puma 5.5.1 → 5.6.2
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of puma might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/History.md +67 -0
- data/LICENSE +0 -0
- data/README.md +5 -0
- data/bin/puma-wild +0 -0
- data/docs/architecture.md +4 -4
- data/docs/compile_options.md +0 -0
- data/docs/deployment.md +0 -0
- data/docs/fork_worker.md +0 -0
- data/docs/images/puma-connection-flow-no-reactor.png +0 -0
- data/docs/images/puma-connection-flow.png +0 -0
- data/docs/images/puma-general-arch.png +0 -0
- data/docs/jungle/README.md +0 -0
- data/docs/jungle/rc.d/README.md +0 -0
- data/docs/jungle/rc.d/puma.conf +0 -0
- data/docs/kubernetes.md +0 -0
- data/docs/nginx.md +0 -0
- data/docs/plugins.md +0 -0
- data/docs/rails_dev_mode.md +0 -0
- data/docs/restart.md +0 -0
- data/docs/signals.md +1 -0
- data/docs/stats.md +0 -0
- data/docs/systemd.md +0 -0
- data/ext/puma_http11/PumaHttp11Service.java +0 -0
- data/ext/puma_http11/ext_help.h +0 -0
- data/ext/puma_http11/extconf.rb +12 -6
- data/ext/puma_http11/http11_parser.c +22 -16
- data/ext/puma_http11/http11_parser.h +0 -0
- data/ext/puma_http11/http11_parser.java.rl +0 -0
- data/ext/puma_http11/http11_parser.rl +0 -0
- data/ext/puma_http11/http11_parser_common.rl +1 -1
- data/ext/puma_http11/mini_ssl.c +54 -9
- data/ext/puma_http11/no_ssl/PumaHttp11Service.java +0 -0
- data/ext/puma_http11/org/jruby/puma/Http11.java +0 -0
- data/ext/puma_http11/org/jruby/puma/Http11Parser.java +49 -47
- data/ext/puma_http11/org/jruby/puma/MiniSSL.java +28 -43
- data/ext/puma_http11/puma_http11.c +1 -1
- data/lib/puma/app/status.rb +0 -0
- data/lib/puma/binder.rb +19 -5
- data/lib/puma/cli.rb +9 -4
- data/lib/puma/client.rb +1 -1
- data/lib/puma/cluster/worker.rb +5 -5
- data/lib/puma/cluster/worker_handle.rb +4 -0
- data/lib/puma/cluster.rb +29 -11
- data/lib/puma/commonlogger.rb +0 -0
- data/lib/puma/configuration.rb +3 -0
- data/lib/puma/const.rb +2 -5
- data/lib/puma/control_cli.rb +0 -0
- data/lib/puma/detect.rb +8 -2
- data/lib/puma/dsl.rb +85 -8
- data/lib/puma/error_logger.rb +0 -0
- data/lib/puma/events.rb +0 -0
- data/lib/puma/io_buffer.rb +0 -0
- data/lib/puma/jruby_restart.rb +0 -0
- data/lib/puma/json_serialization.rb +0 -0
- data/lib/puma/launcher.rb +2 -1
- data/lib/puma/minissl/context_builder.rb +8 -6
- data/lib/puma/minissl.rb +18 -2
- data/lib/puma/null_io.rb +0 -0
- data/lib/puma/plugin/tmp_restart.rb +0 -0
- data/lib/puma/plugin.rb +1 -1
- data/lib/puma/queue_close.rb +0 -0
- data/lib/puma/rack/builder.rb +0 -0
- data/lib/puma/rack/urlmap.rb +0 -0
- data/lib/puma/rack_default.rb +0 -0
- data/lib/puma/reactor.rb +0 -0
- data/lib/puma/request.rb +10 -5
- data/lib/puma/runner.rb +3 -2
- data/lib/puma/server.rb +18 -24
- data/lib/puma/single.rb +0 -0
- data/lib/puma/state_file.rb +41 -7
- data/lib/puma/systemd.rb +0 -0
- data/lib/puma/thread_pool.rb +2 -2
- data/lib/puma/util.rb +0 -0
- data/lib/puma.rb +0 -0
- data/lib/rack/handler/puma.rb +0 -0
- data/tools/Dockerfile +1 -1
- data/tools/trickletest.rb +0 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f2fbd628cb88e37c6df33dccf70b11f52b5e0ae56693e8ada921793cf607f0a
|
4
|
+
data.tar.gz: fd7fa2520c4ac378f616373655f9b72127cd50c1ba36db4d986857e736a526b1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 448267cd44a571941f8ab0133d9ab2a5bedd2c7fcd964fb3948a7a9a3190b8052a69e8b849e1bbb7622373a5ccf754cdd39d1e24b8fa839cf0af71015b608b30
|
7
|
+
data.tar.gz: b37d8563ce45b33bdd12ae8e4a913a8a702f36f7b4afaf16edf17611868da089d8b98ee130a565488f3007b0a28bce32202fe4f391a9ff81aa29e66a9372be36
|
data/History.md
CHANGED
@@ -1,5 +1,46 @@
|
|
1
|
+
## 5.6.2 / 2022-02-11
|
2
|
+
|
3
|
+
* Bugfix/Security
|
4
|
+
* Response body will always be `close`d. (GHSA-rmj8-8hhh-gv5h, related to [#2809])
|
5
|
+
|
6
|
+
## 5.6.1 / 2022-01-26
|
7
|
+
|
8
|
+
* Bugfixes
|
9
|
+
* Reverted a commit which appeared to be causing occasional blank header values ([#2809])
|
10
|
+
|
11
|
+
## 5.6.0 / 2022-01-25
|
12
|
+
|
13
|
+
* Features
|
14
|
+
* Support `localhost` integration in `ssl_bind` ([#2764], [#2708])
|
15
|
+
* Allow backlog parameter to be set with ssl_bind DSL ([#2780])
|
16
|
+
* Remove yaml (psych) requirement in StateFile ([#2784])
|
17
|
+
* Allow culling of oldest workers, previously was only youngest ([#2773], [#2794])
|
18
|
+
* Add worker_check_interval configuration option ([#2759])
|
19
|
+
* Always send lowlevel_error response to client ([#2731], [#2341])
|
20
|
+
* Support for cert_pem and key_pem with ssl_bind DSL ([#2728])
|
21
|
+
|
22
|
+
* Bugfixes
|
23
|
+
* Keep thread names under 15 characters, prevents breakage on some OSes ([#2733])
|
24
|
+
* Fix two 'old-style-definition' compile warning ([#2807], [#2806])
|
25
|
+
* Log environment correctly using option value ([#2799])
|
26
|
+
* Fix warning from Ruby master (will be 3.2.0) ([#2785])
|
27
|
+
* extconf.rb - fix openssl with old Windows builds ([#2757])
|
28
|
+
* server.rb - rescue handling (`Errno::EBADF`) for `@notify.close` ([#2745])
|
29
|
+
|
30
|
+
* Refactor
|
31
|
+
* server.rb - refactor code using @options[:remote_address] ([#2742])
|
32
|
+
* [jruby] a couple refactorings - avoid copy-ing bytes ([#2730])
|
33
|
+
|
34
|
+
## 5.5.2 / 2021-10-12
|
35
|
+
|
36
|
+
* Bugfixes
|
37
|
+
* Allow UTF-8 in HTTP header values
|
38
|
+
|
1
39
|
## 5.5.1 / 2021-10-12
|
2
40
|
|
41
|
+
* Feature (added as mistake - we don't normally do this on bugfix releases, sorry!)
|
42
|
+
* Allow setting APP_ENV in preference to RACK_ENV or RAILS_ENV ([#2702])
|
43
|
+
|
3
44
|
* Security
|
4
45
|
* Do not allow LF as a line ending in a header (CVE-2021-41136)
|
5
46
|
|
@@ -256,6 +297,11 @@
|
|
256
297
|
* Support parallel tests in verbose progress reporting ([#2223])
|
257
298
|
* Refactor error handling in server accept loop ([#2239])
|
258
299
|
|
300
|
+
## 4.3.10 / 2021-10-12
|
301
|
+
|
302
|
+
* Bugfixes
|
303
|
+
* Allow UTF-8 in HTTP header values
|
304
|
+
|
259
305
|
## 4.3.9 / 2021-10-12
|
260
306
|
|
261
307
|
* Security
|
@@ -1794,6 +1840,27 @@ be added back in a future date when a java Puma::MiniSSL is added.
|
|
1794
1840
|
* Bugfixes
|
1795
1841
|
* Your bugfix goes here <Most recent on the top, like GitHub> (#Github Number)
|
1796
1842
|
|
1843
|
+
[#2809]:https://github.com/puma/puma/pull/2809 "PR by @dentarg, merged 2022-01-26"
|
1844
|
+
[#2764]:https://github.com/puma/puma/pull/2764 "PR by @dentarg, merged 2022-01-18"
|
1845
|
+
[#2708]:https://github.com/puma/puma/issues/2708 "Issue by @erikaxel, closed 2022-01-18"
|
1846
|
+
[#2780]:https://github.com/puma/puma/pull/2780 "PR by @dalibor, merged 2022-01-01"
|
1847
|
+
[#2784]:https://github.com/puma/puma/pull/2784 "PR by @MSP-Greg, merged 2022-01-01"
|
1848
|
+
[#2773]:https://github.com/puma/puma/pull/2773 "PR by @ob-stripe, merged 2022-01-01"
|
1849
|
+
[#2794]:https://github.com/puma/puma/pull/2794 "PR by @johnnyshields, merged 2022-01-10"
|
1850
|
+
[#2759]:https://github.com/puma/puma/pull/2759 "PR by @ob-stripe, merged 2021-12-11"
|
1851
|
+
[#2731]:https://github.com/puma/puma/pull/2731 "PR by @baelter, merged 2021-11-02"
|
1852
|
+
[#2341]:https://github.com/puma/puma/issues/2341 "Issue by @cjlarose, closed 2021-11-02"
|
1853
|
+
[#2728]:https://github.com/puma/puma/pull/2728 "PR by @dalibor, merged 2021-10-31"
|
1854
|
+
[#2733]:https://github.com/puma/puma/pull/2733 "PR by @ob-stripe, merged 2021-12-12"
|
1855
|
+
[#2807]:https://github.com/puma/puma/pull/2807 "PR by @MSP-Greg, merged 2022-01-25"
|
1856
|
+
[#2806]:https://github.com/puma/puma/issues/2806 "Issue by @olleolleolle, closed 2022-01-25"
|
1857
|
+
[#2799]:https://github.com/puma/puma/pull/2799 "PR by @ags, merged 2022-01-22"
|
1858
|
+
[#2785]:https://github.com/puma/puma/pull/2785 "PR by @MSP-Greg, merged 2022-01-02"
|
1859
|
+
[#2757]:https://github.com/puma/puma/pull/2757 "PR by @MSP-Greg, merged 2021-11-24"
|
1860
|
+
[#2745]:https://github.com/puma/puma/pull/2745 "PR by @MSP-Greg, merged 2021-11-03"
|
1861
|
+
[#2742]:https://github.com/puma/puma/pull/2742 "PR by @MSP-Greg, merged 2021-12-12"
|
1862
|
+
[#2730]:https://github.com/puma/puma/pull/2730 "PR by @kares, merged 2021-11-01"
|
1863
|
+
[#2702]:https://github.com/puma/puma/pull/2702 "PR by @jacobherrington, merged 2021-09-21"
|
1797
1864
|
[#2610]:https://github.com/puma/puma/pull/2610 "PR by @ye-lin-aung, merged 2021-08-18"
|
1798
1865
|
[#2257]:https://github.com/puma/puma/issues/2257 "Issue by @nateberkopec, closed 2021-08-18"
|
1799
1866
|
[#2654]:https://github.com/puma/puma/pull/2654 "PR by @Roguelazer, merged 2021-09-07"
|
data/LICENSE
CHANGED
File without changes
|
data/README.md
CHANGED
@@ -137,6 +137,11 @@ This code can be used to setup the process before booting the application, allow
|
|
137
137
|
you to do some Puma-specific things that you don't want to embed in your application.
|
138
138
|
For instance, you could fire a log notification that a worker booted or send something to statsd. This can be called multiple times.
|
139
139
|
|
140
|
+
Constants loaded by your application (such as `Rails`) will not be available in `on_worker_boot`.
|
141
|
+
However, these constants _will_ be available if `preload_app!` is enabled, either explicitly in your `puma` config or automatically if
|
142
|
+
using 2 or more workers in cluster mode.
|
143
|
+
If `preload_app!` is not enabled and 1 worker is used, then `on_worker_boot` will fire, but your app will not be preloaded and constants will not be available.
|
144
|
+
|
140
145
|
`before_fork` specifies a block to be run before workers are forked:
|
141
146
|
|
142
147
|
```ruby
|
data/bin/puma-wild
CHANGED
File without changes
|
data/docs/architecture.md
CHANGED
@@ -31,10 +31,10 @@ _workers_, and we sometimes call the threads created by Puma's
|
|
31
31
|
![https://bit.ly/2zwzhEK](images/puma-connection-flow.png)
|
32
32
|
|
33
33
|
* Upon startup, Puma listens on a TCP or UNIX socket.
|
34
|
-
* The backlog of this socket is configured
|
35
|
-
backlog
|
36
|
-
|
37
|
-
full, the operating system
|
34
|
+
* The backlog of this socket is configured with a default of 1024, but the
|
35
|
+
actual backlog value is capped by the `net.core.somaxconn` sysctl value.
|
36
|
+
The backlog determines the size of the queue for unaccepted connections. If
|
37
|
+
the backlog is full, the operating system is not accepting new connections.
|
38
38
|
* This socket backlog is distinct from the `backlog` of work as reported by
|
39
39
|
`Puma.stats` or the control server. The backlog that `Puma.stats` refers to
|
40
40
|
represents the number of connections in the process' `todo` set waiting for
|
data/docs/compile_options.md
CHANGED
File without changes
|
data/docs/deployment.md
CHANGED
File without changes
|
data/docs/fork_worker.md
CHANGED
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/docs/jungle/README.md
CHANGED
File without changes
|
data/docs/jungle/rc.d/README.md
CHANGED
File without changes
|
data/docs/jungle/rc.d/puma.conf
CHANGED
File without changes
|
data/docs/kubernetes.md
CHANGED
File without changes
|
data/docs/nginx.md
CHANGED
File without changes
|
data/docs/plugins.md
CHANGED
File without changes
|
data/docs/rails_dev_mode.md
CHANGED
File without changes
|
data/docs/restart.md
CHANGED
File without changes
|
data/docs/signals.md
CHANGED
@@ -42,6 +42,7 @@ Puma cluster responds to these signals:
|
|
42
42
|
- `INT ` equivalent of sending Ctrl-C to cluster. Puma will attempt to finish then exit.
|
43
43
|
- `CHLD`
|
44
44
|
- `URG ` refork workers in phases from worker 0 if `fork_workers` option is enabled.
|
45
|
+
- `INFO` print backtraces of all puma threads
|
45
46
|
|
46
47
|
## Callbacks order in case of different signals
|
47
48
|
|
data/docs/stats.md
CHANGED
File without changes
|
data/docs/systemd.md
CHANGED
File without changes
|
File without changes
|
data/ext/puma_http11/ext_help.h
CHANGED
File without changes
|
data/ext/puma_http11/extconf.rb
CHANGED
@@ -11,7 +11,7 @@ end
|
|
11
11
|
unless ENV["DISABLE_SSL"]
|
12
12
|
dir_config("openssl")
|
13
13
|
|
14
|
-
found_ssl = if pkg_config 'openssl'
|
14
|
+
found_ssl = if (!$mingw || RUBY_VERSION >= '2.4') && (t = pkg_config 'openssl')
|
15
15
|
puts 'using OpenSSL pkgconfig (openssl.pc)'
|
16
16
|
true
|
17
17
|
elsif %w'crypto libeay32'.find {|crypto| have_library(crypto, 'BIO_read')} &&
|
@@ -33,11 +33,14 @@ unless ENV["DISABLE_SSL"]
|
|
33
33
|
have_func "SSL_CTX_set_min_proto_version(NULL, 0)", "openssl/ssl.h"
|
34
34
|
|
35
35
|
have_func "X509_STORE_up_ref"
|
36
|
-
have_func
|
36
|
+
have_func "SSL_CTX_set_ecdh_auto(NULL, 0)" , "openssl/ssl.h"
|
37
|
+
|
38
|
+
# below are yes for 3.0.0 & later, use for OpenSSL 3 detection
|
39
|
+
have_func "SSL_get1_peer_certificate" , "openssl/ssl.h"
|
37
40
|
|
38
41
|
# Random.bytes available in Ruby 2.5 and later, Random::DEFAULT deprecated in 3.0
|
39
42
|
if Random.respond_to?(:bytes)
|
40
|
-
$defs.push
|
43
|
+
$defs.push "-DHAVE_RANDOM_BYTES"
|
41
44
|
puts "checking for Random.bytes... yes"
|
42
45
|
else
|
43
46
|
puts "checking for Random.bytes... no"
|
@@ -48,11 +51,14 @@ end
|
|
48
51
|
if ENV["MAKE_WARNINGS_INTO_ERRORS"]
|
49
52
|
# Make all warnings into errors
|
50
53
|
# Except `implicit-fallthrough` since most failures comes from ragel state machine generated code
|
51
|
-
if respond_to?
|
52
|
-
append_cflags
|
54
|
+
if respond_to?(:append_cflags, true) # Ruby 2.5 and later
|
55
|
+
append_cflags(config_string('WERRORFLAG') || '-Werror')
|
53
56
|
append_cflags '-Wno-implicit-fallthrough'
|
54
57
|
else
|
55
|
-
|
58
|
+
# flag may not exist on some platforms, -Werror may not be defined on some platforms, but
|
59
|
+
# works with all in current CI
|
60
|
+
$CFLAGS << " #{config_string('WERRORFLAG') || '-Werror'}"
|
61
|
+
$CFLAGS << ' -Wno-implicit-fallthrough'
|
56
62
|
end
|
57
63
|
end
|
58
64
|
|
@@ -426,13 +426,16 @@ st18:
|
|
426
426
|
case 18:
|
427
427
|
#line 428 "ext/puma_http11/http11_parser.c"
|
428
428
|
switch( (*p) ) {
|
429
|
-
case 9: goto tr25;
|
430
429
|
case 13: goto tr26;
|
431
430
|
case 32: goto tr27;
|
431
|
+
case 127: goto st0;
|
432
432
|
}
|
433
|
-
if (
|
434
|
-
|
435
|
-
|
433
|
+
if ( (*p) > 8 ) {
|
434
|
+
if ( 10 <= (*p) && (*p) <= 31 )
|
435
|
+
goto st0;
|
436
|
+
} else if ( (*p) >= 0 )
|
437
|
+
goto st0;
|
438
|
+
goto tr25;
|
436
439
|
tr25:
|
437
440
|
#line 46 "ext/puma_http11/http11_parser.rl"
|
438
441
|
{ MARK(mark, p); }
|
@@ -441,14 +444,17 @@ st19:
|
|
441
444
|
if ( ++p == pe )
|
442
445
|
goto _test_eof19;
|
443
446
|
case 19:
|
444
|
-
#line
|
447
|
+
#line 448 "ext/puma_http11/http11_parser.c"
|
445
448
|
switch( (*p) ) {
|
446
|
-
case 9: goto st19;
|
447
449
|
case 13: goto tr29;
|
450
|
+
case 127: goto st0;
|
448
451
|
}
|
449
|
-
if (
|
450
|
-
|
451
|
-
|
452
|
+
if ( (*p) > 8 ) {
|
453
|
+
if ( 10 <= (*p) && (*p) <= 31 )
|
454
|
+
goto st0;
|
455
|
+
} else if ( (*p) >= 0 )
|
456
|
+
goto st0;
|
457
|
+
goto st19;
|
452
458
|
tr9:
|
453
459
|
#line 53 "ext/puma_http11/http11_parser.rl"
|
454
460
|
{
|
@@ -491,7 +497,7 @@ st20:
|
|
491
497
|
if ( ++p == pe )
|
492
498
|
goto _test_eof20;
|
493
499
|
case 20:
|
494
|
-
#line
|
500
|
+
#line 501 "ext/puma_http11/http11_parser.c"
|
495
501
|
switch( (*p) ) {
|
496
502
|
case 32: goto tr31;
|
497
503
|
case 60: goto st0;
|
@@ -512,7 +518,7 @@ st21:
|
|
512
518
|
if ( ++p == pe )
|
513
519
|
goto _test_eof21;
|
514
520
|
case 21:
|
515
|
-
#line
|
521
|
+
#line 522 "ext/puma_http11/http11_parser.c"
|
516
522
|
switch( (*p) ) {
|
517
523
|
case 32: goto tr33;
|
518
524
|
case 60: goto st0;
|
@@ -533,7 +539,7 @@ st22:
|
|
533
539
|
if ( ++p == pe )
|
534
540
|
goto _test_eof22;
|
535
541
|
case 22:
|
536
|
-
#line
|
542
|
+
#line 543 "ext/puma_http11/http11_parser.c"
|
537
543
|
switch( (*p) ) {
|
538
544
|
case 43: goto st22;
|
539
545
|
case 58: goto st23;
|
@@ -558,7 +564,7 @@ st23:
|
|
558
564
|
if ( ++p == pe )
|
559
565
|
goto _test_eof23;
|
560
566
|
case 23:
|
561
|
-
#line
|
567
|
+
#line 568 "ext/puma_http11/http11_parser.c"
|
562
568
|
switch( (*p) ) {
|
563
569
|
case 32: goto tr8;
|
564
570
|
case 34: goto st0;
|
@@ -578,7 +584,7 @@ st24:
|
|
578
584
|
if ( ++p == pe )
|
579
585
|
goto _test_eof24;
|
580
586
|
case 24:
|
581
|
-
#line
|
587
|
+
#line 588 "ext/puma_http11/http11_parser.c"
|
582
588
|
switch( (*p) ) {
|
583
589
|
case 32: goto tr37;
|
584
590
|
case 34: goto st0;
|
@@ -601,7 +607,7 @@ st25:
|
|
601
607
|
if ( ++p == pe )
|
602
608
|
goto _test_eof25;
|
603
609
|
case 25:
|
604
|
-
#line
|
610
|
+
#line 611 "ext/puma_http11/http11_parser.c"
|
605
611
|
switch( (*p) ) {
|
606
612
|
case 32: goto tr41;
|
607
613
|
case 34: goto st0;
|
@@ -621,7 +627,7 @@ st26:
|
|
621
627
|
if ( ++p == pe )
|
622
628
|
goto _test_eof26;
|
623
629
|
case 26:
|
624
|
-
#line
|
630
|
+
#line 631 "ext/puma_http11/http11_parser.c"
|
625
631
|
switch( (*p) ) {
|
626
632
|
case 32: goto tr44;
|
627
633
|
case 34: goto st0;
|
File without changes
|
File without changes
|
File without changes
|
@@ -43,7 +43,7 @@
|
|
43
43
|
|
44
44
|
field_name = ( token -- ":" )+ >start_field $snake_upcase_field %write_field;
|
45
45
|
|
46
|
-
field_value = (
|
46
|
+
field_value = ( (any -- CTL) | "\t" )* >start_value %write_value;
|
47
47
|
|
48
48
|
message_header = field_name ":" " "* field_value :> CRLF;
|
49
49
|
|
data/ext/puma_http11/mini_ssl.c
CHANGED
@@ -49,7 +49,8 @@ const rb_data_type_t engine_data_type = {
|
|
49
49
|
0, 0, RUBY_TYPED_FREE_IMMEDIATELY,
|
50
50
|
};
|
51
51
|
|
52
|
-
|
52
|
+
#ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
|
53
|
+
DH *get_dh2048(void) {
|
53
54
|
/* `openssl dhparam -C 2048`
|
54
55
|
* -----BEGIN DH PARAMETERS-----
|
55
56
|
* MIIBCAKCAQEAjmh1uQHdTfxOyxEbKAV30fUfzqMDF/ChPzjfyzl2jcrqQMhrk76o
|
@@ -119,6 +120,7 @@ DH *get_dh2048() {
|
|
119
120
|
|
120
121
|
return dh;
|
121
122
|
}
|
123
|
+
#endif
|
122
124
|
|
123
125
|
static void
|
124
126
|
sslctx_free(void *ptr) {
|
@@ -208,8 +210,13 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
|
|
208
210
|
#endif
|
209
211
|
int ssl_options;
|
210
212
|
VALUE key, cert, ca, verify_mode, ssl_cipher_filter, no_tlsv1, no_tlsv1_1,
|
211
|
-
verification_flags, session_id_bytes;
|
213
|
+
verification_flags, session_id_bytes, cert_pem, key_pem;
|
214
|
+
#ifndef HAVE_SSL_GET1_PEER_CERTIFICATE
|
212
215
|
DH *dh;
|
216
|
+
#endif
|
217
|
+
BIO *bio;
|
218
|
+
X509 *x509;
|
219
|
+
EVP_PKEY *pkey;
|
213
220
|
|
214
221
|
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
215
222
|
EC_KEY *ecdh;
|
@@ -218,13 +225,15 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
|
|
218
225
|
TypedData_Get_Struct(self, SSL_CTX, &sslctx_type, ctx);
|
219
226
|
|
220
227
|
key = rb_funcall(mini_ssl_ctx, rb_intern_const("key"), 0);
|
221
|
-
StringValue(key);
|
222
228
|
|
223
229
|
cert = rb_funcall(mini_ssl_ctx, rb_intern_const("cert"), 0);
|
224
|
-
StringValue(cert);
|
225
230
|
|
226
231
|
ca = rb_funcall(mini_ssl_ctx, rb_intern_const("ca"), 0);
|
227
232
|
|
233
|
+
cert_pem = rb_funcall(mini_ssl_ctx, rb_intern_const("cert_pem"), 0);
|
234
|
+
|
235
|
+
key_pem = rb_funcall(mini_ssl_ctx, rb_intern_const("key_pem"), 0);
|
236
|
+
|
228
237
|
verify_mode = rb_funcall(mini_ssl_ctx, rb_intern_const("verify_mode"), 0);
|
229
238
|
|
230
239
|
ssl_cipher_filter = rb_funcall(mini_ssl_ctx, rb_intern_const("ssl_cipher_filter"), 0);
|
@@ -233,8 +242,31 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
|
|
233
242
|
|
234
243
|
no_tlsv1_1 = rb_funcall(mini_ssl_ctx, rb_intern_const("no_tlsv1_1"), 0);
|
235
244
|
|
236
|
-
|
237
|
-
|
245
|
+
if (!NIL_P(cert)) {
|
246
|
+
StringValue(cert);
|
247
|
+
SSL_CTX_use_certificate_chain_file(ctx, RSTRING_PTR(cert));
|
248
|
+
}
|
249
|
+
|
250
|
+
if (!NIL_P(key)) {
|
251
|
+
StringValue(key);
|
252
|
+
SSL_CTX_use_PrivateKey_file(ctx, RSTRING_PTR(key), SSL_FILETYPE_PEM);
|
253
|
+
}
|
254
|
+
|
255
|
+
if (!NIL_P(cert_pem)) {
|
256
|
+
bio = BIO_new(BIO_s_mem());
|
257
|
+
BIO_puts(bio, RSTRING_PTR(cert_pem));
|
258
|
+
x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
|
259
|
+
|
260
|
+
SSL_CTX_use_certificate(ctx, x509);
|
261
|
+
}
|
262
|
+
|
263
|
+
if (!NIL_P(key_pem)) {
|
264
|
+
bio = BIO_new(BIO_s_mem());
|
265
|
+
BIO_puts(bio, RSTRING_PTR(key_pem));
|
266
|
+
pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
|
267
|
+
|
268
|
+
SSL_CTX_use_PrivateKey(ctx, pkey);
|
269
|
+
}
|
238
270
|
|
239
271
|
verification_flags = rb_funcall(mini_ssl_ctx, rb_intern_const("verification_flags"), 0);
|
240
272
|
|
@@ -289,9 +321,6 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
|
|
289
321
|
SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH");
|
290
322
|
}
|
291
323
|
|
292
|
-
dh = get_dh2048();
|
293
|
-
SSL_CTX_set_tmp_dh(ctx, dh);
|
294
|
-
|
295
324
|
#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
296
325
|
// Remove this case if OpenSSL 1.0.1 (now EOL) support is no
|
297
326
|
// longer needed.
|
@@ -325,6 +354,15 @@ sslctx_initialize(VALUE self, VALUE mini_ssl_ctx) {
|
|
325
354
|
SSL_MAX_SSL_SESSION_ID_LENGTH);
|
326
355
|
|
327
356
|
// printf("\ninitialize end security_level %d\n", SSL_CTX_get_security_level(ctx));
|
357
|
+
|
358
|
+
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
|
359
|
+
// https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_dh_auto.html
|
360
|
+
SSL_CTX_set_dh_auto(ctx, 1);
|
361
|
+
#else
|
362
|
+
dh = get_dh2048();
|
363
|
+
SSL_CTX_set_tmp_dh(ctx, dh);
|
364
|
+
#endif
|
365
|
+
|
328
366
|
rb_obj_freeze(self);
|
329
367
|
return self;
|
330
368
|
}
|
@@ -523,7 +561,11 @@ VALUE engine_peercert(VALUE self) {
|
|
523
561
|
|
524
562
|
TypedData_Get_Struct(self, ms_conn, &engine_data_type, conn);
|
525
563
|
|
564
|
+
#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
|
565
|
+
cert = SSL_get1_peer_certificate(conn->ssl);
|
566
|
+
#else
|
526
567
|
cert = SSL_get_peer_certificate(conn->ssl);
|
568
|
+
#endif
|
527
569
|
if(!cert) {
|
528
570
|
/*
|
529
571
|
* See if there was a failed certificate associated with this client.
|
@@ -580,7 +622,10 @@ void Init_mini_ssl(VALUE puma) {
|
|
580
622
|
ERR_load_crypto_strings();
|
581
623
|
|
582
624
|
mod = rb_define_module_under(puma, "MiniSSL");
|
625
|
+
|
583
626
|
eng = rb_define_class_under(mod, "Engine", rb_cObject);
|
627
|
+
rb_undef_alloc_func(eng);
|
628
|
+
|
584
629
|
sslctx = rb_define_class_under(mod, "SSLContext", rb_cObject);
|
585
630
|
rb_define_alloc_func(sslctx, sslctx_alloc);
|
586
631
|
rb_define_method(sslctx, "initialize", sslctx_initialize, 1);
|
File without changes
|
File without changes
|
@@ -34,9 +34,9 @@ private static short[] init__puma_parser_key_offsets_0()
|
|
34
34
|
{
|
35
35
|
return new short [] {
|
36
36
|
0, 0, 8, 17, 27, 29, 30, 31, 32, 33, 34, 36,
|
37
|
-
39, 41, 44, 45, 61, 62, 78,
|
38
|
-
|
39
|
-
|
37
|
+
39, 41, 44, 45, 61, 62, 78, 85, 91, 99, 107, 117,
|
38
|
+
125, 134, 142, 150, 159, 168, 177, 186, 195, 204, 213, 222,
|
39
|
+
231, 240, 249, 258, 267, 276, 285, 294, 303, 312, 313
|
40
40
|
};
|
41
41
|
}
|
42
42
|
|
@@ -52,26 +52,27 @@ private static char[] init__puma_parser_trans_keys_0()
|
|
52
52
|
46, 48, 57, 48, 57, 13, 48, 57, 10, 13, 33, 124,
|
53
53
|
126, 35, 39, 42, 43, 45, 46, 48, 57, 65, 90, 94,
|
54
54
|
122, 10, 33, 58, 124, 126, 35, 39, 42, 43, 45, 46,
|
55
|
-
48, 57, 65, 90, 94, 122,
|
56
|
-
|
57
|
-
60, 62, 127, 0, 31, 34, 35, 43,
|
58
|
-
57, 65, 90, 97, 122, 32, 34, 35,
|
59
|
-
31, 32, 34, 35, 60, 62, 63, 127,
|
60
|
-
|
61
|
-
|
62
|
-
36, 95, 45, 46, 48, 57, 65, 90,
|
63
|
-
46, 48, 57, 65, 90, 32, 36, 95,
|
64
|
-
65, 90, 32, 36, 95, 45, 46, 48,
|
65
|
-
36, 95, 45, 46, 48, 57, 65, 90,
|
66
|
-
46, 48, 57, 65, 90, 32, 36, 95,
|
67
|
-
65, 90, 32, 36, 95, 45, 46, 48,
|
68
|
-
36, 95, 45, 46, 48, 57, 65, 90,
|
69
|
-
46, 48, 57, 65, 90, 32, 36, 95,
|
70
|
-
65, 90, 32, 36, 95, 45, 46, 48,
|
71
|
-
36, 95, 45, 46, 48, 57, 65, 90,
|
72
|
-
46, 48, 57, 65, 90, 32, 36, 95,
|
73
|
-
65, 90, 32, 36, 95, 45, 46, 48,
|
74
|
-
36, 95, 45, 46, 48, 57, 65, 90,
|
55
|
+
48, 57, 65, 90, 94, 122, 13, 32, 127, 0, 8, 10,
|
56
|
+
31, 13, 127, 0, 8, 10, 31, 32, 60, 62, 127, 0,
|
57
|
+
31, 34, 35, 32, 60, 62, 127, 0, 31, 34, 35, 43,
|
58
|
+
58, 45, 46, 48, 57, 65, 90, 97, 122, 32, 34, 35,
|
59
|
+
60, 62, 127, 0, 31, 32, 34, 35, 60, 62, 63, 127,
|
60
|
+
0, 31, 32, 34, 35, 60, 62, 127, 0, 31, 32, 34,
|
61
|
+
35, 60, 62, 127, 0, 31, 32, 36, 95, 45, 46, 48,
|
62
|
+
57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
|
63
|
+
32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
|
64
|
+
45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
|
65
|
+
57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
|
66
|
+
32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
|
67
|
+
45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
|
68
|
+
57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
|
69
|
+
32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
|
70
|
+
45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
|
71
|
+
57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
|
72
|
+
32, 36, 95, 45, 46, 48, 57, 65, 90, 32, 36, 95,
|
73
|
+
45, 46, 48, 57, 65, 90, 32, 36, 95, 45, 46, 48,
|
74
|
+
57, 65, 90, 32, 36, 95, 45, 46, 48, 57, 65, 90,
|
75
|
+
32, 0
|
75
76
|
};
|
76
77
|
}
|
77
78
|
|
@@ -95,7 +96,7 @@ private static byte[] init__puma_parser_range_lengths_0()
|
|
95
96
|
{
|
96
97
|
return new byte [] {
|
97
98
|
0, 3, 3, 3, 0, 0, 0, 0, 0, 0, 1, 1,
|
98
|
-
1, 1, 0, 6, 0, 6,
|
99
|
+
1, 1, 0, 6, 0, 6, 2, 2, 2, 2, 4, 1,
|
99
100
|
1, 1, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3,
|
100
101
|
3, 3, 3, 3, 3, 3, 3, 3, 3, 0, 0
|
101
102
|
};
|
@@ -108,9 +109,9 @@ private static short[] init__puma_parser_index_offsets_0()
|
|
108
109
|
{
|
109
110
|
return new short [] {
|
110
111
|
0, 0, 6, 13, 21, 24, 26, 28, 30, 32, 34, 36,
|
111
|
-
39, 41, 44, 46, 57, 59, 70,
|
112
|
-
|
113
|
-
|
112
|
+
39, 41, 44, 46, 57, 59, 70, 76, 81, 88, 95, 102,
|
113
|
+
110, 119, 127, 135, 142, 149, 156, 163, 170, 177, 184, 191,
|
114
|
+
198, 205, 212, 219, 226, 233, 240, 247, 254, 261, 263
|
114
115
|
};
|
115
116
|
}
|
116
117
|
|
@@ -125,23 +126,24 @@ private static byte[] init__puma_parser_indicies_0()
|
|
125
126
|
10, 1, 11, 1, 12, 1, 13, 1, 14, 1, 15, 1,
|
126
127
|
16, 15, 1, 17, 1, 18, 17, 1, 19, 1, 20, 21,
|
127
128
|
21, 21, 21, 21, 21, 21, 21, 21, 1, 22, 1, 23,
|
128
|
-
24, 23, 23, 23, 23, 23, 23, 23, 23, 1,
|
129
|
-
|
130
|
-
1, 31, 32, 1, 1, 1, 1, 1, 33, 34,
|
131
|
-
34, 34, 34, 1, 8, 1, 9, 1, 1, 1,
|
132
|
-
|
133
|
-
1, 1, 1, 1, 41, 43, 1, 45, 1, 1,
|
134
|
-
|
135
|
-
47, 47, 1, 2, 48, 48, 48, 48, 48, 1,
|
136
|
-
|
137
|
-
|
138
|
-
52, 1, 2, 53, 53, 53, 53, 53, 1, 2,
|
139
|
-
54, 54, 54, 1, 2, 55, 55, 55, 55, 55,
|
140
|
-
|
141
|
-
|
142
|
-
59, 59, 1, 2, 60, 60, 60, 60, 60, 1,
|
143
|
-
|
144
|
-
|
129
|
+
24, 23, 23, 23, 23, 23, 23, 23, 23, 1, 26, 27,
|
130
|
+
1, 1, 1, 25, 29, 1, 1, 1, 28, 30, 1, 1,
|
131
|
+
1, 1, 1, 31, 32, 1, 1, 1, 1, 1, 33, 34,
|
132
|
+
35, 34, 34, 34, 34, 1, 8, 1, 9, 1, 1, 1,
|
133
|
+
1, 35, 36, 1, 38, 1, 1, 39, 1, 1, 37, 40,
|
134
|
+
1, 42, 1, 1, 1, 1, 41, 43, 1, 45, 1, 1,
|
135
|
+
1, 1, 44, 2, 46, 46, 46, 46, 46, 1, 2, 47,
|
136
|
+
47, 47, 47, 47, 1, 2, 48, 48, 48, 48, 48, 1,
|
137
|
+
2, 49, 49, 49, 49, 49, 1, 2, 50, 50, 50, 50,
|
138
|
+
50, 1, 2, 51, 51, 51, 51, 51, 1, 2, 52, 52,
|
139
|
+
52, 52, 52, 1, 2, 53, 53, 53, 53, 53, 1, 2,
|
140
|
+
54, 54, 54, 54, 54, 1, 2, 55, 55, 55, 55, 55,
|
141
|
+
1, 2, 56, 56, 56, 56, 56, 1, 2, 57, 57, 57,
|
142
|
+
57, 57, 1, 2, 58, 58, 58, 58, 58, 1, 2, 59,
|
143
|
+
59, 59, 59, 59, 1, 2, 60, 60, 60, 60, 60, 1,
|
144
|
+
2, 61, 61, 61, 61, 61, 1, 2, 62, 62, 62, 62,
|
145
|
+
62, 1, 2, 63, 63, 63, 63, 63, 1, 2, 1, 1,
|
146
|
+
0
|
145
147
|
};
|
146
148
|
}
|
147
149
|
|
@@ -210,7 +212,7 @@ static final int puma_parser_error = 0;
|
|
210
212
|
cs = 0;
|
211
213
|
|
212
214
|
|
213
|
-
// line
|
215
|
+
// line 216 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
214
216
|
{
|
215
217
|
cs = puma_parser_start;
|
216
218
|
}
|
@@ -242,7 +244,7 @@ static final int puma_parser_error = 0;
|
|
242
244
|
parser.buffer = buffer;
|
243
245
|
|
244
246
|
|
245
|
-
// line
|
247
|
+
// line 248 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
246
248
|
{
|
247
249
|
int _klen;
|
248
250
|
int _trans = 0;
|
@@ -398,7 +400,7 @@ case 1:
|
|
398
400
|
{ p += 1; _goto_targ = 5; if (true) continue _goto;}
|
399
401
|
}
|
400
402
|
break;
|
401
|
-
// line
|
403
|
+
// line 404 "ext/puma_http11/org/jruby/puma/Http11Parser.java"
|
402
404
|
}
|
403
405
|
}
|
404
406
|
}
|