puma 5.0.4 → 5.5.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puma might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/History.md +250 -48
- data/README.md +90 -24
- data/docs/architecture.md +57 -20
- data/docs/compile_options.md +21 -0
- data/docs/deployment.md +53 -67
- data/docs/fork_worker.md +2 -0
- data/docs/jungle/rc.d/README.md +1 -1
- data/docs/kubernetes.md +66 -0
- data/docs/plugins.md +15 -15
- data/docs/rails_dev_mode.md +28 -0
- data/docs/restart.md +7 -7
- data/docs/signals.md +10 -10
- data/docs/stats.md +142 -0
- data/docs/systemd.md +85 -66
- data/ext/puma_http11/extconf.rb +36 -6
- data/ext/puma_http11/http11_parser.c +64 -59
- data/ext/puma_http11/http11_parser.h +1 -1
- data/ext/puma_http11/http11_parser.java.rl +1 -1
- data/ext/puma_http11/http11_parser.rl +1 -1
- data/ext/puma_http11/http11_parser_common.rl +1 -1
- data/ext/puma_http11/mini_ssl.c +177 -84
- data/ext/puma_http11/org/jruby/puma/Http11Parser.java +39 -41
- data/ext/puma_http11/puma_http11.c +8 -2
- data/lib/puma/app/status.rb +4 -7
- data/lib/puma/binder.rb +121 -46
- data/lib/puma/cli.rb +9 -0
- data/lib/puma/client.rb +58 -19
- data/lib/puma/cluster/worker.rb +19 -16
- data/lib/puma/cluster/worker_handle.rb +9 -2
- data/lib/puma/cluster.rb +46 -22
- data/lib/puma/configuration.rb +18 -2
- data/lib/puma/const.rb +14 -4
- data/lib/puma/control_cli.rb +76 -71
- data/lib/puma/detect.rb +14 -10
- data/lib/puma/dsl.rb +143 -26
- data/lib/puma/error_logger.rb +12 -5
- data/lib/puma/events.rb +18 -3
- data/lib/puma/json_serialization.rb +96 -0
- data/lib/puma/launcher.rb +54 -6
- data/lib/puma/minissl/context_builder.rb +6 -0
- data/lib/puma/minissl.rb +54 -38
- data/lib/puma/null_io.rb +12 -0
- data/lib/puma/plugin.rb +1 -1
- data/lib/puma/queue_close.rb +7 -7
- data/lib/puma/rack/builder.rb +1 -1
- data/lib/puma/reactor.rb +19 -12
- data/lib/puma/request.rb +45 -16
- data/lib/puma/runner.rb +38 -13
- data/lib/puma/server.rb +62 -123
- data/lib/puma/state_file.rb +5 -3
- data/lib/puma/systemd.rb +46 -0
- data/lib/puma/thread_pool.rb +10 -7
- data/lib/puma/util.rb +8 -1
- data/lib/puma.rb +36 -10
- data/lib/rack/handler/puma.rb +1 -0
- metadata +15 -9
data/ext/puma_http11/mini_ssl.c
CHANGED
@@ -28,6 +28,8 @@ typedef struct {
|
|
28
28
|
int bytes;
|
29
29
|
} ms_cert_buf;
|
30
30
|
|
31
|
+
VALUE eError;
|
32
|
+
|
31
33
|
void engine_free(void *ptr) {
|
32
34
|
ms_conn *conn = ptr;
|
33
35
|
ms_cert_buf* cert_buf = (ms_cert_buf*)SSL_get_app_data(conn->ssl);
|
@@ -47,61 +49,65 @@ const rb_data_type_t engine_data_type = {
|
|
47
49
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
48
50
|
};
|
49
51
|
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
*obj = TypedData_Make_Struct(klass, ms_conn, &engine_data_type, conn);
|
54
|
-
|
55
|
-
conn->read = BIO_new(BIO_s_mem());
|
56
|
-
BIO_set_nbio(conn->read, 1);
|
57
|
-
|
58
|
-
conn->write = BIO_new(BIO_s_mem());
|
59
|
-
BIO_set_nbio(conn->write, 1);
|
60
|
-
|
61
|
-
conn->ssl = 0;
|
62
|
-
conn->ctx = 0;
|
63
|
-
|
64
|
-
return conn;
|
65
|
-
}
|
66
|
-
|
67
|
-
DH *get_dh1024() {
|
68
|
-
/* `openssl dhparam 1024 -C`
|
52
|
+
DH *get_dh2048() {
|
53
|
+
/* `openssl dhparam -C 2048`
|
69
54
|
* -----BEGIN DH PARAMETERS-----
|
70
|
-
*
|
71
|
-
*
|
72
|
-
*
|
55
|
+
* MIIBCAKCAQEAjmh1uQHdTfxOyxEbKAV30fUfzqMDF/ChPzjfyzl2jcrqQMhrk76o
|
56
|
+
* 2NPNXqxHwsddMZ1RzvU8/jl+uhRuPWjXCFZbhET4N1vrviZM3VJhV8PPHuiVOACO
|
57
|
+
* y32jFd+Szx4bo2cXSK83hJ6jRd+0asP1awWjz9/06dFkrILCXMIfQLo0D8rqmppn
|
58
|
+
* EfDDAwuudCpM9kcDmBRAm9JsKbQ6gzZWjkc5+QWSaQofojIHbjvj3xzguaCJn+oQ
|
59
|
+
* vHWM+hsAnaOgEwCyeZ3xqs+/5lwSbkE/tqJW98cEZGygBUVo9jxZRZx6KOfjpdrb
|
60
|
+
* yenO9LJr/qtyrZB31WJbqxI0m0AKTAO8UwIBAg==
|
73
61
|
* -----END DH PARAMETERS-----
|
74
62
|
*/
|
75
|
-
static unsigned char
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
63
|
+
static unsigned char dh2048_p[] = {
|
64
|
+
0x8E, 0x68, 0x75, 0xB9, 0x01, 0xDD, 0x4D, 0xFC, 0x4E, 0xCB,
|
65
|
+
0x11, 0x1B, 0x28, 0x05, 0x77, 0xD1, 0xF5, 0x1F, 0xCE, 0xA3,
|
66
|
+
0x03, 0x17, 0xF0, 0xA1, 0x3F, 0x38, 0xDF, 0xCB, 0x39, 0x76,
|
67
|
+
0x8D, 0xCA, 0xEA, 0x40, 0xC8, 0x6B, 0x93, 0xBE, 0xA8, 0xD8,
|
68
|
+
0xD3, 0xCD, 0x5E, 0xAC, 0x47, 0xC2, 0xC7, 0x5D, 0x31, 0x9D,
|
69
|
+
0x51, 0xCE, 0xF5, 0x3C, 0xFE, 0x39, 0x7E, 0xBA, 0x14, 0x6E,
|
70
|
+
0x3D, 0x68, 0xD7, 0x08, 0x56, 0x5B, 0x84, 0x44, 0xF8, 0x37,
|
71
|
+
0x5B, 0xEB, 0xBE, 0x26, 0x4C, 0xDD, 0x52, 0x61, 0x57, 0xC3,
|
72
|
+
0xCF, 0x1E, 0xE8, 0x95, 0x38, 0x00, 0x8E, 0xCB, 0x7D, 0xA3,
|
73
|
+
0x15, 0xDF, 0x92, 0xCF, 0x1E, 0x1B, 0xA3, 0x67, 0x17, 0x48,
|
74
|
+
0xAF, 0x37, 0x84, 0x9E, 0xA3, 0x45, 0xDF, 0xB4, 0x6A, 0xC3,
|
75
|
+
0xF5, 0x6B, 0x05, 0xA3, 0xCF, 0xDF, 0xF4, 0xE9, 0xD1, 0x64,
|
76
|
+
0xAC, 0x82, 0xC2, 0x5C, 0xC2, 0x1F, 0x40, 0xBA, 0x34, 0x0F,
|
77
|
+
0xCA, 0xEA, 0x9A, 0x9A, 0x67, 0x11, 0xF0, 0xC3, 0x03, 0x0B,
|
78
|
+
0xAE, 0x74, 0x2A, 0x4C, 0xF6, 0x47, 0x03, 0x98, 0x14, 0x40,
|
79
|
+
0x9B, 0xD2, 0x6C, 0x29, 0xB4, 0x3A, 0x83, 0x36, 0x56, 0x8E,
|
80
|
+
0x47, 0x39, 0xF9, 0x05, 0x92, 0x69, 0x0A, 0x1F, 0xA2, 0x32,
|
81
|
+
0x07, 0x6E, 0x3B, 0xE3, 0xDF, 0x1C, 0xE0, 0xB9, 0xA0, 0x89,
|
82
|
+
0x9F, 0xEA, 0x10, 0xBC, 0x75, 0x8C, 0xFA, 0x1B, 0x00, 0x9D,
|
83
|
+
0xA3, 0xA0, 0x13, 0x00, 0xB2, 0x79, 0x9D, 0xF1, 0xAA, 0xCF,
|
84
|
+
0xBF, 0xE6, 0x5C, 0x12, 0x6E, 0x41, 0x3F, 0xB6, 0xA2, 0x56,
|
85
|
+
0xF7, 0xC7, 0x04, 0x64, 0x6C, 0xA0, 0x05, 0x45, 0x68, 0xF6,
|
86
|
+
0x3C, 0x59, 0x45, 0x9C, 0x7A, 0x28, 0xE7, 0xE3, 0xA5, 0xDA,
|
87
|
+
0xDB, 0xC9, 0xE9, 0xCE, 0xF4, 0xB2, 0x6B, 0xFE, 0xAB, 0x72,
|
88
|
+
0xAD, 0x90, 0x77, 0xD5, 0x62, 0x5B, 0xAB, 0x12, 0x34, 0x9B,
|
89
|
+
0x40, 0x0A, 0x4C, 0x03, 0xBC, 0x53
|
87
90
|
};
|
88
|
-
static unsigned char
|
91
|
+
static unsigned char dh2048_g[] = { 0x02 };
|
89
92
|
|
90
93
|
DH *dh;
|
94
|
+
#if !(OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER))
|
95
|
+
BIGNUM *p, *g;
|
96
|
+
#endif
|
97
|
+
|
91
98
|
dh = DH_new();
|
92
99
|
|
93
100
|
#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)
|
94
|
-
dh->p = BN_bin2bn(
|
95
|
-
dh->g = BN_bin2bn(
|
101
|
+
dh->p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
|
102
|
+
dh->g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
|
96
103
|
|
97
104
|
if ((dh->p == NULL) || (dh->g == NULL)) {
|
98
105
|
DH_free(dh);
|
99
106
|
return NULL;
|
100
107
|
}
|
101
108
|
#else
|
102
|
-
|
103
|
-
|
104
|
-
g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
|
109
|
+
p = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
|
110
|
+
g = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
|
105
111
|
|
106
112
|
if (p == NULL || g == NULL || !DH_set0_pqg(dh, p, NULL, g)) {
|
107
113
|
DH_free(dh);
|
@@ -114,6 +120,37 @@ DH *get_dh1024() {
|
|
114
120
|
return dh;
|
115
121
|
}
|
116
122
|
|
123
|
+
static void
|
124
|
+
sslctx_free(void *ptr) {
|
125
|
+
SSL_CTX *ctx = ptr;
|
126
|
+
SSL_CTX_free(ctx);
|
127
|
+
}
|
128
|
+
|
129
|
+
static const rb_data_type_t sslctx_type = {
|
130
|
+
"MiniSSL/SSLContext",
|
131
|
+
{
|
132
|
+
0, sslctx_free,
|
133
|
+
},
|
134
|
+
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
135
|
+
};
|
136
|
+
|
137
|
+
ms_conn* engine_alloc(VALUE klass, VALUE* obj) {
|
138
|
+
ms_conn* conn;
|
139
|
+
|
140
|
+
*obj = TypedData_Make_Struct(klass, ms_conn, &engine_data_type, conn);
|
141
|
+
|
142
|
+
conn->read = BIO_new(BIO_s_mem());
|
143
|
+
BIO_set_nbio(conn->read, 1);
|
144
|
+
|
145
|
+
conn->write = BIO_new(BIO_s_mem());
|
146
|
+
BIO_set_nbio(conn->write, 1);
|
147
|
+
|
148
|
+
conn->ssl = 0;
|
149
|
+
conn->ctx = 0;
|
150
|
+
|
151
|
+
return conn;
|
152
|
+
}
|
153
|
+
|
117
154
|
static int engine_verify_callback(int preverify_ok, X509_STORE_CTX* ctx) {
|
118
155
|
X509* err_cert;
|
119
156
|
SSL* ssl;
|
@@ -140,49 +177,73 @@ static int engine_verify_callback(int preverify_ok, X509_STORE_CTX* ctx) {
|
|
140
177
|
return preverify_ok;
|
141
178
|
}
|
142
179
|
|
143
|
-
|
144
|
-
|
180
|
+
static VALUE
|
181
|
+
sslctx_alloc(VALUE klass) {
|
182
|
+
SSL_CTX *ctx;
|
183
|
+
long mode = 0 |
|
184
|
+
SSL_MODE_ENABLE_PARTIAL_WRITE |
|
185
|
+
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
|
186
|
+
SSL_MODE_RELEASE_BUFFERS;
|
187
|
+
|
188
|
+
#ifdef HAVE_TLS_SERVER_METHOD
|
189
|
+
ctx = SSL_CTX_new(TLS_method());
|
190
|
+
// printf("\nctx using TLS_method security_level %d\n", SSL_CTX_get_security_level(ctx));
|
191
|
+
#else
|
192
|
+
ctx = SSL_CTX_new(SSLv23_method());
|
193
|
+
#endif
|
194
|
+
if (!ctx) {
|
195
|
+
rb_raise(eError, "SSL_CTX_new");
|
196
|
+
}
|
197
|
+
SSL_CTX_set_mode(ctx, mode);
|
198
|
+
|
199
|
+
return TypedData_Wrap_Struct(klass, &sslctx_type, ctx);
|
200
|
+
}
|
201
|
+
|
202
|
+
VALUE
|
203
|
+
sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
|
145
204
|
SSL_CTX* ctx;
|
146
|
-
SSL* ssl;
|
147
|
-
int min, ssl_options;
|
148
205
|
|
149
|
-
|
206
|
+
#ifdef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
|
207
|
+
int min;
|
208
|
+
#endif
|
209
|
+
int ssl_options;
|
210
|
+
VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
|
211
|
+
verification_flags, session_id_bytes;
|
212
|
+
DH *dh;
|
150
213
|
|
151
|
-
|
152
|
-
|
214
|
+
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
215
|
+
EC_KEY *ecdh;
|
216
|
+
#endif
|
153
217
|
|
154
|
-
|
218
|
+
TypedData_Get_Struct(self, SSL_CTX, &sslctx_type, ctx);
|
155
219
|
|
156
|
-
|
157
|
-
|
220
|
+
key = rb_funcall(mini_ssl_ctx, rb_intern_const("key"), 0);
|
221
|
+
StringValue(key);
|
158
222
|
|
223
|
+
cert = rb_funcall(mini_ssl_ctx, rb_intern_const("cert"), 0);
|
159
224
|
StringValue(cert);
|
160
225
|
|
161
|
-
|
162
|
-
VALUE ca = rb_funcall(mini_ssl_ctx, sym_ca, 0);
|
163
|
-
|
164
|
-
ID sym_verify_mode = rb_intern("verify_mode");
|
165
|
-
VALUE verify_mode = rb_funcall(mini_ssl_ctx, sym_verify_mode, 0);
|
226
|
+
ca = rb_funcall(mini_ssl_ctx, rb_intern_const("ca"), 0);
|
166
227
|
|
167
|
-
|
168
|
-
VALUE ssl_cipher_filter = rb_funcall(mini_ssl_ctx, sym_ssl_cipher_filter, 0);
|
228
|
+
verify_mode = rb_funcall(mini_ssl_ctx, rb_intern_const("verify_mode"), 0);
|
169
229
|
|
170
|
-
|
171
|
-
VALUE no_tlsv1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1, 0);
|
230
|
+
ssl_cipher_filter = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_cipher_filter"), 0);
|
172
231
|
|
173
|
-
|
174
|
-
VALUE no_tlsv1_1 = rb_funcall(mini_ssl_ctx, sym_no_tlsv1_1, 0);
|
232
|
+
no_tlsv1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1"), 0);
|
175
233
|
|
176
|
-
|
177
|
-
ctx = SSL_CTX_new(TLS_server_method());
|
178
|
-
#else
|
179
|
-
ctx = SSL_CTX_new(SSLv23_server_method());
|
180
|
-
#endif
|
181
|
-
conn->ctx = ctx;
|
234
|
+
no_tlsv1_1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1_1"), 0);
|
182
235
|
|
183
236
|
SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
|
184
237
|
SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
|
185
238
|
|
239
|
+
verification_flags = rb_funcall(mini_ssl_ctx, rb_intern_const("verification_flags"), 0);
|
240
|
+
|
241
|
+
if (!NIL_P(verification_flags)) {
|
242
|
+
X509_VERIFY_PARAM *param = SSL_CTX_get0_param(ctx);
|
243
|
+
X509_VERIFY_PARAM_set_flags(param, NUM2INT(verification_flags));
|
244
|
+
SSL_CTX_set1_param(ctx, param);
|
245
|
+
}
|
246
|
+
|
186
247
|
if (!NIL_P(ca)) {
|
187
248
|
StringValue(ca);
|
188
249
|
SSL_CTX_load_verify_locations(ctx, RSTRING_PTR(ca), NULL);
|
@@ -228,35 +289,60 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) {
|
|
228
289
|
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
|
229
290
|
}
|
230
291
|
|
231
|
-
|
292
|
+
dh = get_dh2048();
|
232
293
|
SSL_CTX_set_tmp_dh(ctx, dh);
|
233
294
|
|
234
295
|
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
235
296
|
// Remove this case if OpenSSL 1.0.1 (now EOL) support is no
|
236
297
|
// longer needed.
|
237
|
-
|
298
|
+
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
238
299
|
if (ecdh) {
|
239
300
|
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
|
240
301
|
EC_KEY_free(ecdh);
|
241
302
|
}
|
242
303
|
#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
243
|
-
// Prior to OpenSSL 1.1.0, servers must manually enable server-side ECDH
|
244
|
-
// negotiation.
|
245
304
|
SSL_CTX_set_ecdh_auto(ctx, 1);
|
246
305
|
#endif
|
247
306
|
|
248
|
-
ssl = SSL_new(ctx);
|
249
|
-
conn->ssl = ssl;
|
250
|
-
SSL_set_app_data(ssl, NULL);
|
251
|
-
|
252
307
|
if (NIL_P(verify_mode)) {
|
253
|
-
/*
|
308
|
+
/* SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); */
|
254
309
|
} else {
|
255
|
-
|
310
|
+
SSL_CTX_set_verify(ctx, NUM2INT(verify_mode), engine_verify_callback);
|
256
311
|
}
|
257
312
|
|
258
|
-
|
313
|
+
// Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
|
314
|
+
session_id_bytes = rb_funcall(
|
315
|
+
#ifdef HAVE_RANDOM_BYTES
|
316
|
+
rb_cRandom,
|
317
|
+
#else
|
318
|
+
rb_const_get(rb_cRandom, rb_intern_const("DEFAULT")),
|
319
|
+
#endif
|
320
|
+
rb_intern_const("bytes"),
|
321
|
+
1, ULL2NUM(SSL_MAX_SSL_SESSION_ID_LENGTH));
|
322
|
+
|
323
|
+
SSL_CTX_set_session_id_context(ctx,
|
324
|
+
(unsigned char *) RSTRING_PTR(session_id_bytes),
|
325
|
+
SSL_MAX_SSL_SESSION_ID_LENGTH);
|
259
326
|
|
327
|
+
// printf("\ninitialize end security_level %d\n", SSL_CTX_get_security_level(ctx));
|
328
|
+
rb_obj_freeze(self);
|
329
|
+
return self;
|
330
|
+
}
|
331
|
+
|
332
|
+
VALUE engine_init_server(VALUE self, VALUE sslctx) {
|
333
|
+
ms_conn* conn;
|
334
|
+
VALUE obj;
|
335
|
+
SSL_CTX* ctx;
|
336
|
+
SSL* ssl;
|
337
|
+
|
338
|
+
conn = engine_alloc(self, &obj);
|
339
|
+
|
340
|
+
TypedData_Get_Struct(sslctx, SSL_CTX, &sslctx_type, ctx);
|
341
|
+
|
342
|
+
ssl = SSL_new(ctx);
|
343
|
+
conn->ssl = ssl;
|
344
|
+
SSL_set_app_data(ssl, NULL);
|
345
|
+
SSL_set_bio(ssl, conn->read, conn->write);
|
260
346
|
SSL_set_accept_state(ssl);
|
261
347
|
return obj;
|
262
348
|
}
|
@@ -296,7 +382,7 @@ VALUE engine_inject(VALUE self, VALUE str) {
|
|
296
382
|
return INT2FIX(used);
|
297
383
|
}
|
298
384
|
|
299
|
-
|
385
|
+
NORETURN(void raise_error(SSL* ssl, int result));
|
300
386
|
|
301
387
|
void raise_error(SSL* ssl, int result) {
|
302
388
|
char buf[512];
|
@@ -320,8 +406,7 @@ void raise_error(SSL* ssl, int result) {
|
|
320
406
|
} else {
|
321
407
|
err = (int) ERR_get_error();
|
322
408
|
ERR_error_string_n(err, buf, sizeof(buf));
|
323
|
-
|
324
|
-
snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, errexp);
|
409
|
+
snprintf(msg, sizeof(msg), "OpenSSL error: %s - %d", buf, err & mask);
|
325
410
|
}
|
326
411
|
} else {
|
327
412
|
snprintf(msg, sizeof(msg), "Unknown OpenSSL error: %d", ssl_err);
|
@@ -385,7 +470,9 @@ VALUE engine_extract(VALUE self) {
|
|
385
470
|
ms_conn* conn;
|
386
471
|
int bytes;
|
387
472
|
size_t pending;
|
388
|
-
|
473
|
+
// https://www.openssl.org/docs/manmaster/man3/BIO_f_buffer.html
|
474
|
+
// crypto/bio/bf_buff.c DEFAULT_BUFFER_SIZE
|
475
|
+
char buf[4096];
|
389
476
|
|
390
477
|
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
391
478
|
|
@@ -480,7 +567,7 @@ VALUE noop(VALUE self) {
|
|
480
567
|
}
|
481
568
|
|
482
569
|
void Init_mini_ssl(VALUE puma) {
|
483
|
-
VALUE mod, eng;
|
570
|
+
VALUE mod, eng, sslctx;
|
484
571
|
|
485
572
|
/* Fake operation for documentation (RDoc, YARD) */
|
486
573
|
#if 0 == 1
|
@@ -494,6 +581,11 @@ void Init_mini_ssl(VALUE puma) {
|
|
494
581
|
|
495
582
|
mod = rb_define_module_under(puma, "MiniSSL");
|
496
583
|
eng = rb_define_class_under(mod, "Engine", rb_cObject);
|
584
|
+
sslctx = rb_define_class_under(mod, "SSLContext", rb_cObject);
|
585
|
+
rb_define_alloc_func(sslctx, sslctx_alloc);
|
586
|
+
rb_define_method(sslctx, "initialize", sslctx_initialize, 1);
|
587
|
+
rb_undef_method(sslctx, "initialize_copy");
|
588
|
+
|
497
589
|
|
498
590
|
// OpenSSL Build / Runtime/Load versions
|
499
591
|
|
@@ -552,9 +644,10 @@ void Init_mini_ssl(VALUE puma) {
|
|
552
644
|
|
553
645
|
#else
|
554
646
|
|
647
|
+
NORETURN(VALUE raise_error(VALUE self));
|
648
|
+
|
555
649
|
VALUE raise_error(VALUE self) {
|
556
650
|
rb_raise(rb_eStandardError, "SSL not available in this build");
|
557
|
-
return Qnil;
|
558
651
|
}
|
559
652
|
|
560
653
|
void Init_mini_ssl(VALUE puma) {
|
@@ -34,9 +34,9 @@ private static short[] init__puma_parser_key_offsets_0()
|
|
34
34
|
{
|
35
35
|
return new short [] {
|
36
36
|
0, 0, 8, 17, 27, 29, 30, 31, 32, 33, 34, 36,
|
37
|
-
39, 41, 44, 45, 61, 62, 78,
|
38
|
-
|
39
|
-
|
37
|
+
39, 41, 44, 45, 61, 62, 78, 83, 87, 95, 103, 113,
|
38
|
+
121, 130, 138, 146, 155, 164, 173, 182, 191, 200, 209, 218,
|
39
|
+
227, 236, 245, 254, 263, 272, 281, 290, 299, 308, 309
|
40
40
|
};
|
41
41
|
}
|
42
42
|
|
@@ -52,14 +52,13 @@ private static char[] init__puma_parser_trans_keys_0()
|
|
52
52
|
46, 48, 57, 48, 57, 13, 48, 57, 10, 13, 33, 124,
|
53
53
|
126, 35, 39, 42, 43, 45, 46, 48, 57, 65, 90, 94,
|
54
54
|
122, 10, 33, 58, 124, 126, 35, 39, 42, 43, 45, 46,
|
55
|
-
48, 57, 65, 90, 94, 122, 13, 32,
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
|
55
|
+
48, 57, 65, 90, 94, 122, 9, 13, 32, 33, 126, 9,
|
56
|
+
13, 32, 126, 32, 60, 62, 127, 0, 31, 34, 35, 32,
|
57
|
+
60, 62, 127, 0, 31, 34, 35, 43, 58, 45, 46, 48,
|
58
|
+
57, 65, 90, 97, 122, 32, 34, 35, 60, 62, 127, 0,
|
59
|
+
31, 32, 34, 35, 60, 62, 63, 127, 0, 31, 32, 34,
|
60
|
+
35, 60, 62, 127, 0, 31, 32, 34, 35, 60, 62, 127,
|
61
|
+
0, 31, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
|
63
62
|
36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95, 45,
|
64
63
|
46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48, 57,
|
65
64
|
65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
|
@@ -71,7 +70,8 @@ private static char[] init__puma_parser_trans_keys_0()
|
|
71
70
|
65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
|
72
71
|
36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95, 45,
|
73
72
|
46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48, 57,
|
74
|
-
65, 90, 32,
|
73
|
+
65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90, 32,
|
74
|
+
36, 95, 45, 46, 48, 57, 65, 90, 32, 0
|
75
75
|
};
|
76
76
|
}
|
77
77
|
|
@@ -82,7 +82,7 @@ private static byte[] init__puma_parser_single_lengths_0()
|
|
82
82
|
{
|
83
83
|
return new byte [] {
|
84
84
|
0, 2, 3, 4, 2, 1, 1, 1, 1, 1, 0, 1,
|
85
|
-
0, 1, 1, 4, 1, 4,
|
85
|
+
0, 1, 1, 4, 1, 4, 3, 2, 4, 4, 2, 6,
|
86
86
|
7, 6, 6, 3, 3, 3, 3, 3, 3, 3, 3, 3,
|
87
87
|
3, 3, 3, 3, 3, 3, 3, 3, 3, 1, 0
|
88
88
|
};
|
@@ -95,7 +95,7 @@ private static byte[] init__puma_parser_range_lengths_0()
|
|
95
95
|
{
|
96
96
|
return new byte [] {
|
97
97
|
0, 3, 3, 3, 0, 0, 0, 0, 0, 0, 1, 1,
|
98
|
-
1, 1, 0, 6, 0, 6,
|
98
|
+
1, 1, 0, 6, 0, 6, 1, 1, 2, 2, 4, 1,
|
99
99
|
1, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3,
|
100
100
|
3, 3, 3, 3, 3, 3, 3, 3, 3, 0, 0
|
101
101
|
};
|
@@ -108,9 +108,9 @@ private static short[] init__puma_parser_index_offsets_0()
|
|
108
108
|
{
|
109
109
|
return new short [] {
|
110
110
|
0, 0, 6, 13, 21, 24, 26, 28, 30, 32, 34, 36,
|
111
|
-
39, 41, 44, 46, 57, 59, 70,
|
112
|
-
|
113
|
-
|
111
|
+
39, 41, 44, 46, 57, 59, 70, 75, 79, 86, 93, 100,
|
112
|
+
108, 117, 125, 133, 140, 147, 154, 161, 168, 175, 182, 189,
|
113
|
+
196, 203, 210, 217, 224, 231, 238, 245, 252, 259, 261
|
114
114
|
};
|
115
115
|
}
|
116
116
|
|
@@ -125,23 +125,23 @@ private static byte[] init__puma_parser_indicies_0()
|
|
125
125
|
10, 1, 11, 1, 12, 1, 13, 1, 14, 1, 15, 1,
|
126
126
|
16, 15, 1, 17, 1, 18, 17, 1, 19, 1, 20, 21,
|
127
127
|
21, 21, 21, 21, 21, 21, 21, 21, 1, 22, 1, 23,
|
128
|
-
24, 23, 23, 23, 23, 23, 23, 23, 23, 1,
|
129
|
-
|
130
|
-
1, 1, 1, 1, 33, 34, 35, 34,
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
46, 46, 46, 1, 2, 47, 47, 47,
|
135
|
-
48, 48, 48, 48, 48, 1, 2, 49,
|
136
|
-
|
137
|
-
|
138
|
-
53, 53, 53, 53, 1, 2, 54, 54,
|
139
|
-
|
140
|
-
56, 1, 2, 57, 57, 57, 57, 57,
|
141
|
-
|
142
|
-
60, 60, 60, 60, 60, 1, 2, 61,
|
143
|
-
|
144
|
-
|
128
|
+
24, 23, 23, 23, 23, 23, 23, 23, 23, 1, 25, 26,
|
129
|
+
27, 25, 1, 28, 29, 28, 1, 30, 1, 1, 1, 1,
|
130
|
+
1, 31, 32, 1, 1, 1, 1, 1, 33, 34, 35, 34,
|
131
|
+
34, 34, 34, 1, 8, 1, 9, 1, 1, 1, 1, 35,
|
132
|
+
36, 1, 38, 1, 1, 39, 1, 1, 37, 40, 1, 42,
|
133
|
+
1, 1, 1, 1, 41, 43, 1, 45, 1, 1, 1, 1,
|
134
|
+
44, 2, 46, 46, 46, 46, 46, 1, 2, 47, 47, 47,
|
135
|
+
47, 47, 1, 2, 48, 48, 48, 48, 48, 1, 2, 49,
|
136
|
+
49, 49, 49, 49, 1, 2, 50, 50, 50, 50, 50, 1,
|
137
|
+
2, 51, 51, 51, 51, 51, 1, 2, 52, 52, 52, 52,
|
138
|
+
52, 1, 2, 53, 53, 53, 53, 53, 1, 2, 54, 54,
|
139
|
+
54, 54, 54, 1, 2, 55, 55, 55, 55, 55, 1, 2,
|
140
|
+
56, 56, 56, 56, 56, 1, 2, 57, 57, 57, 57, 57,
|
141
|
+
1, 2, 58, 58, 58, 58, 58, 1, 2, 59, 59, 59,
|
142
|
+
59, 59, 1, 2, 60, 60, 60, 60, 60, 1, 2, 61,
|
143
|
+
61, 61, 61, 61, 1, 2, 62, 62, 62, 62, 62, 1,
|
144
|
+
2, 63, 63, 63, 63, 63, 1, 2, 1, 1, 0
|
145
145
|
};
|
146
146
|
}
|
147
147
|
|
@@ -182,8 +182,6 @@ static final int puma_parser_start = 1;
|
|
182
182
|
static final int puma_parser_first_final = 46;
|
183
183
|
static final int puma_parser_error = 0;
|
184
184
|
|
185
|
-
static final int puma_parser_en_main = 1;
|
186
|
-
|
187
185
|
|
188
186
|
// line 62 "ext/puma_http11/http11_parser.java.rl"
|
189
187
|
|
@@ -212,12 +210,12 @@ static final int puma_parser_en_main = 1;
|
|
212
210
|
cs = 0;
|
213
211
|
|
214
212
|
|
215
|
-
// line
|
213
|
+
// line 214 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
216
214
|
{
|
217
215
|
cs = puma_parser_start;
|
218
216
|
}
|
219
217
|
|
220
|
-
// line
|
218
|
+
// line 88 "ext/puma_http11/http11_parser.java.rl"
|
221
219
|
|
222
220
|
body_start = 0;
|
223
221
|
content_len = 0;
|
@@ -244,7 +242,7 @@ static final int puma_parser_en_main = 1;
|
|
244
242
|
parser.buffer = buffer;
|
245
243
|
|
246
244
|
|
247
|
-
// line
|
245
|
+
// line 246 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
248
246
|
{
|
249
247
|
int _klen;
|
250
248
|
int _trans = 0;
|
@@ -400,7 +398,7 @@ case 1:
|
|
400
398
|
{ p += 1; _goto_targ = 5; if (true) continue _goto;}
|
401
399
|
}
|
402
400
|
break;
|
403
|
-
// line
|
401
|
+
// line 402 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
404
402
|
}
|
405
403
|
}
|
406
404
|
}
|
@@ -420,7 +418,7 @@ case 5:
|
|
420
418
|
break; }
|
421
419
|
}
|
422
420
|
|
423
|
-
// line
|
421
|
+
// line 114 "ext/puma_http11/http11_parser.java.rl"
|
424
422
|
|
425
423
|
parser.cs = cs;
|
426
424
|
parser.nread += (p - off);
|
@@ -40,7 +40,9 @@ static VALUE global_http_version;
|
|
40
40
|
static VALUE global_request_path;
|
41
41
|
|
42
42
|
/** Defines common length and error messages for input length validation. */
|
43
|
-
#define
|
43
|
+
#define QUOTE(s) #s
|
44
|
+
#define EXPLAIN_MAX_LENGTH_VALUE(s) QUOTE(s)
|
45
|
+
#define DEF_MAX_LENGTH(N,length) const size_t MAX_##N##_LENGTH = length; const char *MAX_##N##_LENGTH_ERR = "HTTP element " # N " is longer than the " EXPLAIN_MAX_LENGTH_VALUE(length) " allowed length (was %d)"
|
44
46
|
|
45
47
|
/** Validates the max length of given input and throws an HttpParserError exception if over. */
|
46
48
|
#define VALIDATE_MAX_LENGTH(len, N) if(len > MAX_##N##_LENGTH) { rb_raise(eHttpParserError, MAX_##N##_LENGTH_ERR, len); }
|
@@ -50,12 +52,16 @@ static VALUE global_request_path;
|
|
50
52
|
|
51
53
|
|
52
54
|
/* Defines the maximum allowed lengths for various input elements.*/
|
55
|
+
#ifndef PUMA_QUERY_STRING_MAX_LENGTH
|
56
|
+
#define PUMA_QUERY_STRING_MAX_LENGTH (1024 * 10)
|
57
|
+
#endif
|
58
|
+
|
53
59
|
DEF_MAX_LENGTH(FIELD_NAME, 256);
|
54
60
|
DEF_MAX_LENGTH(FIELD_VALUE, 80 * 1024);
|
55
61
|
DEF_MAX_LENGTH(REQUEST_URI, 1024 * 12);
|
56
62
|
DEF_MAX_LENGTH(FRAGMENT, 1024); /* Don't know if this length is specified somewhere or not */
|
57
63
|
DEF_MAX_LENGTH(REQUEST_PATH, 8192);
|
58
|
-
DEF_MAX_LENGTH(QUERY_STRING,
|
64
|
+
DEF_MAX_LENGTH(QUERY_STRING, PUMA_QUERY_STRING_MAX_LENGTH);
|
59
65
|
DEF_MAX_LENGTH(HEADER, (1024 * (80 + 32)));
|
60
66
|
|
61
67
|
struct common_field {
|
data/lib/puma/app/status.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
+
require 'puma/json_serialization'
|
2
3
|
|
3
4
|
module Puma
|
4
5
|
module App
|
@@ -22,10 +23,6 @@ module Puma
|
|
22
23
|
return rack_response(403, 'Invalid auth token', 'text/plain')
|
23
24
|
end
|
24
25
|
|
25
|
-
if env['PATH_INFO'] =~ /\/(gc-stats|stats|thread-backtraces)$/
|
26
|
-
require 'json'
|
27
|
-
end
|
28
|
-
|
29
26
|
# resp_type is processed by following case statement, return
|
30
27
|
# is a number (status) or a string used as the body of a 200 response
|
31
28
|
resp_type =
|
@@ -49,17 +46,17 @@ module Puma
|
|
49
46
|
GC.start ; 200
|
50
47
|
|
51
48
|
when 'gc-stats'
|
52
|
-
GC.stat
|
49
|
+
Puma::JSONSerialization.generate GC.stat
|
53
50
|
|
54
51
|
when 'stats'
|
55
|
-
@launcher.stats
|
52
|
+
Puma::JSONSerialization.generate @launcher.stats
|
56
53
|
|
57
54
|
when 'thread-backtraces'
|
58
55
|
backtraces = []
|
59
56
|
@launcher.thread_status do |name, backtrace|
|
60
57
|
backtraces << { name: name, backtrace: backtrace }
|
61
58
|
end
|
62
|
-
backtraces
|
59
|
+
Puma::JSONSerialization.generate backtraces
|
63
60
|
|
64
61
|
else
|
65
62
|
return rack_response(404, "Unsupported action", 'text/plain')
|