puma 4.3.5-java → 5.0.1-java

data/ext/puma_http11/mini_ssl.c

@@ -301,6 +301,7 @@ void raise_error(SSL* ssl, int result) {
   char msg[512];
   const char* err_str;
   int err = errno;
+  int mask = 4095;
   int ssl_err = SSL_get_error(ssl, result);
   int verify_err = (int) SSL_get_verify_result(ssl);
 
@@ -317,8 +318,8 @@ void raise_error(SSL* ssl, int result) {
     } else {
       err = (int) ERR_get_error();
       ERR_error_string_n(err, buf, sizeof(buf));
-      snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err);
-
+      int errexp = err & mask;
+      snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, errexp);
     }
   } else {
     snprintf(msg, sizeof(msg), "Unknown OpenSSL error: %d", ssl_err);
@@ -462,6 +463,16 @@ VALUE engine_peercert(VALUE self) {
   return rb_cert_buf;
 }
 
+/* @see Puma::MiniSSL::Socket#ssl_version_state
+ * @version 5.0.0
+ */
+static VALUE
+engine_ssl_vers_st(VALUE self) {
+  ms_conn* conn;
+  Data_Get_Struct(self, ms_conn, conn);
+  return rb_ary_new3(2, rb_str_new2(SSL_get_version(conn->ssl)), rb_str_new2(SSL_state_string(conn->ssl)));
+}
+
 VALUE noop(VALUE self) {
   return Qnil;
 }
@@ -533,6 +544,8 @@ void Init_mini_ssl(VALUE puma) {
   rb_define_method(eng, "init?", engine_init, 0);
 
   rb_define_method(eng, "peercert", engine_peercert, 0);
+
+  rb_define_method(eng, "ssl_vers_st", engine_ssl_vers_st, 0);
 }
 
 #else

data/ext/puma_http11/no_ssl/PumaHttp11Service.java

@@ -0,0 +1,15 @@
+package puma;
+
+import java.io.IOException;
+
+import org.jruby.Ruby;
+import org.jruby.runtime.load.BasicLibraryService;
+
+import org.jruby.puma.Http11;
+
+public class PumaHttp11Service implements BasicLibraryService {
+    public boolean basicLoad(final Ruby runtime) throws IOException {
+        Http11.createHttp11(runtime);
+        return true;
+    }
+}

data/ext/puma_http11/org/jruby/puma/Http11.java

@@ -30,8 +30,8 @@ public class Http11 extends RubyObject {
     public final static String MAX_REQUEST_URI_LENGTH_ERR = "HTTP element REQUEST_URI is longer than the 12288 allowed length.";
     public final static int MAX_FRAGMENT_LENGTH = 1024;
     public final static String MAX_FRAGMENT_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 1024 allowed length.";
-    public final static int MAX_REQUEST_PATH_LENGTH = 2048;
-    public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 2048 allowed length.";
+    public final static int MAX_REQUEST_PATH_LENGTH = 8192;
+    public final static String MAX_REQUEST_PATH_LENGTH_ERR = "HTTP element REQUEST_PATH is longer than the 8192 allowed length.";
     public final static int MAX_QUERY_STRING_LENGTH = 1024 * 10;
     public final static String MAX_QUERY_STRING_LENGTH_ERR = "HTTP element QUERY_STRING is longer than the 10240 allowed length.";
     public final static int MAX_HEADER_LENGTH = 1024 * (80 + 32);
@@ -197,7 +197,7 @@ public class Http11 extends RubyObject {
             validateMaxLength(runtime, parser.nread,MAX_HEADER_LENGTH, MAX_HEADER_LENGTH_ERR);
 
             if(hp.has_error()) {
-                throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails.");
+                throw newHTTPParserError(runtime, "Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?");
             } else {
                 return runtime.newFixnum(parser.nread);
             }

data/ext/puma_http11/org/jruby/puma/MiniSSL.java

@@ -22,6 +22,7 @@ import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
 import java.io.FileInputStream;
+import java.io.InputStream;
 import java.io.IOException;
 import java.nio.Buffer;
 import java.nio.ByteBuffer;
@@ -32,6 +33,8 @@ import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.Map;
 
 import static javax.net.ssl.SSLEngineResult.Status;
 import static javax.net.ssl.SSLEngineResult.HandshakeStatus;
@@ -120,6 +123,8 @@ public class MiniSSL extends RubyObject {
   }
 
   private SSLEngine engine;
+  private boolean closed;
+  private boolean handshake;
   private MiniSSLBuffer inboundNetData;
   private MiniSSLBuffer outboundAppData;
   private MiniSSLBuffer outboundNetData;
@@ -128,10 +133,39 @@ public class MiniSSL extends RubyObject {
     super(runtime, klass);
   }
 
+  private static Map<String, KeyManagerFactory> keyManagerFactoryMap = new ConcurrentHashMap<String, KeyManagerFactory>();
+  private static Map<String, TrustManagerFactory> trustManagerFactoryMap = new ConcurrentHashMap<String, TrustManagerFactory>();
+
   @JRubyMethod(meta = true)
-  public static IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext) {
-    RubyClass klass = (RubyClass) recv;
+  public static synchronized IRubyObject server(ThreadContext context, IRubyObject recv, IRubyObject miniSSLContext)
+      throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
+    // Create the KeyManagerFactory and TrustManagerFactory for this server
+    String keystoreFile = miniSSLContext.callMethod(context, "keystore").convertToString().asJavaString();
+    char[] password = miniSSLContext.callMethod(context, "keystore_pass").convertToString().asJavaString().toCharArray();
 
+    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+    InputStream is = new FileInputStream(keystoreFile);
+    try {
+      ks.load(is, password);
+    } finally {
+      is.close();
+    }
+    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+    kmf.init(ks, password);
+    keyManagerFactoryMap.put(keystoreFile, kmf);
+
+    KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
+    is = new FileInputStream(keystoreFile);
+    try {
+      ts.load(is, password);
+    } finally {
+      is.close();
+    }
+    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+    tmf.init(ts);
+    trustManagerFactoryMap.put(keystoreFile, tmf);
+
+    RubyClass klass = (RubyClass) recv;
     return klass.newInstance(context,
         new IRubyObject[] { miniSSLContext },
         Block.NULL_BLOCK);
@@ -139,24 +173,22 @@ public class MiniSSL extends RubyObject {
 
   @JRubyMethod
   public IRubyObject initialize(ThreadContext threadContext, IRubyObject miniSSLContext)
-      throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
+      throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
     KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
     KeyStore ts = KeyStore.getInstance(KeyStore.getDefaultType());
 
-    char[] password = miniSSLContext.callMethod(threadContext, "keystore_pass").convertToString().asJavaString().toCharArray();
     String keystoreFile = miniSSLContext.callMethod(threadContext, "keystore").convertToString().asJavaString();
-    ks.load(new FileInputStream(keystoreFile), password);
-    ts.load(new FileInputStream(keystoreFile), password);
-
-    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
-    kmf.init(ks, password);
-
-    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
-    tmf.init(ts);
+    KeyManagerFactory kmf = keyManagerFactoryMap.get(keystoreFile);
+    TrustManagerFactory tmf = trustManagerFactoryMap.get(keystoreFile);
+    if(kmf == null || tmf == null) {
+      throw new KeyStoreException("Could not find KeyManagerFactory/TrustManagerFactory for keystore: " + keystoreFile);
+    }
 
     SSLContext sslCtx = SSLContext.getInstance("TLS");
 
     sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+    closed = false;
+    handshake = false;
     engine = sslCtx.createSSLEngine();
 
     String[] protocols;
@@ -173,7 +205,7 @@ public class MiniSSL extends RubyObject {
     engine.setEnabledProtocols(protocols);
     engine.setUseClientMode(false);
 
-    long verify_mode = miniSSLContext.callMethod(threadContext, "verify_mode").convertToInteger().getLongValue();
+    long verify_mode = miniSSLContext.callMethod(threadContext, "verify_mode").convertToInteger("to_i").getLongValue();
     if ((verify_mode & 0x1) != 0) { // 'peer'
         engine.setWantClientAuth(true);
     }
@@ -240,14 +272,21 @@ public class MiniSSL extends RubyObject {
           // need to wait for more data to come in before we retry
           retryOp = false;
           break;
+        case CLOSED:
+          closed = true;
+          retryOp = false;
+          break;
         default:
-          // other cases are OK and CLOSED.  We're done here.
+          // other case is OK.  We're done here.
           retryOp = false;
       }
+      if (res.getHandshakeStatus() == HandshakeStatus.FINISHED) {
+        handshake = true;
+      }
     }
 
     // after each op, run any delegated tasks if needed
-    if(engine.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
+    if(res.getHandshakeStatus() == HandshakeStatus.NEED_TASK) {
       Runnable runnable;
       while ((runnable = engine.getDelegatedTask()) != null) {
         runnable.run();
@@ -271,13 +310,14 @@ public class MiniSSL extends RubyObject {
 
       HandshakeStatus handshakeStatus = engine.getHandshakeStatus();
       boolean done = false;
+      SSLEngineResult res = null;
       while (!done) {
         switch (handshakeStatus) {
           case NEED_WRAP:
-            doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
+            res = doOp(SSLOperation.WRAP, inboundAppData, outboundNetData);
             break;
           case NEED_UNWRAP:
-            SSLEngineResult res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
+            res = doOp(SSLOperation.UNWRAP, inboundNetData, inboundAppData);
             if (res.getStatus() == Status.BUFFER_UNDERFLOW) {
               // need more data before we can shake more hands
               done = true;
@@ -286,7 +326,9 @@ public class MiniSSL extends RubyObject {
           default:
             done = true;
         }
-        handshakeStatus = engine.getHandshakeStatus();
+        if (!done) {
+          handshakeStatus = res.getHandshakeStatus();
+        }
       }
 
       if (inboundNetData.hasRemaining()) {
@@ -360,4 +402,21 @@ public class MiniSSL extends RubyObject {
       return getRuntime().getNil();
     }
   }
+
+  @JRubyMethod(name = "init?")
+  public IRubyObject isInit(ThreadContext context) {
+    return handshake ? getRuntime().getFalse() : getRuntime().getTrue();
+  }
+
+  @JRubyMethod
+  public IRubyObject shutdown() {
+    if (closed || engine.isInboundDone() && engine.isOutboundDone()) {
+      if (engine.isOutboundDone()) {
+        engine.closeOutbound();
+      }
+      return getRuntime().getTrue();
+    } else {
+      return getRuntime().getFalse();
+    }
+  }
 }

data/ext/puma_http11/puma_http11.c

@@ -10,6 +10,7 @@
 #include "ext_help.h"
 #include <assert.h>
 #include <string.h>
+#include <ctype.h>
 #include "http11_parser.h"
 
 #ifndef MANAGED_STRINGS
@@ -53,7 +54,7 @@ DEF_MAX_LENGTH(FIELD_NAME, 256);
 DEF_MAX_LENGTH(FIELD_VALUE, 80 * 1024);
 DEF_MAX_LENGTH(REQUEST_URI, 1024 * 12);
 DEF_MAX_LENGTH(FRAGMENT, 1024); /* Don't know if this length is specified somewhere or not */
-DEF_MAX_LENGTH(REQUEST_PATH, 2048);
+DEF_MAX_LENGTH(REQUEST_PATH, 8192);
 DEF_MAX_LENGTH(QUERY_STRING, (1024 * 10));
 DEF_MAX_LENGTH(HEADER, (1024 * (80 + 32)));
 
@@ -111,21 +112,6 @@ static struct common_field common_http_fields[] = {
 # undef f
 };
 
-/*
- * qsort(3) and bsearch(3) improve average performance slightly, but may
- * not be worth it for lack of portability to certain platforms...
- */
-#if defined(HAVE_QSORT_BSEARCH)
-/* sort by length, then by name if there's a tie */
-static int common_field_cmp(const void *a, const void *b)
-{
-  struct common_field *cfa = (struct common_field *)a;
-  struct common_field *cfb = (struct common_field *)b;
-  signed long diff = cfa->len - cfb->len;
-  return diff ? diff : memcmp(cfa->name, cfb->name, cfa->len);
-}
-#endif /* HAVE_QSORT_BSEARCH */
-
 static void init_common_fields(void)
 {
   unsigned i;
@@ -142,28 +128,10 @@ static void init_common_fields(void)
     }
     rb_global_variable(&cf->value);
   }
-
-#if defined(HAVE_QSORT_BSEARCH)
-  qsort(common_http_fields,
-        ARRAY_SIZE(common_http_fields),
-        sizeof(struct common_field),
-        common_field_cmp);
-#endif /* HAVE_QSORT_BSEARCH */
 }
 
 static VALUE find_common_field_value(const char *field, size_t flen)
 {
-#if defined(HAVE_QSORT_BSEARCH)
-  struct common_field key;
-  struct common_field *found;
-  key.name = field;
-  key.len = (signed long)flen;
-  found = (struct common_field *)bsearch(&key, common_http_fields,
-                                         ARRAY_SIZE(common_http_fields),
-                                         sizeof(struct common_field),
-                                         common_field_cmp);
-  return found ? found->value : Qnil;
-#else /* !HAVE_QSORT_BSEARCH */
   unsigned i;
   struct common_field *cf = common_http_fields;
   for(i = 0; i < ARRAY_SIZE(common_http_fields); i++, cf++) {
@@ -171,7 +139,6 @@ static VALUE find_common_field_value(const char *field, size_t flen)
       return cf->value;
   }
   return Qnil;
-#endif /* !HAVE_QSORT_BSEARCH */
 }
 
 void http_field(puma_parser* hp, const char *field, size_t flen,
@@ -400,7 +367,7 @@ VALUE HttpParser_execute(VALUE self, VALUE req_hash, VALUE data, VALUE start)
     VALIDATE_MAX_LENGTH(puma_parser_nread(http), HEADER);
 
     if(puma_parser_has_error(http)) {
-      rb_raise(eHttpParserError, "%s", "Invalid HTTP format, parsing fails.");
+      rb_raise(eHttpParserError, "%s", "Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?");
     } else {
       return INT2FIX(puma_parser_nread(http));
     }
@@ -467,8 +434,9 @@ VALUE HttpParser_body(VALUE self) {
   return http->body;
 }
 
-void Init_io_buffer(VALUE puma);
+#ifdef HAVE_OPENSSL_BIO_H
 void Init_mini_ssl(VALUE mod);
+#endif
 
 void Init_puma_http11()
 {
@@ -497,6 +465,7 @@ void Init_puma_http11()
   rb_define_method(cHttpParser, "body", HttpParser_body, 0);
   init_common_fields();
 
-  Init_io_buffer(mPuma);
+#ifdef HAVE_OPENSSL_BIO_H
   Init_mini_ssl(mPuma);
+#endif
 }

data/lib/puma.rb

@@ -10,16 +10,28 @@ require 'stringio'
 
 require 'thread'
 
+require 'puma/puma_http11'
+require 'puma/detect'
+
 module Puma
   autoload :Const, 'puma/const'
   autoload :Server, 'puma/server'
   autoload :Launcher, 'puma/launcher'
 
+  # @!attribute [rw] stats_object=
   def self.stats_object=(val)
     @get_stats = val
   end
 
+  # @!attribute [rw] stats_object
   def self.stats
+    require 'json'
+    @get_stats.stats.to_json
+  end
+
+  # @!attribute [r] stats_hash
+  # @version 5.0.0
+  def self.stats_hash
     @get_stats.stats
   end
 
@@ -28,4 +40,12 @@ module Puma
     return unless Thread.current.respond_to?(:name=)
     Thread.current.name = "puma #{name}"
   end
+
+  unless HAS_SSL
+    module MiniSSL
+      # this class is defined so that it exists when Puma is compiled
+      # without ssl support, as Server and Reactor use it in rescue statements.
+      class SSLError < StandardError ; end
+    end
+  end
 end

data/lib/puma/app/status.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'json'
-
 module Puma
   module App
     # Check out {#call}'s source code to see what actions this web application
@@ -19,6 +17,10 @@ module Puma
           return rack_response(403, 'Invalid auth token', 'text/plain')
         end
 
+        if env['PATH_INFO'] =~ /\/(gc-stats|stats|thread-backtraces)$/
+          require 'json'
+        end
+
         case env['PATH_INFO']
         when /\/stop$/
           @cli.stop
@@ -54,7 +56,20 @@ module Puma
           rack_response(200, GC.stat.to_json)
 
         when /\/stats$/
-          rack_response(200, @cli.stats)
+          rack_response(200, @cli.stats.to_json)
+
+        when /\/thread-backtraces$/
+          backtraces = []
+          @cli.thread_status do |name, backtrace|
+            backtraces << { name: name, backtrace: backtrace }
+          end
+
+          rack_response(200, backtraces.to_json)
+
+        when /\/refork$/
+          Process.kill "SIGURG", $$
+          rack_response(200, OK_STATUS)
+
         else
           rack_response 404, "Unsupported action", 'text/plain'
         end

data/lib/puma/binder.rb

@@ -5,15 +5,22 @@ require 'socket'
 
 require 'puma/const'
 require 'puma/util'
-require 'puma/minissl/context_builder'
+require 'puma/configuration'
 
 module Puma
+
+  if HAS_SSL
+    require 'puma/minissl'
+    require 'puma/minissl/context_builder'
+    require 'puma/accept_nonblock'
+  end
+
   class Binder
     include Puma::Const
 
-    RACK_VERSION = [1,3].freeze
+    RACK_VERSION = [1,6].freeze
 
-    def initialize(events)
+    def initialize(events, conf = Configuration.new)
       @events = events
       @listeners = []
       @inherited_fds = {}
@@ -23,8 +30,8 @@ module Puma
       @proto_env = {
         "rack.version".freeze => RACK_VERSION,
         "rack.errors".freeze => events.stderr,
-        "rack.multithread".freeze => true,
-        "rack.multiprocess".freeze => false,
+        "rack.multithread".freeze => conf.options[:max_threads] > 1,
+        "rack.multiprocess".freeze => conf.options[:workers] >= 1,
         "rack.run_once".freeze => false,
         "SCRIPT_NAME".freeze => ENV['SCRIPT_NAME'] || "",
 
@@ -45,6 +52,12 @@ module Puma
 
     attr_reader :ios
 
+    # @version 5.0.0
+    attr_reader :activated_sockets, :envs, :inherited_fds, :listeners, :proto_env, :unix_paths
+
+    # @version 5.0.0
+    attr_writer :ios, :listeners
+
     def env(sock)
       @envs.fetch(sock, @proto_env)
     end
@@ -53,40 +66,44 @@ module Puma
       @ios.each { |i| i.close }
     end
 
-    def import_from_env
-      remove = []
-
-      ENV.each do |k,v|
-        if k =~ /PUMA_INHERIT_\d+/
-          fd, url = v.split(":", 2)
-          @inherited_fds[url] = fd.to_i
-          remove << k
-        elsif k == 'LISTEN_FDS' && ENV['LISTEN_PID'].to_i == $$
-          v.to_i.times do |num|
-            fd = num + 3
-            sock = TCPServer.for_fd(fd)
-            begin
-              key = [ :unix, Socket.unpack_sockaddr_un(sock.getsockname) ]
-            rescue ArgumentError
-              port, addr = Socket.unpack_sockaddr_in(sock.getsockname)
-              if addr =~ /\:/
-                addr = "[#{addr}]"
-              end
-              key = [ :tcp, addr, port ]
-            end
-            @activated_sockets[key] = sock
-            @events.debug "Registered #{key.join ':'} for activation from LISTEN_FDS"
-          end
-          remove << k << 'LISTEN_PID'
-        end
-      end
+    # @!attribute [r] connected_ports
+    # @version 5.0.0
+    def connected_ports
+      ios.map { |io| io.addr[1] }.uniq
+    end
 
-      remove.each do |k|
-        ENV.delete k
+    # @version 5.0.0
+    def create_inherited_fds(env_hash)
+      env_hash.select {|k,v| k =~ /PUMA_INHERIT_\d+/}.each do |_k, v|
+        fd, url = v.split(":", 2)
+        @inherited_fds[url] = fd.to_i
+      end.keys # pass keys back for removal
+    end
+
+    # systemd socket activation.
+    # LISTEN_FDS = number of listening sockets. e.g. 2 means accept on 2 sockets w/descriptors 3 and 4.
+    # LISTEN_PID = PID of the service process, aka us
+    # @see https://www.freedesktop.org/software/systemd/man/systemd-socket-activate.html
+    # @version 5.0.0
+    #
+    def create_activated_fds(env_hash)
+      return [] unless env_hash['LISTEN_FDS'] && env_hash['LISTEN_PID'].to_i == $$
+      env_hash['LISTEN_FDS'].to_i.times do |index|
+        sock = TCPServer.for_fd(socket_activation_fd(index))
+        key = begin # Try to parse as a path
+          [:unix, Socket.unpack_sockaddr_un(sock.getsockname)]
+        rescue ArgumentError # Try to parse as a port/ip
+          port, addr = Socket.unpack_sockaddr_in(sock.getsockname)
+          addr = "[#{addr}]" if addr =~ /\:/
+          [:tcp, addr, port]
+        end
+        @activated_sockets[key] = sock
+        @events.debug "Registered #{key.join ':'} for activation from LISTEN_FDS"
       end
+      ["LISTEN_FDS", "LISTEN_PID"] # Signal to remove these keys from ENV
     end
 
-    def parse(binds, logger)
+    def parse(binds, logger, log_msg = 'Listening')
       binds.each do |str|
         uri = URI.parse str
         case uri.scheme
@@ -113,7 +130,7 @@ module Puma
                 i.local_address.ip_unpack.join(':')
               end
 
-              logger.log "* Listening on tcp://#{addr}"
+              logger.log "* #{log_msg} on http://#{addr}"
             end
           end
 
@@ -149,11 +166,14 @@ module Puma
             end
 
             io = add_unix_listener path, umask, mode, backlog
-            logger.log "* Listening on #{str}"
+            logger.log "* #{log_msg} on #{str}"
           end
 
           @listeners << [str, io]
         when "ssl"
+
+          raise "Puma compiled without SSL support" unless HAS_SSL
+
           params = Util.parse_query uri.query
           ctx = MiniSSL::ContextBuilder.new(params, @events).context
 
@@ -204,12 +224,6 @@ module Puma
       end
     end
 
-    def loopback_addresses
-      Socket.ip_address_list.select do |addrinfo|
-        addrinfo.ipv6_loopback? || addrinfo.ipv4_loopback?
-      end.map { |addrinfo| addrinfo.ip_address }.uniq
-    end
-
     # Tell the server to listen on host +host+, port +port+.
     # If +optimize_for_latency+ is true (the default) then clients connecting
     # will be optimized for latency over throughput.
@@ -226,20 +240,17 @@ module Puma
       end
 
       host = host[1..-2] if host and host[0..0] == '['
-      s = TCPServer.new(host, port)
+      tcp_server = TCPServer.new(host, port)
       if optimize_for_latency
-        s.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
+        tcp_server.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
       end
-      s.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
-      s.listen backlog
-      @connected_port = s.addr[1]
+      tcp_server.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
+      tcp_server.listen backlog
 
-      @ios << s
-      s
+      @ios << tcp_server
+      tcp_server
     end
 
-    attr_reader :connected_port
-
     def inherit_tcp_listener(host, port, fd)
       if fd.kind_of? TCPServer
         s = fd
@@ -253,9 +264,8 @@ module Puma
 
     def add_ssl_listener(host, port, ctx,
                          optimize_for_latency=true, backlog=1024)
-      require 'puma/minissl'
 
-      MiniSSL.check
+      raise "Puma compiled without SSL support" unless HAS_SSL
 
       if host == "localhost"
         loopback_addresses.each do |addr|
@@ -272,7 +282,6 @@ module Puma
       s.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR, true)
       s.listen backlog
 
-
       ssl = MiniSSL::Server.new s, ctx
       env = @proto_env.dup
       env[HTTPS_KEY] = HTTPS
@@ -283,8 +292,7 @@ module Puma
     end
 
     def inherit_ssl_listener(fd, ctx)
-      require 'puma/minissl'
-      MiniSSL.check
+      raise "Puma compiled without SSL support" unless HAS_SSL
 
       if fd.kind_of? TCPServer
         s = fd
@@ -360,26 +368,40 @@ module Puma
     end
 
     def close_listeners
-      @listeners.each do |l, io|
-        io.close
+      listeners.each do |l, io|
+        io.close unless io.closed? # Ruby 2.2 issue
         uri = URI.parse(l)
         next unless uri.scheme == 'unix'
         unix_path = "#{uri.host}#{uri.path}"
-        File.unlink unix_path if @unix_paths.include? unix_path
+        File.unlink unix_path if unix_paths.include? unix_path
       end
     end
 
-    def close_unix_paths
-      @unix_paths.each { |up| File.unlink(up) if File.exist? up }
+    def redirects_for_restart
+      redirects = listeners.map { |a| [a[1].to_i, a[1].to_i] }.to_h
+      redirects[:close_others] = true
+      redirects
     end
 
-    def redirects_for_restart
-      redirects = {:close_others => true}
-      @listeners.each_with_index do |(l, io), i|
-        ENV["PUMA_INHERIT_#{i}"] = "#{io.to_i}:#{l}"
-        redirects[io.to_i] = io.to_i
+    # @version 5.0.0
+    def redirects_for_restart_env
+      listeners.each_with_object({}).with_index do |(listen, memo), i|
+        memo["PUMA_INHERIT_#{i}"] = "#{listen[1].to_i}:#{listen[0]}"
       end
-      redirects
+    end
+
+    private
+
+    # @!attribute [r] loopback_addresses
+    def loopback_addresses
+      Socket.ip_address_list.select do |addrinfo|
+        addrinfo.ipv6_loopback? || addrinfo.ipv4_loopback?
+      end.map { |addrinfo| addrinfo.ip_address }.uniq
+    end
+
+    # @version 5.0.0
+    def socket_activation_fd(int)
+      int + 3 # 3 is the magic number you add to follow the SA protocol
     end
   end
 end