puma 4.3.12 → 5.6.4

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of puma might be problematic. Click here for more details.

Files changed (84) hide show
  1. checksums.yaml +4 -4
  2. data/History.md +1461 -524
  3. data/LICENSE +23 -20
  4. data/README.md +120 -36
  5. data/bin/puma-wild +3 -9
  6. data/docs/architecture.md +63 -26
  7. data/docs/compile_options.md +21 -0
  8. data/docs/deployment.md +60 -69
  9. data/docs/fork_worker.md +33 -0
  10. data/docs/jungle/README.md +9 -0
  11. data/{tools → docs}/jungle/rc.d/README.md +1 -1
  12. data/{tools → docs}/jungle/rc.d/puma +2 -2
  13. data/{tools → docs}/jungle/rc.d/puma.conf +0 -0
  14. data/docs/kubernetes.md +66 -0
  15. data/docs/nginx.md +1 -1
  16. data/docs/plugins.md +15 -15
  17. data/docs/rails_dev_mode.md +28 -0
  18. data/docs/restart.md +46 -23
  19. data/docs/signals.md +13 -11
  20. data/docs/stats.md +142 -0
  21. data/docs/systemd.md +85 -128
  22. data/ext/puma_http11/PumaHttp11Service.java +2 -4
  23. data/ext/puma_http11/ext_help.h +1 -1
  24. data/ext/puma_http11/extconf.rb +38 -9
  25. data/ext/puma_http11/http11_parser.c +45 -47
  26. data/ext/puma_http11/http11_parser.h +1 -1
  27. data/ext/puma_http11/http11_parser.java.rl +1 -1
  28. data/ext/puma_http11/http11_parser.rl +1 -1
  29. data/ext/puma_http11/mini_ssl.c +204 -86
  30. data/ext/puma_http11/no_ssl/PumaHttp11Service.java +15 -0
  31. data/ext/puma_http11/org/jruby/puma/Http11.java +3 -3
  32. data/ext/puma_http11/org/jruby/puma/Http11Parser.java +3 -5
  33. data/ext/puma_http11/org/jruby/puma/MiniSSL.java +105 -61
  34. data/ext/puma_http11/puma_http11.c +32 -51
  35. data/lib/puma/app/status.rb +47 -36
  36. data/lib/puma/binder.rb +225 -106
  37. data/lib/puma/cli.rb +24 -18
  38. data/lib/puma/client.rb +104 -76
  39. data/lib/puma/cluster/worker.rb +173 -0
  40. data/lib/puma/cluster/worker_handle.rb +94 -0
  41. data/lib/puma/cluster.rb +212 -220
  42. data/lib/puma/commonlogger.rb +2 -2
  43. data/lib/puma/configuration.rb +58 -49
  44. data/lib/puma/const.rb +13 -6
  45. data/lib/puma/control_cli.rb +93 -76
  46. data/lib/puma/detect.rb +29 -2
  47. data/lib/puma/dsl.rb +364 -96
  48. data/lib/puma/error_logger.rb +104 -0
  49. data/lib/puma/events.rb +55 -34
  50. data/lib/puma/io_buffer.rb +9 -2
  51. data/lib/puma/jruby_restart.rb +0 -58
  52. data/lib/puma/json_serialization.rb +96 -0
  53. data/lib/puma/launcher.rb +117 -46
  54. data/lib/puma/minissl/context_builder.rb +14 -9
  55. data/lib/puma/minissl.rb +128 -46
  56. data/lib/puma/null_io.rb +13 -1
  57. data/lib/puma/plugin.rb +3 -12
  58. data/lib/puma/queue_close.rb +26 -0
  59. data/lib/puma/rack/builder.rb +1 -5
  60. data/lib/puma/reactor.rb +85 -369
  61. data/lib/puma/request.rb +472 -0
  62. data/lib/puma/runner.rb +46 -61
  63. data/lib/puma/server.rb +290 -763
  64. data/lib/puma/single.rb +9 -65
  65. data/lib/puma/state_file.rb +47 -8
  66. data/lib/puma/systemd.rb +46 -0
  67. data/lib/puma/thread_pool.rb +125 -57
  68. data/lib/puma/util.rb +20 -1
  69. data/lib/puma.rb +46 -0
  70. data/lib/rack/handler/puma.rb +2 -3
  71. data/tools/{docker/Dockerfile → Dockerfile} +1 -1
  72. metadata +26 -22
  73. data/docs/tcp_mode.md +0 -96
  74. data/ext/puma_http11/io_buffer.c +0 -155
  75. data/ext/puma_http11/org/jruby/puma/IOBuffer.java +0 -72
  76. data/lib/puma/accept_nonblock.rb +0 -29
  77. data/lib/puma/tcp_logger.rb +0 -41
  78. data/tools/jungle/README.md +0 -19
  79. data/tools/jungle/init.d/README.md +0 -61
  80. data/tools/jungle/init.d/puma +0 -421
  81. data/tools/jungle/init.d/run-puma +0 -18
  82. data/tools/jungle/upstart/README.md +0 -61
  83. data/tools/jungle/upstart/puma-manager.conf +0 -31
  84. data/tools/jungle/upstart/puma.conf +0 -69
@@ -2,12 +2,7 @@
2
2
 
3
3
  #include <ruby.h>
4
4
  #include <ruby/version.h>
5
-
6
- #if RUBY_API_VERSION_MAJOR == 1
7
- #include <rubyio.h>
8
- #else
9
5
  #include <ruby/io.h>
10
- #endif
11
6
 
12
7
  #ifdef HAVE_OPENSSL_BIO_H
13
8
 
@@ -33,7 +28,10 @@ typedef struct {
33
28
  int bytes;
34
29
  } ms_cert_buf;
35
30
 
36
- void engine_free(ms_conn* conn) {
31
+ VALUE eError;
32
+
33
+ void engine_free(void *ptr) {
34
+ ms_conn *conn = ptr;
37
35
  ms_cert_buf* cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
38
36
  if(cert_buf) {
39
37
  OPENSSL_free(cert_buf->buf);
@@ -45,23 +43,13 @@ void engine_free(ms_conn* conn) {
45
43
  free(conn);
46
44
  }
47
45
 
48
- ms_conn* engine_alloc(VALUE klass, VALUE* obj) {
49
- ms_conn* conn;
50
-
51
- *obj = Data_Make_Struct(klass, ms_conn, 0, engine_free, conn);
52
-
53
- conn->read = BIO_new(BIO_s_mem());
54
- BIO_set_nbio(conn->read, 1);
55
-
56
- conn->write = BIO_new(BIO_s_mem());
57
- BIO_set_nbio(conn->write, 1);
58
-
59
- conn->ssl = 0;
60
- conn->ctx = 0;
61
-
62
- return conn;
63
- }
46
+ const rb_data_type_t engine_data_type = {
47
+ "MiniSSL/ENGINE",
48
+ { 0, engine_free, 0 },
49
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
50
+ };
64
51
 
52
+ #ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
65
53
  DH *get_dh2048(void) {
66
54
  /* `openssl dhparam -C 2048`
67
55
  * -----BEGIN DH PARAMETERS-----
@@ -132,6 +120,38 @@ DH *get_dh2048(void) {
132
120
 
133
121
  return dh;
134
122
  }
123
+ #endif
124
+
125
+ static void
126
+ sslctx_free(void *ptr) {
127
+ SSL_CTX *ctx = ptr;
128
+ SSL_CTX_free(ctx);
129
+ }
130
+
131
+ static const rb_data_type_t sslctx_type = {
132
+ "MiniSSL/SSLContext",
133
+ {
134
+ 0, sslctx_free,
135
+ },
136
+ 0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
137
+ };
138
+
139
+ ms_conn* engine_alloc(VALUE klass, VALUE* obj) {
140
+ ms_conn* conn;
141
+
142
+ *obj = TypedData_Make_Struct(klass, ms_conn, &engine_data_type, conn);
143
+
144
+ conn->read = BIO_new(BIO_s_mem());
145
+ BIO_set_nbio(conn->read, 1);
146
+
147
+ conn->write = BIO_new(BIO_s_mem());
148
+ BIO_set_nbio(conn->write, 1);
149
+
150
+ conn->ssl = 0;
151
+ conn->ctx = 0;
152
+
153
+ return conn;
154
+ }
135
155
 
136
156
  static int engine_verify_callback(int preverify_ok, X509_STORE_CTX* ctx) {
137
157
  X509* err_cert;
@@ -159,48 +179,102 @@ static int engine_verify_callback(int preverify_ok, X509_STORE_CTX* ctx) {
159
179
  return preverify_ok;
160
180
  }
161
181
 
162
- VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
163
- VALUE obj, session_id_bytes;
182
+ static VALUE
183
+ sslctx_alloc(VALUE klass) {
184
+ SSL_CTX *ctx;
185
+ long mode = 0 |
186
+ SSL_MODE_ENABLE_PARTIAL_WRITE |
187
+ SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
188
+ SSL_MODE_RELEASE_BUFFERS;
189
+
190
+ #ifdef HAVE_TLS_SERVER_METHOD
191
+ ctx = SSL_CTX_new(TLS_method());
192
+ // printf("\nctx using TLS_method security_level %d\n", SSL_CTX_get_security_level(ctx));
193
+ #else
194
+ ctx = SSL_CTX_new(SSLv23_method());
195
+ #endif
196
+ if (!ctx) {
197
+ rb_raise(eError, "SSL_CTX_new");
198
+ }
199
+ SSL_CTX_set_mode(ctx, mode);
200
+
201
+ return TypedData_Wrap_Struct(klass, &sslctx_type, ctx);
202
+ }
203
+
204
+ VALUE
205
+ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
164
206
  SSL_CTX* ctx;
165
- SSL* ssl;
166
- int min, ssl_options;
167
207
 
168
- ms_conn* conn = engine_alloc(self, &obj);
208
+ #ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
209
+ int min;
210
+ #endif
211
+ int ssl_options;
212
+ VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
213
+ verification_flags, session_id_bytes, cert_pem, key_pem;
214
+ #ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
215
+ DH *dh;
216
+ #endif
217
+ BIO *bio;
218
+ X509 *x509;
219
+ EVP_PKEY *pkey;
169
220
 
170
- ID sym_key = rb_intern("key");
171
- VALUE key = rb_funcall(mini_ssl_ctx, sym_key, 0);
221
+ #if OPENSSL_VERSION_NUMBER < 0x10002000L
222
+ EC_KEY *ecdh;
223
+ #endif
172
224
 
173
- StringValue(key);
225
+ TypedData_Get_Struct(self, SSL_CTX, &sslctx_type, ctx);
174
226
 
175
- ID sym_cert = rb_intern("cert");
176
- VALUE cert = rb_funcall(mini_ssl_ctx, sym_cert, 0);
227
+ key = rb_funcall(mini_ssl_ctx, rb_intern_const("key"), 0);
177
228
 
178
- StringValue(cert);
229
+ cert = rb_funcall(mini_ssl_ctx, rb_intern_const("cert"), 0);
179
230
 
180
- ID sym_ca = rb_intern("ca");
181
- VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);
231
+ ca = rb_funcall(mini_ssl_ctx, rb_intern_const("ca"), 0);
182
232
 
183
- ID sym_verify_mode = rb_intern("verify_mode");
184
- VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);
233
+ cert_pem = rb_funcall(mini_ssl_ctx, rb_intern_const("cert_pem"), 0);
185
234
 
186
- ID sym_ssl_cipher_filter = rb_intern("ssl_cipher_filter");
187
- VALUE ssl_cipher_filter = rb_funcall(mini_ssl_ctx, sym_ssl_cipher_filter, 0);
235
+ key_pem = rb_funcall(mini_ssl_ctx, rb_intern_const("key_pem"), 0);
188
236
 
189
- ID sym_no_tlsv1 = rb_intern("no_tlsv1");
190
- VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
237
+ verify_mode = rb_funcall(mini_ssl_ctx, rb_intern_const("verify_mode"), 0);
191
238
 
192
- ID sym_no_tlsv1_1 = rb_intern("no_tlsv1_1");
193
- VALUE no_tlsv1_1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1_1, 0);
239
+ ssl_cipher_filter = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_cipher_filter"), 0);
194
240
 
195
- #ifdef HAVE_TLS_SERVER_METHOD
196
- ctx = SSL_CTX_new(TLS_server_method());
197
- #else
198
- ctx = SSL_CTX_new(SSLv23_server_method());
199
- #endif
200
- conn->ctx = ctx;
241
+ no_tlsv1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1"), 0);
242
+
243
+ no_tlsv1_1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1_1"), 0);
201
244
 
202
- SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
203
- SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
245
+ if (!NIL_P(cert)) {
246
+ StringValue(cert);
247
+ SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
248
+ }
249
+
250
+ if (!NIL_P(key)) {
251
+ StringValue(key);
252
+ SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
253
+ }
254
+
255
+ if (!NIL_P(cert_pem)) {
256
+ bio = BIO_new(BIO_s_mem());
257
+ BIO_puts(bio, RSTRING_PTR(cert_pem));
258
+ x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
259
+
260
+ SSL_CTX_use_certificate(ctx, x509);
261
+ }
262
+
263
+ if (!NIL_P(key_pem)) {
264
+ bio = BIO_new(BIO_s_mem());
265
+ BIO_puts(bio, RSTRING_PTR(key_pem));
266
+ pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
267
+
268
+ SSL_CTX_use_PrivateKey(ctx, pkey);
269
+ }
270
+
271
+ verification_flags = rb_funcall(mini_ssl_ctx, rb_intern_const("verification_flags"), 0);
272
+
273
+ if (!NIL_P(verification_flags)) {
274
+ X509_VERIFY_PARAM *param = SSL_CTX_get0_param(ctx);
275
+ X509_VERIFY_PARAM_set_flags(param, NUM2INT(verification_flags));
276
+ SSL_CTX_set1_param(ctx, param);
277
+ }
204
278
 
205
279
  if (!NIL_P(ca)) {
206
280
  StringValue(ca);
@@ -247,6 +321,24 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
247
321
  SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
248
322
  }
249
323
 
324
+ #if OPENSSL_VERSION_NUMBER < 0x10002000L
325
+ // Remove this case if OpenSSL 1.0.1 (now EOL) support is no
326
+ // longer needed.
327
+ ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
328
+ if (ecdh) {
329
+ SSL_CTX_set_tmp_ecdh(ctx, ecdh);
330
+ EC_KEY_free(ecdh);
331
+ }
332
+ #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
333
+ SSL_CTX_set_ecdh_auto(ctx, 1);
334
+ #endif
335
+
336
+ if (NIL_P(verify_mode)) {
337
+ /* SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); */
338
+ } else {
339
+ SSL_CTX_set_verify(ctx, NUM2INT(verify_mode), engine_verify_callback);
340
+ }
341
+
250
342
  // Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
251
343
  session_id_bytes = rb_funcall(
252
344
  #ifdef HAVE_RANDOM_BYTES
@@ -261,35 +353,34 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
261
353
  (unsigned char *) RSTRING_PTR(session_id_bytes),
262
354
  SSL_MAX_SSL_SESSION_ID_LENGTH);
263
355
 
264
- DH *dh = get_dh2048();
265
- SSL_CTX_set_tmp_dh(ctx, dh);
356
+ // printf("\ninitialize end security_level %d\n", SSL_CTX_get_security_level(ctx));
266
357
 
267
- #if OPENSSL_VERSION_NUMBER < 0x10002000L
268
- // Remove this case if OpenSSL 1.0.1 (now EOL) support is no
269
- // longer needed.
270
- EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
271
- if (ecdh) {
272
- SSL_CTX_set_tmp_ecdh(ctx, ecdh);
273
- EC_KEY_free(ecdh);
274
- }
275
- #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
276
- // Prior to OpenSSL 1.1.0, servers must manually enable server-side ECDH
277
- // negotiation.
278
- SSL_CTX_set_ecdh_auto(ctx, 1);
358
+ #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
359
+ // https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_dh_auto.html
360
+ SSL_CTX_set_dh_auto(ctx, 1);
361
+ #else
362
+ dh = get_dh2048();
363
+ SSL_CTX_set_tmp_dh(ctx, dh);
279
364
  #endif
280
365
 
366
+ rb_obj_freeze(self);
367
+ return self;
368
+ }
369
+
370
+ VALUE engine_init_server(VALUE self, VALUE sslctx) {
371
+ ms_conn* conn;
372
+ VALUE obj;
373
+ SSL_CTX* ctx;
374
+ SSL* ssl;
375
+
376
+ conn = engine_alloc(self, &obj);
377
+
378
+ TypedData_Get_Struct(sslctx, SSL_CTX, &sslctx_type, ctx);
379
+
281
380
  ssl = SSL_new(ctx);
282
381
  conn->ssl = ssl;
283
382
  SSL_set_app_data(ssl, NULL);
284
-
285
- if (NIL_P(verify_mode)) {
286
- /* SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL); */
287
- } else {
288
- SSL_set_verify(ssl, NUM2INT(verify_mode), engine_verify_callback);
289
- }
290
-
291
383
  SSL_set_bio(ssl, conn->read, conn->write);
292
-
293
384
  SSL_set_accept_state(ssl);
294
385
  return obj;
295
386
  }
@@ -316,7 +407,7 @@ VALUE engine_inject(VALUE self, VALUE str) {
316
407
  ms_conn* conn;
317
408
  long used;
318
409
 
319
- Data_Get_Struct(self, ms_conn, conn);
410
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
320
411
 
321
412
  StringValue(str);
322
413
 
@@ -329,13 +420,14 @@ VALUE engine_inject(VALUE self, VALUE str) {
329
420
  return INT2FIX(used);
330
421
  }
331
422
 
332
- static VALUE eError;
423
+ NORETURN(void raise_error(SSL* ssl, int result));
333
424
 
334
425
  void raise_error(SSL* ssl, int result) {
335
426
  char buf[512];
336
427
  char msg[512];
337
428
  const char* err_str;
338
429
  int err = errno;
430
+ int mask = 4095;
339
431
  int ssl_err = SSL_get_error(ssl, result);
340
432
  int verify_err = (int) SSL_get_verify_result(ssl);
341
433
 
@@ -352,8 +444,7 @@ void raise_error(SSL* ssl, int result) {
352
444
  } else {
353
445
  err = (int) ERR_get_error();
354
446
  ERR_error_string_n(err, buf, sizeof(buf));
355
- snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err);
356
-
447
+ snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err & mask);
357
448
  }
358
449
  } else {
359
450
  snprintf(msg, sizeof(msg), "Unknown OpenSSL error: %d", ssl_err);
@@ -368,7 +459,7 @@ VALUE engine_read(VALUE self) {
368
459
  char buf[512];
369
460
  int bytes, error;
370
461
 
371
- Data_Get_Struct(self, ms_conn, conn);
462
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
372
463
 
373
464
  ERR_clear_error();
374
465
 
@@ -395,7 +486,7 @@ VALUE engine_write(VALUE self, VALUE str) {
395
486
  ms_conn* conn;
396
487
  int bytes;
397
488
 
398
- Data_Get_Struct(self, ms_conn, conn);
489
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
399
490
 
400
491
  StringValue(str);
401
492
 
@@ -417,9 +508,11 @@ VALUE engine_extract(VALUE self) {
417
508
  ms_conn* conn;
418
509
  int bytes;
419
510
  size_t pending;
420
- char buf[512];
511
+ // https://www.openssl.org/docs/manmaster/man3/BIO_f_buffer.html
512
+ // crypto/bio/bf_buff.c DEFAULT_BUFFER_SIZE
513
+ char buf[4096];
421
514
 
422
- Data_Get_Struct(self, ms_conn, conn);
515
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
423
516
 
424
517
  pending = BIO_pending(conn->write);
425
518
  if(pending > 0) {
@@ -438,7 +531,7 @@ VALUE engine_shutdown(VALUE self) {
438
531
  ms_conn* conn;
439
532
  int ok;
440
533
 
441
- Data_Get_Struct(self, ms_conn, conn);
534
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
442
535
 
443
536
  ERR_clear_error();
444
537
 
@@ -453,7 +546,7 @@ VALUE engine_shutdown(VALUE self) {
453
546
  VALUE engine_init(VALUE self) {
454
547
  ms_conn* conn;
455
548
 
456
- Data_Get_Struct(self, ms_conn, conn);
549
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
457
550
 
458
551
  return SSL_in_init(conn->ssl) ? Qtrue : Qfalse;
459
552
  }
@@ -466,9 +559,13 @@ VALUE engine_peercert(VALUE self) {
466
559
  ms_cert_buf* cert_buf = NULL;
467
560
  VALUE rb_cert_buf;
468
561
 
469
- Data_Get_Struct(self, ms_conn, conn);
562
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
470
563
 
564
+ #ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
565
+ cert = SSL_get1_peer_certificate(conn->ssl);
566
+ #else
471
567
  cert = SSL_get_peer_certificate(conn->ssl);
568
+ #endif
472
569
  if(!cert) {
473
570
  /*
474
571
  * See if there was a failed certificate associated with this client.
@@ -497,12 +594,22 @@ VALUE engine_peercert(VALUE self) {
497
594
  return rb_cert_buf;
498
595
  }
499
596
 
597
+ /* @see Puma::MiniSSL::Socket#ssl_version_state
598
+ * @version 5.0.0
599
+ */
600
+ static VALUE
601
+ engine_ssl_vers_st(VALUE self) {
602
+ ms_conn* conn;
603
+ TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
604
+ return rb_ary_new3(2, rb_str_new2(SSL_get_version(conn->ssl)), rb_str_new2(SSL_state_string(conn->ssl)));
605
+ }
606
+
500
607
  VALUE noop(VALUE self) {
501
608
  return Qnil;
502
609
  }
503
610
 
504
611
  void Init_mini_ssl(VALUE puma) {
505
- VALUE mod, eng;
612
+ VALUE mod, eng, sslctx;
506
613
 
507
614
  /* Fake operation for documentation (RDoc, YARD) */
508
615
  #if 0 == 1
@@ -515,7 +622,15 @@ void Init_mini_ssl(VALUE puma) {
515
622
  ERR_load_crypto_strings();
516
623
 
517
624
  mod = rb_define_module_under(puma, "MiniSSL");
625
+
518
626
  eng = rb_define_class_under(mod, "Engine", rb_cObject);
627
+ rb_undef_alloc_func(eng);
628
+
629
+ sslctx = rb_define_class_under(mod, "SSLContext", rb_cObject);
630
+ rb_define_alloc_func(sslctx, sslctx_alloc);
631
+ rb_define_method(sslctx, "initialize", sslctx_initialize, 1);
632
+ rb_undef_method(sslctx, "initialize_copy");
633
+
519
634
 
520
635
  // OpenSSL Build / Runtime/Load versions
521
636
 
@@ -568,13 +683,16 @@ void Init_mini_ssl(VALUE puma) {
568
683
  rb_define_method(eng, "init?", engine_init, 0);
569
684
 
570
685
  rb_define_method(eng, "peercert", engine_peercert, 0);
686
+
687
+ rb_define_method(eng, "ssl_vers_st", engine_ssl_vers_st, 0);
571
688
  }
572
689
 
573
690
  #else
574
691
 
692
+ NORETURN(VALUE raise_error(VALUE self));
693
+
575
694
  VALUE raise_error(VALUE self) {
576
695
  rb_raise(rb_eStandardError, "SSL not available in this build");
577
- return Qnil;
578
696
  }
579
697
 
580
698
  void Init_mini_ssl(VALUE puma) {
@@ -0,0 +1,15 @@
1
+ package puma;
2
+
3
+ import java.io.IOException;
4
+
5
+ import org.jruby.Ruby;
6
+ import org.jruby.runtime.load.BasicLibraryService;
7
+
8
+ import org.jruby.puma.Http11;
9
+
10
+ public class PumaHttp11Service implements BasicLibraryService {
11
+ public boolean basicLoad(final Ruby runtime) throws IOException {
12
+ Http11.createHttp11(runtime);
13
+ return true;
14
+ }
15
+ }
@@ -30,8 +30,8 @@ public class Http11 extends RubyObject {
30
30
  public final static String MAX_REQUEST_URI_LENGTH_ERR = "HTTP element REQUEST_URI is longer than the 12288 allowed length.";
31
31
  public final static int MAX_FRAGMENT_LENGTH = 1024;
32
32
  public final static String MAX_FRAGMENT_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 1024 allowed length.";
33
- public final static int MAX_REQUEST_PATH_LENGTH = 2048;
34
- public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 2048 allowed length.";
33
+ public final static int MAX_REQUEST_PATH_LENGTH = 8192;
34
+ public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 8192 allowed length.";
35
35
  public final static int MAX_QUERY_STRING_LENGTH = 1024 * 10;
36
36
  public final static String MAX_QUERY_STRING_LENGTH_ERR = "HTTP element QUERY_STRING is longer than the 10240 allowed length.";
37
37
  public final static int MAX_HEADER_LENGTH = 1024 * (80 + 32);
@@ -197,7 +197,7 @@ public class Http11 extends RubyObject {
197
197
  validateMaxLength(runtime, parser.nread,MAX_HEADER_LENGTH, MAX_HEADER_LENGTH_ERR);
198
198
 
199
199
  if(hp.has_error()) {
200
- throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails.");
200
+ throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?");
201
201
  } else {
202
202
  return runtime.newFixnum(parser.nread);
203
203
  }
@@ -184,8 +184,6 @@ static final int puma_parser_start = 1;
184
184
  static final int puma_parser_first_final = 46;
185
185
  static final int puma_parser_error = 0;
186
186
 
187
- static final int puma_parser_en_main = 1;
188
-
189
187
 
190
188
  // line 62 "ext/puma_http11/http11_parser.java.rl"
191
189
 
@@ -214,7 +212,7 @@ static final int puma_parser_en_main = 1;
214
212
  cs = 0;
215
213
 
216
214
 
217
- // line 218 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
215
+ // line 216 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
218
216
  {
219
217
  cs = puma_parser_start;
220
218
  }
@@ -246,7 +244,7 @@ static final int puma_parser_en_main = 1;
246
244
  parser.buffer = buffer;
247
245
 
248
246
 
249
- // line 250 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
247
+ // line 248 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
250
248
  {
251
249
  int _klen;
252
250
  int _trans = 0;
@@ -402,7 +400,7 @@ case 1:
402
400
  { p += 1; _goto_targ = 5; if (true) continue _goto;}
403
401
  }
404
402
  break;
405
- // line 406 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
403
+ // line 404 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
406
404
  }
407
405
  }
408
406
  }