
VALUE ssl_cipher_filter = rb_funcall(mini_ssl_ctx, sym_ssl_cipher_filter, 0);
|
235
|
+
key_pem = rb_funcall(mini_ssl_ctx, rb_intern_const("key_pem"), 0);
|
188
236
|
|
189
|
-
|
190
|
-
VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
|
237
|
+
verify_mode = rb_funcall(mini_ssl_ctx, rb_intern_const("verify_mode"), 0);
|
191
238
|
|
192
|
-
|
193
|
-
VALUE no_tlsv1_1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1_1, 0);
|
239
|
+
ssl_cipher_filter = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_cipher_filter"), 0);
|
194
240
|
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
ctx = SSL_CTX_new(SSLv23_server_method());
|
199
|
-
#endif
|
200
|
-
conn->ctx = ctx;
|
241
|
+
no_tlsv1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1"), 0);
|
242
|
+
|
243
|
+
no_tlsv1_1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1_1"), 0);
|
201
244
|
|
202
|
-
|
203
|
-
|
245
|
+
if (!NIL_P(cert)) {
|
246
|
+
StringValue(cert);
|
247
|
+
SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
|
248
|
+
}
|
249
|
+
|
250
|
+
if (!NIL_P(key)) {
|
251
|
+
StringValue(key);
|
252
|
+
SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
|
253
|
+
}
|
254
|
+
|
255
|
+
if (!NIL_P(cert_pem)) {
|
256
|
+
bio = BIO_new(BIO_s_mem());
|
257
|
+
BIO_puts(bio, RSTRING_PTR(cert_pem));
|
258
|
+
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
|
259
|
+
|
260
|
+
SSL_CTX_use_certificate(ctx, x509);
|
261
|
+
}
|
262
|
+
|
263
|
+
if (!NIL_P(key_pem)) {
|
264
|
+
bio = BIO_new(BIO_s_mem());
|
265
|
+
BIO_puts(bio, RSTRING_PTR(key_pem));
|
266
|
+
pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
|
267
|
+
|
268
|
+
SSL_CTX_use_PrivateKey(ctx, pkey);
|
269
|
+
}
|
270
|
+
|
271
|
+
verification_flags = rb_funcall(mini_ssl_ctx, rb_intern_const("verification_flags"), 0);
|
272
|
+
|
273
|
+
if (!NIL_P(verification_flags)) {
|
274
|
+
X509_VERIFY_PARAM *param = SSL_CTX_get0_param(ctx);
|
275
|
+
X509_VERIFY_PARAM_set_flags(param, NUM2INT(verification_flags));
|
276
|
+
SSL_CTX_set1_param(ctx, param);
|
277
|
+
}
|
204
278
|
|
205
279
|
if (!NIL_P(ca)) {
|
206
280
|
StringValue(ca);
|
@@ -247,6 +321,24 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
|
|
247
321
|
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
|
248
322
|
}
|
249
323
|
|
324
|
+
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
325
|
+
// Remove this case if OpenSSL 1.0.1 (now EOL) support is no
|
326
|
+
// longer needed.
|
327
|
+
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
328
|
+
if (ecdh) {
|
329
|
+
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
|
330
|
+
EC_KEY_free(ecdh);
|
331
|
+
}
|
332
|
+
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
333
|
+
SSL_CTX_set_ecdh_auto(ctx, 1);
|
334
|
+
#endif
|
335
|
+
|
336
|
+
if (NIL_P(verify_mode)) {
|
337
|
+
/* SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); */
|
338
|
+
} else {
|
339
|
+
SSL_CTX_set_verify(ctx, NUM2INT(verify_mode), engine_verify_callback);
|
340
|
+
}
|
341
|
+
|
250
342
|
// Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
|
251
343
|
session_id_bytes = rb_funcall(
|
252
344
|
#ifdef HAVE_RANDOM_BYTES
|
@@ -261,35 +353,34 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
|
|
261
353
|
(unsigned char *) RSTRING_PTR(session_id_bytes),
|
262
354
|
SSL_MAX_SSL_SESSION_ID_LENGTH);
|
263
355
|
|
264
|
-
|
265
|
-
SSL_CTX_set_tmp_dh(ctx, dh);
|
356
|
+
// printf("\ninitialize end security_level %d\n", SSL_CTX_get_security_level(ctx));
|
266
357
|
|
267
|
-
#
|
268
|
-
//
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
EC_KEY_free(ecdh);
|
274
|
-
}
|
275
|
-
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
276
|
-
// Prior to OpenSSL 1.1.0, servers must manually enable server-side ECDH
|
277
|
-
// negotiation.
|
278
|
-
SSL_CTX_set_ecdh_auto(ctx, 1);
|
358
|
+
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
|
359
|
+
// https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_dh_auto.html
|
360
|
+
SSL_CTX_set_dh_auto(ctx, 1);
|
361
|
+
#else
|
362
|
+
dh = get_dh2048();
|
363
|
+
SSL_CTX_set_tmp_dh(ctx, dh);
|
279
364
|
#endif
|
280
365
|
|
366
|
+
rb_obj_freeze(self);
|
367
|
+
return self;
|
368
|
+
}
|
369
|
+
|
370
|
+
VALUE engine_init_server(VALUE self, VALUE sslctx) {
|
371
|
+
ms_conn* conn;
|
372
|
+
VALUE obj;
|
373
|
+
SSL_CTX* ctx;
|
374
|
+
SSL* ssl;
|
375
|
+
|
376
|
+
conn = engine_alloc(self, &obj);
|
377
|
+
|
378
|
+
TypedData_Get_Struct(sslctx, SSL_CTX, &sslctx_type, ctx);
|
379
|
+
|
281
380
|
ssl = SSL_new(ctx);
|
282
381
|
conn->ssl = ssl;
|
283
382
|
SSL_set_app_data(ssl, NULL);
|
284
|
-
|
285
|
-
if (NIL_P(verify_mode)) {
|
286
|
-
/* SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); */
|
287
|
-
} else {
|
288
|
-
SSL_set_verify(ssl, NUM2INT(verify_mode), engine_verify_callback);
|
289
|
-
}
|
290
|
-
|
291
383
|
SSL_set_bio(ssl, conn->read, conn->write);
|
292
|
-
|
293
384
|
SSL_set_accept_state(ssl);
|
294
385
|
return obj;
|
295
386
|
}
|
@@ -316,7 +407,7 @@ VALUE engine_inject(VALUE self, VALUE str) {
|
|
316
407
|
ms_conn* conn;
|
317
408
|
long used;
|
318
409
|
|
319
|
-
|
410
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
320
411
|
|
321
412
|
StringValue(str);
|
322
413
|
|
@@ -329,13 +420,14 @@ VALUE engine_inject(VALUE self, VALUE str) {
|
|
329
420
|
return INT2FIX(used);
|
330
421
|
}
|
331
422
|
|
332
|
-
|
423
|
+
NORETURN(void raise_error(SSL* ssl, int result));
|
333
424
|
|
334
425
|
void raise_error(SSL* ssl, int result) {
|
335
426
|
char buf[512];
|
336
427
|
char msg[512];
|
337
428
|
const char* err_str;
|
338
429
|
int err = errno;
|
430
|
+
int mask = 4095;
|
339
431
|
int ssl_err = SSL_get_error(ssl, result);
|
340
432
|
int verify_err = (int) SSL_get_verify_result(ssl);
|
341
433
|
|
@@ -352,8 +444,7 @@ void raise_error(SSL* ssl, int result) {
|
|
352
444
|
} else {
|
353
445
|
err = (int) ERR_get_error();
|
354
446
|
ERR_error_string_n(err, buf, sizeof(buf));
|
355
|
-
snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err);
|
356
|
-
|
447
|
+
snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err & mask);
|
357
448
|
}
|
358
449
|
} else {
|
359
450
|
snprintf(msg, sizeof(msg), "Unknown OpenSSL error: %d", ssl_err);
|
@@ -368,7 +459,7 @@ VALUE engine_read(VALUE self) {
|
|
368
459
|
char buf[512];
|
369
460
|
int bytes, error;
|
370
461
|
|
371
|
-
|
462
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
372
463
|
|
373
464
|
ERR_clear_error();
|
374
465
|
|
@@ -395,7 +486,7 @@ VALUE engine_write(VALUE self, VALUE str) {
|
|
395
486
|
ms_conn* conn;
|
396
487
|
int bytes;
|
397
488
|
|
398
|
-
|
489
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
399
490
|
|
400
491
|
StringValue(str);
|
401
492
|
|
@@ -417,9 +508,11 @@ VALUE engine_extract(VALUE self) {
|
|
417
508
|
ms_conn* conn;
|
418
509
|
int bytes;
|
419
510
|
size_t pending;
|
420
|
-
|
511
|
+
// https://www.openssl.org/docs/manmaster/man3/BIO_f_buffer.html
|
512
|
+
// crypto/bio/bf_buff.c DEFAULT_BUFFER_SIZE
|
513
|
+
char buf[4096];
|
421
514
|
|
422
|
-
|
515
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
423
516
|
|
424
517
|
pending = BIO_pending(conn->write);
|
425
518
|
if(pending > 0) {
|
@@ -438,7 +531,7 @@ VALUE engine_shutdown(VALUE self) {
|
|
438
531
|
ms_conn* conn;
|
439
532
|
int ok;
|
440
533
|
|
441
|
-
|
534
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
442
535
|
|
443
536
|
ERR_clear_error();
|
444
537
|
|
@@ -453,7 +546,7 @@ VALUE engine_shutdown(VALUE self) {
|
|
453
546
|
VALUE engine_init(VALUE self) {
|
454
547
|
ms_conn* conn;
|
455
548
|
|
456
|
-
|
549
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
457
550
|
|
458
551
|
return SSL_in_init(conn->ssl) ? Qtrue : Qfalse;
|
459
552
|
}
|
@@ -466,9 +559,13 @@ VALUE engine_peercert(VALUE self) {
|
|
466
559
|
ms_cert_buf* cert_buf = NULL;
|
467
560
|
VALUE rb_cert_buf;
|
468
561
|
|
469
|
-
|
562
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
470
563
|
|
564
|
+
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
|
565
|
+
cert = SSL_get1_peer_certificate(conn->ssl);
|
566
|
+
#else
|
471
567
|
cert = SSL_get_peer_certificate(conn->ssl);
|
568
|
+
#endif
|
472
569
|
if(!cert) {
|
473
570
|
/*
|
474
571
|
* See if there was a failed certificate associated with this client.
|
@@ -497,12 +594,22 @@ VALUE engine_peercert(VALUE self) {
|
|
497
594
|
return rb_cert_buf;
|
498
595
|
}
|
499
596
|
|
597
|
+
/* @see Puma::MiniSSL::Socket#ssl_version_state
|
598
|
+
* @version 5.0.0
|
599
|
+
*/
|
600
|
+
static VALUE
|
601
|
+
engine_ssl_vers_st(VALUE self) {
|
602
|
+
ms_conn* conn;
|
603
|
+
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
604
|
+
return rb_ary_new3(2, rb_str_new2(SSL_get_version(conn->ssl)), rb_str_new2(SSL_state_string(conn->ssl)));
|
605
|
+
}
|
606
|
+
|
500
607
|
VALUE noop(VALUE self) {
|
501
608
|
return Qnil;
|
502
609
|
}
|
503
610
|
|
504
611
|
void Init_mini_ssl(VALUE puma) {
|
505
|
-
VALUE mod, eng;
|
612
|
+
VALUE mod, eng, sslctx;
|
506
613
|
|
507
614
|
/* Fake operation for documentation (RDoc, YARD) */
|
508
615
|
#if 0 == 1
|
@@ -515,7 +622,15 @@ void Init_mini_ssl(VALUE puma) {
|
|
515
622
|
ERR_load_crypto_strings();
|
516
623
|
|
517
624
|
mod = rb_define_module_under(puma, "MiniSSL");
|
625
|
+
|
518
626
|
eng = rb_define_class_under(mod, "Engine", rb_cObject);
|
627
|
+
rb_undef_alloc_func(eng);
|
628
|
+
|
629
|
+
sslctx = rb_define_class_under(mod, "SSLContext", rb_cObject);
|
630
|
+
rb_define_alloc_func(sslctx, sslctx_alloc);
|
631
|
+
rb_define_method(sslctx, "initialize", sslctx_initialize, 1);
|
632
|
+
rb_undef_method(sslctx, "initialize_copy");
|
633
|
+
|
519
634
|
|
520
635
|
// OpenSSL Build / Runtime/Load versions
|
521
636
|
|
@@ -568,13 +683,16 @@ void Init_mini_ssl(VALUE puma) {
|
|
568
683
|
rb_define_method(eng, "init?", engine_init, 0);
|
569
684
|
|
570
685
|
rb_define_method(eng, "peercert", engine_peercert, 0);
|
686
|
+
|
687
|
+
rb_define_method(eng, "ssl_vers_st", engine_ssl_vers_st, 0);
|
571
688
|
}
|
572
689
|
|
573
690
|
#else
|
574
691
|
|
692
|
+
NORETURN(VALUE raise_error(VALUE self));
|
693
|
+
|
575
694
|
VALUE raise_error(VALUE self) {
|
576
695
|
rb_raise(rb_eStandardError, "SSL not available in this build");
|
577
|
-
return Qnil;
|
578
696
|
}
|
579
697
|
|
580
698
|
void Init_mini_ssl(VALUE puma) {
|
@@ -0,0 +1,15 @@
|
|
1
|
+
package puma;
|
2
|
+
|
3
|
+
import java.io.IOException;
|
4
|
+
|
5
|
+
import org.jruby.Ruby;
|
6
|
+
import org.jruby.runtime.load.BasicLibraryService;
|
7
|
+
|
8
|
+
import org.jruby.puma.Http11;
|
9
|
+
|
10
|
+
public class PumaHttp11Service implements BasicLibraryService {
|
11
|
+
public boolean basicLoad(final Ruby runtime) throws IOException {
|
12
|
+
Http11.createHttp11(runtime);
|
13
|
+
return true;
|
14
|
+
}
|
15
|
+
}
|
@@ -30,8 +30,8 @@ public class Http11 extends RubyObject {
|
|
30
30
|
public final static String MAX_REQUEST_URI_LENGTH_ERR = "HTTP element REQUEST_URI is longer than the 12288 allowed length.";
|
31
31
|
public final static int MAX_FRAGMENT_LENGTH = 1024;
|
32
32
|
public final static String MAX_FRAGMENT_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 1024 allowed length.";
|
33
|
-
public final static int MAX_REQUEST_PATH_LENGTH =
|
34
|
-
public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the
|
33
|
+
public final static int MAX_REQUEST_PATH_LENGTH = 8192;
|
34
|
+
public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 8192 allowed length.";
|
35
35
|
public final static int MAX_QUERY_STRING_LENGTH = 1024 * 10;
|
36
36
|
public final static String MAX_QUERY_STRING_LENGTH_ERR = "HTTP element QUERY_STRING is longer than the 10240 allowed length.";
|
37
37
|
public final static int MAX_HEADER_LENGTH = 1024 * (80 + 32);
|
@@ -197,7 +197,7 @@ public class Http11 extends RubyObject {
|
|
197
197
|
validateMaxLength(runtime, parser.nread,MAX_HEADER_LENGTH, MAX_HEADER_LENGTH_ERR);
|
198
198
|
|
199
199
|
if(hp.has_error()) {
|
200
|
-
throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails.");
|
200
|
+
throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?");
|
201
201
|
} else {
|
202
202
|
return runtime.newFixnum(parser.nread);
|
203
203
|
}
|
@@ -184,8 +184,6 @@ static final int puma_parser_start = 1;
|
|
184
184
|
static final int puma_parser_first_final = 46;
|
185
185
|
static final int puma_parser_error = 0;
|
186
186
|
|
187
|
-
static final int puma_parser_en_main = 1;
|
188
|
-
|
189
187
|
|
190
188
|
// line 62 "ext/puma_http11/http11_parser.java.rl"
|
191
189
|
|
@@ -214,7 +212,7 @@ static final int puma_parser_en_main = 1;
|
|
214
212
|
cs = 0;
|
215
213
|
|
216
214
|
|
217
|
-
// line
|
215
|
+
// line 216 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
218
216
|
{
|
219
217
|
cs = puma_parser_start;
|
220
218
|
}
|
@@ -246,7 +244,7 @@ static final int puma_parser_en_main = 1;
|
|
246
244
|
parser.buffer = buffer;
|
247
245
|
|
248
246
|
|
249
|
-
// line
|
247
|
+
// line 248 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
250
248
|
{
|
251
249
|
int _klen;
|
252
250
|
int _trans = 0;
|
@@ -402,7 +400,7 @@ case 1:
|
|
402
400
|
{ p += 1; _goto_targ = 5; if (true) continue _goto;}
|
403
401
|
}
|
404
402
|
break;
|
405
|
-
// line
|
403
|
+
// line 404 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
406
404
|
}
|
407
405
|
}
|
408
406
|
}
|