puma 5.6.5-java → 6.0.1-java

data/lib/puma/minissl.rb

@@ -1,11 +1,12 @@
 # frozen_string_literal: true
 
 begin
-  require 'io/wait'
+  require 'io/wait' unless Puma::HAS_NATIVE_IO_WAIT
 rescue LoadError
 end
 
 # need for Puma::MiniSSL::OPENSSL constants used in `HAS_TLS1_3`
+# use require, see https://github.com/puma/puma/pull/2381
 require 'puma/puma_http11'
 
 module Puma
@@ -13,15 +14,16 @@ module Puma
     # Define constant at runtime, as it's easy to determine at built time,
     # but Puma could (it shouldn't) be loaded with an older OpenSSL version
     # @version 5.0.0
-    HAS_TLS1_3 = !IS_JRUBY &&
-      (OPENSSL_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) != -1 &&
-      (OPENSSL_LIBRARY_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) !=-1
+    HAS_TLS1_3 = IS_JRUBY ||
+        ((OPENSSL_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) != -1 &&
+         (OPENSSL_LIBRARY_VERSION[/ \d+\.\d+\.\d+/].split('.').map(&:to_i) <=> [1,1,1]) !=-1)
 
     class Socket
       def initialize(socket, engine)
         @socket = socket
         @engine = engine
         @peercert = nil
+        @reuse = nil
       end
 
       # @!attribute [r] to_io
@@ -50,7 +52,7 @@ module Puma
       # is made with TLSv1.3 as an available protocol
       # @version 5.0.0
       def bad_tlsv1_3?
-        HAS_TLS1_3 && @engine.ssl_vers_st == ['TLSv1.3', 'SSLERR']
+        HAS_TLS1_3 && ssl_version_state == ['TLSv1.3', 'SSLERR']
       end
       private :bad_tlsv1_3?
 
@@ -123,7 +125,7 @@ module Puma
         while true
           wrote = @engine.write data
 
-          enc_wr = ''.dup
+          enc_wr = +''
           while (enc = @engine.extract)
             enc_wr << enc
           end
@@ -195,10 +197,6 @@ module Puma
     if IS_JRUBY
       OPENSSL_NO_SSL3 = false
       OPENSSL_NO_TLS1 = false
-
-      class SSLError < StandardError
-        # Define this for jruby even though it isn't used.
-      end
     end
 
     class Context
@@ -212,6 +210,9 @@ module Puma
         @cert = nil
         @key_pem = nil
         @cert_pem = nil
+        @reuse = nil
+        @reuse_cache_size = nil
+        @reuse_timeout = nil
       end
 
       def check_file(file, desc)
@@ -222,16 +223,55 @@ module Puma
       if IS_JRUBY
         # jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair
         attr_reader :keystore
+        attr_reader :keystore_type
         attr_accessor :keystore_pass
-        attr_accessor :ssl_cipher_list
+        attr_reader :truststore
+        attr_reader :truststore_type
+        attr_accessor :truststore_pass
+        attr_reader :cipher_suites
+        attr_reader :protocols
 
         def keystore=(keystore)
           check_file keystore, 'Keystore'
           @keystore = keystore
         end
 
+        def truststore=(truststore)
+          # NOTE: historically truststore was assumed the same as keystore, this is kept for backwards
+          # compatibility, to rely on JVM's trust defaults we allow setting `truststore = :default`
+          unless truststore.eql?(:default)
+            raise ArgumentError, "No such truststore file '#{truststore}'" unless File.exist?(truststore)
+          end
+          @truststore = truststore
+        end
+
+        def keystore_type=(type)
+          raise ArgumentError, "Invalid keystore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type)
+          @keystore_type = type
+        end
+
+        def truststore_type=(type)
+          raise ArgumentError, "Invalid truststore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type)
+          @truststore_type = type
+        end
+
+        def cipher_suites=(list)
+          list = list.split(',').map(&:strip) if list.is_a?(String)
+          @cipher_suites = list
+        end
+
+        # aliases for backwards compatibility
+        alias_method :ssl_cipher_list, :cipher_suites
+        alias_method :ssl_cipher_list=, :cipher_suites=
+
+        def protocols=(list)
+          list = list.split(',').map(&:strip) if list.is_a?(String)
+          @protocols = list
+        end
+
         def check
           raise "Keystore not configured" unless @keystore
+          # @truststore defaults to @keystore due backwards compatibility
         end
 
       else
@@ -244,6 +284,8 @@ module Puma
         attr_accessor :ssl_cipher_filter
         attr_accessor :verification_flags
 
+        attr_reader :reuse, :reuse_cache_size, :reuse_timeout
+
         def key=(key)
           check_file key, 'Key'
           @key = key
@@ -273,6 +315,35 @@ module Puma
           raise "Key not configured" if @key.nil? && @key_pem.nil?
           raise "Cert not configured" if @cert.nil? && @cert_pem.nil?
         end
+
+        # Controls session reuse.  Allowed values are as follows:
+        # * 'off' - matches the behavior of Puma 5.6 and earlier.  This is included
+        #   in case reuse 'on' is made the default in future Puma versions.
+        # * 'dflt' - sets session reuse on, with OpenSSL default cache size of
+        #   20k and default timeout of 300 seconds.
+        # * 's,t' - where s and t are integer strings, for size and timeout.
+        # * 's' - where s is an integer strings for size.
+        # * ',t' - where t is an integer strings for timeout.
+        #
+        def reuse=(reuse_str)
+          case reuse_str
+          when 'off'
+            @reuse = nil
+          when 'dflt'
+            @reuse = true
+          when /\A\d+\z/
+            @reuse = true
+            @reuse_cache_size = reuse_str.to_i
+          when /\A\d+,\d+\z/
+            @reuse = true
+            size, time = reuse_str.split ','
+            @reuse_cache_size = size.to_i
+            @reuse_timeout = time.to_i
+          when /\A,\d+\z/
+            @reuse = true
+            @reuse_timeout = reuse_str.delete(',').to_i
+          end
+        end
       end
 
       # disables TLSv1

data/lib/puma/plugin/tmp_restart.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'puma/plugin'
+require_relative '../plugin'
 
 Puma::Plugin.create do
   def start(launcher)

data/lib/puma/rack/builder.rb

@@ -102,13 +102,13 @@ module Puma::Rack
       begin
         info = []
         server = Rack::Handler.get(options[:server]) || Rack::Handler.default(options)
-        if server && server.respond_to?(:valid_options)
+        if server&.respond_to?(:valid_options)
           info << ""
           info << "Server-specific options for #{server.name}:"
 
           has_options = false
           server.valid_options.each do |name, description|
-            next if name.to_s =~ /^(Host|Port)[^a-zA-Z]/ # ignore handler's host and port options, we do our own.
+            next if /^(Host|Port)[^a-zA-Z]/.match? name.to_s  # ignore handler's host and port options, we do our own.
 
             info << "  -O %-21s %s" % [name, description]
             has_options = true
@@ -276,7 +276,7 @@ module Puma::Rack
       app = @map ? generate_map(@run, @map) : @run
       fail "missing run or map statement" unless app
       app = @use.reverse.inject(app) { |a,e| e[a] }
-      @warmup.call(app) if @warmup
+      @warmup&.call app
       app
     end
 
@@ -287,7 +287,7 @@ module Puma::Rack
     private
 
     def generate_map(default_app, mapping)
-      require 'puma/rack/urlmap'
+      require_relative 'urlmap'
 
       mapped = default_app ? {'/' => default_app} : {}
       mapping.each { |r,b| mapped[r] = self.class.new(default_app, &b).to_app }

data/lib/puma/rack_default.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'rack/handler/puma'
+require_relative '../rack/handler/puma'
 
 module Rack::Handler
   def self.default(options = {})

data/lib/puma/reactor.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require 'puma/queue_close' unless ::Queue.instance_methods.include? :close
+require_relative 'queue_close' unless ::Queue.instance_methods.include? :close
 
 module Puma
   class UnsupportedBackend < StandardError; end
@@ -50,7 +50,7 @@ module Puma
       @input << client
       @selector.wakeup
       true
-    rescue ClosedQueueError
+    rescue ClosedQueueError, IOError # Ignore if selector is already closed
       false
     end
 
@@ -61,7 +61,7 @@ module Puma
         @selector.wakeup
       rescue IOError # Ignore if selector is already closed
       end
-      @thread.join if @thread
+      @thread&.join
     end
 
     private
@@ -76,7 +76,7 @@ module Puma
 
           # Wakeup all objects that timed out.
           timed_out = @timeouts.take_while {|t| t.timeout == 0}
-          timed_out.each(&method(:wakeup!))
+          timed_out.each { |c| wakeup! c }
 
           unless @input.empty?
             until @input.empty?